Overview

overview

6

Static

static

1

PanzerSoldat.html

windows7-x64

6

PanzerSoldat.html

windows10-2004-x64

3

Analysis

  • max time kernel
    88s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03-10-2024 21:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PanzerSoldat.html

  • Size

    8KB

  • MD5

    c9e20585c84e38b809b0bc8aa775c2fb

  • SHA1

    eea96bac3cf9f36445ac08de76d5ee2201141b62

  • SHA256

    952b27c769e9e648e0c54748a0f93b8e12c42facb5488a8e67df5d80b22e86fc

  • SHA512

    2b3bb5c3462f38302397a0a4a3a5875b165bb0a80c0a450417e27913ecd32660c1d61a12e3c5cda29556e229e29cb61d97774ad936e9f9b10816479ceffc759a

  • SSDEEP

    192:PN2x2BmaYl4+iETz8CImMGbyHk2DJzBjnHtQbOhVtv1BFUfXyNKN:AxN50ETztGHtDJzBjnyKtdBFSRN

Score
6/10
discovery

Malware Config

Signatures

  • Drops desktop.ini file(s) 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies registry class 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\PanzerSoldat.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2320
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2320 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2704
  • C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe
    "C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    PID:428
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x4d8
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c2f00c270df2058459f8be137ba92f6

    SHA1

    81dc3f1f373b1034baf7f76b420dee5f9706b358

    SHA256

    4f9d95af82cd31ea9c424509140219373a28df37919259a6a87a8553e93cb020

    SHA512

    9a42244b34f1d7c947a080a88bab517a40a94b9860c1c5cc5c1fa5fcbbcd43b8a7b5cc346c7d074b3f33eea469436fc1635de88ea3135c9183ca48426ffe59ab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    944ff1e5c3c4903c1b5510ce13ca55e5

    SHA1

    5bfa5f4e153887c495a2c39f6a7e686877e15c66

    SHA256

    7e400b873954aee94c7130efb6afec35590a457da28772ed3db74fd5754f9273

    SHA512

    1a3c10277fc3bddd7d134473456afd27eba008d6615d0941ec9fe9db61589de0bdeebf9a0df3942d725a4994340d533d5998fc4180a4cb6712fa64abffe050e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cd02bd2336bb2c748ddc6b35cb25b94b

    SHA1

    14ce5e755e9036c3a99ea153452994bcd8b4b343

    SHA256

    bb4f70f711209d55174e7ef71f01b8148fd27bf6fe7641eca004d65f8d39aece

    SHA512

    dd9ed10acd25c7932795961e004d816871bba5e49b1ef41070fc914369f6f069b8be415a113b74014d0f26d4b71f502a09f691836dcc32136b8a08dda8e42c23

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e40d401e84fb9c9d495fdb5a3312a46a

    SHA1

    46f9e12bb33c3ebd23dbfd61a159237b4a299585

    SHA256

    656e7b52f16953c11ebd52190cdede2e671fd4f26147b748ecb6635c60379509

    SHA512

    f70bb47d1a4d41f1c5355d519379a6fbebed511e18230c110b47d58ccb1460559de7c0c7dab8a624959ae556943219be218c23fbe851fc64e4152dc7f98bc0e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8aa58c101f59e9da0dfd6453caab4b0b

    SHA1

    d60765a5a60a0c92c4171b00510afa207b15f070

    SHA256

    93e0069c6b87e1276ed20f31717bf16d1ac22e9299a34ae47ca3f5483680dc79

    SHA512

    9b453ad61133881a337ee0e67ca24e8f7181282a28c68cabd78149e5c8d1204acce0779cf3a5834745e2a9e2658ac53926ddf055bdb2ec98292ac5290119bebe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d0b6ac2269b8756cb4b4da50e59241b0

    SHA1

    8993a20dad6b8573ab7c6972b3a97ad4b3e7e05b

    SHA256

    6c333e768bb2e98a90cb70bca74a981674a76f94316df39a411c835fbd10d9bc

    SHA512

    d083229b0a36acb62ce64366125dd6e19d4af9d119fbeec9ba2a73f4acf9dbef38cff1719a4428ef08e3d64fa8965c0f2bf280d5f01cfa8ae57d26b292985d35

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e8b4f47cd6f19618748790f7544ccf1c

    SHA1

    0bae0f80c4f17a7846e811f5adae0eb000f42738

    SHA256

    aeb55431ef3e5b52d907b14f11b0644ecefaddf25aa6d1208e1111e6412c38bc

    SHA512

    fb0cb2e13ee2767512be81bc2b2cc1ed03c7769b2afd98c8f0ae01e5ff1ecc2e29226bb8636a56cbf0b126da467668076f72ffe3627b2e70d8194fcf39ec76b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1e1bf08b26b76535292eba2e9f70166e

    SHA1

    2174bf2a5d8eb372f435a9e3548d60f47143a84c

    SHA256

    aee167a77ad9b6d7516199a873bf697b06596f9184ceca8cdc8e1eebe48da861

    SHA512

    9c812c9e82728e31dde3c255309240aed77c8c22492f377950c1c98bf44337f12ae5c00c57f5b7df7e99b48d57052ea53a208a0a2d4d972f5fdc6de4a8dda3f1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b2016f3e87e0050dd526d8740818e962

    SHA1

    38fd74a18eda92dee6bf1069c069753e5e754368

    SHA256

    eab1c62b3d65efb1d6707e03ab6542f3753ac7d31030b04c6f5e7123efeb8655

    SHA512

    0d97cf740fc712256398b55d202a714efed340636c787c7547ef749bf9109a536df6ef1dc9d6ffc5b634969e8faecce6cd9988c8c34d8ab9c98da073d5b209f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c710215c494801475a7d7e96d3511332

    SHA1

    59eab5a79942f984294a8474221853c2937d91c6

    SHA256

    7015fef58cccc7684fa84dcb7fc8d8ff03a8006a6c7704a1827aa3336a4f903c

    SHA512

    6917b2a2c912632872ece9545acd5cec5a1e8f96ae13e8cc2d2f64803b58bc9e0faa7dc232fe49c3cbd401385585efdf5a4cb23c9b08905a8f4808acf377f390

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2451df784b6aa1f7c1e00b8d21e3b543

    SHA1

    113c80788b6ba5c5dadd52623fe2afe757849a03

    SHA256

    4db80c095335b89a8c1e1bf214e6f0a30b8263a3ffba66ff0a13a656203de10b

    SHA512

    3e3f0474a6b634f1018f18a05cbce93fc1ac5063028e2d311634b2f91f2064ccf90092f34bd688595a58e065582748d19a215ad4d4eb92a91f5ab876f4c2f6bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bb891f7d3ea43d8da25ec420ad457e43

    SHA1

    ed5fbb3f7f1dc6b5a6202d955e75dd6af1060b2e

    SHA256

    8f9d908d5e4caed3281a46291419b64dcdbb55f97b50a114c6831d1d3040cf7d

    SHA512

    8ba4d4cd0d5a9d5bded5649a2e735c37a519ec9a2e33db9d13b85fdbdba073cfd2a7dbb2176b6c635a6e6e69251df39d7d41a9c05ced8a8988e22fa99e9abfde

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6bc0794e69543906c28e6511d50774df

    SHA1

    9c851094ed639cbd98ca6925ac42c6f4e346991d

    SHA256

    261d55cfd680a134a89dd73413f536759c6c3e719586a4613f15510a3bb12081

    SHA512

    fa531a514edc3b36e40f20a1b57e7c43626db84d0834387bcb5956a7dbfcf1b3e74b4b9732652e6748760e11d7edcf7de4a3f427c951c60c1b1a8fa22acd9f7e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e98b7863d89fde8da077a399c0e779e4

    SHA1

    b684d0970f7ad7007e798dc5fe96ed4dedd06e74

    SHA256

    42bf2a0e0fe04cc4f144bbc4e4e4ee0fe3ec79a84d3f0ebbac4dcd297370f711

    SHA512

    cff81e9a1a1d00c8459e86a6b593f8deaade416a76ea8e38887314549a890a9515409e349db19ebd1a4df123d1f80d6863ca17f7f3b76ca3085c32b5930d678c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8ee2454e3ac3173849d8b6b4e8f6329b

    SHA1

    b471ffb263320e377595e48c28b8390c17c9b706

    SHA256

    d441fa589597c3751ddb2941326ef04d30d0974ee6c8b359036815a2aa4136fc

    SHA512

    e93ab138ca0e155384aa527f9e61e290b3adeb76424e1c9160512c22ec2f0514c34c2924ff658d09d244d76dfb7097bdf96dd41ca2e9ea7d3a25502b0a3693b1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA9BA.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarAA59.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/428-863-0x00000000005B0000-0x00000000005BA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/428-869-0x0000000001DE0000-0x0000000001DEA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/428-864-0x00000000005B0000-0x00000000005BA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/428-867-0x00000000005B0000-0x00000000005BA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/428-866-0x00000000005B0000-0x00000000005BA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/428-861-0x00000000005A0000-0x00000000005A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/428-862-0x00000000005B0000-0x00000000005BA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/428-865-0x00000000005B0000-0x00000000005BA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/428-868-0x0000000001DE0000-0x0000000001DEA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/428-874-0x00000000005B0000-0x00000000005BA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/428-875-0x00000000005B0000-0x00000000005BA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/428-876-0x000007FEF5F2B000-0x000007FEF5F40000-memory.dmp

    Filesize

    84KB

    Download

  • memory/428-873-0x00000000005A0000-0x00000000005A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/428-880-0x00000000005B0000-0x00000000005BA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/428-886-0x0000000001DE0000-0x0000000001DEA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/428-887-0x000007FEF5F2B000-0x000007FEF5F40000-memory.dmp

    Filesize

    84KB

    Download