Resubmissions

10-11-2024 17:20

241110-vwe3wavjhk 10

Analysis

  • max time kernel
    67s
  • max time network
    74s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10-11-2024 17:20

General

  • Target

    locales/resources/Data/Managed/UnityEngine.ParticleSystemModule.xml

  • Size

    173KB

  • MD5

    9100eb8da440cdc147d3be9277f8ed87

  • SHA1

    9108c96467b86728370e269bd24f94019ef64636

  • SHA256

    34ed8ef5808dc627117d8aaa5f87a3080e0076704147816cb996d414d83e0802

  • SHA512

    c322f2f31a3b66b288471b1c8bc5fe29537cdd1641f9a527af5bff0f420bc30b45512c870eb79acf4e9c942f5bedb5d47637bbb9d30ca745fbbc2d4173248bab

  • SSDEEP

    1536:4EuVvVn/v/zgvgxNJlEAudPFlvV18eUI5MQT28GuNHpu6PNVvN:47V/X3NPEfdPFlvV18eUI5MQPPNVV

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\locales\resources\Data\Managed\UnityEngine.ParticleSystemModule.xml"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1552
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2916
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2960
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2960 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1000

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    35be63b3a38010264f6dae6fad87c64d

    SHA1

    fdfc87397c4fd613e6f00616210cb8bb9f9c65d8

    SHA256

    a9746c937e6b91b569c7e70b056567096baacd2c5836b9fdbc25538fcaaed3c8

    SHA512

    19392cd61add82c5e8fd15a18fa942e7fc633137e9a9e518ac965792cd0017dc0c0b8b4f8e3343e734f3e95e0fbdca6c107c053dfec0e7e73479485900519859

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b086854cee7f472424d937826073e020

    SHA1

    568ae9e677778c42b2be8f097f7bbd9106dcaee5

    SHA256

    df75efca3b9e6d94c3d005472476ccdcae42679356d3ffbeda308c00c1fadb16

    SHA512

    1d86c9bab798d0a7fa1cd6384edd1dd81f61e6591bab1f287c8d99b01155342eef520e96c28df273e1efc3c398ad72b1c59914fc7a50fe49a8579523c148283f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8d2fd710f7650f2b593737e8618ab506

    SHA1

    fe0e1ffd84c16d735f8f906c09ae819cce980405

    SHA256

    3d0c42e0f459d38c56be22ce1ce470aac5ff307e8c78b293a795e593829e024d

    SHA512

    1e07c2716604096386a6a1cee904cc2c72a25957aec74905d1baa6a713e0b7d59a366e61e05dc86ac77a05b5cf585d18c4b111738093c3e8da5d9a6ed10a7077

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e93ee6c11eac9cc7e7e5cc88860426fe

    SHA1

    f2b7fbf3fc0a47d740e6f298b26a226fd7e8d515

    SHA256

    77f0c7f30670b08d0d39a0eb2af79de258d5a1c8581842f381492a686b61f0ab

    SHA512

    b197ac1ec828e5f426f75b52c59addadd3635c937c0179cc6839551123461cd4341bf7cae5b5daf595625936d8b8ce33f5041eee05761348b9370b6f87e161a0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5b80f3268048ef3b0f6563dfb1394f26

    SHA1

    13bae76c33d6100dfd2429a98a49e553fd7fe931

    SHA256

    711d7965595e18ac230e94866b1d73a03ac5258433e5fbbafea9d2f7b6d10836

    SHA512

    cfcc4a5043861573fe44cd43005affc7fa57ace76b7e22856fce3effc4304bea0a730d611e11817372ecb70d68c6a13d208b33baa43dc81e11d38e9cecc7b375

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    16f4dfc0099ed99933f96fd28d191cff

    SHA1

    52648ec6b2f64738b1a93bb7b8d42805de51c0c7

    SHA256

    d6011cb2f93f467da1dbba935dca693dd1f6f176237a946d09248dcc22a7bfa6

    SHA512

    c7f66714632b87685374be27f09d7034f361a4c8da30f1553aaaf607a90c95f6a673f7f9a74ff2123fc70eb7b6c99c0467686d73136f39af86e643e8c2e6181c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    29dfd0f8e464d47af02dbb0251847d83

    SHA1

    2753f84216a0bfcbeadb50ba2edeeccac3af5543

    SHA256

    30a58a5f9fe3b87fa5b0028f14be0ad5534c8a4c156c1e742af25078cf190414

    SHA512

    7afb0365ededba85bf299cadccb0bbbd8f17badb46ec1d2698f3229da7399a9803c3979316787d69e4c3aeaa135365486900e65b5afe922d1e106213359cfe4e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    12ecf8cba8c6c0dbbc73d22443ba9732

    SHA1

    72012cb32f2b4e276b70fd5022ffaa20ba06bcd2

    SHA256

    a21458cda4de18deb95b5ab0e82d0bda4bfc33530521e64063fcc0fa5c60b093

    SHA512

    52f402690805ae78c99f6197f578c83cb5f03439aeab150f22aa1385571fd0d90c510ca0ef4184a8d99266677e1b31650fbf62cb1c23d6a5df641e1f2a11dc71

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ee614c29af997b034dbee56c5de461c5

    SHA1

    b73e50bd0d109df60f379e5ec561956a8ca20fe6

    SHA256

    1350f1fe00d5938903f0046d3f339929d03a9bd5f391ebfa99f0f68ddc99f646

    SHA512

    3d8067f72d403303282052ea1cdc8d0861b7accd9c43a2ce14ecaa1b3821b146e9c35681b0cbba2c0e812b1bf81a55b66d93ec6a173fb19eb1c413dce86f59d8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2516595644f911dc1df0f640f1cda221

    SHA1

    3376a86449d57f68ea8bcf6c77f558a258cb96d2

    SHA256

    63fb49b81a5e211bf1a8f2272e88d4829f62a4c1452a671089ae673592997c90

    SHA512

    f6875d1d6e8a3c4648ba36f829f782e7a35ca6219866d1ff692c6dea348069f2c3bd0c4183818d1b23ff31c73f2431c2d1449a390922f22d94b70ddc77978c64

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    37720c3e404c4552a31596e2df7d6ec4

    SHA1

    e7cd7328618ed1a55358450e7b5adf951398634b

    SHA256

    97a1ce45c64dc0d8df27e3db0daecd6ac59b4f4343955524470fac52886c5cc0

    SHA512

    71895521ba08f04ef320437877e5b5e0b5cc687bf38a4355396f1a6150f8b52388639da93ff900a350e1f53eb6785d82bf765c751e1414367ac96915be6e992a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7bc5956975e6647886b918b053ae87e7

    SHA1

    aa0fb92726b80278ace5831dadcf2b286fed33d7

    SHA256

    05455939cd6eff20fbce6fc89055741c1c56ce913a575438ff410ed355dd01fc

    SHA512

    eb8fada76935444d07d9b6e792e60abb0832886c3b261966e2fa4a329ae3398b32fb9e2d96495996dfe6dd6f095497093683ca2e5ddd1028626890a426e92460

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a2c92020518a664e9cdab10d1a00631c

    SHA1

    7166c8647f2c37ffa5cf5a4fa4ee364f48ac4008

    SHA256

    5446609d3b96f9e11fbc5f1b41f49ef466093b677d7492b74334335dd7eb3b47

    SHA512

    8f6e83fa36744a537644ece7b0ea89389715f249975fa4e39bc7b86586d87eca4170d516f0c000705760055dd58d070431e60b1db547c198e579c7efc46e6009

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ec326ba06396ba078608c8f397092553

    SHA1

    9d279051cbaca86701fbc71c78c12c1e98cdeb5b

    SHA256

    3cf02672648d6b34ebb5a2561a8b2cd5964da94b1a22232fa10f5fc248c7216d

    SHA512

    56b7458fff32249840a1bee82fea946fffb739c6bd55f7ef9b827a25be52d524cf6ec48f7b2c3d777315fc26af0c04ed6f4ede5a52fcd4f985b147f3f608ca9a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8678c06a9cc950b135fea7ef3a580c7b

    SHA1

    07de465a4722dc7f5badda5cb2c18bd72b5e989d

    SHA256

    d5c4b521abc02ca154d4ca59306f4c6c8604fb7fa856e15d188293cba929e119

    SHA512

    be9b707188cba7feaaa9730d1cac264d31fca82dcd3f93fc0d783270c5ad368ca0478a27ac7f6087bfcacd70bad1c0ae3d0fbac2d5dd0f4925118fb63e2b67b0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a15bf28567659aba365f9cad1c6210d9

    SHA1

    48bed6070c32d15534246307c4af8095c05ea7d1

    SHA256

    2bcb8f55f8d8aa8f5ac02c9124b15c274d6dae20b7964902a8207849c0d7174c

    SHA512

    6f3ae8de10cf0d53fc65b633f210aefaf2516bfc8b6e60b3e926eb8cf9b408da296fabf81d03eb9a4d471a2f611fbee4d2701b2e2a0ce8e9b39f276495988bd1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    45e51765fb4e1a09df4e3c76ca948226

    SHA1

    4d09208d482f264daf47777fc7de97565e3797d8

    SHA256

    62af5138019955993c98a6f36e16e80d0fca0d317d0609d8ce5309b9f9d6bafd

    SHA512

    9b88839daddcf55cb8e446c3cacf45c6826dce0f3c998abe638e01b918a53bd859ae7309b667a42625a71be78110e937b13e74378a4076c9647ff3c6a0efd32e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3d4e5c04b0dfdbf600c681728e9a4574

    SHA1

    78847d8911cda51f3af2b1422b6567b177b00296

    SHA256

    a01a14d6c3da9625f00644bda0d6ba41c049b89a4fb8c4cf1c6fe4125deded37

    SHA512

    9061ff0a57a569f7846bba9f3d702e7046bcc97a78515b5c4a6f8165cc8ff3aec380faff255d7c0d5c9ec1f14d470e35aeeeb1fb0542b3eb3e63c33498357d64

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    98d6016e955c79d709d979fafb36c3bc

    SHA1

    65f0ab374ca00c35c2669b937cfcf252dd11c618

    SHA256

    d73d68d196ec4425e4396415dbc05e583c1181c627c835a3fed4219382f9e4b1

    SHA512

    4f21dca92e05c9ad90e1be0dab024e6c9e53c04e4f80c2847558eed1928b90c35b48918c5f971b2cee7b2f1836e80c8395fc379165aaea8d0e31d3b6c85e232a

  • C:\Users\Admin\AppData\Local\Temp\CabAAD.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarB1E.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b