Overview

overview

7

Static

static

7

1469a56e9d...18.exe

windows7-x64

7

1469a56e9d...18.exe

windows10-2004-x64

7

$PLUGINSDI...ff.dll

windows7-x64

3

$PLUGINSDI...ff.dll

windows10-2004-x64

3

$PLUGINSDI...lp.dll

windows7-x64

3

$PLUGINSDI...lp.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ON.dll

windows7-x64

5

$PLUGINSDI...ON.dll

windows10-2004-x64

5

$PLUGINSDI...cr.exe

windows7-x64

7

$PLUGINSDI...cr.exe

windows10-2004-x64

7

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

DownLite.exe

windows7-x64

3

DownLite.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    141s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04-10-2024 18:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DownLite.exe

  • Size

    2.1MB

  • MD5

    84d44cc04348df5226b733eba1b64eb6

  • SHA1

    3cc6d1a7aa6dcccf665c0c777af596d551fd953a

  • SHA256

    7126b3a28108726ee7d07024bce3611ed2d68f7fe75494124a04b9314488e605

  • SHA512

    40f11d74b158188b5d948d014ee82d70bd1b4a78710d7e596f961dd13fe212e6435ce2069ff4f483be3d8d23f8bf4fe478264b1c90f840660fcf4f7e0ded24b5

  • SSDEEP

    49152:0gSxAEDE727h0VKMPh3UWUZQLamNg5/U6l:Q82zMPh3bUqamWc6l

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 62 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DownLite.exe
    "C:\Users\Admin\AppData\Local\Temp\DownLite.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:536
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.java.com/getjava/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:496
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:496 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2320

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    0ec3cf910dd4c93879f99f2e96e87fe5

    SHA1

    e34755e540c34f3231632e445f2e970acd6fcaa9

    SHA256

    4c169ba53f4d70e0daa4917d630ce89b302d7e305c66b8d6f15222cd2fc2073f

    SHA512

    36830864937c65781437dcc4bbe55f4ba8a0c16d926c0de73cdebe6a20c18c8096b573fedbc9dce854c42e64a450e976915ffa6a13e42b35bddb7f5573419c8c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1f2499abaa5bf23cff905ecb4ebbdceb

    SHA1

    974b3bcc5a8050ee031ca45e54928647788bbd45

    SHA256

    7e71d566c1d031b4927e5479e27b52231e1ed8372c77d1e64615b708f41dd42f

    SHA512

    93d3e0a3941f8c113b70afff990df96833471591f1fb53a0cadcccfa25df1d333955c481caf139b500bbf101e0fc7c7940caca177916e2a957f787556ce5a724

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d354e6c4782c2c8ae9d30d5e764b5762

    SHA1

    23cac7b578fb923b0bf9ba34eca08d66519fa625

    SHA256

    a12b897b0341bac38e63b0597069e2c5e21cf2179399126dd7cde4568ee55687

    SHA512

    21410d5df1a88462ab4d8ea7cba45f02c3368c8ee8a15b22cd0d7d63f5821a524c8d094bb85a1e8b21c406043a5c87b60295fedf2cef59662b42f27e4cc87813

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b3dbe716a1b33d211722226442a69dd

    SHA1

    a29f220f29896aec8f43d25692b0d00cf7740f46

    SHA256

    749d3ffe34920c558af1e2e877be7a8d08413c9627b082fa1822072a8dca80bc

    SHA512

    008185d973ce4f1f6437a8d3d8aedc6f308ebddf684437f54eb311e3e800e6e6efa2d9c7a37cd1de467e29be375764264059ba890987a4db1fb390f2b7f0303a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3103f48d4ddc64a0d0fc982fe99730fa

    SHA1

    dea923065eef25940e44c2c7ed18d22f42a56df4

    SHA256

    4a34bd220c5d9a58f6776edf30c5e92a95ca03b03e64b798a6604fe08f99e5d7

    SHA512

    7be7c62543c83c9f3ca5ba584ec5e0d1e16d2fbf5d31af5a15fbd11de878aaceca154262727d8ed49e74863bf3fe6f6093ac584a4f92c1d436c72e9c3312ab2d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8ba67c6b9d920dce5f82d01e19c8cc56

    SHA1

    76ffa27c1529b2f7bc71ba25204801cc65692ac8

    SHA256

    af0339fdb2ff0c8732546ee43b55db4dfef5be23e9aaf4ab7eddbe91ff44c555

    SHA512

    561f18ffe56797c645663c798d7b950932194548eea2f1669d55181234ba8a20e1df90d66a1eabdd0dc11f2f1abf75c3a82ed642b1f87a991e7fa09b0bad89cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c82d41e9f8d297f3b5b6bf084600be4d

    SHA1

    b25c188a78837b17d9abe521c4bf094cb52ec359

    SHA256

    4f5c7faa2d3b4bf88f3207d9d532caa958aac5427d3784576db98d5b76f7afde

    SHA512

    ce5422b4b5c69c483c98a80eb258808cf90e4a22e5ca3d02a7119d2c9349f47e26620d17d5e42e3fd952641dd8afa5cbdc79d20f297cc35e4c04401fb5c627c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    61ba5449d00a30f542914102026266c0

    SHA1

    701b6566256ea50b14787a4178d255c968e2734d

    SHA256

    b8ff9706adab4f7d798bd3f0cb47da1428c553fe2af878042eaea638d738f239

    SHA512

    edbcaff6a8ad7a84b7ff1cc786eadd8cd1a666fd301c27fa87737473a8f8c7fc1c919be43f54b6305cb2edde396e25f2d87fb2c2a66bff17bc0eacaddf79a614

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9724f366cdc400ace314cecfc5fffc7b

    SHA1

    9cbb95a6d9b2475d754006da8cfc7d2c4787afc6

    SHA256

    7096f54b223248822db22470c8d19dfc0b55febbb158bcaa8510f98013e3b6b2

    SHA512

    a4ad4a7302aa533898db66ab55d7264c52c2a7422e0cd3c0718eb3c47724046c55e24f358423a38ff7e6440cfdfbc3c51cd048084e353262cc2fcd60b7063565

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b883f722e5e48b26a21b96211f44728b

    SHA1

    83c81925baaee98918487a3525e50d76e936b094

    SHA256

    8c16b292d4184276046b849cab8b297cac8db196f705eb4bfed485af11f448fa

    SHA512

    d55810804a54a63a579e6e7422fac23f81f01039d457aa0199acf8d3c5c67159eca11c54469660d00d811b49023af3dd0337328bdee5ff4a0d8ee03e103a1dc8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    31a60dfb3a6a2332ae54051ec4dd1d49

    SHA1

    b876c52fb425098a3e815ea2e703d544f4e97e78

    SHA256

    99f4118b9013b6ae89cb1d0b186a57c4eb7a62ac7d5aa0edb0b21d6429d0bb61

    SHA512

    979e723017e35b8d8c267958662c26e36a1c2017c9bc6175bae2957e334c9afe2efe5cc1f032b3063bfe9c8d65833668f0908f36777a0d5fec44452fd4318236

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    292eff1ab700357bfe23399c86c977d7

    SHA1

    04452519f40f92273505aab62d4aab98398d2939

    SHA256

    254c31a3d4cdc4c97e0841284d73a7fccb16ca21020c27d152f226a82e6f03e0

    SHA512

    2735469fafa130a11fab273fe9b58f13461122a4fdf67c19152d14c9d482afc705c7dcc638ab539285cd2f23d30ca9446e3637b58cf6529c86f9339d4a419fae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c6b60715d28c6ae9ca76f4073ded2d98

    SHA1

    d0e5afc46d8b696c8592251786dfd4f603bbaf15

    SHA256

    5738a001d99fc053c56258bc61f224e99e9fddfbc823b5a3133f8d47dcae3547

    SHA512

    1e867d5148ff99bc8cbaa2117e1f7e29076224cea63bc00566e0022bb775043f5e77ebbb59e52ad8af6fac220a592060c12f50dc0bf84c9c2e87cc2e6bbed57b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a77576c7fc237f3c3364e6083f66ee4e

    SHA1

    6bcc6fc304b1d6050072a8c7418f025beaed0c9e

    SHA256

    77c195b40cac871219a480769b7d1272dd1935ffa68b20ac5591b971acda6240

    SHA512

    cc8f908f741a5f707d2f36181ff1ad66b6156191244456fbbba85854c1ed866162039afb4e3f3bd9e2f414a745801d7f5f068f157ba0d7dbad70613226060ba6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fade9d528e934a8686cecc909c994135

    SHA1

    16e2eb04c8972e8c4afdd2d985cf27cadad0b200

    SHA256

    c10fb68e22ab965ba95f1d4bb672cfcd3012c68f40527b9dc6534b5541f62e63

    SHA512

    f888157eb6dbe1b91a6490ba3bf7e6ff3297d71c2823f7e9ab808d1e8d7966ac49a34c648adfb1ed3b2ac575a2988935636bd7e97e519d60cd6cf76fc84084d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c6f537cb0acd859c0b1857825f920cc6

    SHA1

    a45f15e81d6fcf70698f737f023f753c46584c2a

    SHA256

    be136d11f9e9aab3ab9c8585f957edb6b7e1bd0431fa0eb4f06b544bc36d084d

    SHA512

    1763c6b2dfe8795f3dc6679e848ecbdda4a32ef287fc16bfed8a2fe7d5d58970d329d4c94aa1ca8605562db658caf8ce94e6aff7cd7648e3de6778881d0dd3df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    87e9c01785962ec6efee1f02ca408d8b

    SHA1

    7f7bfc29559f2c41d309e76e57ad7fe2c345ca7c

    SHA256

    acbf230d4a95986dff6a685059410986a9aa3c43fdbda7c03d5117e2da6ef834

    SHA512

    6406542dca4f5f5bb00a46ce4d4bfbbd53a621069429289b3d73bdfc4441d185ef458174da40adebb60d4ac2b36361fccdc21d4860c5e7aeda1fa48f02d8bd79

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c82e073f07b28205744f6cec2d26bf6

    SHA1

    ce76f29a329b4c6af0450e7b6182c74a781c1bfb

    SHA256

    0c6f471a69a36cdb2cd624ae683c7484238aa1b490ba49e6a2d96a60a15823f5

    SHA512

    fa7bb227ead6565bfd75f693d6aa1e850b308d3e68de29e3049e557ab122d9369eeb24d5769e9e326611e5e536a249969d3499579718bed3fb059e7ac56a5c20

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9a3c46e7fdc9f407d02884aa4d9ae504

    SHA1

    0b3fdbba2b9e1246aa02aff812fc4ba11fc89373

    SHA256

    1ca96746438527af6e8d53cb91170d56228d162d68aae1e4f897f44f99d1fe19

    SHA512

    6a09a532d565545141c03d5c527c745076bb0d0526bfc7a217318a451ff452e5ec0835419b32cd58765a51aa86253fc93bd128b27583f0e87671841bf5d8d3ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7dd1b944c847045768d510dffbc239ad

    SHA1

    c7ae0ceeb93990b2f3ba7c50f0d9d485b827114d

    SHA256

    8dd02812157e10589e17a29341bd4d78c5383281522b4621384aec0294938913

    SHA512

    4dce0b55097bec20b69cc66841bb19e7db4aaffc49b5adffca32d84259fb452999ce50a90d931479479bc50f66e88b6693da8012a77c288463571e2251e2c492

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    e7a823834b2fcb79284b45aa75539851

    SHA1

    50163a18b076aed7be53e502a91b4be088ca5b95

    SHA256

    d0a65b172143901bf06a3cb0acf98934015e9aae2cab6dbf687c34834259587d

    SHA512

    e6a2f1beec211794b9dc545df58141a8009aa83bbcc83c4ce9715d86a1a74f2b752c80633f47abf7f0cc8c1f4fb07b5aff1545219be282b9fbc679940c6bef81

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QTV4GLK7\www.java[1].xml
    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QTV4GLK7\www.java[1].xml
    Filesize

    216B

    MD5

    ad082b7d890894d430dfc6c111854a24

    SHA1

    5ce8751dae9c88cdd921ef4c55d9ce93b97770c9

    SHA256

    33045055b3e182533c3e94e054fa68ddc019ae3a935e00b17a285b0ea998ff95

    SHA512

    5a07c289e617cb7cb843ee20d22bda7ef9b16cc2b4ffe5937dc0afd8df386f042d549ae06828ac82139f9c63982070e6d109aaa6ffbb25a1979cc61d6a6b20e3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9fajjbh\imagestore.dat
    Filesize

    1KB

    MD5

    b97e44c60e08bf98f913cd10a821d10d

    SHA1

    9e460326b7987ea0a3783cea4abaf7d57859dc13

    SHA256

    e5c383a1f2ef9624fbb06fe612a6ed5a90f45412827203d6a144c22499d17514

    SHA512

    249f7d4a4579b7c3f608b66f26c8f5950ff7ededdc7dc0b9113186f2a5ca196063e38b90ecbf9b04c96d2b0f816021de5781a048479af2177b26f3d1add17ed9

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0WBLVJY\favicon[1].ico
    Filesize

    1KB

    MD5

    8e39f067cc4f41898ef342843171d58a

    SHA1

    ab19e81ce8ccb35b81bf2600d85c659e78e5c880

    SHA256

    872bad18b566b0833d6b496477daab46763cf8bdec342d34ac310c3ac045cefd

    SHA512

    47cd7f4ce8fcf0fc56b6ffe50450c8c5f71e3c379ecfcfd488d904d85ed90b4a8dafa335d0e9ca92e85b02b7111c9d75205d12073253eed681868e2a46c64890

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD2B.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD3E.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/536-556-0x0000000000400000-0x000000000062F000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/536-0-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/536-2-0x0000000000400000-0x000000000062F000-memory.dmp

    Filesize

    2.2MB

    Download