Resubmissions

10-11-2024 17:20

241110-vwe3wavjhk 10

Analysis

  • max time kernel
    121s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    10-11-2024 17:20

General

  • Target

    locales/resources/Data/Managed/UnityEngine.Physics2DModule.xml

  • Size

    151KB

  • MD5

    7285a9d1e53f8f8cf70ae51cf4350700

  • SHA1

    2768a50dcf0461b8f109287ed084710c6ccd1561

  • SHA256

    81a0af92bd53a273455364dcda76c515ed3c517b320fcd5f06b03424f5ac0cbc

  • SHA512

    1dbc3f5ee0053afce9a0260235d4d50d341a44d44be744aa869aa317316d1d12b79179bd7a48e40e34e52f099663242443f7344712eefe03f65e019bf24d5ee7

  • SSDEEP

    768:+vz1Y/3k8bH93NWDLLPMQBjYsRbpHujHNwiDTSTd63CLlKjg2wtFwxMft1g3Ho99:Ke5gffegT7

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\locales\resources\Data\Managed\UnityEngine.Physics2DModule.xml"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1488
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:484
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2300
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2300 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:768

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6ca27dbeac46808fab63ca7329f20c5b

    SHA1

    910b310ac18160594f935267c6230d2f7a3f0aa9

    SHA256

    f726677b809e56c7755fae3380798fc19806d97a95264d12172a8f159c77aa20

    SHA512

    d321b7f38eca45baa63f001bb5f4664bd6741b185475d8282dceb81129bb7a8fb5a76fee1d023e74f830b11aabd460fb6a004b9f7fca29eb82f21c721159f5c8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f6f437ab675305ba82d3e30b7b5ffd00

    SHA1

    f5f36cc56931d3ced1c4170ddf6325c6edf95d31

    SHA256

    01bc2dda4d19e49cc5cdddd34b1c2ff3d3dfb1794cf03ea9d74b523034b524e9

    SHA512

    96daff88fe34411c9e4d34ce4653bd041286eadf3a6b7f4e8b97ee9c7ee9461d88514b250ddd9d958d04a6a64a3897d213c3a9befbe7bff3e1d6a9c30d63f2b7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    30ed673e4fbda3493b05ee9cdfa0147a

    SHA1

    40b278feaf7e88635d4f034e58bf3c45917ac90c

    SHA256

    8301d9bd7605a96e791a19b38e17f9bd6afcd4944a1a7bc8554863b01dd4b454

    SHA512

    64e062b729f545e433d75755ef2b4fc2c7932c70db41469861311f61436f97024f5ccf4984777edf95c6d93241b7b6182fd593bfaad8282bb161618b00a04e5e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    609648603cf0091da2b12f873f92141f

    SHA1

    eb41556d82b8520e2c2fd2177a82da006e9101b0

    SHA256

    f0ee16d10852615078594da8cfe6b101caa77bec76937de2c43b25cddcc38e16

    SHA512

    dc178210f102882f9f44c18193e774ca966ad250e436b74395fb83ddb00695b4eab311a232d89c97b733c9d74ce067d7a8fe63a78067de8510efc8f2438b1740

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    429a0a338a0c7df6f6daaf8e4af50461

    SHA1

    2391222e0d162d7b0287dd6144d8fb291c36f68e

    SHA256

    25fa2430cef749ebd867519dc7cf5301395167b08837fefec3bdecbbd988815c

    SHA512

    a6404df0904784fbdc4540440e9925c29f143b64d5a7284fa2426a00c1197987e68584c8f255e990065b70d02b86cef4c3f07e0e183b758dbe2b75f1d329cfa9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0fe141948887c13caeac1464a6a1d3c1

    SHA1

    0e59d232c0f9bcc161cc62e1fd7d3097c843ce1b

    SHA256

    78413869294a86224dbfe60f00124b4a2e21b2fcccc5a94c680654e3835b7d90

    SHA512

    522be63306258137aab7995233407b0f8fb5a2aa4a8eae013add091d2a4ee318772006148fba38d4d97fe610a4328435322d77bdf0ea5166709bdcab2c433d5a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5ff69f5e9f8ae92ed0abe230e9654dfe

    SHA1

    8d9b6f14000f3c3800a0355878c1af1b3cd51cf5

    SHA256

    7e1c9d6a684187d49ba075e556ba56d8c44fbe1179bf91e76c1d9aeb3de4c4c0

    SHA512

    23f9dbeb2b6fa96aa2dc990ce885be0bb98ba1012cd82ad17a6c63c6bd287fa94ce277737df9c79381f67422ac2dd8286fd73bda6bc12cd85479f4c53e438576

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    be75a9be166cc4781c78015ee96108ba

    SHA1

    d9c2b458fe7e61ad493c2a204754118b35fd9b39

    SHA256

    718a8de78ce42900affd7556fb5b6cb85fb108dd77c4c14f5bcd6dc040333694

    SHA512

    c1c7b45590e7e8e3c08a8dc6f267d5adeb3aaf552c829c55a96d5f72e785ae94497e7939b64bfc87ae853be8d653c76fd4c97d38f9dbef3da49d4fdf33dc4504

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f356412193e1b28560764f3a2ef21de5

    SHA1

    e38e7dced8a302240e3f058640acbce699ab1147

    SHA256

    2626ec93e4a3c691012241c9183df01f949bc54e558437995bb5deb8f3657433

    SHA512

    5fa9a616a36b27217994bb933944ea790d1a5cc31d97f4d2a2df779052b451f8d1a5845bc7946409b827aed954a7149c9603c8c337b1d41ff6fdcdde7c7c8d35

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    be73a16d61998dd815af0163a5b1c306

    SHA1

    7eac0745395099600e9cfeb5d99955f35fe68960

    SHA256

    6dfedb9a3b0873d96a0aed32e042ac5a18579df216220df39bfbf50f0852ed5d

    SHA512

    947ecdadc61aba3423ed578014bfd7313b09ea8c182bb88395c47f95c3207a997f2ecc374149add2776ffd4895720a3618f6de1dba349365a5c321db0c2f36b9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d89cd8385b700c811162e6be825dd144

    SHA1

    4f08ccacdcafec374fb62a088c32b1ee7dda10eb

    SHA256

    7aa7dee39703eda2fdd328e9446354de1242ee5982c5de57bcc55e727300398f

    SHA512

    b10a3db7b186d58f7e1ba754f56a4fac900ca2068724ff5dd638e95f9128fb3ad21811e273721acd4e62131f6e7fdcbb068574301da09bb212156a08853bef3c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7b0ecd1f47cc65b6e1ceeaeb33cf0c14

    SHA1

    4855e03c32a8d122ed98c860777e70a717d17ca5

    SHA256

    d366eec71060871afe684551fc1da6205fe855c1d3962e45ba545b47013450a7

    SHA512

    ff36e09b392a61710e92dd108ac43bd1c23d88b5263f310ec904d5835182cc621ee79583d624a8735d3d1e6d321afdddacad7874cb355d63dea0bcd187bc2242

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3a84ec7aa9d1ca036dbb30b6bea7cb43

    SHA1

    c3921e4f984ec5255e65ac060f6df5201eb1be0f

    SHA256

    cf7818fbaf7a20935e3679c77d841665a5a9830fd08f1724ac309d292c3b3c98

    SHA512

    9675cf2567ca63262f23ba74b9a6359866c914913e47df7f210cf87e5eb09ca2c582f582f6380344c47ea2deff281c7485ac11f9d1f7d5744dff0947199fffc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    24ef75a193aca501bd6729a76fa38fc4

    SHA1

    fb91755861878b7fb815836e7d29969e51e2ff48

    SHA256

    4ffb9144dd7e70f65a012a84f33b76e5006e034ff9cb92db9c23e32cc6d72675

    SHA512

    1f9bb34d0e52b54518d30dc6ffc0db3cbfa9ac5f6506bb8e9db7ab806bb37f17d459e08199f694a9e6be10e5ab732d6a943a7acfc31b36d898fbe39f7b2d6dc8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8f37a1d240dc2088e852925dec6e1bf2

    SHA1

    b3e910f07a84002f56e14da3ba7e4b9655376b11

    SHA256

    4a01072d6e888a9e5de7b94ba337088e7cb69839423d2079814081a7c56b3f83

    SHA512

    1a1ce739520703ee34188baa66be60b462315a0a1962ec667aa9da234d01376be8b505eeed3bb1621cecefdc1e1c7ced27fbd9a7993765fdc5ff1ddf3214fa4a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a45381632c8a02dee09c3d2ddbc45121

    SHA1

    fc4438b5342b44e9176af77cdff948616a760b6c

    SHA256

    a3a6b59ec202124f901520107754f1abbfe42dc4180b4f4150a78c75bbc618d5

    SHA512

    c291d3319e367187d1b215391e28b7896c1044c9e3a33eda0111287ee969df60ecf7ce65c4647c524309e6e3478ef81282ffc68d5d8436f8f56bde3387ec46ca

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ce28c645f51b4ee465258548f5d69bc9

    SHA1

    10577773250cdf48682ee837cf67f30c037e2e34

    SHA256

    df70eb035043c0e30cad5b7a3ce3bf775c35a0c0c4827f62932a6788217f7ee9

    SHA512

    090a8ccac8f4144349d98251b5a4aeff7ce57a66f1f7606f2a10edf8a14d1f0c725bdb7427730f19766bef931be5af7dce5abfc7a1d028749e58d2765bc1f51e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b062317c4601f156ac2a6010dc3f6e59

    SHA1

    fd173f34b732a21bcccaf1c28835bd29c9760575

    SHA256

    77b0f3b71d36a7aeb15c90e17bf0e361c5639afd0c6fbecbd1ce1c95482ae495

    SHA512

    0d94d72f6521561eb1daa14482f3624ac766d64e1ce1dfbd6f93d667b9129e93a852c98218d6ced8bdacf1cd76e5b3b376c2d8b3b00e66eef5245e74d7ca8001

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    46f403ab5d87dd25369093bacb25d88b

    SHA1

    dd6f0c9893e2ab1014e8c853cfbcd9a7f212cd35

    SHA256

    67108576c123e9b7e01c01e17130aebcd3004ade7224d60a877a89ea488817ff

    SHA512

    280e33b041ed1177a06332e17ccc8eca18e47512de31203875ca2552082472ceb0f40c0cea71b43cbc884fa061facd3b80a36c6b80bcfa5c7bb13367d28bdae7

  • C:\Users\Admin\AppData\Local\Temp\CabA8D.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarB30.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b