Overview

overview

10

Static

static

1

VMware-Wor...0.html

windows7-x64

3

VMware-Wor...0.html

windows10-1703-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03-10-2024 07:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VMware-Workstation-16-Pro-07-10.html

  • Size

    8KB

  • MD5

    634b27ba5944fa78e8e883c32150c3c4

  • SHA1

    c038f37c15d77658362bdcaa7cab9a560fb8d908

  • SHA256

    9c90fa883bcb26af0cda67641d4b4aa1138f102552fb1608c41e51c253219ade

  • SHA512

    07fc70e3aeefa8455f792cf16bd6d1a920beafb8e260c3e3fd89290d4170d2c6ba084f66fa5c1335b5e3d1815a7224a920ed55766672112ccd4c4494e6619bc2

  • SSDEEP

    96:fsuWzPkloqaj5fjmZ/1yyyrh5HPJjeIJumKF95RZjieojwXZkn8oqPTi:mn7m5EtJJjeeu1hkrn88

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 32 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 15 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\VMware-Workstation-16-Pro-07-10.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1812
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1812 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2800
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:288
    • C:\Windows\system32\csrss.exe
      %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
      1⤵
      • System Location Discovery: System Language Discovery
      • Enumerates system info in registry
      • Suspicious use of WriteProcessMemory
      PID:2856
    • C:\Windows\system32\winlogon.exe
      winlogon.exe
      1⤵
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2660
      • C:\Windows\system32\LogonUI.exe
        "LogonUI.exe" /flags:0x0
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1760

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      61ce12b057e5c2beae5db928888990c9

      SHA1

      31c4251b45d33210b51e06700f20328dd62375df

      SHA256

      a6fb3603a585f0e91765faf9c69177db2a801adf4c3568021d86a29e9aa04e97

      SHA512

      ced285e9c014973ee4e679ad1d135883084b5c8914043a41ed77035c897d16cd69e204ad515f1a9d17a60870ace07a4f7076fce32b9c72887c691a6165c62740

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e701270e21bf55a86bf06d0344a43b24

      SHA1

      78fb732aba2a0c2e6334618bd17b4901f469c672

      SHA256

      049e7e409238eca6ba6c23f859c2226468f2b7243d428e3ecb900b0e2b995bc6

      SHA512

      b2fcf22e381d37d1abbde5fa6482ff901133bfd9335efe3dfbdf3f1a0b746d6ceb5a457f94daf25b57811bb392a57d56242b666040017567fdf3d537d7ec20ec

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f514c801b28284446f0a16be7b13dbc3

      SHA1

      64bdfbd6981c48ef66f8c0adc8848d47670914c8

      SHA256

      acf14e78a2c839296d956e51d9e99a2620da32ae68a2cb1b865d5a82d310c3fb

      SHA512

      290ecd2d2b006aea7d046fc63304400b478bd927a8a7702e70267ffe370bee1b02ffdb89422664597dfed5f94f469b0a3510d1feb15e32ea7336a89641b6e079

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b253a12bb429f82c9c8b4d2af568d62c

      SHA1

      16b870ae8235bab60884afba5cc498c1bfc4638d

      SHA256

      1d61af579bb08d0d2d48bc23f3946acb87d0db70afa98d75be5f3ff563f617eb

      SHA512

      42501f49377d37e7d6632b3ea4a9cef13015d93ac80c262ac5f13246bf47b634ecec8e1e39f66ff6ed677dec59f4bde7fa7571b460bfe04672c2dea1429a4140

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8c81280ebee0da1bc48827c597c064f0

      SHA1

      2f82623c4c23d4542353e86f3466960c5786e629

      SHA256

      3a41ffc765c2b58b7a32944186b0800ae0b7a843b297b7058a2116898d781fdd

      SHA512

      2edd813ff6462a85edb3bfe1849ff992e44c9f95e466f007c0c0b4e7c8c3cd150038df8ca0a34e744886bda96eefc81b3ecaaa9c4f8405cbdef0e1e590ca350e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5c1d321121e5f834ae7cca5be504b302

      SHA1

      6b26379a3056a3ee43e9b90e37bba5648a756a39

      SHA256

      65f16419ac79865198eef6d5b8d17dfce2d969d18e6bf114ae15da23aa1502aa

      SHA512

      7ca27b2e1f64d2ce964399fa25ff1b5a1cca3fd7138f9a3d03d03c70cc2d45ae5094b0868261b7cb0c015e1aa00005f0ea76835caf64c7817e06cf217b347471

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      841bce3add1fd66797a72dfffded97d2

      SHA1

      ee9ce01418432f3bbca698d2c1fe9005448c74b9

      SHA256

      a44cf8f4654cd294b6da70cc9168a36e5173bf995324216c63d14d7b8003f83e

      SHA512

      c795734394b957aae11b98e1481c51433ec2228d01e8ac7a4c785c2b602db9f3490f9d8bf4b2b7cfbd5417ec334659e1197c216200854525cb14fdbb41848fe6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      af7f008b30412e5dd1022075084abb42

      SHA1

      b1e099114c7f7ee130bc2a894663fe3b86a3cca7

      SHA256

      57434576acc87af3b1ca35da20d357bec9a7a23be815f179e8fc09df32d9b982

      SHA512

      637957731d6dc32cbf2de2b9145f83539adb8ae2d84aecc600a72671d3a752f20a70a4587dd1b6151222ad440144c69c5f3a3106225a59d50b698d9d5b21525f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1b2d18d9260481c1337d3c7598b9d207

      SHA1

      4421566d2f302d3396b0e285bd274f1d1c10f5c3

      SHA256

      1319c2c30fb6fb762877e329fc1694d78d733aeb1872b81cb6f893914c0daa5e

      SHA512

      3feaef51c16a9abfe0b6c011d124d673ec9dec674689672ce0b92c6d62dc59d34f6f19ce01de7c3f557b570ecf0b04c5a1e729d3c664a6789c56564323d9e3da

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabCA0.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarD11.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/288-436-0x0000000002D90000-0x0000000002D91000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1760-437-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1760-438-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

      Filesize

      4KB

      Download