Analysis

  • max time kernel
    96s
  • max time network
    96s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10-11-2024 01:37

General

  • Target

    64201c83b97931998791326eb9493f9afc6ee1b5328324f10ad114b6374147ebN.exe

  • Size

    140KB

  • MD5

    4ecfa148f907f35b7f8b7510f096a1a0

  • SHA1

    3d61134872ed38690e94f770651ba30cbb45ce46

  • SHA256

    64201c83b97931998791326eb9493f9afc6ee1b5328324f10ad114b6374147eb

  • SHA512

    e0411004e65e31b3016e0e211ff7bfd540c14db8d1d9e98d368cef4b55d4438e22f1c7150ed30725f285f9c76997f838100554f81ab6fd181430a3c7535c9da9

  • SSDEEP

    3072:x93AINgWkrALbifBnwL5Ph/mw406S8bRgJd3Zn:x93XNDkrALbifBnwL5PhOw49SPJd3l

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\64201c83b97931998791326eb9493f9afc6ee1b5328324f10ad114b6374147ebN.exe
    "C:\Users\Admin\AppData\Local\Temp\64201c83b97931998791326eb9493f9afc6ee1b5328324f10ad114b6374147ebN.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    PID:2648
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2696
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2696 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2672

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    adb713952da87917243ddcd73140d105

    SHA1

    fadfc9012d910dec89260698c1224d77b3c808e7

    SHA256

    fd711684d4f7474298ba7e7668036f3040763f9cfd5558335f96a6bde09f0fd4

    SHA512

    373664fb999b3fef27d804b9ff68be4c1280f6c03041f8bb9a95f65b28731b0614a91be3e189e8633fce058a70b91c921cbb6533c43a7bb838951d4c7262cdd7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6e51b6a2a8e14c7c05e7511f998fb645

    SHA1

    f0036691940be0957504fa39173837f5406e21f6

    SHA256

    034018c0bcd093bf1d7d3c9914b0908958edef5e5b91c3667ede207ea9acf45f

    SHA512

    889dfede8039ff51ca9a664089a57c4027423d009f89785ed15a2e8f913e1c029b52e4801ded17b4984a5c910e7c687343661dab5de9f5ecddf9c442b0df9aec

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f601c80686c17fb852ca0677c42b8929

    SHA1

    9813eae9c72c0af54c5615f2665a38dc58468ee6

    SHA256

    7806e2f621bbeda5cfde8b957c6cd9b8515d4a5694ecbee899fa8e4235425186

    SHA512

    4fd101fa7145f44737b173e07ac8094a0079bb3f4086211a58ffb817af54f8b08b90a03c5de6e57648d7532196662c4bc5da27de472c6d497b668c500c9c34a0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    01ee153ed2dbb1c70d3f9a3dc5a7c609

    SHA1

    29ff30b45e536ad52991a44a07b1e89846f10eb3

    SHA256

    24435c9c000b763019755123d654a3c3a9b172fa2248a654d0a68a1181234f58

    SHA512

    796d9b28bce112e997e20f18ae728f4906e28eeeec21849ff77cd4abb136690fb1cc0ab39653850dfaeade0faa0e53eddf17a674e835a4fbb52fbdc0507b4b1d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ce2b1e4479124dbb62c5e2b8906aa0d4

    SHA1

    8235ec39345e02a5bad24cacae95ff27cca518ea

    SHA256

    f103662bbd30f709c3d0701e0910a639457b6e78e8c7528b90352074922067c9

    SHA512

    c5a13c7b2e8d55547d8353713e41a7a1ef9a335b82fe571187be55ff125b54b626150ebe45c5e8c954571f087c36d7082cde817edaa637e7f5e0708e7dcb5864

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    644c930db6d910bd4ca827bd6450bfc3

    SHA1

    e3250d0efa29f56220ab607645a91ffd65d43d4b

    SHA256

    0a38a0616feba3b6362d484ccc8477e3c8a984af4553779a2776b517c5b595e8

    SHA512

    ff3cfbfbc6e79319f08d509844dee93c7d9fc72ffd0cafeec948e0861e69cb4d757ea0415464756bd91a5a1e8240ac265666d65a6c371a1e358ded4b608209f3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6d02b230c61834f28db54616143407ce

    SHA1

    f67558e362d2e0d67ab1a29f29eff45eed9bac6f

    SHA256

    203c372015149504997121ebf2ceb775beda55932a90b8f02e6c46a3824fdb51

    SHA512

    a8e0599f290823877361e16e7d78d8e813db7f991c32b843014e918d42c173e54ce6575974548de9f0bfc31b324771516292e7ca25fef63cbd701bc80565f9ea

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    611caf6c8b33b7fc88f3164a61ef10df

    SHA1

    d7f34ee3e58c7bc22646b15d0a489b91c940c865

    SHA256

    869f2a113c69cc568cc969359f57994e85f2c590ad930bdae701982aec90149b

    SHA512

    f99a64b600afcfbd3ac5f9a45f7f54d3f70d911bc7eee13d8a23f333104a5b2d147a5253e0fe34d1cdad4b11b2cf5335f73ab9724ca696532035f4674815eabf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5a1e8ff1ab5e2260b81a2c715832ade2

    SHA1

    cff584ea02d966b245d36e668f82b943e18c852a

    SHA256

    ffc4dd586a309fb933de5305ff91dcce5e0835d2eb493f177f0efb741d326fd2

    SHA512

    849768b60601a1ee5e738567d2c14f2460764501a4ec03259d7ed9d9d461ac7db90c4726e18487316e156f4969b4e7dd08361569f3b93cc62656edfb4c8dbf52

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2ea7b5763167e5979eee0fce3f3957c7

    SHA1

    1901c373215dcc3b777b50e88adbe41a1a1dd359

    SHA256

    00a1ce11ae734acdce8ed2a4b19efa9d50e83ba96f4ede9616aeabe87331bc46

    SHA512

    bf9fa41668d3f1c2dcc484e1d5363b392af61478f19b444e73f9b4b8e308b80963ca14e23f4ed3650b208f21db335e1f90b36b2a82cbbf28e09b9c3b563cf441

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    64fdc6bd3cdc57b4a5de6cc340e71a2a

    SHA1

    62617bed106c832486e8dbbbcebf5eeac7a13a4f

    SHA256

    12e3f559e5608956eccab6e38392ab1ab1961529d116cf892fc018d92d0e8d00

    SHA512

    503b9b5a62a27b0bd967cb5ba069b83052872cd3b6d6fb8ac157c9239a69860645a214c4f100f86f4976df4d41970c407bd8417a993810d1a84869c1f1600e21

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5b7f8f945cfb186b62ee1e1bd19bfbf7

    SHA1

    3f0d63c4f46848ed7baaec2b8546461de83c6d8e

    SHA256

    1baba4bf912e0e5dc7f6b9d99e9f3969a3f282f4c6052f14321457d22e3ee4b8

    SHA512

    05a5f631d204e61cb8f4570d5edb69858c44ceadb1eeaf76dde1ef80149c14cb6aa1afa41d23d4d2b1bee51d9b898c664d66182555a1565ada12159e52a6332a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e2939c79ca9fe1318ba224ddc6ad6243

    SHA1

    cda0ca616a21e29a2cb5803190f654602458c529

    SHA256

    892c44233dbab440d17ff4effc5c89ddc0100f98d8cd21ea57d8aadd8710b7ac

    SHA512

    d42f888162ba81f7f16d3e83d426c9ff34912a9f5bc2bd353e293fc3d182f6fe46eb51e0e2ceaeac2ca8980fd6adea24fc60014811b51aa0fbfeff77d831ddb7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8ca8094da636af9103a409262cf2ee10

    SHA1

    417e1fd044e481af768cf014567b49403f97bc2d

    SHA256

    f145426f64fd6e13a98d9845998babd1ce3922ebe67cd3a00dd82df20eff39a5

    SHA512

    a53794be12edfbabf8bc5b51ffb28c423e65ea33ea71ae2664b1001336c3aafe485ee574c28b66fce594ce2c0a3243b0878dad3101fbf3f4f1bee15a0c984fe0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2a16abd00470734d4f3b6ec0d540fcb2

    SHA1

    5dd92a2d722ceaf4d6fcdebff62e7eabb2b0804d

    SHA256

    1d743d6e9f642aafb88dabc4fdc88a0f408e66b3cc9b0c29fbb3f128b299c16d

    SHA512

    cd99bc0353ab7283ee236f9c94e5e617c7c8c39434420c051f208045f91535851768039bd4c96ef1338b87a0fd3b478bd3b7489bbb6096f813deb257398b18e6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b5fe58727b575d8dd51d581ad3f3e6f8

    SHA1

    103b12c9dfb0c908759755387fa3b6fa4c201d46

    SHA256

    a2ae086551416676f1013194dde4e916abe2ca479c3dd9ade6004ff60018792e

    SHA512

    669dae3b9d8e8d97f0bc4a45969cdf09cdf95a05135e433b40bf128cb8de68b857d67ab66a3631747690fe99c77e6f3af4b321a85c989a8f5a7b0cbac3fa62e6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ec67032ea0c3e13c52030c0f49ad11f8

    SHA1

    d5867914d65139927819f57cb969bcf47f39ca7d

    SHA256

    3ae4a48f50a29a56e77fa897826b96b8d1ac4067d83bee43e248d4ba5554b680

    SHA512

    36e0b2f190493fe3b1087eea0c4e27c6fcf43ff2c629f4c22bcce3b46e2903564a74230f5d571064a0c544bb7636b6e2e67c67d565cb114ec258ab4b7dfb3022

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0935e60d53e6622012dd9d9c64b7f19b

    SHA1

    6656bb63623e29dd59d5885542e9422bb04c3832

    SHA256

    d6974e77fcf6ce01f4bc437d510e055cc19d7d43e8b349885643b6d7018dc012

    SHA512

    1c2b9f4bb410c9b3acf719995985895765e5d974f7a260650334c85caf5b3adc78de39440896b7e263f344ac00600b7144fd76039b50171e1061af2a1916e96d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ac0b9e2fe954b323502b7054eb72d06e

    SHA1

    0165f97db515d56c63f3ab6d7ab5945da83c547c

    SHA256

    540716cb9473977010f9b5fe867db222183d118dc1bc8228b905f6030b049c0b

    SHA512

    0b21df0c38344c186020f2e2ac5107c9af0f5317acd497cc0a2cce60e9064cb29dba625fd7666069bd97e310200ef6e61c2427b69f1ff2e6aebe65eb62318325

  • C:\Users\Admin\AppData\Local\Temp\Cab734F.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar73A1.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b