Overview

overview

7

Static

static

7

0b692a1d75...18.exe

windows7-x64

7

0b692a1d75...18.exe

windows10-2004-x64

7

$PLUGINSDI...ff.dll

windows7-x64

3

$PLUGINSDI...ff.dll

windows10-2004-x64

3

$PLUGINSDI...lp.dll

windows7-x64

3

$PLUGINSDI...lp.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ON.dll

windows7-x64

5

$PLUGINSDI...ON.dll

windows10-2004-x64

5

$PLUGINSDI...cr.exe

windows7-x64

7

$PLUGINSDI...cr.exe

windows10-2004-x64

7

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

DownLite.exe

windows7-x64

3

DownLite.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    141s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    02-10-2024 15:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DownLite.exe

  • Size

    2.1MB

  • MD5

    84d44cc04348df5226b733eba1b64eb6

  • SHA1

    3cc6d1a7aa6dcccf665c0c777af596d551fd953a

  • SHA256

    7126b3a28108726ee7d07024bce3611ed2d68f7fe75494124a04b9314488e605

  • SHA512

    40f11d74b158188b5d948d014ee82d70bd1b4a78710d7e596f961dd13fe212e6435ce2069ff4f483be3d8d23f8bf4fe478264b1c90f840660fcf4f7e0ded24b5

  • SSDEEP

    49152:0gSxAEDE727h0VKMPh3UWUZQLamNg5/U6l:Q82zMPh3bUqamWc6l

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DownLite.exe
    "C:\Users\Admin\AppData\Local\Temp\DownLite.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2368
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.java.com/getjava/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2876
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2876 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2428

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    082c9b77684299f8edeba5199dedb2bf

    SHA1

    37f3aff9a7ac1872906ae3c83504d56f37d7f2f7

    SHA256

    984f622db06cd3164e9bf64f85cbc70703c50dbb85013bbfc1a5e6e47bdb0fab

    SHA512

    aebb21689a0176ca86a5ca12518af54cfefe2b2ad5db9cc64c4b2a789761b187182f0c5992a5336bcf465da633fea4f342546277696a87d46a8186d8213434d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f66eeb7d6a53c3501fd417762b8a3b83

    SHA1

    5bbfcf27c149daf4b2344502f714f6401a18f22a

    SHA256

    d9078eeb63443654aa3ff96a0e24b3adbfce481d7b7e809144120dc41b23dce0

    SHA512

    ff14d0dd88ed802a121e00ee3662e0d64603cc1c720faa212222453bea78e3159f35a9f459d29f77cb3e9d7d0d0d97ee7259c5c2e5819e4c29a5a3c5f70a8bb1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    81502d1bffaf7c5892b25bbcfc61a06a

    SHA1

    2aeb1bd3487ac6576a08d559b6f2e67b2ffbb2ee

    SHA256

    b5dadaf91a8e671b6622229f61567866ce92696a8266929e0d35de7117e9e649

    SHA512

    7914a514cc2c8c7d23bd84b3f17c167e9b4f53732630c95bb2e4f5a6b0e497cfa9d5a351d6d4836815a56d18d5eee30a76c9cbc48e83eb89c04030b6c7a8b8ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c4b48e1e67f76424b3f9a4a63af65fb1

    SHA1

    cc13d38aa07273352f77852f57563c83dd1fbfae

    SHA256

    995a4d343cdba78537edc7070f8ed1e1a8819bd143955103f5f6d2e3eed461e3

    SHA512

    9fb08a22b5a4a1862edc3158604519a99fee574ab1f70dc2f6029ed5b6077a1c97e99163151be9372d24adb8891d26cb5a937cd971d1cd2bc14acbb23e99dc06

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6b03c63bfdd8a545b52eec6988323a7d

    SHA1

    98e2c5585a1e39a906b11c4da900b90a58665951

    SHA256

    6ca77287cd3e44509adae4a9b83a06eb1e77747df2a77af908dd57c2dd002099

    SHA512

    c5587e01cc84e1f559f15ba10f9f54d114c7ac8e9480e29627349f6d192082a92a610402be3a92738c3e5fce020554b1342ca56c1e93e510920d6c71ba4f9112

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3780a94416597164be87fb1747e54fb7

    SHA1

    74a48b07a4aac351f76395a0cddd73b696ac0686

    SHA256

    8e4427206686e448937114e4785b73371d9683e18c0fe432cc34f0d7e622b2c8

    SHA512

    951a533792e610ce92a33d90723f9cd1a320bfbba7bd68d9d808d3858947f9235c39ea78b1c40e9226073726662a40b975cdaba3985c62d8ec9d00bd5737fef6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    92afaa4662515006804b1d2168faa1fa

    SHA1

    c828b742072286f3ea3a7ddbc752435e41866ad4

    SHA256

    28201e2fdf6bffa045bc182612c398a3617d0bd630a0bae9ba14f17af334e6db

    SHA512

    0de7b17c13ae92626cb33e3832368fd5b76abafc11ac5914cf5d544020ced6d72c9e92aa0ae13c7dd93a5780da231cfe9bdc0837fa9880a9141cda56f4fa5079

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    edc4be7ed04ad16e0e56408a228d0160

    SHA1

    da79f08ab3d3c317391e95be5a00436034ca29f4

    SHA256

    9575dc6f4ef12c8511db741a2dea631656c8a7fc9dfbf83e82fa89fccc0cd2dd

    SHA512

    5ed6bbbf7824081e5458953fe4466eb4b7e40a9ea55555957c5de61245c8f3a35bb8b653b9f04a9413261010b1baf5bfa25abf000f59bb8931d5cbeb23270369

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ae22993263e7800026e7e0c2864f80d4

    SHA1

    ea256523ad9e83074835562308729199b9d13507

    SHA256

    207da550b5caa9703369ca76646e95653c85a34e1e946f254dbc47beecba9916

    SHA512

    846130ec9915e9e7b630ca7ffddb7e7166fa72c7853d94118c6e62ce83c835bb119cc0e8f9e52408b2e6ca1bd4d554c195dfcbe5682c83c5cd8bd10558efc6cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee1cadd71191960dc97a32f5bb4c0d54

    SHA1

    61ab601271465eb8b6c91ad669139f3b72c23e2e

    SHA256

    2c7706c4ab458461f2f08bae7f6a165fc46d46aba415b1636ce4eac1cef14f1d

    SHA512

    8f46afdc98200478f706bb6212dc363c284794e5de808d901b819eb25aa4ddd0eabbfa8d1902551e84eaf7d06da1b1654c746576d1495d2d95982491c3edc6d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    854a35ec282f23c491d086424cf24309

    SHA1

    029e1e443605245a1bf74f7b9454a0f627171f8d

    SHA256

    d6fd6e689a4cc95594980526508517df4a5371e5a59f3dd803ad48a4809b444e

    SHA512

    9306f481e8038508f5e36294064b1be94b46271e6ccd182680451b75140c13185418694d7dc413f4b5480b93ae1ef3bfea3000cc758338d411e2700a96e6fe03

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3fffec6460a3522704a97ad2262060cb

    SHA1

    042c7fe833caf97d1cd94c7fe9362a1948d2b483

    SHA256

    356a0f12c586e96bbb3841d924dc94af9c7b2bc81663c66b3b28f513c350356d

    SHA512

    a072b3324153a995d3fc3c8f67643f53fecf9fb8db7f0692d471f86cfeab1b86857491760ba6f317eba1c813fcb612fabab5ccdd07fe4d2c12de2580f6c2fb2e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d6303699f5d20948c55fffde622ca6e6

    SHA1

    59962361b2def6fcf90a05aab69d7096e4fe8968

    SHA256

    f576cb3ec51cd6fd43e4efa98ef39621e277a32d977207a0acabf5921993364f

    SHA512

    4c13bc94074a44475b11d0501c6d20dd37c2011b3ae5e36c305bfc62aae9f86f9ef1a2d29299cdab52a1c951f2f5d64dbfcd265bdee35cf88d765b59f7be64bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ba9956031c3850eac6c0b955ce508d4c

    SHA1

    285f6c2acf8e402d91765e305fb209831fb2b6c5

    SHA256

    e3471371f408547d8ac415a1144169dce28026ec8fdf95a47e102fb0c1688ba1

    SHA512

    8b10bc68c3aed2f8fc9707bce29382e06b4999c2647d1d2f2719e7796b2cf52fd849d7dd186903e94dfc27881bec5f47f152673c02455c83e82667a9d7bb2542

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cb8eef3af32279b6df14cd5204f2d601

    SHA1

    0f6a8abd2ec8f5a3c4aeb655757771648f688a94

    SHA256

    7293457e0b7514b4eee253ccfca96df60279b3c54880d2c6875c48cfa0b8e749

    SHA512

    fd75da737c3d411801cfd1cf3e09b65d8a124716ed38706e187424a716c4ea22c073957a6ca42eaaf77dd121771327e40c4941ee5ba38ca10da45aaecb677641

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    faaaf4b102a6cb27e897b62e77b84684

    SHA1

    b8d7722414183b11ba22d957d759fc42f888a246

    SHA256

    bf10f401f160f266c95ef09b7b4f0fa841c3ae6f51fa20192ce6a31cea166631

    SHA512

    5fdc8556062026bbfb03af73f8baf0e360b0a820ebe3fdfe6e8987ba8e5f5951346e3d53f06c012de878a766ff8bf57ba6192e1c09ec8f0ec954a986b2ffb5d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    50a19b8636f6a1f3e13098601b94f6ea

    SHA1

    19091390e7d9b4e9a9e73551f70c402947461f2e

    SHA256

    6db8c511c944a5fbd6559500c62ae2a8426ee46f5af8819a60dbc73157155f1b

    SHA512

    dfc7209184bce0a24d1d79753213e707ae0a1d96740c2c2131bb6e7dcde39bd0a707be5a2afe581ead5daa430ba650e94e174aeca024104220ba9ebf67d0f5d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    542e05ab9fc1ac4b0d53507e10ff059b

    SHA1

    7db99ea628a8277fb39698967e95cdae5ff0ecea

    SHA256

    9326a4001623cd3865b129677bd0ddc246ef08560792da479b0cdeaa00b526fe

    SHA512

    91097efb1e657f95b96bfbb765e69f5857344c51440f7aca62c47865234ac2d98cc41dee78fc67e117a90479639cd15b1a7c0016a8e6e622b0eef23be0306eb8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    99b5c11c8d5c22ba3e562adcebf874d5

    SHA1

    cd31ca2fa05cbb7c0b408952774c9a793193943a

    SHA256

    6a34ed21e71d0adf9f500946cea52f2c782d387c1b69b4a0847c384bbfe933c2

    SHA512

    8f73f32d09203ddf3ec8f00d37c10803a42935e5e849bdcbdfc464f8ba1ea5dd287f5a86eaad551cf5f5353e16f153011dba1d7554e5edca3532aa3aa0569529

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    b39573b603e76033d4a555063127dc8d

    SHA1

    149a6b4e0086720c6de7dba307fa86b1e9f2d8f8

    SHA256

    a5fe8f8dbb264b2f115e472a769091f99ac6fb5dedfeb06144180cfc15264431

    SHA512

    3f6dd3196ebe76171d94bf948ca9541613241013dc9be7dd4c9333376ad7281931877cc87ec464a09ffbba2df0df52237c739a0aa2bbc9859ffab8099ab18a60

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\G7BH00L2\www.java[1].xml
    Filesize

    216B

    MD5

    78a52eeac7ccc09b65382dad3f19ed66

    SHA1

    208b2bcfbed8bdc84b60f88071ef76324ad50ab9

    SHA256

    082be2dac2691c4b7ce4bf1bd528410d2548c1bbb667a2c72dc449e928456d81

    SHA512

    666afdfd257017064be7ecf7aa2c33e8a176d4dc22a8f4f018a03306cd2e4d9537bb943c0f90d3415069a3970ad5a4ed7e9cffa9af141f71910c45ef97fe43de

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\G7BH00L2\www.java[1].xml
    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\yiu0yt6\imagestore.dat
    Filesize

    1KB

    MD5

    1dc0e6305c6cabb08bff798702770de9

    SHA1

    06a5a3140cb058778529e387ab6d8ac35d12fc10

    SHA256

    4ce1d6761954adeb90023000904f325c7c0e91a25c8686c59eed39400f562578

    SHA512

    85b74e7af9cacf92bf3ebb71f6ec296b609ee8bcde42cbbffb9fa05afb9b0c7f545ac790bf465bb3ecce16ec107100c3d86fbb7d5c3394176f141baadce982ed

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MPUI9R2R\favicon[1].ico
    Filesize

    1KB

    MD5

    8e39f067cc4f41898ef342843171d58a

    SHA1

    ab19e81ce8ccb35b81bf2600d85c659e78e5c880

    SHA256

    872bad18b566b0833d6b496477daab46763cf8bdec342d34ac310c3ac045cefd

    SHA512

    47cd7f4ce8fcf0fc56b6ffe50450c8c5f71e3c379ecfcfd488d904d85ed90b4a8dafa335d0e9ca92e85b02b7111c9d75205d12073253eed681868e2a46c64890

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC49A.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC49B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2368-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-3-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2368-2-0x0000000000400000-0x000000000062F000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2368-549-0x0000000000400000-0x000000000062F000-memory.dmp

    Filesize

    2.2MB

    Download