Resubmissions

22/10/2024, 19:51

241022-yk8gtstckl 7

22/10/2024, 19:48

241022-yjkpdatbnk 7

21/10/2024, 21:25

241021-z9xx3axema 7

Analysis

  • max time kernel
    140s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    22/10/2024, 19:51

General

  • Target

    $PLUGINSDIR/app/cmp.html

  • Size

    5KB

  • MD5

    d7b8b31b190e552677589cfd4cbb5d8e

  • SHA1

    09ffb3c63991d5c932c819393de489268bd3ab88

  • SHA256

    6c21e8c07ce28327dca05f873d73fe85d5473f9b22a751a4d3d28931f5d0c74f

  • SHA512

    32794507a4b9a12e52ceb583222cb93300e38c634a72ea3f51a0189127aba60cf476fb7918942355a4f826185d7071e876cb40348ba34cf5d1ca7e9546ccb310

  • SSDEEP

    48:t9rc0/GLAoShbEHaLKNGiNQtvmolOGR36tgtr/GTvJP8AscaV4LiMt7ByBZXGz+p:4VLjHa2NGiivmmpWsBVutFwAk5vSG

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\cmp.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2448
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2448 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2980

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

          Filesize

          1KB

          MD5

          55540a230bdab55187a841cfe1aa1545

          SHA1

          363e4734f757bdeb89868efe94907774a327695e

          SHA256

          d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

          SHA512

          c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

          Filesize

          230B

          MD5

          300349f8a037832caa62c93646ac0d06

          SHA1

          a916656c6bb51817256303c07f333319a37763a1

          SHA256

          0bbc96b796dd4d1b8a445124aa10be924b2ea32f31dbef807f843f2c172d66ca

          SHA512

          ae40ef89ad0b0781a1b29bd6f41dccd211bb926d1bb39e52ad9c9e17c32d4d19af8fc065aec680dd29d8498d5cbf353bcdb0b6e697e0c86f85104f355277cff7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5eaf579229b577d153abc51e5feb5806

          SHA1

          ea4b91a59df3b859c2ea03511034cb5ffb71d128

          SHA256

          cd014d5dd6ccefc1ee544365d4b55ef03c3a2bfec77f72778688467353c2ebd9

          SHA512

          9697cae2f7e642edff8cfa603f0c424da91b0f9bad7f8fc56c885dd725ef2b729b2a00a0ced79a906382b9667735ffeee1ab023612cc87aa7c880cf02a3b7010

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          63f38cae8c4221a1906c76e212ab8de5

          SHA1

          34b6bfcafb57c294bfcadf6798529c39cd801fa4

          SHA256

          f7daeaa81eaf05a8cbc9b8239db5ffd44019e85e64115fb2ece6fe76661b7dfa

          SHA512

          c0d563ef7924c969f6822e145b6d6d49e6f64f3e05be43d13465aa9709dd58a858f0b9ef01fb8f98bf314a56ff1428fae17994689dc0669bf79c76671b537f98

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b0bd96653f48f4b60a673be3c726e4ec

          SHA1

          81f39ffd64d3522216ebee1910d2fd5514da7eac

          SHA256

          a49098bfd0166014866e3e9fffb2ed9607ee1664e545358ca0ef35c5b8f7533f

          SHA512

          681c8b7c674f90708a57cee8a72bff4ec3516edf3d0c8f33612fdc95cea3d74a9b72442fbb8eb515ff516b407e13c8c03a1c0cbeaa1317707ccc697b4e64234a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a79a0aac169a688485d979e2a0886fbd

          SHA1

          9db29d61c990c4db6efaecf2a625265cf526fde4

          SHA256

          a452e53afb1ffa7842181e0d510746f785d33c506f0b9adf492f1b7a7d4d8680

          SHA512

          77ecad63ea0da943df5426eceb041188de4a4fb4e92821128a65eaba4a49fabf05715c88f41cd785e700b5034882c1661a3f8c336de15a092d4de05026030cc9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          32a8cdb3d66b420f64bddff956eaccd9

          SHA1

          c01b5c75d3b1c1f5189d262234bd9c1675dd875a

          SHA256

          d89fc70e0c2c14c8264a0c0e13eaea28382efb4b9445d58cfa3fbcfbd0751c4f

          SHA512

          0001cc39242d43b1e54cdb4416669e7abac4cc33977c08503dafaeb0cf8a046191f52c822336146d6caa9988476ebc3602890d0edc0cf5555c51aef3914bf01e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          caa9597ba367ddfde088c6a854d0206b

          SHA1

          23353da10d96ee8501863e12bf972f37f9b23623

          SHA256

          ba74c9f9895183268a3ff7ebef9210bdd2c2476275aefbd2184d4c3a6953a321

          SHA512

          c1799afb84df30b62e8c1031c4e1055dc8371dad8609e9c0723a3abd418a7d648b189941ca9508d0f70a32dd1f36ba4c635170ae75953b0ae1b7d16158705d7d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          8552f4242ef62279fb766c1bc7042c22

          SHA1

          e795ccef39c5ab1a9a643523a28147503c083798

          SHA256

          22f12b06719ded030c17ac03654878925627d7333a60c7eef452252bc1fe588c

          SHA512

          c57197224560db9c7e9ea886699f2aab512046fa69575f8e97da539c0005cfa4b788234a94a93b11437434ba90c15aa34727280c3a9d9d749bab4965c6ee7d84

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          bbe9272419eb43e0c94631f44033af17

          SHA1

          0378981150e206c233ed033903376fee7b52206c

          SHA256

          89f1088083222599d3bbb9155dd71b00f84642a5bb6e6f2dde710fb75545c571

          SHA512

          499577e21d7ec1b341173cda0d8b47afdef35b48b3a15d28561ab8b29f946f9637dc85cb65f31665d9b90fef70838ac4a164f30407620f2a1727a3558022ecd1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6cbd94d560854d533e459f5f8374f806

          SHA1

          97a55cc6ce95b77b4ed0db16e1ae5bb9bfe905a8

          SHA256

          285498ead916fcdff91537ae79839af2b8e3d35b44e533f0a23732363a585aa4

          SHA512

          95b409fb4469e092f5418240f37fabc2b73d7b8c81efdff59dd03c64085ec81fedd5b86463f6a7dc8f207c228b81cfbca8adba061fe3e6df2578155e28cca087

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e78acc5ddc4482fa01f17fb39f932c38

          SHA1

          6082fb65346fdc93521db89f52761df11df24433

          SHA256

          3ade6349e207ee3a58c04c4f1526b8e3cc975f7efd837e23fb40ccf2aef1c0af

          SHA512

          1a252c2e9f9ba88eeba89a69e1324007bafa863bb9a42b6a5c7fd063566cbcc5c9b5c9e9642ad402f1ecd2920bb0e0659793491be87db93c4f8c76fd6bc2654c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          73e09c32e87b617049e4f4c6cc955d10

          SHA1

          e2e6a5eecb0f7acacabffcda3651061baaf748d3

          SHA256

          fdaff7388bac8ecb3efca9e4d2afa825f9cb9888fb25369f24a44088681b3f7a

          SHA512

          39fbb3826a43d8d48cdeb98cadfb9252c62b3ce4b98ac026d761690ded02c212a04ab185c9cbecb8ce5838c5693efeb97728a0db9a5fe9667590d9d8fb8fe58d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          0f266d2491d77e4f67f061f8b4c6dc1c

          SHA1

          c32e6b6bdde9188c951bd0d0df65c0355f9e4357

          SHA256

          8c7a5c3f2dd68677107cec81c9974679dc92c77e37ece297236719dab92f81c0

          SHA512

          bdc8ab9d965ceaa09216c8e0e0beb7c6b8df38dad3861ee1bc962fb69d850efc319845b37c3c520f6ffeae549052faccca52ec6901359f8e83d02ed75be21f42

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          acf06f0da4e37fac19fdfdfa26dbb62d

          SHA1

          c4cc071d268ab22751aa86ea80c717f39743d0af

          SHA256

          bf044575af9110001ad041d9c93d6d59988046a9d72cc02ea483725d86ea57f7

          SHA512

          a222542e7764a1f554bcdf719d3477ebb260553c6c866e502250d9f8e5b59114219cff54ce299bb3a835a8abbbccba66549062d8788747725eb50a08dd165a62

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          ea72d4d094064db43e29fb1e6356026c

          SHA1

          26c61b203569d47f3fd7dca8d23b27af01d4d4c5

          SHA256

          1ffeb02daf9a2da47a9ee6bd81c24bd369c2d1cc495ca89029bb1abe8e7b7ef3

          SHA512

          eea57470a6628c04b0885b9c30f60370d76367ed69d9a2d27085bb281a179d032740f72911afe61306037574973bcbf8f6bcc851ffebbaa4b69c862dbefdaab7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          ce7f4ccba57dacbb4b0436234c8e1c8e

          SHA1

          6616935401cf4615e78454d63ea8ba18151f4263

          SHA256

          80269c0f48b280afcc874ac6a93d7f2c76f9677694f01aff386ca0c58cd42029

          SHA512

          69877ed61a0761567dda3759903652493eecdd8ea9c45b742194237db943bcd4ea966577c245db9c521cafe6a7d99f6c1a826c4aa4034d8ed68a1947bd99afe5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2af581e4ff4e9db7c280f972d2690ee9

          SHA1

          a14d05a2b2bc8a768b320e76868fe8d8e7585908

          SHA256

          6454e2b0c9b031cd19db9f95e1ff913b964e08c889bd73ed433bf271e8f1f23d

          SHA512

          b399282499aa1ae44360f20f3aa09bb080528b5e789d43ceba34b8e8395b0ea639b4a6cc16cc3c6b1cecfe7f539dc69274ab3f7dec1fe5730494fc38ea41dc8f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          10ddef700533b304cf0e2cd2d276fba4

          SHA1

          a274ef7a0c988e232153c890d24b251e1484a3c5

          SHA256

          bc2d0e0298aa38dfd7a435c637dd4b04e55ca1adff734501abc5cacf8299f4da

          SHA512

          0eb3775f18a3d1d75ff589d685e91cab16f13683fa8e92f94e565f73f7aabd551695e43dfa2fea50ad61e1eb914af2501f885db6b8611cd9e12cdd5d948e780a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          efe7d9e524e49f4e13b9dc7f1f184232

          SHA1

          57c3f7cb51591eb2ebfcf8b432570be3e55b2aa6

          SHA256

          8d569c2f296185bcc7d3e8558e0247157caa3a60761ac6e2d8d76a9ae01eb239

          SHA512

          3822b4befb8920f800b118d52d529207b3a7158112e8aac102d76d8b9ec07a264d0c20919337606cd9a6918b83e0523f85f38bc2aceb141a8dc72353bc055edc

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e7a9d28508f0dd4578e4a9b775c49cd7

          SHA1

          4942b4f4a4627f16221358836097b2084dbc56d9

          SHA256

          97d5055d8b2e31c819faecdab0e786fc3c5e279cedbe4a6786200db290592d45

          SHA512

          1e14cccf95bec8b3ac03e853b06a189e1f29c9d1a7dc4b8746fb8f618a85c8d5250884fc413347b9e798e3969bba361c90676b6af58ea5a1f053e82d7bc7a0c8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c4a6536adac55097763718bab23a01d1

          SHA1

          da20e00e402e88d05b649a4c3d821a4e8fe5b949

          SHA256

          7c7dc480864ca234442c4cd654daee0dd5e6da304c0492c32ed9e6abe9819e3f

          SHA512

          43e5c9cff131627551bc153ed2092587a7fccf752b3afbd53ca923fa7bd24171399a36d8ed06dfd011ffc34d4d5e663e2e2b3163d5b66aec4b2b6d0d3a6f66f1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b1d1cb9351f71de0b927265bf99c7344

          SHA1

          4e8dab1fba13905140c8c98aed2ce06f346aec9f

          SHA256

          027accc48e17f456619c7609d43204600944f6e7902da523419975bd8e4b396e

          SHA512

          f61cd2c1ed0f8d8da106d816e6960090c7de760df0ba4f42830a9b3e8baa8c05734abe74773007e5cc8b5be2b86e2ddd6f41254183f77b2b02afe7cd494299ce

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b18d21e171569f4d753e5d1ce0808c11

          SHA1

          768443cb237e88f12b7467613911c2ba9834a2aa

          SHA256

          2b544798de24962d87a6843b610e657f47cacae728619490c44a4ac1492165eb

          SHA512

          d4005e6e2207db8a80d39bcba0869a37d88c80af0b90433d982b4fe86a596eb35bb12f41e911d0844a17a6d4530e889f2deec9915dcca2f2899bcfee12c5ed87

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          3c8d613a5efa760502dc0828f874d47f

          SHA1

          54f4fb47aa9f07c5135e842e40bd9f20315b6aa4

          SHA256

          4be1d1671ee671fa04c4efbb280ff9535f58d633a61bb4d4fddf7fd30bb22951

          SHA512

          9651091b4a5a1798c239aeb26799f595d68605ee02c5eaa7c04fc6a7322465d4a6067dce6dc3162104de908b15a9ee06dcfe917e444a390bfc03cc92405e406e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c7a811df4bd0ca4642dc6dfdb6808c8a

          SHA1

          1be8308c99b5e781e57d6636bb9df00bf5278ad4

          SHA256

          9b37a1bace278c9f1237b81bc14357f4ba466607b6ce812338c6e652d0ee5f4c

          SHA512

          47ce785134f113d63cac119f005b00f224cc023a68e28a760e35c40849b6cb3394cc26102750ee63291caf1cd0f0da31588b4b221c027ca8150789957172c3a3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          47ca45ff6385286ec9786c93894f0e6b

          SHA1

          ed9a52329c4c3dca4eec198e5e77bd492a25ec96

          SHA256

          85d2084fbe3d543afad715fdccc18abf0d658f28b4576ba6e4a2dc04a24bf9d4

          SHA512

          1636652f67250675f93044c850c120189ac5a4cdfad17f504ea47d8b19aa37661d53c63d0c41a11887ae0804d12cd277278c10391504e4f6dcdfa69a9a7653da

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          0190fbcef76627f09d933967ec13ae24

          SHA1

          2885952ccb1d3a9a20804fb27215dddd71752f8d

          SHA256

          7e600974e5df67157a023a6c3e11e23b96b7c6b428a99358873bf5137b9c7793

          SHA512

          01a9f4c7ed399b9c3087747377c0405b3cec68c9e3bdd3e9264dc76cc3fc9cda18b623c495e673bc6f8795f9915d4751428002768c1170d1e76ac61b2185772a

        • C:\Users\Admin\AppData\Local\Temp\CabF50B.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\TarF607.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b