Overview

overview

6

Static

static

3

SignSiS.exe

windows7-x64

3

SignSiS.exe

windows10-2004-x64

3

sign.exe

windows7-x64

3

sign.exe

windows10-2004-x64

3

WWW.meNOKIA.com.url

windows7-x64

6

WWW.meNOKIA.com.url

windows10-2004-x64

3

Analysis

  • max time kernel
    142s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    13/10/2024, 04:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WWW.meNOKIA.com.url

  • Size

    148B

  • MD5

    403b8ed9703c0b2b8a87cbdafe9619ea

  • SHA1

    19a3faf0670d67c10ea08318b77baeb527b15f22

  • SHA256

    567e3e76678147bdfa4f7bfa36c28d3591cb5158a4e7007afa9400b15db320e0

  • SHA512

    4cef1eced54e98a06303b1399280943eb1e2af89c5252f580fe608302b5ce50eb10cb2e3f5c307d66fd1c1d2532fb7b3a2edaf46287d681c4123f22bb1544009

Score
6/10
discoveryevasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\WWW.meNOKIA.com.url
    1⤵
    • Checks whether UAC is enabled
    PID:2552
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2152
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2152 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2912

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    17fda474e19bff3e5a42ac05b65e9887

    SHA1

    883baae0048a11fc92557858a56a7c695ed479ae

    SHA256

    8b99ad8665005bb19f680c1dae91e58c52a8fb13211b067e159c644fb1f4cefd

    SHA512

    bf3599e6a38d30e595d2177056790cf46f4bb4754d07cfcb1f6aa37b3fa5fbb9b36149c7f7e7f50135b28acfd0e26a098b270cfb8c16d9b07ba21a6f6b0e3899

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0621f3a683678452e48eec66b78ea009

    SHA1

    4796f611d31958ed2006a0ad1f8fb07dc3e61885

    SHA256

    42e835a1da566de5750fe9c4926eb5bb6a8696fec9365157ee9fe25d33ec4a18

    SHA512

    c03e1f1eab3f2d623fe974d09a0cbc2f30432019848abf31e98816736de2bf975c63c8539a73f4c43b11fdfb39421ec24689a1792e153d18181fb99160319ea9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a9cd513eb6b7c93176b045bbf51898e

    SHA1

    0bc2449c0c082f3ccf1fe692cb5f7ed0c6b4a8d5

    SHA256

    a5880e2159301e6a2a57138eb2d61d46a1712d38ea7b969c6b2a8344abf155b4

    SHA512

    9511646be15b8754c2aea93549c7c953efcf52e2df00ac4f8212e5c00cd3570a0f3add6c4126580774eb3a0b4883fd7ac920eda2023083a11a82bdbafcbb0b2e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0815b7670f9a1dce5108fc71f0f761ad

    SHA1

    d2092447c516fa9dfed285d3febb624beba11576

    SHA256

    6cb452f32adbd0e0473e1964093157273ef45b353072232d967d9b0818e522f0

    SHA512

    1f1a83d507bc1c7c5d6e94c95d023a587c4debb6f7977fba003a23607bccfb646b9240eec18dcf981465ae0adc567d21bb2c6a04387f6c6178675bcbaa22ee39

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    835d74186e0f93200e3531b5700eaaf8

    SHA1

    7eca61b51f2e4455fc80d98d02a2c1b0db49ffde

    SHA256

    9a4fb27dd7e477a047eb51c3e1d72338ce0abf37b92a25fd981eb0708cd3aa16

    SHA512

    6cdfb795b1051d7bd22091dc22595fb5ff35c164c53670eb47a872ac64a671987411cb9bf4758d8b85273926f2135d4a57e2bde129880e9e329c870ae007bf6b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3162a728b4b3af1059f74c7b6e5c97a7

    SHA1

    edcf5b2aea6f0ec40d1a8b4ff54cc3835a18d042

    SHA256

    3409978c9b43ffb4ed6f0d413597433e424810af994b77b641b231110d4b8111

    SHA512

    a91847eb36029b77d4ffb709bf796365daab0971d53b5bd78677192c6a07563349281f6aa6e92f4edab23d742ba502cf08ad590de85ac760a98408617faaf54b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f28de70155e096c79f809c2ec5a82b2f

    SHA1

    3911d051517083ef29166b459cec249d21085d9a

    SHA256

    2103fd561ac4b9f78656cc11a41e90ca72fa4b3ba393fbc98206ead9f7695af7

    SHA512

    0c71036fb3022bcada899f85c5dd140c530ed0710966a3b001be075bacabbc1be99d1415f20ec8fd7e85b8c693fd883c3e339435a663655004cda7ebea9c3995

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cd43a4d57988098adb5eab7c51649073

    SHA1

    bef0d3300f690385ef6cbbd10c104882b931c58f

    SHA256

    3305dce5569d442eca22d638ac5faeb9011cbdb70ffb09cc894f964209627cad

    SHA512

    be9034f44e61ed386e4495d0da297e19f35c2f0238efcf29a932ba740c6b6436a3f20990a544784347e432d11b8837bf08da0ef551151316a5dd96c2b3cf5b50

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    247492a4887ea8c667df9ffecc21ff66

    SHA1

    20d0244a0701cdf6de1d2bfa86b8b0371d8588a0

    SHA256

    391a7edcccc93e3a8eeb3a9a94dc763e8487ea76d855809d679a81699a2c516f

    SHA512

    229c823f24ea7a97ff121b0c163085bc0937d0feb96afeef3dff8b43aa4cd29274c1b9e453caf120b23a6af0b4211ad8dd3b064766702ef0ac66be05c182d6c2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6864836f4cbe1f94931534d40058946

    SHA1

    d8cabb5ea38bf99a906afee18398fa761f9c9c8b

    SHA256

    12556b4cba401758ff97ff2261df5fe6f2c84b389a7cbb9653c692dc71b52cc2

    SHA512

    be86d2438d4dbbb5bde656a806ce0900a51f8d2cd302b5b1a00a56a8428dcafa04dd561a5fe1632bc805d26de98457de8156f52d19f86f4126ef91f9eaaf398b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab99B2.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9A62.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2552-0-0x00000000002E0000-0x00000000002F0000-memory.dmp

    Filesize

    64KB

    Download