Analysis

  • max time kernel
    141s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04/11/2024, 04:46

General

  • Target

    FSCapture-10.5-CN/bin/423Down.url

  • Size

    209B

  • MD5

    6d2178f6fbf26d009562415daf5a2cb7

  • SHA1

    60804c9f71460d19cbf5a7b30f5d467c7547803c

  • SHA256

    93585a844b68e62ad7aa69b013b7f10d8b949a7f35af0b9b6b823aa526f7af8f

  • SHA512

    95a39fd75abd54dd017b229fdbccb522bd78113ec80586e5ddf81d9787e854853535f983b9bedbcad4ae0d54c792c97721ab93a454ee513622e52a81474b2fd3

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\FSCapture-10.5-CN\bin\423Down.url
    1⤵
    • Checks whether UAC is enabled
    PID:2332
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1920
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1920 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • NTFS ADS
      • Suspicious use of SetWindowsHookEx
      PID:1992

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

          Filesize

          914B

          MD5

          e4a68ac854ac5242460afd72481b2a44

          SHA1

          df3c24f9bfd666761b268073fe06d1cc8d4f82a4

          SHA256

          cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

          SHA512

          5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

          Filesize

          1KB

          MD5

          a266bb7dcc38a562631361bbf61dd11b

          SHA1

          3b1efd3a66ea28b16697394703a72ca340a05bd5

          SHA256

          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

          SHA512

          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

          Filesize

          170B

          MD5

          6b102a4036d4963bf92ae86c9ca48084

          SHA1

          eabd41a74b15dd399535bec1c4b5a731db5b8b06

          SHA256

          33b606ab6fd50b13b92e85fc2de07ed91b5c0506441e4cd6413535c5273e9eb4

          SHA512

          72f77ccc99c82e5151aec5287e4e3247c5f0c2db4478d39be9dc7f7ea2fd73b598cf3a6de9f3b02a87cf64e6e5bdfc67d4393d09219d89818bf5d3228b1d3dce

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

          Filesize

          252B

          MD5

          1a7950c8a5548db8b9281cee55af5c72

          SHA1

          230505db2d44b7162b4e002faaca803f9e60a048

          SHA256

          d12dd8c19093d55960cf622fff2dbd1e62aceb3f19d05d533cade6f42f790e10

          SHA512

          89e01bfcb704eafd96381a20a420d5df6e04abca0ad299ddb042ebb90ece4618c5b2d99415ea1bbe42df46c1036f22f84fbbc84359309bd0f5b6f8ccdc6d2151

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c5e285e00d7d926fdb5ed20023189fd2

          SHA1

          f2e6c9869a58b6ee67105198c35380cf446b23c0

          SHA256

          0a32959b062824853c33f54e8c142f4441eb38bae7ab448282ef09324336431e

          SHA512

          22c944c73f82d207a42f1e221a3d50009722402a97289cc457fb8a9e53734ddf8f49519e286a299a561cdaf0030ff999ea4d1d8cd28e1d47b0f5aaf3ec117f38

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          f13da2b98df96335351e323d9fff0201

          SHA1

          a6f27ac0af4f6046a9be7886f2e42f7a7fe956d8

          SHA256

          acee4971aedb960ee67397d0892ed2701f13ccce75977c33b6a3f277a9e8af18

          SHA512

          956d89f7dc29828aaff03b44e287b6d1511820a5695a39e317ce8ee9a36fc92890eb997d589180f78f29b66e108f6298380ef4953eda7154b3511d7398fd4fd5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          adfa646ae2e678444f9af9639db61546

          SHA1

          2b7fe4f193b40e11501c7e0b73f20d6bbf9e1c53

          SHA256

          86d9aa191b052e224fa7527ffeefc9ac6cfd31ffdc80e386109564c8ec1bfb6f

          SHA512

          732fb6ee5623c543092f62236874ad23408822da6b9090641345be088f7de6345608c952e3dce2d7bab004289ee408318042641fa879eed91c02c61b1f438b58

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          8d55baa9a2bce26ceaf1d480c77eeed9

          SHA1

          7a4ee0923ccec23f52cfea3a3182c30db54e272b

          SHA256

          496f03cbe2e88bb9a46d86f4475ee365161ac3cfd558cb93642323cc42c7ae6b

          SHA512

          46b80b9822e9b9f05d811a5e48f2f43d353cf40336ce5dd798722b55786f82e045e131a02dbc55de9eb3658829610173c7fbc41d2f2b850ed70113a466c07a37

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          77353b3193ee6346eb7d1eb7380ed918

          SHA1

          32ff5fb15f3f8b7b8fe679252e2c571bf74c9077

          SHA256

          0c7cbf667fb5131af0e06577508c1164f18af3b6b88ebff2256d0a52c098d61d

          SHA512

          420a78968fb20bdf24d9d422e29be062b36eab18ca34b983f063503884c2e1f6a79635f2945223aa9661bd3f14707f4c1920492bbb77dc46afb95af429e4170f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          59b5fe484a27b67a6e7e7315984fe852

          SHA1

          c2af2b7cb41c7991f6db6bb9603aa9e9ef2a9b18

          SHA256

          5ddacdb39b5d09bb7e6f70c157c30ea361a07bf86ddd8b5818a3d2804fe3575f

          SHA512

          a415c6cfb8042f65a9824264cbd8b72f182fb5b80c8903c564c73747a6ee6142998a2cfe478df5ea3bfa494ffffd3430839216a544bd15af33b26fcb01f9a552

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          307b04bf7fe3445dd8987917c93f85f3

          SHA1

          0d3491567c107a26001ce0053b7bfd5167f1c115

          SHA256

          23972a8f1ae302b33d12d4a32793879e64cef5c4df93a2eb08fa5344956d2eb5

          SHA512

          2018de8a0f8e0801d5defb02cd4fdafe9115bc6f7371cca7f2dea4873b9b4eec77c6750d362280590d6e64dfa23fbf87cbef262bad7e94488c266a0ca948c3cd

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          ddcfc265dc02a700304747aa728adcb0

          SHA1

          3b4fb22bad6c1df4e6843564eec5268bccc1562c

          SHA256

          b21cb0fefa68b1facc1c14891832543894f11a6507f75d9c8e5c31715c7682a2

          SHA512

          4c6d8827d577e76707719f2fac8cb999e028b085cf3a6c15fcbaeb5750a389ccf9b74dce8ce8c432a340052f468ce9d3ca1614921e5ccfcea5abf924d0cf4fa2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          89023947167e2fa1f24c7602bce381b0

          SHA1

          16ca76ac9ef60e6a4c000cb0c674173f37d58356

          SHA256

          9f9ef432132d9fd9948568c57edea428ab0c9a4bf88b1915ccee897c911349b2

          SHA512

          b45597b48c6da43768c9c0e6cdbfa8e04b94eb006b24624ce2466eba30644314caed0538645f0945b671bfe1cd980054dffc0deb70f261753ecad8802e22b25c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          626ba64b900210c7ec6fe13fb20d150d

          SHA1

          6f5ba141a8892a48139a12fdb88ca732139a9d4b

          SHA256

          87ba0f32d54aba829e84cb3b8ace569f11ab4d813fddae6ddbf6069f78a14a44

          SHA512

          0f8d0d3ee70975d20d13459270d86cfab3eacf4a8829d04e391483b3cddc65f2880117b5ac837650cd23f5227581d397d6b5fdcb7a0849902f60b6b2f3632c96

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          3f3acf21bc37239a6baf8e1f754abc86

          SHA1

          5dd4e9e79e392f47c10777122fb0c5a74338f108

          SHA256

          05db5f14ecae92a4e23953b266abb49e6927e79af4f3b95e79b89155af3f04c9

          SHA512

          cdf215d7ec43899dacd0c54962bf52cf15b08d69da65683ec172e09c0cde7c922c958eaf6008fcf7a6de6f4680b57a7cde790608eaa6606749bb7161213102af

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          77607933fe7ddb8d04280b607b6f4f85

          SHA1

          8bd59c53273149ce10a57c4424071f9abe47d8ba

          SHA256

          4713d1f9c5ac6306d17bab3eef55bbcbd2d95bd7cd7d974e5b091bd955c66919

          SHA512

          d7daa70889518ef559518d6ae230b1a80fba2f6d325ef32817c4d47e52a0fceb4a7e144dd7948ade95a3ac2a61e59d1317079ee9eaf4678e4c096f8a5614628e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5bdfeeb2ff5843453e346d00f3fb4927

          SHA1

          b88e9714faae658e4d3672cdd9b3cf096d6a4f3c

          SHA256

          b37910e5f9241031800e5156710a9079ea0df57a5e3f620d628742093641786a

          SHA512

          36eb7d00ada7e71ba5da2ec1758249df8f4c2bc46b79e4dea4a6deeec1b5eef421fd13c1d739ce2d11d769e2ad336d07e2f13665caac86d46816a9925bf89ecd

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7ac31eb148212065b68705ce7db7c57d

          SHA1

          4ff4fa47c25e049759611d37aaafa51c67bdccc4

          SHA256

          5d38f9c1c2f6f8a48cab83f1fe4e4d076eda328c21536f9995e61b9fff8ab198

          SHA512

          fbe0dbb3f86184294a9417853333936e28d5296293b26f9830c7acefd2d3fb4769ee410ee2046f731aa30703c77a17fb0cc36e3c6e5f8c3fe207876861efdcf5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          547da402af5aef14e08c8d60be97546e

          SHA1

          58e9fec77417a62230a5d73d33cbc8750fb879a4

          SHA256

          f0b57a0f2c99742b272e5cce1597b30c029638c2832b52509a93c75a5edd2a7c

          SHA512

          a62d0639b23cfe5db117c7cd767ea60e4960c2866f76e4841c415c1391d18281d405bbf2057d61f6249e7c834366835e44d1176db27cca429f04bd1b71d8b686

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          94a8c95501af8760961530022103ba12

          SHA1

          1ee822265eb1163dc538831dd4be43dfa94e36ab

          SHA256

          e85504ed69b4918169868c7e1d520ab807dd661bde5e2c4f2fd14e79b6a9474e

          SHA512

          47eb0269a026c61da4bc9bd0303bafedd58c3b7b7a01d522780e5a585d569d51d9db7547309f6823faaed9d10d974721a0bb7f0f0940b979479ad3d2fd6f078b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a2b6e95159db351463759e2948927c2a

          SHA1

          724d442780ea0b28f67f64c4df185d309c59e864

          SHA256

          8f9b8b33a18bbcdf1bed04d24f0e9e10fd8a0f4b4f4817570da73a9a18092dd9

          SHA512

          4a59cff8f5ce15641a6e97f7fe3c5d3d2beeeb5b28c7928e2f516097e0e32cfb4d5cf528cc4237b05330249a758e8ba3749e0b1060fdc2ce9bb6ca17352752fc

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          793cc8cda66331f4752d4dcc80d5b816

          SHA1

          ae44167cbe1a15ac088da4add7016c63bbb4ac9d

          SHA256

          570d63c4f3518c80ae700ea0de2fad8f3c773d8b48165e0d418b3dc99ac8a810

          SHA512

          12cbe1670a0aa7846d67e0d13319ea01c0b46b4950603071ef688ea215bae835891bd0f93e27b702992be14514c0b3a4255cff5690bceef4527e0b21afd6b018

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          52264938abfd1a6cd3299626dac4de30

          SHA1

          1448cbdc14cf475d817e7f9ee4ff29b73d7253f4

          SHA256

          d5e33e38b0f3b9a5ab21c21258dc11b9c1a2a500252184c3606d12bc06019d87

          SHA512

          5d988fd942cede8bd1214a252fafc0fda2378287017a0355950703bc18510a37594bc9361a69291223c7f83d72faac12a45e01739e632ec486ea3c3373360583

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          0048de6dcb9211462fb4ed06d7e4449e

          SHA1

          0c78344a4f813fdeb6227bdc1b1743bd43191d6a

          SHA256

          a5a96a6c2d18b33500fa090e2375cdfeb386076643ecc5fbc4c4742894d7df17

          SHA512

          8d7060bd3a0494852688604650efc9776623c08a0d96df44a866aff529d7a923b666e2d3ead6dbd403a6627d480cb8ef1bb0ca578e408ecbf77c23d6887bd5e0

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

          Filesize

          242B

          MD5

          6ff5143d371bd0529aaae3762528463a

          SHA1

          aa3b4d5d6482da2bd63dc0a60545cb85b334f96a

          SHA256

          546516c76c5bc9088065dcea28775e5c2f5f826d9cca0d15fe37d35f375fb84d

          SHA512

          2569da088e2936bab1e429d5f4b242eb9a8c555f2f55c818cdd7291a20d1ce0d77949eac9fd88ece8b8be455c59b6af8ad13f9a8d323d75ec8ed09c7c50ff1e4

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\gsz3hkd\imagestore.dat

          Filesize

          4KB

          MD5

          1afb0ebb0eabe78cf9d67504b8b64eae

          SHA1

          7f1d0dc0f01315838c187bbc965c41b4bb123314

          SHA256

          ef4772251b511348e152a57f04545105208ce59ab852a58e630a0015fa39e2b0

          SHA512

          e166a288f40c13f0f76a3a78921886596a9fd37de115c0409b14e0ed5d352961305161b41bff09bf1330027ceb26111bad0aa3525e64cf7e96642d81f8680685

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAE3FJ0M\favicon[1].ico

          Filesize

          4KB

          MD5

          013541699a919b36c708bd3d36e650ff

          SHA1

          44a9a999943f5662ffb347af8c93c5e854768ce4

          SHA256

          bf76e37a640a37d3bff989f6eb896e3b876eb30754ee44d11d1f64dca6b16abf

          SHA512

          5e0853c3eaec4f57e2954ba137f6ebf6c65b63eb9557ecbd3ffc70f8ca285c1f0eec4d383971474a7e149a4a0388ad20f24a47bfb0cba1e9fdaa474918167e8a

        • C:\Users\Admin\AppData\Local\Temp\CabB03E.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\TarB0BE.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • memory/2332-0-0x00000000001D0000-0x00000000001E0000-memory.dmp

          Filesize

          64KB