Overview

overview

7

Static

static

3

fc238d5603...18.exe

windows7-x64

7

fc238d5603...18.exe

windows10-2004-x64

7

$PLUGINSDI...EN.exe

windows7-x64

3

$PLUGINSDI...EN.exe

windows10-2004-x64

3

$PLUGINSDI...er.exe

windows7-x64

3

$PLUGINSDI...er.exe

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

AdminWorker.exe

windows7-x64

3

AdminWorker.exe

windows10-2004-x64

3

WebInstaller.exe

windows7-x64

6

WebInstaller.exe

windows10-2004-x64

6

WebUpdater.exe

windows7-x64

3

WebUpdater.exe

windows10-2004-x64

3

content/iwa-ovr.js

windows7-x64

3

content/iwa-ovr.js

windows10-2004-x64

3

firefox/iW...er.exe

windows7-x64

3

firefox/iW...er.exe

windows10-2004-x64

3

iWinGames.exe

windows7-x64

7

iWinGames.exe

windows10-2004-x64

7

iWinGamesHookIE.dll

windows7-x64

6

iWinGamesHookIE.dll

windows10-2004-x64

6

iWinGamesI...er.exe

windows7-x64

3

iWinGamesI...er.exe

windows10-2004-x64

3

pages/blank.html

windows7-x64

3

pages/blank.html

windows10-2004-x64

3

pages/blank2.html

windows7-x64

3

pages/blank2.html

windows10-2004-x64

3

pages/error.html

windows7-x64

3

pages/error.html

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    28/09/2024, 10:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    pages/blank.html

  • Size

    251B

  • MD5

    f8ab4f67022399715ff3e862f59bd27e

  • SHA1

    2606eca361d217990708bb1714e6de2d0bb21584

  • SHA256

    3db213886c1a831f8c1867c367cf46ffc84065ce5831b04eb398837abcfd6965

  • SHA512

    9bd33cd117228af88aef403472edf669a12aa4ec68fdc4cd168e1c6ad8aaa63e12278475583268aeff37609eef5b3118747f8be9792ca6cc59ded647dac86ad5

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\pages\blank.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2548

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    76f5bae4f256c58aab6d08b0d20ed4f3

    SHA1

    29cc5bde8a76a052075097a8c116368b78cd90ab

    SHA256

    caacfe978d7a300a6ce9e98625987e19c96df2ad503b733c56def006c45c69d7

    SHA512

    ff9bb189ca9b5cadd3c51e9bab264974534e799e54c810de793b8bc9f8b3f3610cd5e9b4a5bd15a12ff780779302f6fdd8b9ffc03597970d0815719fdeacebe1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e0dc76125167bab0624e54f17a6b31ec

    SHA1

    30e7345f5ed88f1a204a8648b0aa08450e427c9e

    SHA256

    e482d785941a7f6450a8b9b7208a24cb886936022615b4348536564520cf02ea

    SHA512

    70f4d3bb0e2c1e46c5318859017cd60b56c75abd242c82d744de606d9a166f1cf29243e523a9c40b05736788f39863f7a99e79118c5e9ab42aa6350397de2610

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5c8b2484e0fc9cda15303161d716e6f2

    SHA1

    74613d2d5be6012a4bee7d328ae24ba1596d4d87

    SHA256

    09716864f14231354e7042f5a9e105bb6160a7f285aec02926cc6a84fb883c68

    SHA512

    2bafc75a7f2272b2d51c569730b4adef89fe803a5a272e0ccdfcef767d0d3090dd267394c8a4b5ad5c1310c92db48fec3b4d268c68c3503b216875deb5fd49c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d94ecf214d4901ccbe011cf51caff29a

    SHA1

    99fdbaa338a2b91049780bd53f98b7f85e464c67

    SHA256

    b54ddcf52a785c10c0156cad4cb350581b332d39999448b390b7a46e65327b2c

    SHA512

    9156eacd4234809c86fbc5e2da28c44700e5ee9a455c067ddbe96db2317653ada0fb6d4a6c5cd9b6fb7ea2c65d3971d612a1f638f538e91191eea5c129017d8f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    227b722a100e9939cdb7ffb0454d3dd3

    SHA1

    a91c0b45133a81cb4eb65e7572e2b18cae251fa6

    SHA256

    dfac99d3ee3483c0550a32bda4228b7a074df75333a3f6aa681d43e96c99e17d

    SHA512

    2df7697b0b247ab550f300df454cb65f152dd656adb2f7fad0429413249a25dd0f23f2cd56ae9d089e03d002e5b0cf3d25890393624865e0fb2346f893de35b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4fdbd7751b8e9348645e674ae229b548

    SHA1

    370c5a1fe58f75c78ff22f36e81765ec13f638f5

    SHA256

    00b7969c3b65c02091b746dc2bdfca5b1a33e3427158121c23d7277f43f64603

    SHA512

    fde8cef61c6121dd985863c51051a20b5e24157c978deddd17055df143f2b84dd048e2cf3b7d7474380efe674bee4a7aaf09464aa13825d40ddbba3473ddb9eb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6957d2f842b613e948d1157b988df680

    SHA1

    7eadfbf24981ade210ec8473bbabb328529a7c27

    SHA256

    c3be0c8ce1d3a9fbd29a3ddef2820767a632708e29cdb717b2c8e2cfc610f19c

    SHA512

    bb762ac10c5466eb60f884fca7d1aad18083f146b6a67533870591c6bd9e97d0042f854b3d2bf3159946195c5520b0de2deaa18c4ffce936d0aae66eda0ea187

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c911b85305c26ae1f4789e8d5dfa52d0

    SHA1

    52c4fa260255761625d2e19c46459f4a1814eddb

    SHA256

    0e3af1107afe1742d265b1e004ebfe6bce07fafb63e33c2e57929c6b20fac0b1

    SHA512

    1baaafd6844b929bb8f847fb42071c4acfcd7146312e438f731f33bd2ff06bee54c9e5ab210a09742bc099b5dd2de4529c8751db5f328699f6c32544bab31b45

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    05bfd2918c3f68cddb37f52ab9af1737

    SHA1

    69232aef5a715e316473610009ba59e3d1918e74

    SHA256

    615eb07b1d33bb77a333550d6fa771a30c5f778b5a868a9714ae606dc3ccbe08

    SHA512

    625a239d6a51378734a94287464b0b9f8cc2a0e399150b996ff8f39a6ce60b065d4de903f0c64bb602a255b156e99a42c7e6f3ba189cd02ab756dfd6aebbb55d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    70cfa3aad2ee485544e78da8400a74f3

    SHA1

    1a26312d5b3953e5eb9f7c2f339195aa8a368235

    SHA256

    d0802d533205ddab5f63896d6206c939fa8c8782ba831a6e6b85caffc043f8cb

    SHA512

    b78d7e6369b39ba63c64cf5beedf3a790e7b9894ada5de27229fc6f9b96868179c1ae8a59c1d252d285f325d66a990bf11dacf4f014696ee8f4ee640577253f9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ad81159bf83d16e89bb424ea37ce6b46

    SHA1

    208ec6cceca44832aed001d1b9acc3f2c46a6f43

    SHA256

    ba532fc9ed974e39acda1b1e478fa6ef4d7a59ac58880720620bd92a5b398132

    SHA512

    860f841c7782e11ab1bdfcee283dc1af39ec33dc01aada78a6c60b1302fc9f1b453910d199b08fcc6a9f1e06c713f951c6d5ee319d20c914ed0115feae5a0ae2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5115e10d28d14d2a14afb1ad5a30a992

    SHA1

    3ce0f869ea01b9fb0fe5faf467f2db032f17a74c

    SHA256

    de327cd95457e82759a3a50709f0e44a8ceae3ac6e6f46459adad502896a9f56

    SHA512

    22c62f94b2b2c9b4f460b0f4da1bf86e0a06b542e2221b9def138185cb12bec592112482e9958f81c74f6399c4481e71b017033a6e9400947ffa75430161b21a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    541a770aa1afc9c8383f105812e7a042

    SHA1

    a172a0458e1173aeeff38165054d95bc365585e5

    SHA256

    278117c9b1d264dc776522a6955c1318086e39f4f28768829296a1e421e304cd

    SHA512

    987de2608f23216d704c40ee4ff6d344645e36159662c9ceeda895045fee8ceb4f5126e3e8b6b280053d3f99d04de903db1800311a9ab45b114a9c5815044db7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    65001b2be3f42ec3f2b0881155f62819

    SHA1

    48849d7a4930c82390c70942b57a28dc27ca7710

    SHA256

    dd6e7e084c18fb61105e479e6299a25616c107986d6090b5fa089d2531361740

    SHA512

    a29456df5e6458b6daa24455947024a318bbc14fc8a102d8f1550e1c13c52200511bcde8b5742334054b4f91d68781dc0d4f56c2924f99434e9ed62869649439

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8fff55247c2da43273a30d8b63a3dc89

    SHA1

    3c47e4a4a920c74c48e08478157248ae40f546c3

    SHA256

    f2e787b0dcc5b55a32301cacaa8cf004f44b07ddce75e8a96d296ca9b3703f72

    SHA512

    7fe4d84f2830ec96c928d4da07800498da8bd7efa6d6b72746ca62f5a8e749381516e969be62677b45ba6a4c5d89d5c09dae0e176cfca98687605734c1853aed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8448393eed1b3b83f2e3575bcc21c426

    SHA1

    164041db679d2a1c51018f0bdbae666886bf1c2f

    SHA256

    41c7920c9a89c0883aa72346b32e2f38b71a8ff5e75dd408ea3327a68dd550df

    SHA512

    b8ae434b55edd78130372838bc40a18a2223d188d976044d64cc32d1bd22507589e031bbf11f4e9a8319d5dbb40b36270ca4eb0b25e51e1c9c5dd50038accce9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    50119e5bfd0c06b0ebcb96842c0d315c

    SHA1

    4c66f31689abe48eac71c02323a4ea9e26051b7d

    SHA256

    adc1cb9b4e50170900981837cb7495e733dd68d380657662f8a3f1607c55efb7

    SHA512

    bfdb2a6b85a3aae5af69bed5a970c26f895d7a8d8e904f65e4323e55864c5e03339bfd81644818edf084e8cad29bd2159a5432eebea46f7f6dd6d785374c50a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8301cb979f5a200dd0925b42659610b7

    SHA1

    b7b223d6a9b3d1536ef552fc3e350c7c91b28e8c

    SHA256

    96c9b0120e264c7b5d2a2f1d49ce9da9af80af806cdd7da035b62eee1bf7207f

    SHA512

    2a43668fe7d95ed82e605f67cc0f43076c7021b2ee73d06fbe057004da2a2700e5d214bcfba56666b52c2a71f848c2b932198891803cf5e2fa2c2be56cbb1d33

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFAC6.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFB56.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit