Overview

overview

4

Static

static

1

URLScan

urlscan

1

http://www.mirrorcre...

windows7-x64

4

Analysis

  • max time kernel
    237s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    02-10-2024 03:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://www.mirrorcreator.com

Score
4/10
discovery

Malware Config

Signatures

  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Modifies registry class 22 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.mirrorcreator.com
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2580
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2580 CREDAT:275457 /prefetch:2
      2⤵
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2548
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2764
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2656

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    e538d25ebf6bc18b03dc87653e5aaa9d

    SHA1

    9df6a738b9da6f6e93e02c76973ddc5469b727d0

    SHA256

    62575ed856e35c505189324b018a1921891c158032e8983e98233b502ad0e216

    SHA512

    8c0bf15cad0ab4a55fb4fdef397a275442ca41cdf750a6c174aca4732bfa21787861a2e723c310fb270edf2e22181131fcc5614f9c363e9000216b89f3eec6bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f40ee515817a6e21a8a41668d11c109a

    SHA1

    d1d7eef6794d9b5e74d3fd5a2414cca2e35db7c0

    SHA256

    f4907fc54f4b50dc45539412ca2a1b45e2a7dd1b9b4ca39e93df6fa9bb3111bb

    SHA512

    ea9d9b7540edeca97d3af4bf809a3bdd4dfd1e3980f1069a59724e1ec69a99c44df141a368da6801c065f00974b13a997e0ad2fc2a34dd6e077c6e4cb4fff830

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0696798006a67484385b3ea7c3120eaa

    SHA1

    1ded6ced3174655c7ee3d0f286d6271606617bc1

    SHA256

    4167611bc75ea18869c8dc25445c3d6faece94dcd4898c4c3a66bb74b215d7c9

    SHA512

    1dcab50729666cb72ee34c377be93f318043c03f6f58f0f79e8bac6995938473ed4d65d83b697610afe32d3a043cec6707e91e8f00d2084174102f31bbd85ab9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7935b53b3e6180104dcd2bf06e152398

    SHA1

    430ea32222ee47c61b13384c3b5a1e42cf503766

    SHA256

    49b2def3432122a0574159d5ec58b5a83221d8b70f6e2698d905a54180c885c8

    SHA512

    3000dbb52c08d3bd4764174031fc9735110f40e900d403018e6220e72fd4f3144d7d5b76ef40a70208a0e039412a1d5b61e04f07fc6f411df457e21af04922ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a0f0831e6f9a721792c6d0e9f8dcea96

    SHA1

    601f74a4670089b866570d8ecc4aee8c033cac4a

    SHA256

    6d5c6307a5309ebacb714a2ef5076246399437c599df73b2d1bef7fdac64e53a

    SHA512

    0798c63a7670ec9371352c14892ffc5cbdd71757a39802264b4ce0423b9ee0dc27a8a31bb5e57cee3de03e6b1614512a48a1c31fe3d3d5a5466a1b4535fcb96a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9f99141ae0761a7b827c26665d2c7ce6

    SHA1

    e77a21a3fe0b00f74c13e1574508796e12781de6

    SHA256

    3a9f16d974f38fef932d6430266b1c9ab9323741d8c40494bed275dd357513a8

    SHA512

    7b83c4f1bcfce3e6c49e57632624950cbe78a5a44b8b723341c1145ee357ea3d25ac2dab45d47027abd8311322ade13795d515e2d7000999e1e1a5f99bfb1af6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6c050534468da05e5337cc9dc3fc648a

    SHA1

    fa63d67ff4f11ba6371e01ea571012e6b4e6ae60

    SHA256

    476791b4dabe1dc0bc01b2f26db252b6b1f16fcade275034921959619912f700

    SHA512

    63e560ed372cef70495fd2c2a952a1d23ea68388e28949ba645203521c995a3364925dc37a6f82c3b68aada676f73bc21578f69d9fe383a8ee77fdd880d9007d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    47c8167e0d5a83931250602afa3a8cd1

    SHA1

    f4882122b011ddc0e3e49e685bd8b429241cef8c

    SHA256

    852206256895f4ca37ecddecf059f3d30f20d5b9bbbf2551831b268f152fdeaa

    SHA512

    407a9f9f84981d4f86e029d6eb9e1e6957e9ccb51039c18007001e39370b271e395c7c008d3d7fe49125ebe106a48983c29ebb1ffdf93bb59c89f0a89a2bd9e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aace39d25ca231b9879825b1d9304885

    SHA1

    85da01cf73870d06bc3d3ff66a5d4fad221f38d3

    SHA256

    79204b1f860bc337583b252245b4b4131462c5717d3cf01da5d45f665f6473d5

    SHA512

    0d4cf283c28dc4836e5af53f7eb5dfb2cd045ba0a1552db1f5541e7afc755d492ab2ad00112688f7fee26ccf2c2b8afc4ffb55af4bd5474e070f3196e1fb01a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    320dd54ad35c826df6f4ff2e9b8aab39

    SHA1

    e65a100a44ce57a5afd989e6339f0884ab52e93c

    SHA256

    47ccb049f4b127ffb26ede5b2b6000729eceb14f6e8d338798012d9f9d39bd0b

    SHA512

    24289de79fd8818a286b7b01949684a5db0789b1906df5bd89b431168c8ee8faa0e7a0ae929c32b08ebd8aaac0f36a51386656f1268b20e684e1ba7ebdfbae39

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e974111c13cffc1c374fedba01de8acf

    SHA1

    37e29d78f828936383762a413c962abfcd014d56

    SHA256

    d784ea6d04fd150636630c0d324a7e1b2661a0e0629a5b4a0935b0f46cc4b8d8

    SHA512

    3c8d05b9577b64ebd5292212476ee9c5a42ccafc6301a307dc846d91f80b8093e4a0b40e3db1b3951c9afb18830bca3d641efeda01c039668b8ef1a1391ee42f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    46bfb09d9c90c0c19c2adc222d8d40b9

    SHA1

    6046113cb27d8983365c91ba83f5c472aff67b84

    SHA256

    08f8fdf93caf21a48e3849e5530f7d8dacd5ab88c49e61aec3cf84a2647b108a

    SHA512

    368e38de19d247d3e0c7ced4b33a8d6a2ef220679acff0da0d2764451d2b5010cf3a759a0e9078036a80d30111015dbbe4ae0859a60f20f2872ee74d26ff185d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3e06a41cec934390c2f492ad195ddb5e

    SHA1

    25dfbada9fbcf9cde02105547b8a1feba0b4f5f3

    SHA256

    9b544f9720eab88d68bdbe3df432ec1f88d99c630cc458d2b746e78cafb0e1d6

    SHA512

    3efa316a67f7792b952c4efd82a97cf705785082ce07abf6ba41ee5762f0b44e08387f91cb9f1336ea58351aabe6fce555f40707fbe859117a85aff8566f41c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bd8b30dd56783ff1fa4177bb25332013

    SHA1

    18b96425c459668e94a2ecae3a28ce7ec9281ff7

    SHA256

    80b4638e6202ffb931b73337dee5de654ddc982711d09bde24f102dcf33b3602

    SHA512

    b2b96ec1a42355204acc53c7f190666536d5b2c2f45e26a3a482bdb3f094b040990164f072c95319245df13361f29520983a2e56bdf9dcac261e250247553473

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    09bed933926ca8768efd78c35ca0db2d

    SHA1

    6593e2f97167f15471b5b441894cf1d5e0562ae6

    SHA256

    c16b76f7a7b37eb631f8b8a9e585efe6e98e22d6c506cde23aa1958c0fc334a3

    SHA512

    c96da6b7a97ac7140c2344d735675ef56520388be3bb80b4c595e68ac080d3240a39f0b6ac252bfffe06dff637e625c13c6439c906556204ff007e700e6e6057

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    15f04045f66dfac786e43efccd6d1644

    SHA1

    4be2892c53ab86b150fb4c7983046dc76ad31e55

    SHA256

    05c46e5ee764a322f20be44269a6b9ce4349bfc0c20c49a63844d7b7c2918499

    SHA512

    4f83ede641c1f79e5b16f391dc08391a7b75356051d9006abfa9e8bcd38eb35baf019104e8ec712324200054d8bb910d044dfd4c8a6a8d017cb87ba2e24a5829

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    49c5e2c563afe65ffc00169c160dbd3b

    SHA1

    a71a27623cb81a2f8e471a2229c2b01d5a8bb411

    SHA256

    3766b0865bcfdb35e3fa3749b71fd4e947c64a3f0c65c4c3016ada073f6bd270

    SHA512

    91842e7bf34868feaf40a266224721fc3f1456b43a01d7d2023c434bbf6122a08d8ac25832e6b02de205f4e54c9c20b2835373e680a4c45ee25b2a0051e80efa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b3a1d3563feabe858abea45d5186c365

    SHA1

    4c22e1c77bee343700526927bd6d1405fef6e211

    SHA256

    c335120a318447abd9c2f658fb1f2e3d50639ebe61b4e2cfcfb9e9193783f3d6

    SHA512

    470e4167433910968f39c462b7750ceeb204fe973effdc3adae366a4b9f185878618254e8c56a8c91caec231006fd8f7fe77d1f53f8f755f6e891e5b85ee9878

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dfc1af4d0c93fc84d82cb90bc9c6dd0f

    SHA1

    a91feb54730f3660c92c3ee61b152d6ef92873c7

    SHA256

    f35664ba3bdb055e89d5fef2d2d1e5d045719214bd791df3b079c826d813f02c

    SHA512

    c67df37177e5fe2d3010934c4383b0e16b24958585e316b91aa20d3751101bbbb4ef7bb1dc57e99af259cb5ea2729796d08c4e8fa479c0e7f6fa63963299b39f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1cada18ed04d9e90845f8d8e2b72de2e

    SHA1

    16c16dce21cd6d69905f3af93c3fcfc767a9ca80

    SHA256

    089026b5518c6049609bdbbdca0348318e8a41600cc2b2ac22629bfdf0edce96

    SHA512

    991f15db462e5d4b4d0afe10c01d4412a6af8ed09cfdb6ec301f042a758fb9c1ada0b493c75a1140815d9fb9cacf5150f4addc2c7e86657462afaf50a5cf2360

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ba91c075dc289b74baaad16b6126d211

    SHA1

    134627a1683a000960ceada495f9be810c991dd8

    SHA256

    fe7fd9463538f2f772153363e6f33aedfd15d826debe56dae5fa2e058040fa20

    SHA512

    59ca7d98590c2e9c0613faadb1247bf982cc5a088628fcd0074edfd6045daaf1193386a622ffee6a5f79b445ca22405790adb9525f718ac66e925b4351060f44

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1fbac41bf47b76777823b804018f41d6

    SHA1

    826e92ab17eea6ce1a5ab07f2dac529d3265aefe

    SHA256

    b9aedb97ffda34559090d6550518fc3e2784e194a1e963c891d695b75b2539e5

    SHA512

    091cf9d101f3f3d4b557141e4a4a92145c2bf498e4bdbc86645a415a2a4c99ce1003b787b22aec86517205d0f20d61e43f209c14f845abb260f58a288881a1c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2331e9bb8796c6f65cc3fe2fbfb5f3ec

    SHA1

    b4069e401e3b04ab692c2a630ea045f060c5b0c7

    SHA256

    e443c7fd5c08bfb1e37610c183f5b8549cea83c88ee6d472c66105936b4dfab5

    SHA512

    8bc5829b0771c531f4c1630bd9cb51b588e0936d3c32f3f40395e26728a953d8827a8e6cdf5db4c3c77c8ef103cc20f1a3237f979af449ad0bd00dfd5c87d6b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    b2baaf347eed6e1f7e8cbb3d572dec18

    SHA1

    51e6c0c035650d963ba73ffb3f330a29a892b501

    SHA256

    510ac05938ffb1b8b820d5a6119ade44a40db6f3ea34e53aee0bfc3c7ab8358d

    SHA512

    b36a6c9e675918e83538a520b25bf6976c7dfac1fb4324da8a3bf5ea3818d460e4cbe639865ea9396ee4a7aab491bd83f1cb92f663469da7a01248a4d8928e29

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\anyweax\imagestore.dat
    Filesize

    11KB

    MD5

    533dd54abf83d547321170c7bf101120

    SHA1

    c659d16ffc054bba88703d8603bac06f237225fd

    SHA256

    cec32d488f19a4d1baac5f8d8276b456fffb4b8089dc1362873963d7d56f290e

    SHA512

    5d2d0856b0c35f2cd7c7e08cfb8c31ad95d43bd6645534aa4e0429f488c299a294845f44dadf783d8b1e25c4455d77c4fb3f4b68905a4f767512b2e0f7a18429

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8UFEBH5\favicon[1].png
    Filesize

    11KB

    MD5

    4e2c4c5040b9814686b35a2096f6a00a

    SHA1

    019bbf2b11fac550a290f63a1320312baf5d2822

    SHA256

    d118e3e06505d31650597dceb82a0d69700db770abd7a14c25a80bc2f8138533

    SHA512

    64e03b0b953323af77ff8c7bdc6a0d379081e1250211b1d68b2005b325b570b764f3898d6e13ebe0b7da96d02659aaceb31475e81d18d38ff6669562545a53e6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB5D8.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB688.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit