Analysis

  • max time kernel
    133s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    31-10-2024 14:44

General

  • Target

    https://ola2.performancematters.com/ola/ola.jsp?clientCode=flpasco

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://ola2.performancematters.com/ola/ola.jsp?clientCode=flpasco
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2228
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2228 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    81c99bf089e648755c7a41750533d94f

    SHA1

    77cbb92f28325393dcacedebeb7238f319781452

    SHA256

    51167b868bc7a151b18933882f0644f3c64c6686c2bae3c1b3c5d93f49c6bef1

    SHA512

    900b4960b2dff5b74b7f4682c6b05302ffbe7ab74a2d904fe0acc6e38b489f261b410317f5331deb5b6aba203e482a3b26f349fcc78947325949128ef6a64605

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    053c0bb9859bc7d16a7590139021e71c

    SHA1

    3f77260a94e90d3671fdc6cf4eb93c4c18793526

    SHA256

    bfd24889d06d1c32c9fa4de8afc2c01a51f8fffd2d255737f36b3e8399f391de

    SHA512

    f21631e3cd44659528e6aa92e0ef1e60b5879feaff342d638ed4aaff502b3867840a48d46eb7eca45b39f70f5f3a3378ab80eace96baf917002b07bff974800e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    612652c7686988ec130f65085294a91b

    SHA1

    fa8ab2f9b6bcacfa17ad17affedcd24a85eacacf

    SHA256

    4d0cb50c9febb11f32b410c58779c14a650e898dcb092a35f609b847e5200f75

    SHA512

    f25911822aa794e241da34fd96e79ba27b191b3bb79472427a8ec23fa5668247d5738889fead580aef10d5c813b930244108a0772a201b3781c71c524d82c828

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d9cf5ded9466fad392401c1191bc83cd

    SHA1

    1df354cfa3d684596721dba6fece1a374d56d577

    SHA256

    f425e7b2c79a09f02ea33ffb698931eb3401c81048351505196f9d147f613d88

    SHA512

    5e1d2140e134787a6b506e1e4b5a190a68b62707144a1c9eda6767776fbe1e9c4eb92dfe4cf706c8ad9c26d22bc679899d2667d80a1253c04f15bcbdca69d201

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ad06c238d1d231233b830101b576f791

    SHA1

    2b7784f6ce1ea37537a35f07c696d9feecc078a5

    SHA256

    807302dc2d48f5780b41a88e9638e3d67d136418c2ed7a52e49f9997e8e2e1f2

    SHA512

    d58ab3743f7b5524c16e920c93f6f2bba830e6e6d86a2aee1f8e0f9e8835d7f03bf059a78835ed0315db072b237619abc26071338d1fa83862a5a765acc2c837

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b01bdbe37da08278ccb48cffb7388583

    SHA1

    961cee1ef4ff5aca979460234645656ab9a3ddeb

    SHA256

    8d2c4741744be3f915d00c6e0fc343ab2aabbbdfd574a187c3a6bc332393be0b

    SHA512

    21893e20f3a2dca0cccc53cae362194cad84053e263b5585e412d9d448f966cf61b2440b7b86c53c646f722c36a77478b20d9a231b4614f2cdb81be7c7708106

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    aaab8f64e299b7e6965e517869096f9d

    SHA1

    c8115a8fe422c23a13f537b2dfc1a5173c3643f0

    SHA256

    7cf2b68db23dcb584297d4b112bcaf50894003afddb4c8a32ecb473bb03f5d44

    SHA512

    c5855851f72d97b179ccb9a92cedbc1146566f5971639289948ec22db5cf1f4378a69b8023047cff4ab772da2e0c975153aca953feb596fce819c15f6b5c123e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    16e7b48c04f3869347d622ff4befaec5

    SHA1

    7a7d8b1040aa8337e7afd4e54d6ac935162fed60

    SHA256

    5d425e7c9c36f16381aa710104da3f453f13f32e800eda060b300b7a49810b05

    SHA512

    f78448dc9f06d318b5989e51dd4802da7481c8ab0ae7e23ea7b4b88c228eb5b43d61b228ad96a2c7a788ac21f681fbbdc33df9bebcdb41681ff39bf7cd7a6d2f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    246c3f54f87d48a9c88de3c4573b5d9a

    SHA1

    562c9e03c082afb3f1098145fbd76b3232b1ff68

    SHA256

    d68f1a241888bebcac36ed6342d757cb4335c4ffca615061e3d114218adfb23d

    SHA512

    ac8c74db2c134478c8abf7783aa78f7e08082b66da3d2b698ffbfef1fc5749ede8897c196d1831e583c127640b52227a2030240ea4143da2391d3e075938ff41

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f5121ef3721480a7e18f843419061332

    SHA1

    ba156aa0ec1e03994b4aaa86b07c991ead671d01

    SHA256

    3330fda0442ad763cfefe0bc7d8fe5688df5794473fda1cbf3b538cb79d7636e

    SHA512

    dad6f0ef68eb793502bd805f25b8cd358c7f31571c47261ae2fb2886aaddab6deb5975f549164664fbe5f5e7bc956fd271546850084ca5e73f894c4b40b72c32

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d6385cf1fd6ef1d0233d55d5e4b8d83b

    SHA1

    14eb6ca3f945fdcff3c39ea4938d7246fd24372a

    SHA256

    613da3c27c5616cda5490db618720ac8a684d9d9c13f1fe147bfbb9ade20e93f

    SHA512

    8b99e1b9d37fc5c361895f1de4ba45ccc14ed768ed0e503ca8aa80704cb8326d60562a5546ee82a618621d1877b027c968985cecd6933867ae58f7fb12a97856

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    da2b9e461eabe3c29b7a5b0aac928e17

    SHA1

    fe5a692e0a5df439490a26e531ae40ec5db3f32f

    SHA256

    8225d04ab07c00ed510af6af1f2deeb6565574bdf77a129ea6cf968e782b26f0

    SHA512

    cab04b070afcef195bded3b5a706dddbe9b647ce13a1997ba7162ac17a7383211005d7fd081d71bad2eeedc33dafc354c47e60fd5c0f809aa7abb5efa5a9f630

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5fdb27dadca5b640983f3877785da6d1

    SHA1

    8594e6cdb001fc06ad4a5ba6d0f950596f019021

    SHA256

    8d5078c1cea8d1e0517339247099fc0c0ca75d9588257648a64e59141df27ae8

    SHA512

    a5a2b7c7ebe55bda32c53184447fceff448edd505489becfdb9392c5caf024f6d44c5de2698c17e3aad056ae33423573e961d3b808cd237ddc8d12caba9c2d0d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f313b11047ef4025368f2004022cb76c

    SHA1

    b63caaf843d8201732c4576253a16b69cebd826f

    SHA256

    5a9f09725b5f3bdf32f400765783f6655544ab4ec612370035b9b13bbbbee88b

    SHA512

    5dd4e71f7744b9951c7744212f0f5379dfb985b4a367b74b67f9d7228ced7a2502cee7fc82fa888de352e3cca975fdc188e07200406467b97d95f4213d14db58

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8bc036565103548f4a410c15613eae79

    SHA1

    25b8df25cb5ad23daea1148d7da33a253bf80451

    SHA256

    c58da8180275f732e886019ca25e1bd5dda3b106ad629b21d03c0bbd0bd5ea67

    SHA512

    aa9305ba7198eda2fce092d05e491632f0d406154028f50cbad4073d59104da28744242d79664b189d490d9409bc0b46e466c9dc5acd6ed4dea3afb9c0d2b9e0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7bdc1ec39d96d328ed6d21fa2158c52f

    SHA1

    049bafff12c2f8f45fdb212a6551a6fb34401668

    SHA256

    4b7b2bbffcf17daacf4a30e9bf0cd73e284b0098414bdc91c006fc4ae3bbd351

    SHA512

    51158e6965e935b22a8e38f47a2036a384db7756743405df4fa126603db83fed3dd14fc7035c4a4958905cddc8c3955686af813f91a6d7e501f0e2a096fdb8e0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8c4ea093dd48f13a8b9464a6e2a38638

    SHA1

    4616e49ecc1fa87bcf1a8763601d6925eef68531

    SHA256

    039a2f94810bf0e64907c1d0deef796eab88e3883c2f13482c67b649303b5230

    SHA512

    d02162e8241c41c5fe3a15e88be2faeaf9cbe38a5d3b08e9fc913f4c15359a51f0672af585f49a3b4dc2b65dccce443c4d13f9350c36d7cc10ce27f7022dfb4a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    94b4ca004cf4ced39b32201b63e71d4e

    SHA1

    bf6c4cd3ce67265820067ae0d2cdaea0bfa24db8

    SHA256

    e9856c8cd5e5199ecc33cbc0872d148cbb33ff21b704c3a9223fd7c2c5a0256b

    SHA512

    a11f6e69a7e92c1a0e967efab9a4935fb182fda7b46c04186a2cef3517f32c9a6be63e5b3690b9416484386594588c89b12b81d141dbfeb9d3b8628428627b01

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a5c5c5337352357a96cdf43610837485

    SHA1

    19c35fdcc3b92af6bc865fde0db7571e32018a1e

    SHA256

    e3a82ce34a3d8048719897f6249f7078ce062e77190a1ca915b1ccbd7816ffc3

    SHA512

    51b065dcc4963405b369c50c73025712be70867226364472576b31dc71c80c541682d1cdadfb329c4cf16aad2d94d306cbab86b32d42d8e9796eec7601898be6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c43d6959ebcf40c956f8524a677e4188

    SHA1

    80f560c6ff8d5f1c01f00aac72a5bed244137af4

    SHA256

    141ea058c6a3f058225ee6e1c0ac08805e59fb6188df844d2ef84304e1ece3e2

    SHA512

    ac454c154b400c13e626faeefc19913869a1c7a89217ed0e67816a7fe4c01270859c5afb0dd5c85ae12c13dfd11a83d18c66a8e29370d9d19c604f424ce89269

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5f8573ddc476329c08e56c0370f515e0

    SHA1

    23f592efdb0d0041ab78338ab228f6977d4af71c

    SHA256

    2e72b6a1b9fb8354fbdb00b87e519ba72ff8167972e76e6f652e418a04f6d9d8

    SHA512

    cab5a6136d4bfaad8ce2db343bc09f4cdca1d90aaf7ba614cc19e29c58e3914337563db3a35779352c36417fd06543616b947c1d42337deff89134efe7af73b8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ee9a257d9b8ba66d51b16ca25500c1f9

    SHA1

    ff2c126ee25c0dbf8d88b408ab70a96030cb6a02

    SHA256

    6f2d05352e09b5f13d1fc08f8e6266cdbfe3eef8f9de5f9dee07a20ade05d8fc

    SHA512

    fde356102347cd920b94a037676c41e2102fd5f3c333904c28233bf08fc747ffe4cf499897453d3193c0248cc5b22760232a3ab2628c9c7c9b4f99e1b707e2b1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    64ece9b929b3b399e34dfb3da1fefd0b

    SHA1

    ac856195c247b8e4daed548f3761c0d412515d67

    SHA256

    48abb00edd54ab7e7b019057ee473eca5f34164285c65082b4321964c1b7e32b

    SHA512

    bf0f682d193b1b91d0c3ddd357016405a742b71973833e693563749f81bea51640df0fbf911978734c72683f2bcda61811765c5ba7bb140a3e532a28455aaaed

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    2aaa732fe15f9f57f063fe774dd0f1eb

    SHA1

    5cdacc02a0de337aa28c0e4d4877f77abb3b47dd

    SHA256

    75906cc1f342f1524b4859e8d2543493f1e2eaddfe97206e8737596b35769235

    SHA512

    95cb6a7bad5608b4815a6d20cc6825db1c5b9bb754bb64d50a3b2e4c0e6429efd239996096344d9cc37137e6b19c91061c2af261cc75d232b74bc6ac75181a8d

  • C:\Users\Admin\AppData\Local\Temp\Cab282.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar302.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b