Resubmissions

22/10/2024, 19:51

241022-yk8gtstckl 7

22/10/2024, 19:48

241022-yjkpdatbnk 7

21/10/2024, 21:25

241021-z9xx3axema 7

Analysis

  • max time kernel
    117s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22/10/2024, 19:48

General

  • Target

    $PLUGINSDIR/app/cmp.html

  • Size

    5KB

  • MD5

    d7b8b31b190e552677589cfd4cbb5d8e

  • SHA1

    09ffb3c63991d5c932c819393de489268bd3ab88

  • SHA256

    6c21e8c07ce28327dca05f873d73fe85d5473f9b22a751a4d3d28931f5d0c74f

  • SHA512

    32794507a4b9a12e52ceb583222cb93300e38c634a72ea3f51a0189127aba60cf476fb7918942355a4f826185d7071e876cb40348ba34cf5d1ca7e9546ccb310

  • SSDEEP

    48:t9rc0/GLAoShbEHaLKNGiNQtvmolOGR36tgtr/GTvJP8AscaV4LiMt7ByBZXGz+p:4VLjHa2NGiivmmpWsBVutFwAk5vSG

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\cmp.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3020 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2308

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

          Filesize

          1KB

          MD5

          55540a230bdab55187a841cfe1aa1545

          SHA1

          363e4734f757bdeb89868efe94907774a327695e

          SHA256

          d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

          SHA512

          c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

          Filesize

          914B

          MD5

          e4a68ac854ac5242460afd72481b2a44

          SHA1

          df3c24f9bfd666761b268073fe06d1cc8d4f82a4

          SHA256

          cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

          SHA512

          5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

          Filesize

          1KB

          MD5

          a266bb7dcc38a562631361bbf61dd11b

          SHA1

          3b1efd3a66ea28b16697394703a72ca340a05bd5

          SHA256

          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

          SHA512

          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

          Filesize

          230B

          MD5

          a7395ae50028364d3697143677c2dc3d

          SHA1

          32fcab4ca4de6ed2abc5d44651feb276d6dbd011

          SHA256

          602bdab2b85134f250835e94204c13ff2c764efd879e616b56687f9e5fc89725

          SHA512

          f54cef3b7967d760076bdf74d73aa83c9722e3549982cc7790b175dc3a9077575916e090d3dfde5cbec9dee64bf3e888a649b464cf0ddfa245649414b7d4e5d3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

          Filesize

          252B

          MD5

          dcc3000d34bae0dbca3a81362fecf0db

          SHA1

          d3a0326837deb7a8edb392bd9aa31d1b02c2405a

          SHA256

          eb8b8586e79b10f14817db5f3b1e18c8fd3eb26579ec526a1455755e9c31f06a

          SHA512

          ff05212bb5bbef99b05c0dceb77cb9431c327cbc0435cf3cc20e34897719acbdd172fad55b02ece4b24941f54791db0d54ae7680df54b9ff8ff500b3ac8bcf60

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          fbf9f05939b46ebcc889f2cf1b42e431

          SHA1

          bd3cf105548bedb0c594befc5fdf480868f2af5b

          SHA256

          3c0b1a92cc9c9ed51280ca852ea0a8d2c43d5f8d73172b24627cce3535b9639b

          SHA512

          5d9e68e73188e4f3385e2798e75ee1dbcc29f8f16fa5a7219b312e4662bc16698079724ee644f92fa392cb4f2ba42a25a1113a1eb53e3721e3240cc6bacc373e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1d2d596d1ecf009b2e09285dca96177e

          SHA1

          941f7a22bd79267d7d5e56cc0fd426536a9573a2

          SHA256

          88624de0c27cebb68a7b1fefb04cf17ede58f0a1ba430220d9354490ec2a50a2

          SHA512

          5ee7a97f85b25d0a23e35b8e03bb8634872eef35416cefde0fb255910e88183ae709a46cd932390fd566748aad5264f559f89c964fce8697366345e1c305a92c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          ba40a0f4ea28deaadc7decff9ad20b07

          SHA1

          6ef1d9aa8ee83f1d4be9d0b3483a8b628683b710

          SHA256

          67c5bd4ed205f418253baaa6121924ec429239a72ad7587898f3677221843d2d

          SHA512

          24c697bbf5284d03349f24a96c9ecb4ca49c5bd15c64d432f241dd60c2a881cd2aaa114692fb9bb171d495845bd3aa6de1659141d38da5343b11ff4de84d618f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          31b8bfbf5e3862213e2339c6e0c67173

          SHA1

          d45f32f6806c7c09bbdfcf65e73a30dc03396d52

          SHA256

          79c780e945202768d3c98d579444f1204f32f89de500ccc8b6a53461fe64feae

          SHA512

          605dc35e1f5f9fa36fe09fcb202e093182d4d5fab5cfa2548dd8211bd816cd1c70e60b217e772b2426a619d81dbc77c167063463fe5007dc2d630d26319a1634

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          cb1eab4bd43ace3b679ecc7bffdcf1df

          SHA1

          0665e6119cc24b2f4053529d6fa658a29236b56c

          SHA256

          5928ac57877eaa3ad7a4206f4b08edc579b37b573b095b0462421a1dcee96a21

          SHA512

          2b58682459160ad42474418153fa47853f40406370f1d1e1f774c13c95cf2b22a20ef159f95456bafd0acdde644088f2afa855f8cb8b692d5a29ef1e78714894

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          fbde4477c704e1f4fb782fffd4608210

          SHA1

          259054699c92d71634bb5c5737bbbcbba355ebb8

          SHA256

          4b617e03ccef6c63690b55666ce2c0698766e7cda131bf51b16303afba73a01b

          SHA512

          e73e748d5856a60445b61c7fc870a9bca6f9f941c6e78172dc98e1fde717af55d4186b09d1a2edb0e48e95fe1ac0e7af59bb5921696682a98e2aa162e2e70d71

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          34ebe9050038f200ecb7810d893659ea

          SHA1

          3afb98928acd699c9b8538c700f5ee4956ba09ce

          SHA256

          faa0c002fd44bce0db427363856cdfa6902101e78365bef544d6f2c8107eb95b

          SHA512

          d48a7dd6fe0866d69f0f7dccba2284441f1eb209263cc23996a5ab66b59c9db745cc6fadabc6d1f6a4774d06e0535a9f025da919da73d2c4b4b8f1886d536972

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          21db92795b4b946a612df771ed0a72ea

          SHA1

          772cfbbc22aaf9e51e59213d673514a24aec37ca

          SHA256

          3ca71d969561fc072b214922998925ca5967f5845712f68a5bca59aedb2430ea

          SHA512

          aacea2434825366b3ab9a247904d264708f5569af7f86302749aeb9411b0d856b56e92e10380252de8cfe5d4e607837cf31ad058db930d9f17510b4be8ee5a42

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          21c20431f5c86d3a87a7457ee8ead149

          SHA1

          985c0d76e24f78e14f11f336f78d346fa153e648

          SHA256

          8c17ea6742a08f90aa670ada6ebffee5ea51f7fc79310be1a61bb040e6db1fdf

          SHA512

          8de90a0d26366a435a6a22a3f4f9109b3d356f03c6dfae4992fcad948b674f502e937f05ca9c610ef37081900a70be67556c2540f6308d44ad6fbde3fd621ed2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c2c115c8450befd10407e39328d9df79

          SHA1

          36ba60c580ab6327acac391e13101c8d4383f0be

          SHA256

          10cf57280819b9c4892c4163aaa114c88b82f8312902750d671c377ff57a6465

          SHA512

          0dc9d5bf194faabea945db892ba7dcb558b9ddf104f9eeecb2a0a87b74642200f9f84edb5c52d29c7294431736809dc2865f3b2524a1b5e02155ddc18dd65f1f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          25aecddd13b603aa05cf3350da71c394

          SHA1

          1c9e45e35ede1f27a386f9d82ece681f7855b119

          SHA256

          1daf6403a555bf12e404084de4c0c08bfa80564dd3ee90c40bb080758e1a88a2

          SHA512

          d88f3e43aab00de57f61775061e5e93b35ba635df43727f685e59af6de80ea40a43b179cc7990ced6e98962f8a143fe1c106adcac109720be1f10b62505ba131

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5298b3a9604dca942517460c59d87c02

          SHA1

          a0f0e6545468f4c1127c7a5e831d42e8313013d3

          SHA256

          74821a68313149a89e90173fefa3c0e1fd52bb7559fca15ba3609000b3838c5a

          SHA512

          a57a667a6cbf6d5001a681880adbe599f738201c80df431d8728f2465267ceaf4a19a11a57308a33f6279c5461707246f700e80e8ec599484173b3d5080bae0f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          8ce063c22d8aae8654cb61393923a01f

          SHA1

          4ad6fefc896b0fbc4559a73686f1caa2ac364832

          SHA256

          9fb3e2f43f2c0a9465f553f806377c2fe51c61f8b1becb85c65f4897cc80b756

          SHA512

          6cb39fb6a9fee1928cf2c3275b24a73dc312052cffbab0b67a2c3538a3130b142795dcfb4f99921d0a421b885b59fe6bddb8e753980986ca8e10ed7d79cbc334

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d62bbfc3de2f1488f6abc574956453c1

          SHA1

          411401822295b324a208f2513b20ee2cd1040f6e

          SHA256

          ee4f5d940b9b7da1381a08ea164520861cde8275fe7779c7a8b3516122070a79

          SHA512

          c2b79631b699dd9a7dda7182d7a747a61380d5f28f0160a944973fa9a99db2c40ee67188c63aa15271003fb20db8deb422c1a6b35ed861258d02cf5244789cf5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          938f880428cafc2e6162e9c682ea7063

          SHA1

          7feac2b7c4c525029e3bb3b257e8d651ba2b061d

          SHA256

          35ac20b478b931ac4d19c84ff5ce54809215a5cf69e11f61d9d535963a88a014

          SHA512

          116639d6d7b2d0264883538ee567f65b62a2ca3751550e9873a6848126a1de86d76ad5afd893ffac5c20102b9e0f78294f13de97072487dc43c4442026e9a0e6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          78b8606293bd61b14c530d7215a08fff

          SHA1

          381a613b839e1e1df2a06853551e9a265a6eef6d

          SHA256

          71f8ddb781d9693ba6c00a26d1335a8df88b1dcf26089be78ed85856bc92a865

          SHA512

          33be5d74c5b91ae7e3f677ecca8317d225e2df4adfa66347dee4c94c2177cd4cf4feb00b2365a60237aef8a916078caa4ad42cb5473e484caeea7fe8bc670a48

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2b89d15f7a1f4cad11ed085275f7c116

          SHA1

          6b820aee7a96c64e97b4da4475258944ad94bd56

          SHA256

          f8801332eb5a52f1d8e400f938bc5540019d1300780af20450447b3a8b8cbeac

          SHA512

          477184e0a687e0b709d766655bf9596e475f06430f3dbfe095d98abbd58e55e595f12f1feb6ef067d140127e91ec667e9b33da78661cd3bf50daf58aadc1210c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e485450aef49a647ec4fab6ea7063708

          SHA1

          e2c8cd84cb9498b6dc5990967ec22a417ce40da9

          SHA256

          9bcca7ed570ccdab492b5d2dae74da89de3e7ec7dc2c7fcbc14c478bf8bda47c

          SHA512

          c4ff9607fec17521437d4b512bacd3209257f7a123e86e0a641a802d805a79889867304b78b56252690fd0e7c84f23afad218cedc1ce2683805599ad318f03ac

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1c7aad91896adf8cf6fe418004dd95d5

          SHA1

          7f18dbb73779a261c002fb72a950862a982a4035

          SHA256

          8e8cf5864d14d3dd07e65d7dbc4c58ebef9bc8e4aafd63493d8593d9c332dbde

          SHA512

          230825ad3fc7ae50e0d0797287174f8f46ce8912f08c14097bad2228dd801ff133d61c6314dbaeb2135866ca419ef95dd2fea92881fd4ac07fdf88e7ac097d57

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          08980246130674f493362fc1cf24df76

          SHA1

          259eb7d21107a45c482c337a443b7d3160513772

          SHA256

          ebaa40a76b46a6a1f9b1dbc3e84c7deba2d0c93ba515c899de2aa3fc2a69b4b3

          SHA512

          9eb90842f226bf6608ba12ed18ffa1262dfea9a4d9cf747dbfd7ce86c6d1d9ca1c2b5f8b9e5823536aa11f0f4e1fa2b56727a67d54debc7d974a78f6b465b67d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6173e03f5f86e83d3d9dcbd7920681c6

          SHA1

          1211a1aba3561a656f1ebb7e8a84a78cccac7aa2

          SHA256

          2e7f05b3b60b85246a70913e46688871eb92b4536209adcacdd5ca5eeabc8145

          SHA512

          f9e5bfd668c1bc978a086f882e7eb4fdea4034e9aef895f4b8bd8b8f48a617ac45c5418d100ffc786007067eb9e7bebe67f65291a51c21eb238f68c31fc8e5c2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          72d7acf42b1fae2ca6ab0b0dcaa694ce

          SHA1

          f01966b21ee14018c4adbbeafe076810077012e2

          SHA256

          a66b36a66c60e77abc00923e93ab1986cdc86e61be4c34ee305db302bfbcbe9b

          SHA512

          54d63c814d44428ba729e76bbb93b104b3eceffbc5cd31d4177efca5507b464c2bbd842b24e70e24798600d803f42b6aa9e5c03f00861758ed3a999a9c4502e9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          3d662439efb51ee94028fc9bba7d537d

          SHA1

          1fa48d110645fe2af1b1cace8e9fc06ae03d9854

          SHA256

          40bd21c2edfd9ca27704be1467cd8e1e50c15c1680fd1fa436fa3986f3535f23

          SHA512

          640bc8feeadc92810965494a43d0bf0c435b4f165cb96c4db2186424172fa77fbabe479b467807f1d12ed017702c9ce548c9ded4dee374b3c0f67b92f4357bc6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          22aae640fb80f48dc596d3be36eed11c

          SHA1

          b0ec6724d19cb65fb3ec0636ee11094f815fe399

          SHA256

          c7265caf0e67b07af6b7a5845c0f445dd70082dd420dd9c0158e2d9d2877cce5

          SHA512

          cb2368c302482752403276cad598a1378addde009102b89eae0db074226f122c9497a1092ef609a7be95e77aafa841fe027b8bc680608405d52d7ff31ea0552c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          40e2c2b3c290714f5c5dd8a8a05e18f9

          SHA1

          d46794cfe96c0f0ae2889b174c342e564436b8a3

          SHA256

          4acbab2cf56dd40ec86494fbd2ab54b87bc32052a91fb344c6feb9db04711764

          SHA512

          6794952d72c3a1a9474e1bfa7660053b9e743865357c578ae1c8ddf2eb4d8b3badad5bea7de2a17f9fb6db7cbb7a994e17fd14835ea4fb27c2fc4340295d9d04

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

          Filesize

          242B

          MD5

          629bfc1030278076b58a8c2413b3edaf

          SHA1

          d52987e87a9ba8eff7caf67b10d17a514075b254

          SHA256

          46d52753646bd1b89bb43e98ff6e98ba15735fa1515a89687996cd1d8118780a

          SHA512

          a80bcfd8ce2ad16f3b559d7eae12fb84ae28c1fbc3d7e29c161aaefb481601e586faf3494a2186e5b5171a4a16546629b40959230defb54e7abe21b76fc4e0ba

        • C:\Users\Admin\AppData\Local\Temp\CabB6E3.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\TarB734.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b