Analysis

  • max time kernel
    122s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    04/11/2024, 01:37

General

  • Target

    flyenglish.url

  • Size

    51B

  • MD5

    accd7e4aeeebd67829335b07a00dec2b

  • SHA1

    5a10be60400cc1bef929cff1a75532f4a3bfca33

  • SHA256

    46f856a24d14acafff58b3459fe605beee34baa7711a1c911ced05e36b892776

  • SHA512

    83e78c39f407697a947f0958908b52db4a818eedd6475f7a8aaf0d98712006e0260547c8cc12e159ef1e5c887fc576bb56b94d4347d326bfa73fabcb73b99eba

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\flyenglish.url
    1⤵
    • Checks whether UAC is enabled
    PID:2644
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2744
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2744 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2704

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e40e4ae7eff7a0dbffba152f60b8c160

          SHA1

          92c56a5483f3165d2627b7a146df45838b4e0dcc

          SHA256

          d4ac155b521a1c3a75821a2b24b3c0b31acd041203557e8f1b2e857ae0ffde18

          SHA512

          5e6b97f9968f516df665c43880c28efef55fa683ccf2ed18c63ad84f303a99a141a6e590534b619114108bfdc5ed48394e88f07f59d7cb15aee53e1d252a5888

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          90fdd7064c2fcaacb68d375d9727dc0d

          SHA1

          26e769972d03a1ec5bcbacff62a7f5374728d361

          SHA256

          d9c10d9031db3571716a047f55e44c3d46e734a060621dd35fe15fe90da27046

          SHA512

          04353427322f2ec10a21212a671a03149e7db3ad421912728aa6464b593aac1b0122fbeade267571869af053cd50666138e2e750f75d8ac1b01a8ba462de0024

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          f279ebd469fa91b09d16b535e1eff9d6

          SHA1

          4ba5b1a4a41aaf5ccb15afb6d503d71df284d511

          SHA256

          31f5b09375b86b37cc346e8c406a8fd4698a356369b48d41c474260129d9915c

          SHA512

          842218802cfc700fee0fd90fda3cbd1b89a725715b53328dc81f19cb00902913b1bbe689bcdab9682550e93ac2881180628faa7dae0f6a15311ceff13a75af7f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          ff4ea8cdf6a29689f0cc17f02f1a506b

          SHA1

          8a784fb381d9ec39475c7cba144d60e590295b7c

          SHA256

          f2e24286b5b6aac5dcb143c00acd34148bd9900366f9e23ef6027111aa88bb8a

          SHA512

          9d3196fbab0dcd1b203821f31daaa2a15f378d72934bca6aa5f8695c731a7ed77280d1ec1e5d349f142302f355a281032ab9d460ee21d5a145433486f5ce37fc

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          f37378bb3e85a76c02e0fa257dd8884c

          SHA1

          122059fce1b223ce6ff6a74d1969e1200727cab2

          SHA256

          a42c0b4e9c293cd01ead2eeab8fbde3e09110592518ddd137ba00c0c32629124

          SHA512

          1443f80d0c1f71ffd4914df54d0e4c9dfad5dd01148c764e27cc55137dcd5115b075f9386db758fc5558ca3902ad55c155156b2a1414f180533f2f1d9d46a8f2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          f98f78b8ee8dfb3e725b871707b0d34f

          SHA1

          9ddc4a7e15d28e6606df914999431ddc4f683b3c

          SHA256

          7ec2cc2dabcb7de02657033671f53532b7b76ca4e28a1b1a72cbf3324f0aa89c

          SHA512

          6a9fe5f7ba4e0479b1a1326a454546e0bc8e015f4bb406785be00f5c6c398c968bdfc2babd69a82fb6205f2895bef3f5d977ec2f9d7c85698752e5bb73a796c8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5d7b88b1f3fb0785cb421d8d0a15b3a7

          SHA1

          93fcd5a9516fb722b5b66d245de6ae43ffc9caf7

          SHA256

          98e1aa9593d15c5bd276e1650d9eb720bd745890ee82b4e769650a258397d8ef

          SHA512

          ddfedcb495bf3ac1738338c6849c641ad8a3b44092aca8f2556721d40dd7919ed413dde58d75f8c53d3fa11cca5055c03abb82240d606f0acc14602e159ed3c9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          30e823ec9db46b837b60db3d8746daca

          SHA1

          e3445d21aad81c1f75adcb3036becd7672390d9d

          SHA256

          b88fb2fe07ccd9038d8428ebb06a0d2b9f3b0c2f4acbd3333d2361e904b1d365

          SHA512

          5129ad2c0329f3ee0bcd9a42c3ab8cbbf76c3b4215471e1a40c9fcddd75ee643b0e44c42fb088bea1f227bc32f3a35dc9c7fac6973dd6b796251aaf9650cfaaf

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          475d22d77874211d623210d58cab218f

          SHA1

          911a8eca3590932cb7a0a5f5227960ddb8708969

          SHA256

          ed8674c921bfb7da7cf425cf302316323911485696bacbe892adce0749636e18

          SHA512

          46bea26918286211502392dd90ec1c0aa8913c23763e582897d51cbfb7bf99013afe1ee0c618da1a72008e00a7a0c575fe89cdd1c05728f7b5ffaabdf278a0af

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          519d9ce5695713f2b0719cef931460ec

          SHA1

          950a8ded883a677fe4b327c9bd3c85b782e52e2f

          SHA256

          7fea831cfa7d174e99f82ed951de1e9bbb5c9cdc990874f73c8a660628333201

          SHA512

          8544afb6d633ad8b164f6dcbf62b4633ec9363bc980c84e2b910a9c61860ae2320a1d9c8173614ca36380005e0d26e5457b235b2868e1f929bfaf1e538e78d72

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          50efba056d261818be5d970997e130e9

          SHA1

          9bda42b626096a1bba2c85a8acf3b5d6f85d2529

          SHA256

          6c98d0dbc21936d8d5ded454f39ca9b1aeada2a9533b250e279f209a44c7baf8

          SHA512

          cc1826584b06c2ca850149565403ce0aba1011f8c01624a86ffe8b2427179bc580f13fc2b9f15d1df61824d97ec98cc078da37fdfb1d3378feb04a04136f83d0

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          86cbdc69c98fc4fde234567ecd7d3dcb

          SHA1

          f33f561940e3919438a4ada8d15d6d7ccdc31143

          SHA256

          2360d3f2d2d0c244bc19b2a6601db91efbb99166f37824781c8bfc133c56e11b

          SHA512

          44d6314aab2aa62242cf8e769369146590badb53815d101f77163c56149476153f5f30031077b461155023bcaa1d6f20a4529235092bf8f67946be6cfcbc63d6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7b74514d6bb2f7c1bc34e9926a5a7e74

          SHA1

          5f79a7bd6d52c90b52a10a129722a0aa5e868d3d

          SHA256

          00bf1486c6c4d252f4def2d61b5d6c0cad698189d419e2dabc978b60f8695a89

          SHA512

          11ed07d6c6e8b6552a610e7a490a519c7f01824cbe077f6f8f8d011129a8ffa3a1dd51c14a3914103d6cf7e6d66fb3b6ea6f49b6426ead9532b6d662d0b6363f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          182c304f2728698c8350d04dd0af7c75

          SHA1

          ec33abe0d4fb1b69315db963d13cbafa302da664

          SHA256

          16e8535ebf3940ae22036f6b31f7893326be9b5f5a037d8ee84bf5c5c5546374

          SHA512

          95e819619933190fbbc3040dbbf4416167318bdd03aefe25a9a3eb9debb3f699b7f2a0467268d1b435c08d89616468f7f6528041cb28f87f04f8c5ecf1d178c1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          21bccd79efdf4be29301f8741069f41f

          SHA1

          781347637cd2712261ca24a92130ae38b4f7a8bc

          SHA256

          fdc911e1d2fb38276f143b615d4ffad468a9e996c45a668015f660fd4c5f4de4

          SHA512

          ee0e7b5a91b5e9bd9e5f8bc9eaa502a9d0164cca6542dc6e6b3f5f304365a212f9006fd321f6b9bad3b1a855b2b8e18e736e4cbea774187612a8576b144e8529

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          42bf42f74d92e60dca20a0201e320e74

          SHA1

          cbeedaf620c79893f384dc56b3f70d106736e878

          SHA256

          10d730d120cd21c3a4ec1adb09f769ef378437d463154e32099149b61f5234b8

          SHA512

          8463fea9a4a4310be6123f963ae074aab0f32778312a120fb9b25ed1cc1004969e8b285fc41464df9f8c8417073e47f2c35fa26a3e20b622b0a9414be187c6aa

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c65e276d7f3b9d14f07e07e5235ec116

          SHA1

          a87ee2b6df2fdf68987a8f8fa823f56d8500876f

          SHA256

          295da3bfbc6cff440bc43f1b7ec9bbda7196332111621a8afaa882825907c980

          SHA512

          d0c4df0ca3a48b4c4b3c87f746940138ea3a051d969e7d6fa2bbc020552363f6c87b5529e11b84aa881f53b7fe80ebf9fedc92342b304d86d5988467de053330

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1894e87219671ba604d3791d87f3a5e4

          SHA1

          2809de64786dc30ae36b1aeabb899817a5185564

          SHA256

          4f54e25d912bb4b1dadd880654aadc87a1d952fe041899807c4b3ea28659a4b8

          SHA512

          a96809fd4f9508d70b17250a67920294d9b13f3e9a6aa5cb1712b5aae50bc239bb839f469097908078439c46363326a73f78627e5a683eac6fd99ae1001c9711

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d377dad5d5a6c80ba04fd2e2851b027e

          SHA1

          37689d6c9e8ec448c28be5ce94e08146848960e0

          SHA256

          ba2f9d0d30a0a96c76633a54e8fde7c039764f1b437c3f4ac397bbef79201b19

          SHA512

          cff719a7cb7b2ffe5440992b6702e77cc73fa2879e6bcd2561e72ecb0c5f3ba089167652b280bdaea24173cf7817f061b97d007816cc6cf602ba0199824b032b

        • C:\Users\Admin\AppData\Local\Temp\CabC40D.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\TarC4DB.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • memory/2644-0-0x0000000000160000-0x0000000000170000-memory.dmp

          Filesize

          64KB