Analysis

  • max time kernel
    1558s
  • max time network
    1558s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07/11/2024, 21:11

General

  • Target

    https://pezbelz.store/btk/xls/b1t2k.js

Score
3/10

Malware Config

Signatures

  • Command and Scripting Interpreter: JavaScript 1 TTPs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://pezbelz.store/btk/xls/b1t2k.js
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1692
    • C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCATT3E5\b1t2k.js"
      2⤵
        PID:2352

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

            Filesize

            914B

            MD5

            e4a68ac854ac5242460afd72481b2a44

            SHA1

            df3c24f9bfd666761b268073fe06d1cc8d4f82a4

            SHA256

            cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

            SHA512

            5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

            Filesize

            1KB

            MD5

            a266bb7dcc38a562631361bbf61dd11b

            SHA1

            3b1efd3a66ea28b16697394703a72ca340a05bd5

            SHA256

            df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

            SHA512

            0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

            Filesize

            252B

            MD5

            3593b504fdfc2c7cb6e92ab42538d3ba

            SHA1

            a0ed7e68d43ee7bcd689503e114acd268034e569

            SHA256

            46350c35c92def874371718604979ea19763b280c0f1a7a4044cf38573469708

            SHA512

            07eba170924ea0b49a5a44dd394f15481832280e960c242da35887af3dd2cf52e6ae4fc37f29c446976d07ee0ff7c7b3c6de45aeeafba5062189cdc77778a159

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            c41e36009ae91b7e176bbef2986de0a8

            SHA1

            fe1aace26c23256f3db7e36338cfdb71fa6af8fd

            SHA256

            736c30bcbd691d3b8dd88783524c6d1d824b310c1a98551de0d561aa342eed02

            SHA512

            8aa0998c97f59c538ccf4a9505cc252dfc71d5706af440f619db70ab4905e3a1d049f4cfe751508019d4e9dba32e37003c5ee920af15154ef34d79f9c841b797

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            f1a3ab900daef6bce879f4cec44b75b3

            SHA1

            7b8696db88806070465e81f5a0bb04c4f0501310

            SHA256

            da8cdb572f6ff011ddbe6f0bede1d000cb83d06e2d0ac7a7d7ac4941df4cc715

            SHA512

            8a665d45f57a252783bd851f92a99acbb96317316cc29c8465c0ddc16bb7fb52cd06ded47fcd0c8399eb91ff39517999ae2da89c4ca2a0e06f8d145a6e463550

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            e4d2a60cc60d228bb9260af60fae46a3

            SHA1

            033e8b2acfa051aaecb94c982ec5434c925f055b

            SHA256

            776dddf43ae9157630da4d8bf2b2731a6f670a0c21e10d8a3cf57cf1119c245b

            SHA512

            399b75d7f934e846bcd7fe9c21f9493ce7b7d736659843fc9b9ff34caba31e242cc533c97720c68ae532928f551027283e7b981bfa9598e880b7f0b5e4affdc2

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            8156e190f86b2412de5da8dfb86a389e

            SHA1

            04dad69274e2c9fa9bc97bacdce0fa085867b3ac

            SHA256

            8b1c545abece21d2524119b64ab599e37a31ff5236f82e1e8d3a2890166ef3ca

            SHA512

            69ad0add113481f5504d0593ac82eb99cd48e399903a9c4a18f992c697b77e08c0d3a3b0d3f2be9eae7dd7ee50711aac123c216c07ed2d310dcf4b494575f115

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            a84d3324af78ddb609ad95ebbf172b19

            SHA1

            0f191d503e0061a35490fee1128159dbea09f048

            SHA256

            c816ea092d67aa4d01eac10d1a4f0d018ff015014bdece7f90ce20c3dbb3ece8

            SHA512

            b121f7e914c306fa38026eb2ec3a41e65fc8a83dda0c2da3ba6adbf6a62eaaf0cc3611bfce7e750226c8daa572dc9efb34992e82dfbb35aaf4d75614db7cc7d9

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            a1ae14628d587ecd560e01c3299496ec

            SHA1

            df45709f17659aa05920c1657784f63aeeec1b16

            SHA256

            40df41f73917cea6498688e717b6bccb4cc0a9a77ea0565e5e480e7af623a06a

            SHA512

            316fd393b86cb6506b82b6149572951316f8ce20c8970e98362f5907bf3f002c1a733b35026dbd815f135f359878855caf92193c16333c6d3982481c2dad5b43

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            393904d987541976d80c707f8e8fa5a5

            SHA1

            fe0b5b2123f814c86b140d425e64135968ce44e9

            SHA256

            2c9d2999c07db0d1b9ba058ffa7887192149486932ceb3e5441059210c1df1a4

            SHA512

            aa01a1876dc03660d09546501c0dcfbbcc9acd367368d981d251f56dc78456463c4b753a4ecbdca6335e94dc56d6ae267fa1ad8e6bb672e5f400161bc1d1dd75

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            51ef4bc9cfaca7ca16648f58debffffc

            SHA1

            01a11a2b1f2967e1b8d177db87fe30c272f4a261

            SHA256

            0ce63662db31b6ecbc6d5c4b661b8e7fd7badf320b710063a796161f0a926503

            SHA512

            07d7bcd80eeb92ad9f8544e5fbce3120e904367f2fee547eb6ae520a1f6271ca7d21a1cefa765b9441b6f8febbe6406663b495b0f19fc588ac4efae3c726f8eb

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            018c12ed7b54544962927dcf12a5a94f

            SHA1

            7ddf952cdc88afeb7eed289b1c5cfe9adf42cca9

            SHA256

            7b4e00fe77bab964330a3a39fef2e18b3380867d6b6099dd307b6e043ec7fff4

            SHA512

            5009e4dcb3a666f907f67151eec888738788919a0ad27fbc649f153c7fe582a20161c174031f56f7712094a46cf42539994c9517457c4b868a7c2ea97f367573

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            f43e2beec620ce33635de3a58f1efb13

            SHA1

            6ca5b3a7301156dd9e85d35aaa7e49adc0a5c891

            SHA256

            8f65b14e0d45911d1efb2c65fdeed451251a18517133fba525fb78601abcea70

            SHA512

            ff32e6b2e81400a02fbbba5c0eade583f6c3ec00a88af9906a56f5949a43f8e5b3437235616cff703937a1006b21d9c24f2c86802c395c3edfddbcb4a1a7636b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            6a41540f31e18cb9c1ff136b02a9db50

            SHA1

            79daaead2fb4a06b69bd05b346173705b553bea5

            SHA256

            10226cbc068669e1941aef4e126d86b9424862d85e187d95073498739681cdc5

            SHA512

            8ffccae13ef1eba9202da8329503a6aecefe32e3996a42fd965b872397c0cb53ba5fef540ee82f99c82ff845aed07efff06935578e4851957f1669b143fdcba9

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

            Filesize

            242B

            MD5

            90c3fb97255c90db2f6b4fa4751b3018

            SHA1

            cb3355f2a9bc5e1c06ff913f81e27825d4c4e4bd

            SHA256

            802edb279986745e656bb08ad5663098ae60b618ee14c754129dd660e705ae41

            SHA512

            cc52e8ecd46f9036107876b490ab36ace7f1dd18dc173f5c1ea98a75e1fb5c22e86b84d3239cae0b6aa41a985cc98141e8f3597920c9fa41c27aff21c935b0cc

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EB0KZ1Y4\b1t2k[1].js

            Filesize

            34KB

            MD5

            eda194399aa9e3b72092af56c0d2ba35

            SHA1

            342897608e5946fe92f0bda9a678ccbea617bf22

            SHA256

            c169980ad958887a4cbd7eda547c14f37a466b65002b2e44a969d631c3634bed

            SHA512

            1e9e0b5c03e5e26b11655c0954efa8a0dc63eea541a9fb19e3d325377691d162248beacea907ebd9a0fb15312f7d6c9be3d0b6ad2a391e44526cd7a00c676c33

          • C:\Users\Admin\AppData\Local\Temp\CabD9CD.tmp

            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          • C:\Users\Admin\AppData\Local\Temp\TarD9F0.tmp

            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b