Overview

overview

7

Static

static

7

171f66ba3c...18.exe

windows7-x64

7

171f66ba3c...18.exe

windows10-2004-x64

7

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...te.dll

windows7-x64

3

$PLUGINSDI...te.dll

windows10-2004-x64

3

$PLUGINSDI...om.dll

windows7-x64

5

$PLUGINSDI...om.dll

windows10-2004-x64

5

$PLUGINSDIR/xml.dll

windows7-x64

3

$PLUGINSDIR/xml.dll

windows10-2004-x64

3

EDSDK.dll

windows7-x64

3

EDSDK.dll

windows10-2004-x64

3

EdsImage.dll

windows7-x64

3

EdsImage.dll

windows10-2004-x64

3

Help/en/ca...l.html

windows7-x64

3

Help/en/ca...l.html

windows10-2004-x64

3

Help/en/devices.html

windows7-x64

3

Help/en/devices.html

windows10-2004-x64

1

Help/en/fi...s.html

windows7-x64

3

Help/en/fi...s.html

windows10-2004-x64

3

Help/en/ge...g.html

windows7-x64

3

Help/en/ge...g.html

windows10-2004-x64

3

Help/en/import.html

windows7-x64

3

Help/en/import.html

windows10-2004-x64

3

Help/en/im...s.html

windows7-x64

3

Help/en/im...s.html

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 09:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Help/en/firststeps.html

  • Size

    1KB

  • MD5

    d90efa09ffb3c352ec0e45ad81aef49d

  • SHA1

    6bd4e097efb29503e0d355fb068d0038135a2feb

  • SHA256

    26804bf5e96ca51633746911415ffb919f034128a6e319ee5e7ce8b8c2eb4e48

  • SHA512

    bbfb79a663210c8241b85db6d4d667c77c342a33028252ff6baf9adafd4eee1fa4c3659660f286b8ad56fd1f3be6e316a296bd3b1cc275c3d2d109315afc915f

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Help\en\firststeps.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2740
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2740 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1876

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dc6490751f9f4a403037f8b70ffbcb60

    SHA1

    c1bc676371b4bff422ad205c321a1323e9ba6b84

    SHA256

    8f7fddfa536cbf5a2ee95dd7d4246e5712c936ba57c163844f51c64c9abec635

    SHA512

    2fc6b2645eabde18be93ae999b2177f97f98cf2023d2d1809402521389ab7dd173a3354bf7b86d335677dc008600c7f5400de66fcb0876419ab88cc7bbd3dcfe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d1cb0b8a04448cd73b6db9d8f823b3a

    SHA1

    f9cb7780e8da594c472031e84567f205adadcab1

    SHA256

    a68487236aec7bff72258fdf9bab879f43b835750588565daa4090bf5e5d8343

    SHA512

    4dc71e120bd9a7b198438c1c88433f5a2923a711f20fdc315561bd0c3b1b8955fee8d364cd81ab6d6bc820d2570decf0b01a2c3cc39df3991a50be4be0011c55

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    83adb049c5108c0cea62824618e82066

    SHA1

    eb7a7b59c5375dc6bf28e8f572a8b46de906b209

    SHA256

    9edf697891cc4bb9962bd8688b4fd8633b071982e5eea3b757478df07beca4fb

    SHA512

    e306db8a6e9c43f645e911f28560bbfdeb51faf1e48c89fe7c250fbf332b1f97b28a62d4c909ee23604d9536927dc0309475272b8f0cd7f96b9479a69a1cb8d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    568aa64a4f29eb307955cb08adcf6c6f

    SHA1

    d9dc537e8bb3b7c5ba6c62d4a34a5c0211752ac9

    SHA256

    dddcb4bf51493835181ae1a394f10c7032b67bc37f283e6fd087c066271001e7

    SHA512

    b99d7c13459bd611161a20a40f50707f672c50c96aa5c1158654494b88406fcd51d07b5049e5aef4de6b3e768eb2831a3744d83e2977b3ecc544d85571c22750

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d93abaa726bcc9e7ac580dcb59250b61

    SHA1

    1248926e26788173ec04c40b4ad669fe6a69f76b

    SHA256

    a82e2ec8c8091d4d8e5b336fc4a7a3de2a335bea7fc5de1c1348941a33b2ba52

    SHA512

    fd38147528c4e4c893634caaca8945607d9422c47c2920213a951b11ea75bea9e9625f4271534c2c2727ccb9cefffbd541dadf2c8a1af78e0eac33c34656f233

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    89fb0268354c3ce378660ed5cf694159

    SHA1

    7c7d22e982a9d703d4d3265dc0188b99f6be5f81

    SHA256

    caa021be94719b02afd111097b23a773fbe7cae925e7b216c368ecd23da25f1e

    SHA512

    c1167cad78db836f99f1317b58867d0cc9fe781e4eb8d50bebe5d1f755924c36ff8e7ea879f42ce147edb8564effa2db0e97d6213aa8f11f28331cda35ed759e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7bff97da01c54be7e2f3564d84dcb8b2

    SHA1

    83129f935b88a4fac89dd2f3bca5f776b73dd39b

    SHA256

    dd489279cf1e5e272a442af16e5277c71248052ca7ba24cab733c5c614a327fb

    SHA512

    45811e88f079bee77c6afba84af0ca497b321d07ba9267d9adff697cbeff85294c282b75c06c73e971daee74a119089734cb46914e523e21059d9e92fbf3c363

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d7909231f450901d37244b359eb4d21

    SHA1

    d76cecaa12545c80e71d5e9f9404ac44784b1778

    SHA256

    914c1b9db075c8238b531dc5303e55a9978e6b55caf8580928e3316da7f1d5a2

    SHA512

    f454a185cf15bf07db6386f0e2b0da314b964f4b5ffa6b917fcbe7c76c17410ad5c403acca7026f38dea484f161a6cea6a06335d91f8e75c27c04f937bc49e1c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    80b5b1a19d87cd91f13949df81a4270e

    SHA1

    532c2034fda7a4b1dc032e7055c95bd79dc2d6bf

    SHA256

    638eec8317afd905eee5b44311bdac720a638fc6bfc92b5082667d7c8cadd79c

    SHA512

    172068f7ac6b2df08d6d0e2cad82e1046342e4b7b8a6bd55fd6c353647ec769fca1d6990d4d2ccaaaa68d0c2b84a8ddf999bb893c3e7b9b132792cf7d64fd4d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    49f2dc464687aafee0ee7b61b6343151

    SHA1

    e18d6b73b11ed6563e4e349fb1eb13297f012b30

    SHA256

    7a228899c2c4313916850cb00adeba5b49699397abcebb8d8e09cd1d33a6c546

    SHA512

    4212f1f811daa51a845ee294b52d8aff27098d7357aef770f8d1eae9910e1135d78a2fe138969fd36a3f1a46866d6a4b0adb8ea82e0304a119dbf99a5ea589e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3194c9c62f19b4d66bef44a19d36b9f9

    SHA1

    bd25704df24fed199b2344b8ecb21952354b6aad

    SHA256

    cbb26adc1d50e5503d49aa28943ea149b6deff572d4654cfbf8e92386ccfa7c7

    SHA512

    a54e68ba80607ff2412ef58d9cf8a0b5f1b4a660648a9fee4b44bf7ff156d0991341345394623992d967d1b573a6059acbd1e885fb60c0ba31a47ffcbcb1ffff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fed5a1dfe99bf479a6bdaffd4203b09a

    SHA1

    e839ea982c14ca761a2d779dd26fe880376ce965

    SHA256

    9c3c3081a0001c4771a2a1f32ac3e468fc867b7737aedfddea67e6fae139d53e

    SHA512

    dab98cce6fd16cd5e0289745c65af1d002db436a954116b1969524ab0e8624900bff43578e8fb11749e978a922141c9666a3b58d7101dd747892f0644a88cdd3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    08dcb2bf5d067374db7c4f5d4a17c18b

    SHA1

    6bd39e9c0492e3f437fdd2c9d2f2a5f86123e66d

    SHA256

    0c6f35197a00ac791bcce6894ff7b430bd53a55ae650957a73565ffe9ab79cd4

    SHA512

    5876d3fdd3b36074ad70d8b0089a63406bbaa830ddeb784a496b0729b18ebde110c7e7344635286c5c3609d51725c6a0232930ccbe1bd6dc089cd02df193d9ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8d4d8e29e49dda1fe64e1786f78332aa

    SHA1

    dc65beb33f1bafd4ad4ec35fbd1b2a2fcdafb108

    SHA256

    bfa5be077f33c383fddcc08c549b33d4b82b9f5e334a7316a294a52f62f8c7e4

    SHA512

    28dc049a2c3761f505d65b80eae42530eb63cdd23deec6dcbc3d16e76b7c70fec595345b35eca137963f45e12789532a52bbd0dc5b71ee49b7c943148a070d09

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    468fce13cd191d0b3cc96b2cb3c67743

    SHA1

    5d451c943f81641e77b41cc40fb2167ed9abe93a

    SHA256

    b62dcf6a531d9d94fabd75c2399d9a05d2028c85b4a3cbe354e8c99f9c6e92be

    SHA512

    660a9091cd5dd8c7f47de601a41528b9112a520c98c0787739ffd0898a2c84379842ffc7bfceb3c2486fc5b08d7f9c6557965c2af61fc4b400fe2d51883b9644

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1dbe1e38df62881a0ed33f34f710c875

    SHA1

    0112562fcdd34c03a09e8eca9bf4af55711c93ba

    SHA256

    c8faed3ab9d424e8877d14280306cd6990ec9e5978229dabfbc715e6f3129368

    SHA512

    868aecdaf3a6857e454ad62e11c34b53f0f0918d8669b90353504ec7ff0dca66e239d246cbad9160797984d072edf43bccd299accd3594300361b9f4cd91c99e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab1AF3.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1B92.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit