Analysis

  • max time kernel
    133s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09-11-2024 16:39

General

  • Target

    LICENSES.chromium.html

  • Size

    9.0MB

  • MD5

    ae174699b663bd90d8d06c68c6952477

  • SHA1

    8c76eda61d320779909adc541593b8e26b24815a

  • SHA256

    c6737ef4ed9de369077718824f76c5e7026d0e39163e26af8606783e41c93e18

  • SHA512

    3fb72dcd790464dde34978c9d0895376827f4d839b4a199c6e9fe77ab810d62b960babc4b21f6e189dc70147b5fb4334815730f4d1cdec05489c19e0725c2158

  • SSDEEP

    24576:h+QQf6Ox6x5n1nZwReXe1Gmfh6k6T6W6r656+eGj/dBIp+:oAPeGLp

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3000
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3000 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2892

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    da15880583bb881f2611b36542166f15

    SHA1

    7310be1bf9f7c0b16bf7a1c1d142a26f2e7c1d7c

    SHA256

    25c1f35203eb81092d8afe1cfdf2a1195a4ee1f722fd080ebe0f7e02b72016e6

    SHA512

    9a3bb12732ab7d53f27d30354a1493f0402d021fc6c0fde17659c14356bae3082ac2ac254a24a41634ddd0c67b03e35976d06e6402c86f35f92af5454fa53ffe

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b6e7f89d944268fe4f0e49cd724c12ed

    SHA1

    ff01d0c4cba5b4d98a742e3e547084ce68a6e7aa

    SHA256

    c3a12c9f15d327a68419aae8adc10bc6f8d5fea8cfe17b56900f6f6caac3a4ff

    SHA512

    92336e27c877d4e526723a45bda4274fbec792951074cc787bd15ecd8322b86f742b0d1b5446e5358b79aaf86b4e852edcaed7717c12dc0654699a41811892e2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5f97a3582853e3283a91a9ece5e64743

    SHA1

    e2e0b2471826dd2629324932f9d32fc94e3b86ca

    SHA256

    531d9a22ab2bb2b14260c83f9cea16a5bfd5427547911644eec9919928183be9

    SHA512

    d83c22ef4a42bff9c41be4add19ee11a27589ea7246e8fbf9a6b9b92c2fcfb0195f3809918af1ed51cb2661d711d0377dac7a541423b8c1f52c9e56bf1a492ec

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    da821058023a7a48eaceafef38f89c64

    SHA1

    edc8c3a094875afe14484b27165fea0974ee0b15

    SHA256

    6c7ea12e54c09b48ff2ac7962e687e8e4275baa230d01ddf514887fc81cdabe7

    SHA512

    9b2064ba607514f3e50467bf4220ec2e13afd2659eed5cbbaa8cb3084ef294a13cfc88e1101c3e7f7bafcb3aa767244116947968e1e42c776e2dd3eac519ce9d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6979295aed0814140b378ffc6a87ac3e

    SHA1

    c001d1ab14fcc5d8f73cb5591a5961ae8ffa3da2

    SHA256

    10ace6c48ccc27aea7459cd83e74e1b3edc2aa959d13345a9b0a139c512e248d

    SHA512

    7396c0a73338bae4b5e9c9c367f9c2c2c04b65d01229bf9928639da77c739d2ff383f421c4225ce7538736dcdd53c73a8c7e35efeeb50f6548cf89593bbc351d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    32b6f69e5f049b69b479ce784ef7e2e0

    SHA1

    c01f6dc8e364d1ff27b41acb0e38e15a2edf33d5

    SHA256

    3a6ed2bbc9118679962c08461841914fb4f6d520f4891e3f2c0b34e50d10d0cb

    SHA512

    6898dd19f29fc795c35a95529b5b22eb988d2e41925caad11c0d86176e143192dfe20bb230d9d4631b437fc40faa9e6f543fbbdf474e80bce08d8961cb60806e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    543e48ed03c4d8daf5ee4eed84092b9e

    SHA1

    960a9cf26697aa6ed3f2986f2861ffa9331f7e9c

    SHA256

    a2ddbade0336404627eaac0c73f46832f3ecc1ab775e4225702023e9b7309dc5

    SHA512

    a5fe5278be7352a1cea0c2818ffc5f2a2fc04ed410b7e692977b87098b0d62133f47b2deddc7aae77b33419706941a14d883a79d7ebf661ce01f88029d848098

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1c3fe092e8fdcc4ab23c808f192a1e4a

    SHA1

    8c3913394da0bbb2e18e68a910a6bde5e2ae17da

    SHA256

    e49d7f6a50566c156c2c39da6beb1fb552b758c3445fac1864863f6abc14d0a6

    SHA512

    c2df6fcf081b028750ef9f56a1ce6f8d0273e29ffcbfc4fa98b604278384b7d73af6145ce223c00cf3180a841c52119dcb7ad726b5ad8aa9e989e26a77dc6bc1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    824ab44ffaababf1401ae79245bb164c

    SHA1

    e104134b38ab22a880a0eaf7e1e885dc550cd06f

    SHA256

    fee2ccde892d2aba7a086a5a559bd9242185c739ac653b6a5e542383bf68f125

    SHA512

    ec8bb3154951fd1a0142ebabe7e169c81bfb347ffabcffc22a85725feeea7083b325858b960ec51ec0c9195f808e8d3b702d5ae94af96099aaf1eaa4f2c98cdc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cadb6c4f404e43c7ab14a8ace6ed7aaf

    SHA1

    7be93d364b02bc14471204dc0e2ad82dc7fe1b29

    SHA256

    3f99492a79bc629b685954ce0a7234018aa2e2c45c9f7416616e57b12303e41d

    SHA512

    a104fe1999ceaee6b4d75816ddee97a2fa57fa561777ffcfa362160b80cf6455b2fd6c22df71fb72deada905e3d0cdc0d582649f629589313890d3ffae244f70

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8745a0a6b36ffa2d9d1755662a9a587e

    SHA1

    30703de6dcaf96afabbff1509b7b0f6c96010731

    SHA256

    c26093797e1464cfe32c72db54e30c78dc5c05de1ae4b84e7916ed20df555514

    SHA512

    fb1f3d0336a18428117ba51cf0eeedc63b806054ca9c59ed9e1f410f71eff5d820524d62fd78d1678bb6cc117a09227a727bd623a7d4c5844dc355ed43b1965c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a68cf571c731b80b8e39ccc24cba3dce

    SHA1

    1fe283dc2ae1121aacfa45afbec1dba1dc51304f

    SHA256

    5a1467a0b483b0966e7f38da569b0773ebb415976d79fe95a82a8075ce3816f0

    SHA512

    796c191e7f9bbb0a5fd485202fed11d981d64b0b677d2dc45ac334272769d209b5824cf3abad0facabd916fadb34364436583f140879a06f097d084334743e5f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5cc1d50dba73f8027b320f9d4a440eef

    SHA1

    f228213e087235f87298a160c185e38b8f066e4f

    SHA256

    d7603c278ca366f4d1491058ed27bf6855a9e3cf67994b267c10c8be62bc4b18

    SHA512

    f595cec6853f733559bc591453a8e1f68346946d917c7df8e1930b81092ff36c6ac7d312d6ce87157e5264343e032356bd12298e3ed1b18802a17ca6295028bd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5559a9d61001734421a60bf4a2b078ac

    SHA1

    59da63735eb9fc8e23a8143fbb0c427be95f251d

    SHA256

    d48f6f3807641bae6961aa88e26f383952ea8018182172ef50f9df343007292a

    SHA512

    7cdc86a4412ace2d7eaf6dc5498310cb64fa3b84e6a9f3c9086a0c548d09f364f57304ab5716591d1389e7c17342ae6685575c4cc074a4817dd942b8758ea11e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7a9c4fc239ccf070503133774057b1c2

    SHA1

    091e2f57056a4d6d7a3013cb297ce8285f7d37ce

    SHA256

    6946608e6f5eae8107bede50ae45f0d0fb81719d07c58866249dd214b0c729cb

    SHA512

    1553cdf2ecfe19f8f0c8601c2e1d44c3b5fbd3b7a095289c7aa63f1e2098b309d05d521e144cccb5b75636e7ec2ec22b600687c8e05334f79f194523953bda0c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e224c1b25370cc0af5104ff23e03796c

    SHA1

    ec6b04fac360d0b197cab41320c5a89bb228c8bf

    SHA256

    cfd8c555c013d6f1ef599e1460aa71a95e5db01b2cb21bced5f85f4218b15295

    SHA512

    02f32d2f0a7f73441f81d7e3d08bd150436ea97f46c8008d7d3b7f5822e384778f255a18c336408e8d5f4dc853b6add76c0321babd58427f1adba6877f1be6e7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b78e1403524e5a673f2f642cdc0363e7

    SHA1

    47207d7ad655c673b0d215ffa4e9e3656dd792fb

    SHA256

    b57f9eac32d1f587fe7d328944efaecc33a69ff0cb6371b4586db707d03046cc

    SHA512

    c4f15da6fd1828f3b13781a2134bb67d6c4f7846a9ae2ecfec5ef08bfb3a811d226b71e8f6202746364ab6e3f0f89aa63eb0e188c3cc04a9d22458cacefcff62

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2a171f92bbf922060526e88bba6e0465

    SHA1

    597d23c18663a5c5e6bc74c1f6f87475b187ecc0

    SHA256

    d5fde5d52ad04225c8dff62e5ec1c7ae4524919bb9d16084e23e675f71837680

    SHA512

    85e760d762c0366d136c65cc64b6bee54b214dc700bcf66d81206b17c740c801e8bd896e72c88ae979d0cc035a4559534253e018d29a26940332b9254e4deb2d

  • C:\Users\Admin\AppData\Local\Temp\CabACE5.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarAD46.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b