Overview

overview

7

Static

static

7

36795efb2b...18.exe

windows7-x64

7

36795efb2b...18.exe

windows10-2004-x64

7

$PLUGINSDI...ff.dll

windows7-x64

3

$PLUGINSDI...ff.dll

windows10-2004-x64

3

$PLUGINSDI...lp.dll

windows7-x64

3

$PLUGINSDI...lp.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ON.dll

windows7-x64

5

$PLUGINSDI...ON.dll

windows10-2004-x64

5

$PLUGINSDI...cr.exe

windows7-x64

7

$PLUGINSDI...cr.exe

windows10-2004-x64

7

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

DownLite.exe

windows7-x64

3

DownLite.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    141s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2024, 19:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    DownLite.exe

  • Size

    2.1MB

  • MD5

    84d44cc04348df5226b733eba1b64eb6

  • SHA1

    3cc6d1a7aa6dcccf665c0c777af596d551fd953a

  • SHA256

    7126b3a28108726ee7d07024bce3611ed2d68f7fe75494124a04b9314488e605

  • SHA512

    40f11d74b158188b5d948d014ee82d70bd1b4a78710d7e596f961dd13fe212e6435ce2069ff4f483be3d8d23f8bf4fe478264b1c90f840660fcf4f7e0ded24b5

  • SSDEEP

    49152:0gSxAEDE727h0VKMPh3UWUZQLamNg5/U6l:Q82zMPh3bUqamWc6l

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 62 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DownLite.exe
    "C:\Users\Admin\AppData\Local\Temp\DownLite.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3016
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.java.com/getjava/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1736
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1736 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2424

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          914B

          MD5

          e4a68ac854ac5242460afd72481b2a44

          SHA1

          df3c24f9bfd666761b268073fe06d1cc8d4f82a4

          SHA256

          cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

          SHA512

          5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          1KB

          MD5

          a266bb7dcc38a562631361bbf61dd11b

          SHA1

          3b1efd3a66ea28b16697394703a72ca340a05bd5

          SHA256

          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

          SHA512

          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          252B

          MD5

          03ba5cd5af7d3e193ce4be132b00a82b

          SHA1

          5f6acf1f8771a0f246e2c88ae80e93c8d6f56e25

          SHA256

          f443717c5263ce0755ca428d4fa0541e93489225b5936559c007558cabf2144a

          SHA512

          daff3935c0d119b0de502c1e32c6817d33c84cae2b708c71d89c183c777a2a8dcbf8c7067cbe3f5f4a152ca4c0b3cf3939257d9496663fdbbd7d89fd96518544

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ec550662681b6e5e0658ee82c9e47b75

          SHA1

          a0847236660b17185d63952aff4146c160511394

          SHA256

          b64eddb3abb1e797dfc2a7319f0b97b8c3a59bb29c39a019b964a3c9db96c2d4

          SHA512

          55884ca911d0870912170fb1d7c04294a3a5e9a3ccb607b9bbfb9d5b531cb57b77df14f85e3543cedec1397d97ac8dc7d12275c3b2c28105866d1fa99b6a56e4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d9331efbb98d68729e8102b57203442c

          SHA1

          4414931367fb8bf22f8515cf4a89f19ac5f0c03e

          SHA256

          3807866c30e1f755348941a0099064611760aee0180352d874431e380bd2f207

          SHA512

          0797a8df2393145c4917bb1c46e753d8e8020df5cc68657bd47d9a8667567f54a2b279f2df15b1742d2a85fa4579875648073d44aaf6e77833a571bf8754983e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e470f5e15a0165ebe19e56bff3650e62

          SHA1

          2f8663e6096a0f2f8665d8dfe7aa7a1cbd9a10f2

          SHA256

          6b7f83f98f3a284f2f18e9176d2ff7a1a34af8b21d2392b35cc27b4f16274614

          SHA512

          f38cf75705ee632874dedee999a5c2bbbf2f29cd05090349bb4ff0693dca1f1e19aa5ee233f943b09a8bc7bbe2b15f59bc69dac0f4b5c5d6f30a30f459b9ad73

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a508f7be4e81ce5616ff51f270b36c81

          SHA1

          6137548a6d4d4f36fbae90bd5f535e0007554f33

          SHA256

          920d3b872feac6e954d1b8e7a235b4e5321f9a56545f4af21681b949822ddbf4

          SHA512

          1a24d418b00e42e03f05137d2fb5e864bd68713e797283119fe659ecdbbd8903bdfd17da0715c6031f07e65e93a14d04c7401fb1f3b21f5d2cefe34a74365ecf

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f091fe176d0db361c78795c8deffe0c0

          SHA1

          d348e5ea9e8cd2282a70304b68c0fd7db451a19c

          SHA256

          a0c7f594664fd251e5c4e25431d8f502fa74184cce745a3f6eb7b111bd519c9f

          SHA512

          b78cd1636a088197a71be92bd7ecbee032f289107d15206834eb68ae4e8fb6e23ff9f3f22a3bdfc619fd5aa31c0c09d0ac77f623075ac5f89508ad70c2bdf6ec

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          54ca8f8b6b0ad4eb0ba538688c665d50

          SHA1

          4e3c9b8b16829073f4975f3c0b663dcaf10d133a

          SHA256

          20f75f1dd5e26cebb5bbf3ac7c65bdd42c08c272699dced6396b82678ef9e222

          SHA512

          e88dc829cde55d9dbd4fbf009244a0dcb8eed231ab4188136eecc6bf2390158fbc59c59e11405700a9b05013f584bea3db3b5418f82a5100527a0fee72eae244

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          686341f5a65ecb9dc9de8fdef50cba20

          SHA1

          28614129a1cfc90940f8af64333fafd796b54b20

          SHA256

          11ed23eae9b43b6f0708cff59a1c669df0303e217d8bcade8bf1a3507bf24a43

          SHA512

          34435c443fdf41c4c5fd422a8dfabb48fc0a820b8bf6fcca48b8e076a5b7b199460e6651f2a7b6de70bbc783f18e62f58452e6945f5a86829be77768ab7e0beb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          16ee8270437f03e6a879bcb6a2ec38e5

          SHA1

          5c33fcf6f240dd1bb2b33c5b541f9a31611408e8

          SHA256

          7b62cb15c90d710016584509b59721987005f1881e2919ba600314c8974affab

          SHA512

          946d601fc3cbf15f865bd8fb14933c08a29c699f3c67429c17831fc79137e9b848318f292e87bff1a20fe69b41720d918acdc040e7c0d7b4d1083de056867259

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a4a966f8d20254d11cce885ccc4c15ad

          SHA1

          180a7eed28ad59152ca42ace93e59a2555b303e4

          SHA256

          1c79dcdbf37bd58ba2e504068ec58bcd02aa26940e3b7489bf1aee58b24b336e

          SHA512

          a5a95cece2d3fd282110f72a4d06f6e72838f6757bd137f05df945da761e3b379bd8f248a434f2b0851c007e9e38747967532a6a3a50d8e9561787d71146c32a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a3f0ef77823cb4ae235e3ba5fa004a68

          SHA1

          e6b4284fb5e94742ecf8c7ad5207a604d46dcedf

          SHA256

          a551eb76d086121b07ffe548c0283442d49c7962e93ed823dd6669f3034e12cd

          SHA512

          13b0919ff68f9f6f00f592f1976e34d16c55edf2454459ed5a3e5fcbc77c567dbfe265aea5b12a9796a49616f9222fcbaf00e36a54983a832a4d39ae7e07cb41

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1db65ae7355591149b846048fd6d48dd

          SHA1

          a63d94b4d6315f087cef302800979931c14e6b81

          SHA256

          9ce1486997f795d138de2c4a1bc229de624727a8e86b45566268451534a73e8d

          SHA512

          eacb7a83f38041bf450092f68e3efb3cd91a22c59b84ba1817dee1f72a5079c9b6e3944c3507371c3b9b1212b6b7321ab292793e66eb74a875fcb5889999cf39

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f16f5b4e93ce0b3d97b109b4fe00b144

          SHA1

          c01b76e7c210773479b4fdf6a340f5e4689c04c1

          SHA256

          29c115c55b42dd914442440d10c699e789e51a8fa2767b125e0999873fa92b27

          SHA512

          fe5dc20c0fb7aebba3d5b06ff841d9120827616130f5febda2d44d2c29c91f81bddffdf2787e44ca8f7e1e12fa82d3e1bb0b08ebc26a34e51441552f87530eb6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8b7465d6ebb33f4b1a35db04bfd3535f

          SHA1

          01fb479f550b6eb460bccac8cd88b7827c872a3a

          SHA256

          2f3f89fdcacd78910bc8d91d2d9a9f48cb6ad0e149f601f90e631c2615018137

          SHA512

          a752eade9c937799c432cf31a4d222f0178d7a4256618cf65080c52175f5f79bf1a4b477de56e420837a947a54718cc30653e066b887f8628603d01ede17656c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c1751ef0e29dfbc426ab16cb63bdaafa

          SHA1

          25dcfec5b520206777290425169eb35c9820b098

          SHA256

          9683c0d2f6f90b95a7c4252602eb34ef64b3727213584ee02a26ae21c7d361a7

          SHA512

          290bf879f4ffe2cd273555e449867ddd4962f79e1118ff701f5f867996386c33c16ca2fed552eae487350e9e40dc5f6ce8864cd1174b18866fb06dcd014394c9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          87562e6b39339a29f51dc42227dd8601

          SHA1

          e92846544065d0fade4814ee9e90fa8791f493cf

          SHA256

          d75935d15fcf71f0dc6550fb8b7a8f1b993740557bc5578b4aaf6856ea0af02e

          SHA512

          b496009c2e13297f6bf7e608135e2688b4f175c08e8f97295ec43bf5a24c1513f1266b85ce47539ea33c6d86e5cbcd302ec0403fa08080a00e7839d3cd2112f3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9075dc3835b1e7ce50d882880dcbeca5

          SHA1

          6b89952bd235bf3060a096e2bc501fd31048faee

          SHA256

          d6966cef4572517882376bce9fb264087c919b1dbf26316800d8ef1f8bcb2e28

          SHA512

          8615f0e55ebca62fc129d41f666ac4cb473cc1dcdf5f20839f27827df1dd438c8300b33d2b32cd0412771ca50bcc4f23434ad7507db4a6f902043af81c59b97a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          56472f41a43d0bd67806de48c3f26bc1

          SHA1

          71dec2f4bcaf49e929abb2156a03de784039d510

          SHA256

          8ba0cb099fe5614a6d2f7a34db734ca68e8a85474fc2acd7096286bd418d3a08

          SHA512

          852cca2a00e89fae8c72c459298eda9d27c9616dc7d346f444a088f9b8101f3d75c06d8fd6647c8670aa7627f9505c718b031d35d809637a5c0d60aa9c6833e5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4729ecd00252a7173e2c6fbbb066309b

          SHA1

          90e8dbe34b97ab9d4db9916df87749859170c06c

          SHA256

          96c72555873d2c5187225b146470ae0eb35dc524a222199570294aa981d6c608

          SHA512

          c38b1a02ce7a2d0e5a72c7551c748040b3316bdc5ae4b27ea822ebdf7563100e9a9c277ab0ea51dd50b49393e13df3a891b0b6930431a7431248ad66808de076

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          bd7f0bf0db8aa6e1e4c050acfade8446

          SHA1

          cc3ffa1abf11b0704db0c4eaf49bebdeb2787b2b

          SHA256

          987e85758d1005b609054257d21651755ea2a5dfac3023c53007b2812be1804e

          SHA512

          ea93e801f97e564b875b34b96151db3b9e71c1199c97024a832b02b8269805856f4000aa7f2c5550dbad270b691528022909c883a160b698ca06c6d2e69d9032

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          242B

          MD5

          637a9f569f69203087de6d796db71721

          SHA1

          860d795bc219ee63f46347af5f50aaa5142b1eaf

          SHA256

          caa660bc66de46ee6ce0133ff49323c5e674196d1ebf2714bca1602ac02f93d7

          SHA512

          cd6644d930f4c719b24bc5db6eb7c25f19ec633b421b0beb2aa5852162ab0b3072f4b7366aeaee99ff55065f14f6e1df61a57cf82f056b99fa35a4cd9700d4e0

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\QEQAAK30\www.java[1].xml
          Filesize

          13B

          MD5

          c1ddea3ef6bbef3e7060a1a9ad89e4c5

          SHA1

          35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

          SHA256

          b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

          SHA512

          6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\njqq61f\imagestore.dat
          Filesize

          1KB

          MD5

          91d6c633dddb1d45b4a541f37ad74691

          SHA1

          3f81bcde0d9cdd3f8c7b0e2fef5b60a43d5cd9ca

          SHA256

          be53bd8dd0cad6eaa8117bd1d1ced07533c1b934bf080c1f18fd3894921b9ccc

          SHA512

          360410e02839ab53153c23fc3a80334e34040cb2c095a87a1beab07e7c37de688903f9170f6564a8f431ef67476f9222576f58d155e99fd2ec4f0850d3e20e40

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\favicon[1].ico
          Filesize

          1KB

          MD5

          8e39f067cc4f41898ef342843171d58a

          SHA1

          ab19e81ce8ccb35b81bf2600d85c659e78e5c880

          SHA256

          872bad18b566b0833d6b496477daab46763cf8bdec342d34ac310c3ac045cefd

          SHA512

          47cd7f4ce8fcf0fc56b6ffe50450c8c5f71e3c379ecfcfd488d904d85ed90b4a8dafa335d0e9ca92e85b02b7111c9d75205d12073253eed681868e2a46c64890

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab1595.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar1596.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • memory/3016-556-0x0000000000400000-0x000000000062F000-memory.dmp

          Filesize

          2.2MB

          Download

        • memory/3016-0-0x0000000000220000-0x0000000000221000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3016-2-0x0000000000400000-0x000000000062F000-memory.dmp

          Filesize

          2.2MB

          Download