Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10-11-2024 00:25

General

  • Target

    home.url

  • Size

    141B

  • MD5

    c333d8c4443b1abb0e89daa9282ab230

  • SHA1

    8cded0caab06fe4409e0683413ff651bfdde5e84

  • SHA256

    b7e4bc038a5f9e50d9ef8dcc985d399c55d9dd097f25f6cda1211dfc0fa4b0a2

  • SHA512

    34a55aa15ddbb0a65e063f45b75ea3db72b4030503f50c3771412b3548bc5ba8f58376f5cd78575189e3d4cf0875a1eb6865f9b335285ae6ae6e1920814f17b7

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\home.url
    1⤵
    • Checks whether UAC is enabled
    PID:2904
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2716
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2612

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

    Filesize

    867B

    MD5

    c5dfb849ca051355ee2dba1ac33eb028

    SHA1

    d69b561148f01c77c54578c10926df5b856976ad

    SHA256

    cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

    SHA512

    88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f259cd9460a149a99d78d1fa4c7aa738

    SHA1

    5cb8de2df561da80505c3c45d0442290f3e733f0

    SHA256

    52abf8a60a86fbf004db66fc6e394e6e80d344d9bfb795d16378d8076c9f914d

    SHA512

    4ddf73f1ecb46439efe1155cd00752d5d73d9777b7c43b1e31d1bbec94e117bef0ed1d801b678b1de5588983067e743d591c19ee9d119798313be64136a13560

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1ab9d3a95a98094058a5fdd2703c8f2c

    SHA1

    ea1a566c68d3f4ed4b7d4971bbd4c770839b8346

    SHA256

    2f1d4e2e51b3e9c8ad98b5402b06e40955a2335a18d75726d33fde24e8b82ee3

    SHA512

    bb23202594decc15b092b1c66d5535e3c3faa317a527f4e97bb7a51edc2e0e041fee659ec98a8eb9a2d89d6a5e76c854f7f33267cb21a05f66603c50dcfb8914

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b8516987a109f6e6558c0aea342175d1

    SHA1

    746e00914da33279d35378495c3ac8f3bd7e7024

    SHA256

    4941b9db8901338b63c0e8a7830bacde1b07a8b0dc04f54aeebcd92a741eda6c

    SHA512

    6ea3ec64466e085f4b0aa31abfc45ae96f4378a6af7e3955757d74402c85598319ae3d4ec0496da9741232c613f9f050ab441ece5db0ebc6b4a03077146c1a4e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    daa8faaf9bd23ff2be3389170167e1b8

    SHA1

    528ec306ab11c335284f2ff787d5ff3027fb86d9

    SHA256

    3ddd3b57610fb20f283742b64c44deecd2bacd7dc8f150707b2475bf6846e814

    SHA512

    f07826d61ee9e3e1cc0566aa4d2adfbcdc27dd7e39946bbb7d8e877e218ce4970919faffbdc2605b0d88872d00c61448de1766d72c3c4e6f99e1e3a9678c061b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ea175207a1cf05cf2f001005fa6d7dde

    SHA1

    1238804d45422cafb5784cd0963e437d699466bc

    SHA256

    8e44ac7e7882101f3300e476eeb80a2760a45ec40ad1650a991608bc3c963186

    SHA512

    a75725375ba1cafc8ef32d2f1509d8b3638be373a70d32fa80eaee5efafa56f05bc1cd87c3bad7c5d3deee086fcf0552a8b39c3e747695a9f0805838b20b9090

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5bfca28138d9b188f185d82ce95c5da0

    SHA1

    09af608e91a13be2d375323a4807d693cd616125

    SHA256

    9527b67d7799738bca013418eb61edc3f1298eb1286bb5472d065f23272fcdcd

    SHA512

    09742e9c55a27638547acbbf2289c6a2f9e6f1617a76e2bc341efca54840eecc0d2f8675bbeb4931eb58f041a84f6a19c30366009cb4e7cf84be62c722eb0594

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d765be4562cca7cd17a8bd7c269e6e25

    SHA1

    8cbf4c844619ee3e306cd53582fde6fe2e156aaa

    SHA256

    0ff919120f8d4ab387540cf374976f11991ba021350815579acba50896f4764c

    SHA512

    b4a580ace20fb339cd1f7060ac042e906e522e38a8bb7e9ed00d2758e2d79cd7d80f4abfd727a6c772989e4ebe5d285f2b34c4bcf78dc20acd7fecbb4b74d5d2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b5c52609649cb8e8e0e1ef1faba4ded2

    SHA1

    230cc37d8a64315365e8e28d3b5d8cca94fc3584

    SHA256

    b76917c136617ab5070694a76bfac91ff5f650245b2e38dd5a932d9ab4cf5833

    SHA512

    418b6480dca7a910afd61b0e9cc046e6c534fbd87c623b6a3503d493c58cb213e7f42536eef08b6ae79383dfae35e4480f5b77ee6f217ce60f5507992ac05c90

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5b0154defa43af52545b1c8b45e89f80

    SHA1

    f49f5086f61e9b5619342fcac7833a5cf9d25356

    SHA256

    5b2b631fa53782145fc58761f51522e07a655c79da1500d1324f6c456ec5200d

    SHA512

    9d046dc7831bb02c982243a1d4434a6dd54fb5e6ac550b00b6240e118321f5bc2de3228afb7eca53a59d8c1d5fba763e93c9d4a546e0af36d2bf8f8faf328453

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b000ad5149d3b4442f5463184bf88ed9

    SHA1

    1a6a4a5a504064bf689a97b56feaa2ce8547550e

    SHA256

    a2046c50900d83861802fb194131ecc4b803ae6d01842f969a6614abc3f99f18

    SHA512

    3b55f9764735eba81a070baee34476e69a61c3fc37896be625f8c53ff808ad7feb8fc48fd2f51a603a08ffef97a529ed6daef463d720a86c30c6ede8f20f12e2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5971e0e35f61f402aedcd3b977149eb3

    SHA1

    dd15b3f217979fa1318916aa47759059e90f3afe

    SHA256

    1ad097619af771a4b3ad24cea242b5721c590e050ea2e9f735c518610d3ce879

    SHA512

    3ac572be45916dfd87a952b2aefde1e2084ff0189f3a322b9e2367be03941a58dfe416a3b978ea22bd0bb9e713dd570620fdc847fc3519ba99a65c742270f51e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e62df3a129f2f8baed32f2a38a8b767b

    SHA1

    563aa326d006cabb41a8281b634222a7d30a7740

    SHA256

    51cc159f9efc10b057fc7018dbd0b0086e93c368e5bfc1e909e170ffa1369cdc

    SHA512

    7ee20c693f6702dc5a79c4cc47f27d107dbdbeb500bd56a953592b06c061d94f46b74b834b8b90bf269291802402a44e8cbf4f96ae55b7effc5ddae7ecc25088

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5775eecc8f0694df0ef65bc922dadee2

    SHA1

    3d6bf6fd97ac34148a25d8c0ee1a6f0bd7764d07

    SHA256

    8b9148a92497cf43c62e28a3a59c28e41d3b8ccd1834ea85bb30728d72cf6ece

    SHA512

    edc37bc993c0fa30d6b762359b7067f536ad16b881faeeb5f60c530ab12e88d0052ce31fccdf4599c8d7eb2726dbeb576e18c488b5f3c5b6f0fcc61586d82668

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    eef1fb8c906bfaf3fdf1b5903006faa3

    SHA1

    7e23f55cb271d71c2e8a70b13301b37ed29fafa5

    SHA256

    8c709fd048afe8f738a2d2ebc73c5e36673833b13dc42460597a4891ed1b1f84

    SHA512

    75c3d6a82e8ddd662474f8fc5513580f44249dd96cf6b558f469f53f9b0e45708d4020f21883d6d2944507dbd4edfa2102734b6aa7ac6d4bfd3b27e4bfd1e7b1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    26b1f35c8b176b74c4857649a4023715

    SHA1

    deb4bad278e37d2b5eba2daf7c03902f70e548ff

    SHA256

    0f2b5e0ccecf96d78e8e2918f7d1bdbfea3c4ba3f15675fb2dcde4b77fb7d3d4

    SHA512

    4905e204574a2dd3b3f17a9b911596da4b8a8bde747ad9ef7275903fab2930aa7a4daf8208e854fb0d905a5a3cd2616242987b344d11191f535ff8c200b25795

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2215a24c038daef611a451f026ff6036

    SHA1

    8f67cc1c9c3ab9f99113a2d6e07f45fc79dd2c10

    SHA256

    efd914ea6d47877b35c5e2270d1983a2f37bfa6644eed9a419bfd903adcaca3f

    SHA512

    4442de79a4cfe4ee314d937e66207215918f51b2bc0eb2f865a34c80790ce1adc5dff0e722aa3435111592529d94472dc9c28381536d4bef251ec909f6a6920a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6a048bd21904d5f60fa67f6c70cf8177

    SHA1

    3311137d0fd12ae7370e6d32c5315bd9a0f6680e

    SHA256

    8b73ee324922bee31805f3e5dc515de71c500dd8febcedb519156467cf926c99

    SHA512

    52084f2f6e0f367c04687aee8f6dfd556bf99a5dc14c3d621cc9bfaf63eb9d28b91ef2fa96fe6792a07e2cfd6036d5ad5e69226085b0c47dc63bca6a241a7ae6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    11bed70bef7953642ef0acf193a08f7f

    SHA1

    f9ee515acb5f481001f22b37ebf86133d905ed8a

    SHA256

    af43d396611ccb7c7d327f8bdba3f53a0ef6620ef563152c4596a97a3c18444b

    SHA512

    f1edb6460ca6f908f45e628132564c21918ec1bba40b90f4be55ed35068626c1905176ef7f5fc79a1a66332a779ae83e786a1202d0d3edbc461c98dc574e6f23

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0f08b649fbf49564290a2a4f816d355a

    SHA1

    69b9c30cb51f5f657b1fb47d43530cc197fc4c88

    SHA256

    889bc05df9b01c4cbbf778fdc5c4c5cf06c09fd95034cdc37fb912007899d667

    SHA512

    d41345b26be8fe88a4d59ea5bfb764c9d9939fc655662fa1e421941ec8a9f77cc4c631a192a796cc0989abf93463fa5cdc5a29a6d141c6a332ce7479361c9601

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b098d673c595f48888143f46e4d02305

    SHA1

    8aa701f397a25498d901ba9d5136885e6236130f

    SHA256

    c4e88d8fb9ee6fb1fff0c84ca577d39d568c5114c6f1252c2101fcdfeb5c3b3a

    SHA512

    54ac590567e2ab58f5a3bbf3b0e24a7f40dcdb7130e433b5af88a4455f2183a8ef0d4ece25ce8d58e93ab7001cf1c6ba79bfad5762239baeb0788064aa97e2c2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

    Filesize

    242B

    MD5

    9a239ba2f64e59d0da0f28247fd84107

    SHA1

    2fc5b5be02c97daf7c863b7a16cf4741762314c1

    SHA256

    0bf5e902dedace12828c0711c933758875fa79801721eac450b54fcb81bb5537

    SHA512

    25d45daccf347d16a6e71bd69083ce4d31bec305b4e2e5d1c0035a4818d4e6f9120c207a17d89077dbf202255d0d7e827b09944d2fdd1e167ee8e2a6f0def0aa

  • C:\Users\Admin\AppData\Local\Temp\Cab7216.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar7229.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • memory/2904-0-0x0000000001DB0000-0x0000000001DC0000-memory.dmp

    Filesize

    64KB