Overview

overview

4

Static

static

1

URLScan

urlscan

https://h-air.hair/G...

windows10-1703-x64

4

https://h-air.hair/G...

windows7-x64

3

https://h-air.hair/G...

windows10-2004-x64

3

https://h-air.hair/G...

windows11-21h2-x64

3

Analysis

  • max time kernel
    135s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13/10/2024, 12:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://h-air.hair/GZS0j4

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://h-air.hair/GZS0j4
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2408
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2408 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2376

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    698a5a390a3b252a19f8c628645eac2c

    SHA1

    0e307d080af9dce4bab003fac0e0fb2a6511dad6

    SHA256

    6045b0456733de44ab0ac8193357dc12c957477037dbe16da48b5beabf5fb57b

    SHA512

    3f0a5073d39c05a1c585e98f0d406afe9f2b3e9a503cb62922933cbde70548ac9182d9ca931bfb12615a9e0815dc207eb956ed9885db2cfa75791cafece2dacd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8ab874b054348e017650693360bcfa06

    SHA1

    9f44f8371a85e9bbcabeaea5c795688ffd12eafa

    SHA256

    a7457746154de208181fc1ec264c99ba2bf835f74dda0afa7ccc33b8704d20ed

    SHA512

    17fd8e81ac97d614709821543b0123e6e35f4e5685eb7edc5c0b8ce226377932f13dcfe367104bf64d0a93d33e1e3c79adfcce0ce77ed533e12575de24ecb29e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cda0b705206338553dcfbe1973594974

    SHA1

    d654dec18be50d7f667f3a52024121026033a9b5

    SHA256

    36e082f50d4b5e590bef436b4f69831edac479b315aa74495e9cc86fb2491731

    SHA512

    49b1abea578d9dbec8177b663920adeec64b4b4b8a2a193b90c785fc35ccc1b8f97c2ed8bf8234aec5c518908be5f0fd0d4458e0d1485c9d4056e7fb5a5b9fd3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    30b5f157fe5bce981f16c709ee57f9c2

    SHA1

    b3e6e806a8ec41b85e2479cb0e7707174288a1bb

    SHA256

    c0e3221a2dd38c7a1925e0ec6b853bb00c28de9c5b758860a415eeea3c685ff3

    SHA512

    8363bd2842681dfb69018e30f04ff169268fc1e83df0b70324dbd137a6c766f3e34be09de6326479aa80e2870c5b3901f4a1d111b72c159167a89c8fe44a1bd2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c4f9f4e2af46d8905e2f14fe1df329f8

    SHA1

    8fd4a262c546fe2e6dcd94f31969e82273ad2035

    SHA256

    d1b746e069169f1871c025145179ea239c245ce3ca50dc195fae0c462b2a435a

    SHA512

    d119ab21f0badd70bd1c0423bec859249894c5257f3b6df2903d1de53088016f0c3f223a4f807f8883e195ff8def80121a678eaf3ac0bb5ab8f42b7ed11c2720

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f12ea761b021e953e93d5afbf18183ea

    SHA1

    c388f9e8202afe0922cf70542440e95783e83dbf

    SHA256

    c98af94957c157b35a2ed4836faa111d5e18b7cfd13282b17b5dd5bd937e141d

    SHA512

    8873d09c6e9aaadbeb3ff48ae302c42f86a93a2352edb15959fc17e827344c9c21a0daf621a3beac6d3ffe7a878cd0af6da7e309120d2ce5a1effec40c070c2f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8cc40790ce79a00d95af1f0b66afe7c2

    SHA1

    4ab1557968ef839871e9f973bd7936b89b182d93

    SHA256

    b3e180100c13a71bd857d672b119d4fa61297c44065c8e1b7fb3b6be4217c160

    SHA512

    8165cb62f57f5bc253669cc949619031dd803aea2fed5307e72a510dd958ed84d255d933cd605faed2c5b0a89848cad8e074726aec2ad8d0be8da4f88aaf7771

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2e37216c623005fdb28a301e5fd828f2

    SHA1

    b7140486edf769ae99c9525b5bf5fdf6e2751601

    SHA256

    beb7c91366e1a66d11608133ca275a6707371f280e929372d956c9d41404f500

    SHA512

    e47b61513a2b5a6a05d2db435ab10dd77298e56c65e54dc6b2a68eefdcb8f5f78d216de10fe61f7311097c9bde2d1b30ec121ad6a3d77df1e88f51155ac3120f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6ca002072ea8001082a9024be52737c7

    SHA1

    566bce7f8e4fbf2fe67c25cf989783374d8a4ea4

    SHA256

    0336ec6c8ad6b082ca76a6a6b25dc9c3f72dfc26a49cdd2f3869574887fe96ba

    SHA512

    4bf5b0d9b5a33303987735c93919ef38e7692f9422502722e79f843ac52ed8f6c582a370457fbf77f10fba0a01de845bebcc9f3587b39ab9601a278d9a4d6e30

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e14ea5b680c9fd5e5dd6fdcc39f4ed26

    SHA1

    9ec4ee242614f3e20b5d0fd151849dd5e66b5e13

    SHA256

    1b41b7397ddc07d75a934a5f4c8505e4f7df6cd27f155357bb11d58c47856023

    SHA512

    9c29fdf7d57a292d4a130816ec2bb26d68d266adce78ff8f8c61f92f997b3ca2db97f86aea4cfec9b11d0caaa6399b15936ed9e938eb9cfd599d803bd8267a40

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    db576bb24bd3b4cf627e4e1302c29ab2

    SHA1

    34a8640800f8b027d78166903943f884c95cef81

    SHA256

    1e18c81e46f4a8d4b7dde2ebe24e1a7ad21ba3428913537511ddb58a8c89a1b5

    SHA512

    85a39b0030baa1ee0c3dd140450e61f46b159fc5d3f61d0a08d6346495b588388882c878309bdbb1d8040a3fd04f229c383ec87d7b1e78cf00bf4fd343ad7e12

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9ad4bebac37319358130898e7fc64c47

    SHA1

    85e1807212704b11250ce9eea78ce7025183f067

    SHA256

    4cd1aaeb3389e92db7539909112d7ef9c60261b42ea55ee01fed78a429d30c52

    SHA512

    d1e793a25e2d1a506855c49a9849359793060a2f563394530efe1058c1008e22cdcfd2cf3af625ca57c9dcdba08009c4ec8a10720fda4cb0a5af9dcc9c757617

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b65225e31b39a96e00075ee97ea865c

    SHA1

    78c5146f125ec7edf5c9a3c46a7abbeec1a6d779

    SHA256

    23140ae11b7b1c2a5ba1626e5c7ce4572d1408428b0fe59c30a1e1f201ee6603

    SHA512

    e0cab5927c7251011e4bf5097510b58681e0d8773a098f266b95df7c1928d21b1f48d40d4f9158e59a0a63619bf9653c54a4cd2723d4e592fdb4ffc65b5f7da8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6504515337e7d1c4e673b97e711181bd

    SHA1

    02e4dad59099285ad6c94343b6973527188ed069

    SHA256

    40bbb3f7af63208815d88d028470cded0f38e0b45742200c8c8826424b910ce7

    SHA512

    2d25f547f083484b7c8dd206894bd4f4f658ea5cb54987a8f7f4f9d6850b2a0b50fad900b20493392493087a2f0032ac6078937fc3e8f7789b28a33f1a5237f6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dfed900a2b5e9de29a06b61fa81aca67

    SHA1

    c817eea403d37129700a15df478f98378cf3feb5

    SHA256

    56bb09b58701a50e9e78a6a44264c1e203461a0aace2306833b28ab8f02196b8

    SHA512

    8be271b6c8f1c4c7f7b0989e58acabe5c2f02695851203359bd5edd6c9786848c00394eb9909c2a183f1ad8e12f0b03288e39549eff43d3e71e6b46031f6d0a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    141f67df7ea3d267348c3392ee3c1264

    SHA1

    9248ed7369dcf96f5ef1e60842254a9a0c91a479

    SHA256

    236fa82f472eead619e98de261622b6d3298cd109f381e3dcc947ffee4b449ff

    SHA512

    d699f0c76f85f07b2308ae3d56b4ea8f018ee6c4cda7411ea344b0e9f4babbbd81e8a57c068cd77466538d9234e2b3fadd41653ac2e82390b5eeef71de1d03e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    069d2a08f7da9f332b0256b0f89c5ebb

    SHA1

    d6142a803c2d9cce4867bbd695b69f0be56b32c0

    SHA256

    052b993e7608988f8a39fbaa1805516a468904945bf1724784274fd6c921940a

    SHA512

    e18253e31aa861faf3c6f985fb09060ac0a12be5df81e9705f3c0d455f4224b314ae4706c0b3a6ec64a18be00db5179427b28b48d4493ce071d87ab51383964e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    53916f329fcbf0a67085ceac4b7f6e8b

    SHA1

    945716dc50ddef6279921c3442ad19e2487531a3

    SHA256

    ff9df85c830735d113228fe75fabe9cbaa82a7acfaf4c7d79e9318e06506d6e6

    SHA512

    276557f294df41343a18a65c7fde0931a913f704cfc288741b3d5e47e2446c114a9e63b73ed1bfae7193f1dc657e53e5114efd3cebc0d02b42972a4e7a092ea8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8ce7f437e42179e839fc33033b2cc643

    SHA1

    a9c4e23ec9f173911d87f4ad64fbce4a663bdbd9

    SHA256

    8a49a1d390e486d0baad6290b4ea341d8814d55deb4df6eb2394a26f77e53574

    SHA512

    0dda2e6e539139dc287da49ccb85ef0760ad0558c257f24e97a94c5397d48b4019b4b8addcee1c0a0fe34c5c7c00605d655c780a2ae819101768d1acbf4f3040

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF6EF.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF702.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit