Overview

overview

7

Static

static

3

28e9c9b769...18.exe

windows7-x64

7

28e9c9b769...18.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$TEMP/Toolbar.exe

windows7-x64

7

$TEMP/Toolbar.exe

windows10-2004-x64

7

content/aboutTabs.htm

windows7-x64

3

content/aboutTabs.htm

windows10-2004-x64

3

content/ctoolbar.js

windows7-x64

3

content/ctoolbar.js

windows10-2004-x64

3

components...rch.js

windows7-x64

3

components...rch.js

windows10-2004-x64

3

components...bar.js

windows7-x64

3

components...bar.js

windows10-2004-x64

3

components...rt.dll

windows7-x64

3

components...rt.dll

windows10-2004-x64

3

components...re.dll

windows7-x64

3

components...re.dll

windows10-2004-x64

3

defaults/fbAlert.html

windows7-x64

3

defaults/fbAlert.html

windows10-2004-x64

3

lib/xpcom.js

windows7-x64

3

lib/xpcom.js

windows10-2004-x64

3

Analysis

  • max time kernel
    133s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    09-10-2024 02:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    defaults/fbAlert.html

  • Size

    4KB

  • MD5

    02beb29f12ef02d4fb4ceb94a02f2071

  • SHA1

    87c2c54bb1623217a44c52b3d11fcd1dc58a1cf3

  • SHA256

    2275e3dca1093cee646e1522c61ee4bb1f2d632fd8e0402a9cb7a30d5a0380a6

  • SHA512

    676fb9c855259f7f9445b5ce697f0d439043f5563d3de7a2d4a85f2aae321e01768276ae6488ed94ee8c98ff186575dd759baa384ff2655032032d2feb84ca9d

  • SSDEEP

    96:xDRtBOS7XEF7492uMbY3jyQei0diVD90MlYQTXSb79XHLHIuBlGOFFMlgBoJQE/d:xDTBOS7Xu7492lY3jyQei0du90MtXSba

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\defaults\fbAlert.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3024
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3024 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    45d8204153c98f44fff280a877a59811

    SHA1

    098f20d5c8fcfd1714a290d88986c6174323d2eb

    SHA256

    dc83be0957be2cf4de61c5d264e62b00b5d18f03e4fb87c8ff8bd637a662ecde

    SHA512

    5c0691c42a20cd22f4c90b0126441f703cc3a5a3c0312eed06c8a83782077403530126068cb65656fc05059df8e1c255500394835fd665b660e9e20a9304c236

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2e5bfce35e1781d62a8dbf65a8ccb773

    SHA1

    0dc36cb958a47141f8d9558edc20964d674c782a

    SHA256

    85ed45dd1eedd31503217412d4e4046f1d66df879cf9e657bff065c7158f45a1

    SHA512

    84d925a3b40bc513415a92b4773d42ad1da0ea04a7cd47836401a7ab1ad94d4226617de40557a672fce3fcb7ffdcdeda6f5bf7f2339f253419fb2fa98e8d0a00

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f833a66a73579b9397145e3fce126a60

    SHA1

    25e4b773ae964b36901bf31d7ce7c27b46ad335a

    SHA256

    0d798f952959b26f25b60eba72971c19184cc50cab2a7be04f60737ad149ec4e

    SHA512

    09974ec9debdd036b367326f547f5b1537a4ca105cb2a793bebd463304da04e9ad5417c76c55aed161998ec29ba2b3714173c564389e0dd46438a62efcfe9b1d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    91105ed491b90343cc6822aa573392f2

    SHA1

    74cdd230a4d67e6ba2bd41d29034fb30298bd907

    SHA256

    48fdc8643494b94ba093bea00a795f6100a29d3634694d86999b34dfa8af510d

    SHA512

    c00fac07e90643d4b2756f098e60d4cd959d2220a5603a5044df90e4c9d8d0f7f502837e1a026e019868b02d9919b2da11346e4451fc7e8a55df6c346bc554c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6acddb823439cd03e63d591c39b35ac0

    SHA1

    517571ab96ade2765b136a7910db865e32ba13fc

    SHA256

    bf02a459f7601a1b32000470195ac990457373b34cdbff72aeabac64491bdde1

    SHA512

    7e92959740d3e2b762ed07b4677cda422011afc03472300bfbc90209d07fc5b22a9b28a5cb6450cb8683d767acc69843fca6d83fc2c9522cb3b75bc3199fe782

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d0bf957387967217c8a0dc9ecdba88c6

    SHA1

    a59788d79e0c2a855056949e9d0638ba3137ff21

    SHA256

    d2dbba00aa5fdd7c641ef30575a8bfb6d60c9446444c463dd4ed320998023d08

    SHA512

    044e8c660602c78248eb3e42d55a1c579e340366ed8d49fbe4273248f334b371e8b652561170710e18c38239d01df75027e18af40550b021ebc44856054a5ac6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f37e264db74e5175ee89341e32bc9461

    SHA1

    765e609082a32b6fb1c890f233d32fbfeaa14f69

    SHA256

    5e7e4fc626cf6826d2dc0ca43b6e55a3d108aab02f060454b6a8ea33fa67f9b8

    SHA512

    bb8e67adc6842635761489e660990bac099a9f9cbf7278f26a63c6a64e03241e5ad65e382cde00b19761400fbb75ac12f12a1a08d2dd8a8a679a4bf87a7e35cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cdf4237b17cd0caf9332bf44aca5b96c

    SHA1

    bac39ad286d494cd1adb1337f1e4adba078beea5

    SHA256

    2011b04e4faa53f2742ac51d0ff375e3f1609e7feec1c33044646bc4695095bb

    SHA512

    6363df028e37c8994babaf33a184276fd2968c636b3ea1e249dbb3c63be6cd052e30959d446c1427ce7f9270415c9fb67d0bb22161b7e7901421c2a484fea94c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a671272bebd6bae466c1f318ab0641b7

    SHA1

    c8f19dace6ec6ddd0d33d36e17454e5a2a9fa15c

    SHA256

    79ad5e4dfb9d8ea763de43238abe8cdc4dfb381b3b6538f29f959d285782fa69

    SHA512

    c5d1d16832b07bc329832f9404df582f59f5967826056b2021386118005ba5e588d442ac09b31c7d9cd7cdde7dc4014aa6302dfd626be071a0c4ea9a348f5261

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    68a2e628b265aac4940d1e7168a09094

    SHA1

    33620b1c8410347aa71987a8245d97235459a922

    SHA256

    250285f6bbdf1de9920c542a6a4d5d6020d11f57c912ccfc30eabd2be4c872e1

    SHA512

    92c2d7cb806ceadd63498ceac1a59a7ecbd277df0a01fe22af4a9345d68beb62afac6e7943e75457091937f6faaaac9b0b502331538b845ebdb85f1d768ddd30

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    27fcc496652c98e7e21186453372f8d1

    SHA1

    cffd9e8e4af9f1c008e680e13cac5ffdb2d667f2

    SHA256

    e777b42942351a400436290a27f35ee4db5731c180aea897ba8775db090a7159

    SHA512

    2c597dafc3ad505e88247c57099d9895f5b04ca51021eafb21ec5238e4896b8202bc686234d328ba545ee470cc851c0f8fe5ca894be797e79c9a3333967c3e7b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    182526675f406bf5f87874406cd1a901

    SHA1

    fd650474c899138b4d245192d4a90b9527efd819

    SHA256

    ef52a8bffc9aaba0379a6eabdf3706f67bdca709938aa85c4a2720e60599f8dd

    SHA512

    ed0efdf1e8f416b502ddd58d32a67a03554f0a3b4e8380baa5e8955661bdac9ab679546538364f6f316cd697d8bf02fe84777888316c98ead487f6ae7a77c522

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3161538bb9db8df8866fdfaee538dbeb

    SHA1

    c332591f5bcaa4d783e26bc6da489c06310f429c

    SHA256

    098202520d7b39ccde45ed6bd04cd94adc6d6ddee090b79481e2363e65dcb86e

    SHA512

    9ef3ee63823a8c8adb2ad9752cfe6347b34779ed09eb7e96e4d5e3d79ec89ff2324d795ea956a2400cdb4f1bc4425c5e7de1393f594820efcdfc6cb6cdba7a8b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    13dc58b74f31429cd47a7981e65c419d

    SHA1

    13e38ff8b0ef02344a872af33acf7956ab5eb1e3

    SHA256

    6fbadc304345f64f490182aadf8114cb0ab7ed7ecbdbffe000b58ec909437df8

    SHA512

    1545031e11ea952b592f86021adf018e46b47c579ace816f59506e99935ef8eb24c25af697d1b1fff79de9e1cb89189fc48ff22d007589d28a6470c144553a35

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    372b22c564003deae91dcf958ce95eea

    SHA1

    a0c91cb3b2413cfdc946eb4da668484962e246c1

    SHA256

    e57ef2c244ef95b6b90712be857aea158060672c10414416211d5782c5d0f04d

    SHA512

    60784c72c81b82ce720c0faa67d942325e38f1a9246fbc815a0a1cf85a4362833f81e2af4cc6f6da694f07114f3083f1180a71393e6b40d2d3da1b76ee8fc5e7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fa161715fee5ed8409de654a0506295c

    SHA1

    afc2802aed1baec982d35890ddf0d34150be2787

    SHA256

    2b2e95f43cf413b1590ab85923ad2bf278a81ae9f4cedbe140a83c33d54b1caf

    SHA512

    1254a4e380a393fe537db33b9ed260b2ce3981e574c05f2addc28da84dfe67d8cc3346b4749978fcd7b5fa6a2af19d3aa443526695c8dfd42b83715dec86597c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    db32f4cd8c3f8b37170d032f706a4768

    SHA1

    e0d0a056a35e11edf3e7dcd67dc0e19ab7ffdf0f

    SHA256

    af44ecbfa1433cba57ca53d883a09ead857188fc49c461a5047a721f0b2f6d64

    SHA512

    00fddf5ac6efab009df31aaebdfb57347a1e2d0e435fd4d411acd5f700bb62a5b78a2ba522ecc73eb681214a09200c6021cbd8cdfe96a5120953b53eb8bbfe05

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7d3fb054bec121b0132fddfd0f17194d

    SHA1

    ce6f928eecd8c17be467f27e50033f3408aa50f0

    SHA256

    6a9a823d8a9f52e6925a1a7ab468cee25cd5d5c655f5d52031c5594eed8c29c2

    SHA512

    2880448578be727b04ea7773faf87574dc0c5f37c528453c0926934000c9e8539c6f0b0e58edffef0bc3e4938bed03a624476d61d77a88087382d71bf29d1c9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    84f7424d8adddd6c7346680166984553

    SHA1

    80dd4d99107d506de8bb07d03165dab3ad5fac25

    SHA256

    66631131f7467c54ef7715cb12f1bc0eb2fbad7187f17a2ae19785c39a97c15f

    SHA512

    6997b4287e339c2fc3ff14c4c4d050d40f3091cbc0012257f66a123f257134a9617869d2dc3639a0e00448bb06cfcdaefa17ebfd4f44840ab19d7a4cbcada764

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab63C3.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6464.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit