Analysis

  • max time kernel
    1566s
  • max time network
    1567s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07/11/2024, 21:11

General

  • Target

    https://pezbelz.store/btk/xls/b1t2k.js

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://pezbelz.store/btk/xls/b1t2k.js
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2480
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2480 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:484

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

          Filesize

          914B

          MD5

          e4a68ac854ac5242460afd72481b2a44

          SHA1

          df3c24f9bfd666761b268073fe06d1cc8d4f82a4

          SHA256

          cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

          SHA512

          5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

          Filesize

          1KB

          MD5

          a266bb7dcc38a562631361bbf61dd11b

          SHA1

          3b1efd3a66ea28b16697394703a72ca340a05bd5

          SHA256

          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

          SHA512

          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

          Filesize

          252B

          MD5

          942ac61809e79be7bc80a1fbaea5449d

          SHA1

          589810f856ff59a1042d53d6eabf468b890c8e6c

          SHA256

          e0bd08655f3f4e6e0b883d1efece9a9f746c259b6de2f9459fcee6d01b874dc7

          SHA512

          e07956e90b3c2f0785d64048ffbc54c110bc58e928df0aeed88eaa72d6a26cf787ceabac4c1ca3739187095b9d10be1d82203f518b817bbf24a4308c21f023bd

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6925c5cce35d5104de03ae6871f913e5

          SHA1

          5244016df8b07391b89fe67b5c0598db67e232a3

          SHA256

          184308633ab8252b48ab49730385159f13b06c2367cf6ef1a72f73d4f81648aa

          SHA512

          205145d7c7e41482b3aa9646b93323fd1d224fa870777a29468c0a6b5071f00b088f58e65dcfacd363a9d7d96decef4e25adf4f9496a13f282159b0ec6dc330e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d5bba3f9e3f91c944e19ef2f09d5c1bd

          SHA1

          d4c3af5efb1b89dd754e6903b75aa1628fcbb4d1

          SHA256

          3c95989e7ce73c5f12b90e0f15d3baaf1ad0ff36e8f8c9c00ba8cdf7bbb5f3f3

          SHA512

          bbe7d2f5f1c40e8956e146112518443a88582fa7dea8f42e86b0d13eb56a6815db7d83720c12823823ffbb3b39649619d0fbeab76e800643544faa80f8e63c9b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          798ca5a75601a513cd23f86f9d88c234

          SHA1

          2cdd12f0ca8a0cb74352a1aad62a1363f09a0729

          SHA256

          86f91dd866ef708c0833a77d92200f290cc0697d9e07e39672bcb7c233a880d6

          SHA512

          42b6ccaa329f7f34f5290897d74334c938c58fa17ddd58de2707269ca6017b6b8cec3c81f405f4a91ecf3bbb57e89421bc86a565d5ce165430ae0fe41cd7ea78

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1cd6cce54bfbd21b29abf5d27e297893

          SHA1

          0121bde384371c4b212411b065d69aeb0f2b53dd

          SHA256

          abfe4a5f0e851ad630840c4899742325f15ecf5575b31b2a55930425d2ef610e

          SHA512

          caf328beab3966ab40b902f3b636b481aa07d417cacb845c7bc7bd8acdc26e2f1d4c885584b3170cb9ac2c4ab77dd826dbe2ee498fc9074a42e657b4e3e2eb12

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          51347d3bd52e7c2449f3ef255bb52ace

          SHA1

          39f9bb66d3f7426221d707cb54859d3803f07e8d

          SHA256

          589dd9a64a95d4c015020facf00942c2342400f73a02275e33ba0a3b67954456

          SHA512

          9ff3837b2b86588765d5c1027a5e623eb91dad72ddb5c8bb7c15b0bf5a2c8d512607f083cda35ba6244154a5d99d2d126bc7c862da9ce249a3452739532f8c48

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c3de4c4459f28a00a7a4d5ab683cb254

          SHA1

          222d3e5f94afc36fc42c6f2895af6524990de73b

          SHA256

          36f5c098eff470f1c3795a5263882182e79e7c035824fe098e6eed61c185a7c2

          SHA512

          71787bc35bb556ff6fb5794218f8161ea4017dbe211cb925d7269e06c03d9fddc7b1ba2d83bdf2a104cab5bf8332a2326783211a36141b1648d2fa7731c2847c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          ba0ea95f7969887feceab32e3df3abd1

          SHA1

          202673ef5b15e3336264740b905d55c2248b19c8

          SHA256

          5f34ee9a3599d1f9eaafd7a516daf9655e2148729e89f601dc51e85aa0d28c75

          SHA512

          8f8dc0b570ad6c4f2e2b076d1c490f4a6db72c177cbeae8516fb69c3ddb47add4cb2e29ec74f50baea97cd4797bc081921d0fe6612423641aa840aa22bd1532a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          980b15f65fe64bf2b42141255a420ed8

          SHA1

          1cada37474b62941ad9c56c4352e73ac921d99b8

          SHA256

          7bbbe5926eedc136e694e9dff8daf2e1af3a70141afe5e8ab9f7158e6067d301

          SHA512

          9294fc6e1b0d189268bc654ddeff03f90c41d4797cf27a6ef63848885467c666a322ee03d56a14d167914bd640861606954b279878bfd590d1ea2fdc95f909ef

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c07c9a8f5a92ce73add8e215cc81efbe

          SHA1

          7cd229d09e159cf5ab19b32afd2c111ea835f86b

          SHA256

          e126c250e949c7644a81fa34dafbae201417d4620d8b150fddc29b1938cf0585

          SHA512

          1cae5b7d276d24e57982a624db6c0fcd1c79eba43b6992203a23d64d511931169f7419f505fa692182427ecaf86fd820083cc7231139a101753774354185f7fa

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2dd93fe7dcd65f3db9f54a5c49a7663b

          SHA1

          09d53f8bf9db9120c29dd8e2fb5e35ba6ca1ed98

          SHA256

          d39b49b5fc71ec0bc0255dec9d82957fbc07da106d9661d6f355a778bc1f91de

          SHA512

          72926f4f51232555d4df4aa5e2ef9ee97697dc542ebff2f67a078c2cc8819fb9ccab2ee28554388e4e57a49752424de24fe87d58bd3e8d2245680610b928dda8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a730304280278a9220f58c4d7fe52e0e

          SHA1

          cf3fcf303086669dcb1dd687cefcf18c1fa16137

          SHA256

          32f3e33869df96dc6b5ac529577c046c894382f668c9c7dcba4e4614cc2686b7

          SHA512

          8b52c14871bc9301708f34864d78f87f1e46cfe24b162c7649bc5b0d6fcc16b25699df88696ab61efe41745e07ebbc03a795ee6e0b56def12aba0febcf003ecf

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          4ea10d013c1f636406df2f0fa4c01859

          SHA1

          bf3f033ad1d8f7f3a6b4407aba0629692ecb9510

          SHA256

          43717213458acca851324d041dcab8949783bb8a2c9d888f889773c010bd5a61

          SHA512

          4cd1105a2e50bea99c537217f6200e479ead209f3ffd8cf200bf53f15af6c31b511b7f39c970324859ad5a8f4f53d449fdc471cdffc3c16bab8390ae87fb0f32

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

          Filesize

          242B

          MD5

          081e2e6eb7b49bda0ed66499ef3de966

          SHA1

          3351ed4cddd51bfb432965ea8e47420b999eace7

          SHA256

          568c2c58720a56d41823a1e4d6be85220af38343189198993bae25a71860c546

          SHA512

          f1c7e5c19e7e481e5f1d6f569347297c5da643b9c38ea1400ac11076a419c50f5342cea40a89cf47cb5bcba63ad109066fc03654e525215145ba35828395817f

        • C:\Users\Admin\AppData\Local\Temp\Cab3BA.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\Tar13E3.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b