Analysis
-
max time kernel
96s -
max time network
96s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
10-11-2024 01:37
Static task
static1
Behavioral task
behavioral1
Sample
64201c83b97931998791326eb9493f9afc6ee1b5328324f10ad114b6374147ebN.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
64201c83b97931998791326eb9493f9afc6ee1b5328324f10ad114b6374147ebN.exe
Resource
win10v2004-20241007-en
General
-
Target
64201c83b97931998791326eb9493f9afc6ee1b5328324f10ad114b6374147ebN.exe
-
Size
140KB
-
MD5
4ecfa148f907f35b7f8b7510f096a1a0
-
SHA1
3d61134872ed38690e94f770651ba30cbb45ce46
-
SHA256
64201c83b97931998791326eb9493f9afc6ee1b5328324f10ad114b6374147eb
-
SHA512
e0411004e65e31b3016e0e211ff7bfd540c14db8d1d9e98d368cef4b55d4438e22f1c7150ed30725f285f9c76997f838100554f81ab6fd181430a3c7535c9da9
-
SSDEEP
3072:x93AINgWkrALbifBnwL5Ph/mw406S8bRgJd3Zn:x93XNDkrALbifBnwL5PhOw49SPJd3l
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
64201c83b97931998791326eb9493f9afc6ee1b5328324f10ad114b6374147ebN.exeIEXPLORE.EXEdescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 64201c83b97931998791326eb9493f9afc6ee1b5328324f10ad114b6374147ebN.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
Processes:
iexplore.exeIEXPLORE.EXEdescription ioc Process Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437364554" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6A504DE1-9F04-11EF-972C-F245C6AC432F} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
iexplore.exepid Process 2696 iexplore.exe -
Suspicious use of SetWindowsHookEx 7 IoCs
Processes:
64201c83b97931998791326eb9493f9afc6ee1b5328324f10ad114b6374147ebN.exeiexplore.exeIEXPLORE.EXEpid Process 2648 64201c83b97931998791326eb9493f9afc6ee1b5328324f10ad114b6374147ebN.exe 2696 iexplore.exe 2696 iexplore.exe 2672 IEXPLORE.EXE 2672 IEXPLORE.EXE 2672 IEXPLORE.EXE 2672 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
iexplore.exedescription pid Process procid_target PID 2696 wrote to memory of 2672 2696 iexplore.exe 31 PID 2696 wrote to memory of 2672 2696 iexplore.exe 31 PID 2696 wrote to memory of 2672 2696 iexplore.exe 31 PID 2696 wrote to memory of 2672 2696 iexplore.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\64201c83b97931998791326eb9493f9afc6ee1b5328324f10ad114b6374147ebN.exe"C:\Users\Admin\AppData\Local\Temp\64201c83b97931998791326eb9493f9afc6ee1b5328324f10ad114b6374147ebN.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2648
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2696 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2696 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2672
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5adb713952da87917243ddcd73140d105
SHA1fadfc9012d910dec89260698c1224d77b3c808e7
SHA256fd711684d4f7474298ba7e7668036f3040763f9cfd5558335f96a6bde09f0fd4
SHA512373664fb999b3fef27d804b9ff68be4c1280f6c03041f8bb9a95f65b28731b0614a91be3e189e8633fce058a70b91c921cbb6533c43a7bb838951d4c7262cdd7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56e51b6a2a8e14c7c05e7511f998fb645
SHA1f0036691940be0957504fa39173837f5406e21f6
SHA256034018c0bcd093bf1d7d3c9914b0908958edef5e5b91c3667ede207ea9acf45f
SHA512889dfede8039ff51ca9a664089a57c4027423d009f89785ed15a2e8f913e1c029b52e4801ded17b4984a5c910e7c687343661dab5de9f5ecddf9c442b0df9aec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f601c80686c17fb852ca0677c42b8929
SHA19813eae9c72c0af54c5615f2665a38dc58468ee6
SHA2567806e2f621bbeda5cfde8b957c6cd9b8515d4a5694ecbee899fa8e4235425186
SHA5124fd101fa7145f44737b173e07ac8094a0079bb3f4086211a58ffb817af54f8b08b90a03c5de6e57648d7532196662c4bc5da27de472c6d497b668c500c9c34a0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD501ee153ed2dbb1c70d3f9a3dc5a7c609
SHA129ff30b45e536ad52991a44a07b1e89846f10eb3
SHA25624435c9c000b763019755123d654a3c3a9b172fa2248a654d0a68a1181234f58
SHA512796d9b28bce112e997e20f18ae728f4906e28eeeec21849ff77cd4abb136690fb1cc0ab39653850dfaeade0faa0e53eddf17a674e835a4fbb52fbdc0507b4b1d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ce2b1e4479124dbb62c5e2b8906aa0d4
SHA18235ec39345e02a5bad24cacae95ff27cca518ea
SHA256f103662bbd30f709c3d0701e0910a639457b6e78e8c7528b90352074922067c9
SHA512c5a13c7b2e8d55547d8353713e41a7a1ef9a335b82fe571187be55ff125b54b626150ebe45c5e8c954571f087c36d7082cde817edaa637e7f5e0708e7dcb5864
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5644c930db6d910bd4ca827bd6450bfc3
SHA1e3250d0efa29f56220ab607645a91ffd65d43d4b
SHA2560a38a0616feba3b6362d484ccc8477e3c8a984af4553779a2776b517c5b595e8
SHA512ff3cfbfbc6e79319f08d509844dee93c7d9fc72ffd0cafeec948e0861e69cb4d757ea0415464756bd91a5a1e8240ac265666d65a6c371a1e358ded4b608209f3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56d02b230c61834f28db54616143407ce
SHA1f67558e362d2e0d67ab1a29f29eff45eed9bac6f
SHA256203c372015149504997121ebf2ceb775beda55932a90b8f02e6c46a3824fdb51
SHA512a8e0599f290823877361e16e7d78d8e813db7f991c32b843014e918d42c173e54ce6575974548de9f0bfc31b324771516292e7ca25fef63cbd701bc80565f9ea
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5611caf6c8b33b7fc88f3164a61ef10df
SHA1d7f34ee3e58c7bc22646b15d0a489b91c940c865
SHA256869f2a113c69cc568cc969359f57994e85f2c590ad930bdae701982aec90149b
SHA512f99a64b600afcfbd3ac5f9a45f7f54d3f70d911bc7eee13d8a23f333104a5b2d147a5253e0fe34d1cdad4b11b2cf5335f73ab9724ca696532035f4674815eabf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55a1e8ff1ab5e2260b81a2c715832ade2
SHA1cff584ea02d966b245d36e668f82b943e18c852a
SHA256ffc4dd586a309fb933de5305ff91dcce5e0835d2eb493f177f0efb741d326fd2
SHA512849768b60601a1ee5e738567d2c14f2460764501a4ec03259d7ed9d9d461ac7db90c4726e18487316e156f4969b4e7dd08361569f3b93cc62656edfb4c8dbf52
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52ea7b5763167e5979eee0fce3f3957c7
SHA11901c373215dcc3b777b50e88adbe41a1a1dd359
SHA25600a1ce11ae734acdce8ed2a4b19efa9d50e83ba96f4ede9616aeabe87331bc46
SHA512bf9fa41668d3f1c2dcc484e1d5363b392af61478f19b444e73f9b4b8e308b80963ca14e23f4ed3650b208f21db335e1f90b36b2a82cbbf28e09b9c3b563cf441
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD564fdc6bd3cdc57b4a5de6cc340e71a2a
SHA162617bed106c832486e8dbbbcebf5eeac7a13a4f
SHA25612e3f559e5608956eccab6e38392ab1ab1961529d116cf892fc018d92d0e8d00
SHA512503b9b5a62a27b0bd967cb5ba069b83052872cd3b6d6fb8ac157c9239a69860645a214c4f100f86f4976df4d41970c407bd8417a993810d1a84869c1f1600e21
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55b7f8f945cfb186b62ee1e1bd19bfbf7
SHA13f0d63c4f46848ed7baaec2b8546461de83c6d8e
SHA2561baba4bf912e0e5dc7f6b9d99e9f3969a3f282f4c6052f14321457d22e3ee4b8
SHA51205a5f631d204e61cb8f4570d5edb69858c44ceadb1eeaf76dde1ef80149c14cb6aa1afa41d23d4d2b1bee51d9b898c664d66182555a1565ada12159e52a6332a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e2939c79ca9fe1318ba224ddc6ad6243
SHA1cda0ca616a21e29a2cb5803190f654602458c529
SHA256892c44233dbab440d17ff4effc5c89ddc0100f98d8cd21ea57d8aadd8710b7ac
SHA512d42f888162ba81f7f16d3e83d426c9ff34912a9f5bc2bd353e293fc3d182f6fe46eb51e0e2ceaeac2ca8980fd6adea24fc60014811b51aa0fbfeff77d831ddb7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58ca8094da636af9103a409262cf2ee10
SHA1417e1fd044e481af768cf014567b49403f97bc2d
SHA256f145426f64fd6e13a98d9845998babd1ce3922ebe67cd3a00dd82df20eff39a5
SHA512a53794be12edfbabf8bc5b51ffb28c423e65ea33ea71ae2664b1001336c3aafe485ee574c28b66fce594ce2c0a3243b0878dad3101fbf3f4f1bee15a0c984fe0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52a16abd00470734d4f3b6ec0d540fcb2
SHA15dd92a2d722ceaf4d6fcdebff62e7eabb2b0804d
SHA2561d743d6e9f642aafb88dabc4fdc88a0f408e66b3cc9b0c29fbb3f128b299c16d
SHA512cd99bc0353ab7283ee236f9c94e5e617c7c8c39434420c051f208045f91535851768039bd4c96ef1338b87a0fd3b478bd3b7489bbb6096f813deb257398b18e6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b5fe58727b575d8dd51d581ad3f3e6f8
SHA1103b12c9dfb0c908759755387fa3b6fa4c201d46
SHA256a2ae086551416676f1013194dde4e916abe2ca479c3dd9ade6004ff60018792e
SHA512669dae3b9d8e8d97f0bc4a45969cdf09cdf95a05135e433b40bf128cb8de68b857d67ab66a3631747690fe99c77e6f3af4b321a85c989a8f5a7b0cbac3fa62e6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ec67032ea0c3e13c52030c0f49ad11f8
SHA1d5867914d65139927819f57cb969bcf47f39ca7d
SHA2563ae4a48f50a29a56e77fa897826b96b8d1ac4067d83bee43e248d4ba5554b680
SHA51236e0b2f190493fe3b1087eea0c4e27c6fcf43ff2c629f4c22bcce3b46e2903564a74230f5d571064a0c544bb7636b6e2e67c67d565cb114ec258ab4b7dfb3022
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50935e60d53e6622012dd9d9c64b7f19b
SHA16656bb63623e29dd59d5885542e9422bb04c3832
SHA256d6974e77fcf6ce01f4bc437d510e055cc19d7d43e8b349885643b6d7018dc012
SHA5121c2b9f4bb410c9b3acf719995985895765e5d974f7a260650334c85caf5b3adc78de39440896b7e263f344ac00600b7144fd76039b50171e1061af2a1916e96d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ac0b9e2fe954b323502b7054eb72d06e
SHA10165f97db515d56c63f3ab6d7ab5945da83c547c
SHA256540716cb9473977010f9b5fe867db222183d118dc1bc8228b905f6030b049c0b
SHA5120b21df0c38344c186020f2e2ac5107c9af0f5317acd497cc0a2cce60e9064cb29dba625fd7666069bd97e310200ef6e61c2427b69f1ff2e6aebe65eb62318325
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b