Resubmissions

22/10/2024, 19:51

241022-yk8gtstckl 7

22/10/2024, 19:48

241022-yjkpdatbnk 7

21/10/2024, 21:25

241021-z9xx3axema 7

Analysis

  • max time kernel
    122s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22/10/2024, 19:51

General

  • Target

    $PLUGINSDIR/app/index.html

  • Size

    20KB

  • MD5

    423d2e2f7e21b856cb5f3ee3dcbfa5a0

  • SHA1

    eda0e357387913daf57a0c683c34b4b8a5d7baf7

  • SHA256

    cd59efa2fe7cbe222d03a946c34eaacdb3761e922763952d7be4555addf8572c

  • SHA512

    c403307549af9bf7cfd34295a8b1020e7b7489d104b5fdaf4320b495f85977134796774dbf4f20f8fd0b2d1f2188b881a1cc35cec56aa64a3dc84bf1c2d21b4b

  • SSDEEP

    192:DgNb/cVDYmPkhHmY74deqmtRCtmK8WQI9gHcMlxh8Bi9LJFHab4rmgJnc5t/93jp:ENs+XaMr9n2uLy05SN1

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\index.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1508
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1508 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2692

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

          Filesize

          1KB

          MD5

          55540a230bdab55187a841cfe1aa1545

          SHA1

          363e4734f757bdeb89868efe94907774a327695e

          SHA256

          d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

          SHA512

          c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

          Filesize

          914B

          MD5

          e4a68ac854ac5242460afd72481b2a44

          SHA1

          df3c24f9bfd666761b268073fe06d1cc8d4f82a4

          SHA256

          cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

          SHA512

          5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

          Filesize

          1KB

          MD5

          a266bb7dcc38a562631361bbf61dd11b

          SHA1

          3b1efd3a66ea28b16697394703a72ca340a05bd5

          SHA256

          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

          SHA512

          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

          Filesize

          230B

          MD5

          a81feaad614b67ebb6f84f33cd8452de

          SHA1

          c96bdb298e52abf32624e0289284a135f791edf0

          SHA256

          0378a61aa9992f242f84bdc018e3e229f71b6ca30dade94cec7f13989257e969

          SHA512

          4e83b4b4c5cc5a67fa1f5a71fc1102fc97337deb97eff3a38109cb983bf85d721de034895b9eacb6c8bb0eecbdcb783f9d3df92938c9886fb74eb12b29034848

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

          Filesize

          252B

          MD5

          bb868be9aaa363bafbd9f61b1fc739db

          SHA1

          d83d78a2b69f7ffd085a6a86303c0402c052883b

          SHA256

          93146c99cd96a264d8b682526f9f57109ebcab4976ca02b8a9db97799a8e0dd3

          SHA512

          ea3c14d23c43b37d2652bd55680f4c677dcf4a87fb2dce304f8afb725eae1bf0abad783ac8535adcd3f5023ce046aa4d6c6119a8dbb93abca3bed3cc15234e11

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e5e64f127721052aa6b33bba861206c6

          SHA1

          b8218a9df92feda68943a05a93b42f67624aa248

          SHA256

          f802ea594701b951bf10f7b7ccbd249a79eeef50c4a1b12233089f0d8d60797e

          SHA512

          ed7528640d5c2c00ca99ae08b26ee54c41d63be72e557517e655c4a0301a52de37df59dc474e3839d1cf97d6de2f25d9263d5185f17300db911861be2faf3c53

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b4c53a74567cd4450360417822ebfe1d

          SHA1

          2eb4fc6e661b6feb449f311f0e3021da39b407ba

          SHA256

          586d36bbb1077a8f5b8c2cb078fb5a266bb15d1438165df99c99d1c92cbbf2b7

          SHA512

          9402447c3d9c19f8a76a3d9010de6a6cd4b3722440d3a316ad1e7824e3971400e6f61fe9735d11aef8250d0c59141fd7f4b93ccbfa302224347563e59054752f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5c16960ccf3f0a7fecbcc301c9b45c36

          SHA1

          88e2d7125bc08902322cba57b01aa093d24c2047

          SHA256

          df110adc6f08cdd5a6b32e992a4fd9b95ac227a95ffbbd8e62cfe525eaae62cb

          SHA512

          97fdb05e75ef86e0bbfc5db901665717712bd6023918fd230ec40c31047f51665083a2812b3f218af6280efa72f98b70cdb28fcc472233c5da396eabae3b0feb

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          649b05a5b236efcd915b50ee228eb5ad

          SHA1

          39bbcdd4c6de5965b3fa434455f68c0099966ad1

          SHA256

          2cb5cb868e1f812f80ae1a168b51d4ba1bc3c635fa167787dbc7261aa4444a66

          SHA512

          d5cd5e1594ec51facea9328d576beae31cc3cf70af8c9a01a2c7cdbe97201c9b3ad9edc6e4bee4bdaa785e9a22ca0631a150fc7c7471d6d075e891506bea0dc0

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2432b977138f5634b06c17fab37d0b4e

          SHA1

          6f12cf04bf0764ee8596671da98aaa2fb80eab21

          SHA256

          98ded51d35e47c3daafb94cbdbc3c7da14f6fe2221cab26333cf79f696472063

          SHA512

          f8ca8659039fc9f89cfa655935e693eeef7f31ac900fe7b10241d30ba11acafda442bb356eb28bc3e0ae3e749c09ae1d40c7b52771b2777981fa080a4b70de35

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a44faf8a194f893f9cfc82a1c87723cf

          SHA1

          0db22cb623cbadee537d19d2257df88f26cc21e2

          SHA256

          00e81ae20946b6839cce2ab35a15c0b53751392101d078859f551771b3a16e82

          SHA512

          f90c27e8d0df3fe94fac5af47b2801e995874cfc2d540c51eb03c01711848c5a50b78d5f1de968c9baa0f2a7807f836ffb4cf2fd38a0657d755da1ef3c150f6e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          0e65ea5fbce5e564dc092bf81c380f8f

          SHA1

          558a5f9848cb887854bacca7183b327203c62161

          SHA256

          f692f5c8e7d48119d64aebc97072ae19e72f975a80d472a4efbed202ad92c094

          SHA512

          a421129365e3557f6e1d5f8200fea87fc3cac2e706a733874b5a1b06241dda3e290bfe3df88ed562408ed1f44b2f5a197aa88e85c6db03c4916c3c246c8f442f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          07006ba609ff4aee98a039e1d3105d9c

          SHA1

          52355bab64a8ff848d84625e4f84d40757c140c6

          SHA256

          08abd6d47581c8d5a1dad82db8f3c08b5668576527a2904471169002fea11df9

          SHA512

          c211b707c27adad258c433f1b00d8427f92e10ee3a072c55215c17a31fa2b2b60c871f3ae728745b9f75a673e52b249bb859499f4d8f86fc4ad5a77e760f3163

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          4c247bf5eca9ce7868cc3f09ccea6e23

          SHA1

          91769c82d34d2e86d01e9af38327dd864c1c6bcf

          SHA256

          8d6e8f2fe4123e44d99e1e6dbc757fd87198c8d38d850ac8b619a43d58beee96

          SHA512

          8557bd1baac56dcda1db9920fc8d799402c25910d51aa3a72cc14aed3d0d2fdc99259400ed5d04071164a807cd4676a32c1d38f80881424f1b4214eba9e71df4

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          4999960241213dfd1c8b140a66e42861

          SHA1

          a23c658a2274ae3f4f8bb4a2e2ef7b7bb7c2ab0b

          SHA256

          6b6adb8db857531fceca1820cec6a49be595ec7e4651618526841e62602d7c8d

          SHA512

          dbc84e1518e9aaa113c139405c60d3758e66b1cd8eeaa8e293db98acfdfa3b2e96202e78ebaf816986afface61628e774eab4824fab64c1ecd0797f384e834af

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b29bd07c133783ab1d4d21b315fa5983

          SHA1

          c298a55c457f4e3db14e07702b190ec728893676

          SHA256

          585630c5b38105f4e2f51d9d4c235579462aebc3e02e7142fe1d9d965e485e43

          SHA512

          c36bafd2890b844986ec5b1c6683af7a277d3fa0b155cacbd7402c9f7983973edc24acfa2d5d5bdcaabba0231c91152e412519f87a75601c7de7be2f1772c6f4

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7d5ead057eeafc8320db05bfcda49642

          SHA1

          04df8c030e1cd26f4bfb82bcbac29b373792db77

          SHA256

          af928cc42957f7c57d8267657b8a19e4e07c04c457768b67016bfab35367c238

          SHA512

          d5f91044e1cc38682360786277f0265a84974e7b48d17681a8c33c9c1173e24f13f07115ae92bffd52287295813d78818f95251247d8a8f72f885ad1f37ed3e9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c14f606cf6c6140816a4c75406a7dc51

          SHA1

          42fe2a9b20c8f759f8e3b78576a436a9dd121d1d

          SHA256

          ba81bf22ce2076eeada51cd363f8a3289933fd79db604d8703f5bed31dc6f7b9

          SHA512

          17f6d3669ff7742598ee165bb733388c1a85f4b8297942bb7bf22c77884c49752373121e7a3a49436b4c5278013f4f578791760b9121b3ad6a00d3f62b733bc8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          72eefe855177d6a7f0584827846fe383

          SHA1

          ea7f93b6a87c9bf783acb4a5930feb958218561a

          SHA256

          8773bf47ae2259710a4f2a83ac8d9026ba549a359ade4e95be6867b49678d5b5

          SHA512

          15df6e7911eb7d4ba8fc66da4fefea719944df9bdbc38eb863514f070583de9f06fd28400f68e817aa8839abe196e8c307db10bcf40aaf3af399ae834e94ab7e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          3362224ada00dd8fa1ee902e8de44fdb

          SHA1

          dd8a8c747ef07945bc0b19b036844b83c0aad261

          SHA256

          d6a8133d7cbc8bda2e161366e965d36bc3966671a7e456e6f5aa82df2e5c0ec1

          SHA512

          b900a6d9a5c5347914eedba009d98bcd627ee693202e8de6f1af0ea42e85fa8ab54f671656618dfde5c23371e427843af1a4b3db4e7f8c38155b17d1ec83d723

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

          Filesize

          242B

          MD5

          86135d4dff0bfb8479916466c932968c

          SHA1

          d5f92eafd0103df76898a8b8a47b009464dbe426

          SHA256

          18073009b27f49125ed62ce469bd249377c3e7c46ee7b1a6fc3ed25371efa44c

          SHA512

          98c8fef4781acb54eea0b4d2bb9a99067648a57afa02f676822215824737593e0cb257cbed25569cbad197098983d4de0b166d2fb680397cd7e8a61cc2dafb0b

        • C:\Users\Admin\AppData\Local\Temp\CabEE28.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\TarEEB7.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b