Overview

overview

6

Static

static

5

3f52d3dabe...18.exe

windows7-x64

5

3f52d3dabe...18.exe

windows10-2004-x64

5

$COMMONFIL...og.dll

windows7-x64

4

$COMMONFIL...og.dll

windows10-2004-x64

4

$COMMONFIL...m.html

windows7-x64

3

$COMMONFIL...m.html

windows10-2004-x64

3

$COMMONFIL...xt.dll

windows7-x64

3

$COMMONFIL...xt.dll

windows10-2004-x64

3

$COMMONFIL...an.dll

windows7-x64

3

$COMMONFIL...an.dll

windows10-2004-x64

3

$COMMONFIL...fe.dll

windows7-x64

6

$COMMONFIL...fe.dll

windows10-2004-x64

6

$COMMONFIL...an.dll

windows7-x64

3

$COMMONFIL...an.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...Ex.dll

windows7-x64

3

$PLUGINSDI...Ex.dll

windows10-2004-x64

3

IEProt/IEProt2.exe

windows7-x64

6

IEProt/IEProt2.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    120s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    13/10/2024, 10:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $COMMONFILES/Angels/IE360.htm.html

  • Size

    932B

  • MD5

    4e72a0d4ecf37f91b9fc9fd2e27a6661

  • SHA1

    c3e9117731947e1a3e2f9aaea9356cedf5fe53da

  • SHA256

    609471ce7403a914ef23d91082242c876e1b2ffcfcc6a70ab1309f45b387d1d4

  • SHA512

    ffc517b819c9e995f0aadef0583b099b16bff262315a9f27ba1c6306d0e0fde30c32ecaac19fdaf9584f182b64677699b42d40606f4038637485b2b5601d79bb

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$COMMONFILES\Angels\IE360.htm.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2324
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2324 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2076

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9beccc3eec33a2e51f45c96e6eb5eac7

    SHA1

    680cfebefd47cbf0a2c017bdfb9b2e0d2ff8f6c6

    SHA256

    dc17276ce000abdd0be7fd720c77a0e9ef93799716d4ab9fa3aaf692fade7c84

    SHA512

    e71b0bf10c7e3d83c1f38ba084b1281fb498d8f7d6e9f1b7607328b9b23ee7b8fcad9903f38ae9a430e7540cce6fd6b8664043cba348878bd06a842ca0ec2fb7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f31976fec96ef53ee80d67b28c953b1c

    SHA1

    d13ac99ae1ae03f8c9c6ba47054805340def11dd

    SHA256

    eb369f9dd16e9f55d68ef6087daf25d147cf8ea9567281bb8c848cea711045a4

    SHA512

    d7e4e5159b37e8f610dab38f5b6daf503a20c94f0060e7b520a18c68aa695cab936b4211d759d7b4d1be065e2d57007d88138e282edf5a76fdb4ca2247ba75a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9824004b93848b3704e6d8c4cfe40c70

    SHA1

    6f4e65a34d2a77932922507b35dc4f85b6746fb7

    SHA256

    09ea197cc74bc6cbe7fa5f238d4ea5346ae1e44b6e5dc9001b8c0852530f5cbd

    SHA512

    b93e20f647ffac80af1c0ebe3e89c43af8e2ee478a351e5bbc38f61e1fc2ec12a447522b336e674fc5500c86e03444bdacb966c3c815102372ad7c2160476229

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a3781c4ebff3de2c61e01d60ff159fc

    SHA1

    3e5462bea49fbf15962483535e2e745919802101

    SHA256

    f11d10b35392247272c5c5d7005fa4f1a8b72ee3934fcafb9eefe82df93a170e

    SHA512

    70b63f7722c9be8ca6dcd55f3621e8f9fe6bfe400b392bf93826f773f9911d6454cdf5fd10c7fcc292ce9114d4d7afe146ae67efea08732c5a22aa7d0ccfea60

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d8ff45a3299f9c8c6a7cefee63918c49

    SHA1

    a8a82f17771cd24ddad1ec29ac459847832338bd

    SHA256

    b67f2c86eeb1decd410591409f3f6999932fa0309b6354e308514a99999e1e89

    SHA512

    7bae0cc65dd19c554fc84b9b0576cccb5f40f8b374dc2b377d12f3e48339c2e4a3cb2a5d5b70de99a92bc5ee7293d755bf6081d21ce27b504491b274d09e7eab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e276961dabf5b2c4db3d8c9115b156da

    SHA1

    cb47840a4e67aeadbb4b373b6ef0565c82ece413

    SHA256

    0c2fb5d2f225b221336eded1d8690f33cf31cfd89025ee6c19bdfcc284490538

    SHA512

    81c9e73611e6a819d356503d7f933abe28794f1b15f50b9bc0a104ce50ca1c7d0ad45ef8b34dc692135a185cc532e1b1a82730471325173196eca9a6f952a815

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6B8.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6DA.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit