ffd902ff33b4c5ab5c2365320ba4b436f8fb7b2dbe039d5ffc0af7da409a8f63

Resubmissions

05-11-2024 18:09

241105-wrxmsswbkc 8

05-11-2024 18:07

241105-wqs8zsvnhv 3

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-11-2024 18:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

counter-strike-2-hacks.html
Size

7KB
MD5

135ba29c278e677fec446ac16eae20f4
SHA1

37d4f3d0ae23139cee0fad123fe02de516031eee
SHA256

ffd902ff33b4c5ab5c2365320ba4b436f8fb7b2dbe039d5ffc0af7da409a8f63
SHA512

e84e3a37ef99239bd2ec14a5bd08f38dfef5d1892b1458d35f81e5150b6fa0479d2a57b0d435c68e4ec8b289460bb33ced69111cbed1fa132204e70b9c4d7042
SSDEEP

192:PN2x2B6wLl8mYajrVy49cNqetNiw6IhkhMmOjy8N:AxvKl8za9y49cseqNK/3N

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

IEXPLORE.EXE

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0fd18fead2fdb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd3000000000200000000001066000000010000200000003ad48eebb4a078211754c081f06ad0713b16883cb8ab25e1904bf07f60a13724000000000e8000000002000020000000eac453a441bb7f40a50858a8b00d9bb5e9ccb9946f56809f0293b00b9c58b8472000000047e051e9257ebde30818ab70699e54828c1a8c0389bba316874ade4434b5795c4000000018bea1c45b6511262969f5cb1b0c58ea176e8498f8ca72490a2c6568d8835a98bf400d3ca2b772e519a8292f7a1236019fd94c8fd90fbdb13bf309c02bc69230	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd3000000000200000000001066000000010000200000004bb27e41a72c554228d3e7430dde738282db9ef3ed3760ed10a84902a8c9f79d000000000e80000000020000200000007aad99a5a734fab849255cefbb37ab2522e0aa77c0f229f12d88927623366dc29000000066dd4440f543fa8181718dea656ba737668a05ad194b772081c3afd1546d05ee0bd8dde4fbf379567284315e89bc3a11a126b4dd9ce5174b45d7a117758d342731eeabe23f19aaeb0ee4d9939f3e32b206911ab5daccb12781b85619f666b05ae2def15894af3e788058929b66888d77e31d0201a703cc51a835810f8688e47d929be2125e3ed74073154509eb7d772540000000f97ed717e41c9761dfe8e5de0a621ba813eb695cf177ea7cb67a2abf2a39fa3ce7945bacb6077156afc3c392100423d006174792d471bd6b4c28e0d7211cd596	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436992063"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{29A99BE1-9BA1-11EF-ABB3-E67A421F41DB} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2168 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2168 iexplore.exe
2168 iexplore.exe
2220 IEXPLORE.EXE
2220 IEXPLORE.EXE
2220 IEXPLORE.EXE
2220 IEXPLORE.EXE

pid	process
2168	iexplore.exe

pid	process
2168	iexplore.exe
2168	iexplore.exe
2220	IEXPLORE.EXE
2220	IEXPLORE.EXE
2220	IEXPLORE.EXE
2220	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2168 wrote to memory of 2220	2168	iexplore.exe	IEXPLORE.EXE
PID 2168 wrote to memory of 2220	2168	iexplore.exe	IEXPLORE.EXE
PID 2168 wrote to memory of 2220	2168	iexplore.exe	IEXPLORE.EXE
PID 2168 wrote to memory of 2220	2168	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\counter-strike-2-hacks.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2168

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:275457 /prefetch:2
2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f62078f135e86934a3a93d1a4dedd70

SHA1
f15156dbb43d88d15702670d971686617784faa4

SHA256
4dcaa3e5ed9ff2f29f9bfb80b6f996f52e481be7b9681bd491ab32a842a39b83

SHA512
a8e3d916ce1a6869eb997b6c03fc3bcda2bb33586165fcbb7741a55220fc2bd826eb463c7f6bc48924e16e60ef165d6909038bb5704a566d334a54602e538d82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5f1e3d7db0969c7f2da76fde83225db

SHA1
bce4b25d298837c9c8e4cdc3290985086391c7bb

SHA256
8e12f80802ba13ea0be7972d0b09eb31a86a9cd8c378efc75de3e5bc082ed892

SHA512
99e6e8e6c04e716ab2b36d872e5426aad4a7d8181aeb7a6a800f20ea6522add918963290083148296979038395a2e2855d0e6be94f44486103b6eb76981c67ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5fea2dfbb038706e107c7dd9b957cf3a

SHA1
98546bb4c21aa53669147f5a3606581a6665391c

SHA256
b88beed6d52c58ef61124d1cdd25debcf7686df5ebcb5ac2cdf23412271592b2

SHA512
1de7f23c95fe1f06267111cab9643cad6eacda10c27ca611eb6ae2f8d9d6a7b496a91698c777fcda11e7e17d0bf880dd6179e8d7c52ddfe51bda4a7a848a0273

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78c97643a3d557b45eb0461ec5d6a342

SHA1
9f61b927f981863e7a420eb8ba5723e88faa9365

SHA256
d733eeda181268acdf5d6c47eed9f97606de16b12d5a9eefd6dd93e06d7b4bfc

SHA512
c00b1ff431c49caf645442359eefe98c73ad1ed4cfa1ad48920c7c45a0e92800a893edd8ff19b78a717581c056d07252e49d1d405ea7c336d3716985aa0523d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31188e23e9a82749e6a40826b9ec11c5

SHA1
c324e3455b94be34ca53ca1d33ab2ad52a66d8ab

SHA256
856fab1c63039a89a3005f0b83452a882862b0396ffba8c95e1aee5f3d5fed96

SHA512
c55690d83d2d8ac200c8098930a5405ab60f23619d279bbf9cc607a2d533b06f377dee5d1fbb4e888fd76fd71b76e752e594c7277ba7a3daec8a9ac8c58a3c42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b4bdb5819f37807f2a8fe18642bdf11

SHA1
2bb5c2ddc6c26072465e2b146a5194954ad4becf

SHA256
78cb7111fdcab22f14f19539098f6a13c7c53440c82aa72f526ba8d065298406

SHA512
e99751004e6daded6cc1c4efcaae71ac856a76c32f5a2285514f79244150dc404a4292b444ab23676392d90ab36233737b70e1e89985d57e98c8ff278e802b03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39922f39f5cfedb3c2451e53497474a5

SHA1
8787700c450b0bd9c5dc90cd789774d8a8266d70

SHA256
8e7582feb983fe1ef6da0c35552484839b8d93fe32520b1dd8ebca264693412b

SHA512
088757b956d1f38a426d0ea99c98ebb496d63335d5a5f4d0eb262fd7552f68417877376155a2682353792abef7df93be5177ff0022292752b78fd738dd65010f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
770ec4bbf854404cb96c04acf1f2788d

SHA1
0306300ee20e783f6c87c8934c247b053f9cf434

SHA256
62c222b86025ddb5d5e0cac20284ba078d886ff56b87b1f79fdd21179b353283

SHA512
71b50f9e464ef7096a72a73a257f3f6d32f8d6240471d4cd5389f07ba948d16200f2867ace67864d2423c3675a45cf882a7f3f4946b07c38812d12b349668583

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe6f7f48acc0189954d8147525af6405

SHA1
f380ae7ad8f2481d6b21469b9809492dc92e0425

SHA256
f67847ec01666dd2b8a4265d9f518f2617bbfa51c77b0402ce2c201aabc2c923

SHA512
2bcad6a9e2be32892f23b6f284ac1ad29e76c95e133136c8e64201d102acc4cc70d2b7a9c2f399b433639ceb6a249e9b7ef2d67536a0bcc95f76ef9954a6732e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6e81552254c1e194c6fa0f0907ba69f

SHA1
99a0b430b270282f7b496dea3ad78a5a6aadea6b

SHA256
62d467716950ab8a75578eb6b82fd2b2dd09511559deb36cf9f670b21c6aa8e6

SHA512
52e9a651e21e7397104469a633142b0864a144266a623bfc219d0f93d7ef61b155285509d92587896fa3a0a2ad90a1b4e0f801ea687ef95625b33defe05c4d89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bd055b38f8ed71f5ddc66618a5a01ac9

SHA1
677fc62861c4d095d6b394ba4ab31060c725189c

SHA256
a718dca3e0d844aad7bc5c464d73a0a6a34ee0ff33c4aaeea90e565362990162

SHA512
c42624fc2d272b9af24944e9c61685f77b339d4fe5d94cc7928ef66e42179596295556428b16cbae8e4a78274f5964d5a7f9a265b65a3a51047a5fd535bc8d96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
37d1b05bc765eae9769977a54d7cb28f

SHA1
74342c17e613f013cf4484d25157dd34544f8ef4

SHA256
08557713386a7052867afc66b06470901da5c7b44941600b11f7ebccf934c38d

SHA512
5059609ec7cbea2353bec87d696bad8c087d8d29828bbc2319aedf87de6c87db2c7b0c559071d6157ba01805b5630a403bbf3c3abbf65ce9ede70523c19b061b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc7455c758e213cab7c935374a19d267

SHA1
f6a1a9351eb4d75ed4f8699a3a4a3fdcd541adf3

SHA256
4202573472dd2cd40885fd2e1a0c8c88eb481d4cd5344368ff93a1fc99d3cb8e

SHA512
50fb03ec32ee193247fd412536e8e28094bee252f6a635ac883fbd216ec600b9e4aea2bac30f1de92b9cd943bf4b4f6db129051db316dc37cee2d33c0862525a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e65886237ce07703a28f8981ac24312

SHA1
f4c78dbe970b2b66069cd372e21a8db73685cc3e

SHA256
86e025e5fda641322ae6bbd2f0df577431f0fad5178249cd6b86bb92e59b8d44

SHA512
02bfc6549bf1ca812bd2a995cd831390f615ae8b9ed5fbb9ff411f2cbbf6abcc3a10604f96b29584812bc9b11053b6e6f1c97167f506e0de032c198cf96f12b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
924e9da195afa3ceb13b67181684fdba

SHA1
667be9b8dfbc62dfd4b536ea2c2d1403f066ed16

SHA256
f458864aa5cd150d753baf217162067f11400d4ca70fdce2854623e3305da139

SHA512
88277f86f970adac0f7acb9d3b9fa6d38ac6f5d7ace6df30f2c0a84ffea5d216cb39c137a743fd063c0711cbab1c174e02a29ec15dd9560546d4446fcb27990b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC4A9.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC4CB.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit