Overview

overview

7

Static

static

3

fc238d5603...18.exe

windows7-x64

7

fc238d5603...18.exe

windows10-2004-x64

7

$PLUGINSDI...EN.exe

windows7-x64

3

$PLUGINSDI...EN.exe

windows10-2004-x64

3

$PLUGINSDI...er.exe

windows7-x64

3

$PLUGINSDI...er.exe

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

AdminWorker.exe

windows7-x64

3

AdminWorker.exe

windows10-2004-x64

3

WebInstaller.exe

windows7-x64

6

WebInstaller.exe

windows10-2004-x64

6

WebUpdater.exe

windows7-x64

3

WebUpdater.exe

windows10-2004-x64

3

content/iwa-ovr.js

windows7-x64

3

content/iwa-ovr.js

windows10-2004-x64

3

firefox/iW...er.exe

windows7-x64

3

firefox/iW...er.exe

windows10-2004-x64

3

iWinGames.exe

windows7-x64

7

iWinGames.exe

windows10-2004-x64

7

iWinGamesHookIE.dll

windows7-x64

6

iWinGamesHookIE.dll

windows10-2004-x64

6

iWinGamesI...er.exe

windows7-x64

3

iWinGamesI...er.exe

windows10-2004-x64

3

pages/blank.html

windows7-x64

3

pages/blank.html

windows10-2004-x64

3

pages/blank2.html

windows7-x64

3

pages/blank2.html

windows10-2004-x64

3

pages/error.html

windows7-x64

3

pages/error.html

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    28/09/2024, 10:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    pages/blank2.html

  • Size

    74B

  • MD5

    90b42fd8e93203218847a3c0a646d377

  • SHA1

    0d485e2de867448e4853031d5714942128d92983

  • SHA256

    aec450600b1ea9c5cd12a92ff9764092434c2cca7e56c10c7b11a63a13209c5f

  • SHA512

    de8ab5192fbb9e1df4f1baa7436f2d21cbb94f921931d502aed87049b46affe2dba1929ef48b528f114722cff7c797d381070b35884f7bea18813df355b0ffab

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\pages\blank2.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2668
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2940

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3994f6bd5ba11d70450c3df12845f9d1

    SHA1

    72280f9cfda1d9a01c36f9a26f1be3ac8987867f

    SHA256

    813b50a14d200ee4ccdc25e2b2f8c5e869c4ff1d7b3711a35e550be34f47e83c

    SHA512

    620ec044cdbace9118897f77d7564db6c35ea43278ecf3286676fae056c9605db7928532594452acace5fdbbbba2a749d7aee4475f16da04d13e1144a394d9d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df03a921ea3be38bc445b136044b65bd

    SHA1

    ce15b280a165d3969dea697a47c991aaaf2a37ec

    SHA256

    9abe1419eb52f70b59744dc2806497cd4ddda3f33c44ef606fa52c97d65eb43d

    SHA512

    8ebbccf9f97f3209279826c5fac9f27ea31201dd14c997580338df3c23effc61e586e8187a235ffb18365627441d0b16036cd3323d8ba24b3a6fb79698b4ee65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    91d465161120c6b3ab11c9636f47cf44

    SHA1

    9617fd724416125f4f4f36414d3de8713e72d67d

    SHA256

    245b5ad588b04248652f515122369b13f44960e84e850b7c4572300dd3a21ffa

    SHA512

    4d82f11337aba908f8046f5cb9527feb8ce4027d010a789e7dae78c3df4288cdb2ef31b3ff9fdc8e32671be81ef78cf46c27035721ed0438d7c7e61924ff5a4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a4ee58a57c1e1a59799e8d57c922d94e

    SHA1

    360f202de44770682a19bc4e366881a994bf8c97

    SHA256

    17991a2d180d8e6ab45111eadd7919c533c77004e1bb8f06c5f9d7083161f130

    SHA512

    fc5aa5cddef2790792d8141685c5a3d95affa7da797730c88fcddd02a1213e7e9c94d6c8c8f772f8a445064656caed829cd0d6a1c03a65d7554809b7e472dbdc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3a5b633e62ef2ba502eb49a20d156c36

    SHA1

    e492419445e874430cd110a0aee7602117e0ccee

    SHA256

    ffc726f0b134a07139fe0ad58f8ea5c689f9c797de400ce2a9984daf215e6fb0

    SHA512

    9a0adec8120bb7762f8ead71f9e2864a06687dc29b21169741d44444a736489cb2fe6d6c164f93f846893c51137131d793c0ecbf6772966ddb635896b8901525

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    344cc94ca11b6a7e797b2dab5b0313d2

    SHA1

    36a78899978848793618731ab1d15666326561e0

    SHA256

    7296e8926c12caa3007f678a2a34b2f52f0e53eb433b5d4184d230249ec06ddc

    SHA512

    91784109d421c6880893e68a7cf600632b1fc7c83a41a93ba566663242baff8222cd9306bc7864124a84c6e721a158b8f11621ae1aa1ba0c782301cc4d831425

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aa5992647f6b4422e1df594f5afef09e

    SHA1

    a0216d1c9676fb72dbaf237270e27551ec1be9d2

    SHA256

    25ef1fa125ee79279a6d1db2f99a5cd0077d009e305e1e330a010506cd52706c

    SHA512

    fed20308df9ce0a61bbcfb3d40c4e87d4832a343d2d4ac6e08e1c7c1c18852e98755c26592683502f9b8327fe8d3f42a1149ce44e876da6ece3091d35ecac953

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bdd6d3c5d22d2c382735484b1eae7eed

    SHA1

    41ccc02008ea78b3a2844876cd49433548879e99

    SHA256

    3eed2fef3f805903cb9528e5cd4059e37c974cdb9dc4298471524b24061d3731

    SHA512

    bec3935eb0502ca9baa07ec6b81f387fa41cda5f7df53127f6ca08933500091f214dfbec7fa2092c6d58064f1de59febb4ab04bc3ab79b337d9fd9137a2cea3f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    152f3b0485f6101c5614a9baa3a9eced

    SHA1

    0004e1a87eb89adf49ffc6e322205ddb0ed1d834

    SHA256

    c4aa884e2d48c508c393941642b8cf60bc99bed590ae6be0ef6b2805965a90d5

    SHA512

    24d4bfa82a09d77097925dd839af2357b100f2ebf66d2a15c79b5b6fc52a1c1d7131d727cb210a8dcc7469552426fbbe2834786a4ff0405c1ce4cbb8d62ce67c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df79f8e0b2849a9e5bc7e6508ca8245b

    SHA1

    2ad7d233f20af6982d652c0e05ff95a855f54dbe

    SHA256

    7a79611db556a95ec01350009eea8fa8c93876633d2ecbf0532068351155d386

    SHA512

    96a089dcf0b0ba6726f6cc8f0aa05c48dc035512be84b00d1ad0f62b8483c8b22f268c4e8d937a0ea23c21a4fcbd9cbb28618c374d49cfa7c83cc19dda275d74

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1e313d64fd9f4fb9ed0b76d35a5b5ac0

    SHA1

    250024a7f73eac0d026f7572f0d0b67681b78a80

    SHA256

    edf022efd52bd9788b2c087bf549401e1d1bfb371b533cbfc56b606b4d4fa8d9

    SHA512

    3d7213b8f1051085e4f63c316fae152f6e4a3a67c9db7d96805a4e1ac974c14cc01caa9f100fd9680369162589381d3be863f9c7500612fd815f44acaacd2ddf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e5f5ef7dc8cafb064f8338c20f47bb66

    SHA1

    1a63b7c083f7f5bd48bea3213e94fc5963884a40

    SHA256

    0bda0597ccf959a710fda3d75d1156e64949d8f77d756332c953a925f0626d26

    SHA512

    9ed274ac0f006c48f20b13dd2dcea7132af7de21df6a46a942f4ba5974ac4275765ab05ca80d81339ffd9654ef83a9ff9a262ece53de777331a3ef098229d35d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    860f69489bb709e628e04ec42155ddbc

    SHA1

    ed5bce9329fccfa655a3d0c476267b635ef8a229

    SHA256

    52a0423cb4d3c22120d98ea14a258cd354e1599661e1b4d34ca269be097fab02

    SHA512

    26cd6d8850192d1b3a4643ce80448316189b7fb63f3e763fe54635a623e6c146f6d31519205c91ab0b2e70afc6ea1ae47c321942b11bbc9ce31479724f514b16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5f369f904d6fa0b079ebf910739ff2f0

    SHA1

    ac1238b55aaba77eb884af19ff0cc1c5f536c71a

    SHA256

    5d1e2dea01944eb79e236621468bd7932f96203210fed9da34001663c16c0872

    SHA512

    ea943dae13d9b6575fe2e0e1234509e1f56ec68eaf92c35a7bd3ca0eced07e2ddf4799d3c9cd8eed8007218f2328c3d46662213d6756a27d626618b716ac5742

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    01e303c15749b1cbee24e1e1ae2b124a

    SHA1

    3c3e046414f9027f00fab15ce890ca0e3bbedbb2

    SHA256

    620be1ef357fc69c285f496eb29ee2ac434d0c8b3ac3b67d82da7148f8270a32

    SHA512

    73ae1e13b8962c5d13ed502d6f2f575445ed695dfc4950a5d56c9b3f8c9bc721f33df796dabdecb8417da56e5f3a139ccc37b16bdabf21a3151b80bf39fa42b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c498a2bc534a49b83ea293bdd7136d69

    SHA1

    9acaa6077285b516ba08f9b8492e8ce603db9ac0

    SHA256

    890d3ff523e7ce486fc3cc0b4af40c80fd4c6a3d85c94105bb9e73cf56f4a527

    SHA512

    896f5055e8f4e9307423e22ead64c8d55ca946d9977b0069b2bd72261837959b87466a88e447a8f82d9060fc6e27e445d2cc45bf39b7768ee5b8acb7311781b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4e15cc6e4c82514ada258ee45dba3904

    SHA1

    b096335e7b472ff81428fe36adb7893081d98632

    SHA256

    57222028d569ede9a9d30e229387dab107ea8b880e74b3e0a319d5f29b8bdedd

    SHA512

    e72601d8ee4885a3f7a7f03be53fed338b8d65e7452bb872d6b4fd7f4762fe21ab51f991f4ea8724692ef89dcaae72462e032917f95bcf7acd724846b828dd71

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7024f5db60870b4399bfba3f77036b5a

    SHA1

    a1c11f3a0dc42d122fab65e39ca3c9c3708e928b

    SHA256

    6979926d6b8a69ea47aceb6fc87afb98c0788ab7652c3d2f6f4d7270423a1984

    SHA512

    e395ce841523bd3a8c724e9f6db794e0e04c95fb27f25a46321ee3fcc0e0c59e60ddf9a8eec0a20d0f9b341af099d1c7d97b34846df8af77e6e9d6e15ca6027b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4AC9.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4B68.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit