Resubmissions

10-11-2024 17:20

241110-vwe3wavjhk 10

Analysis

  • max time kernel
    134s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10-11-2024 17:20

General

  • Target

    locales/resources/Data/Managed/UnityEngine.ProfilerModule.xml

  • Size

    171B

  • MD5

    bc29793eb57e5197b4d6f26bb5b72133

  • SHA1

    f9405dc331b171093e16bf036bbb4388160caec2

  • SHA256

    6295613152162d2f7afee51591c682f5bc539006d4f21ad8ef10654c90c24900

  • SHA512

    057f04a5b41bbbf7af8fd093c0399f75ba109c4d8deb34f6fc021ab50b236df6b6b13b3fda4ec390055fb35ff6f29b92c22741436e425eeb7c9f577141f642b7

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\locales\resources\Data\Managed\UnityEngine.ProfilerModule.xml"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2196
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2656
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2828
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2828 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2652

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    376e090153d5d6ad5aea2635fbbbf7db

    SHA1

    578e8134a34be90c6062a4000d85945b019dd65b

    SHA256

    a4b6c942ee6e66302bbe50a88ebd523219b0ab490a9102ef3b742c58e5590d57

    SHA512

    33b7b62e9e26c33e57f2a4a845da41ea44ea9bfdce23e173c1817ec654e32642099882157fe14ab91b2bccf15484effa043c99034f2c86cb94f4bdd743868d0f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    83563cb82e0ab78eeaad0e2e206adb2c

    SHA1

    d3b9dff4ddc3647ed896e8ee28cfbdaddc627e86

    SHA256

    c6659828538befbf5f35ee69b9428c0e3dce64cf44dd0e4b8fdc0c7e982e9b9d

    SHA512

    88d4f18f3069a383172c68a9fa992c3cb942667e8ef39dd1ef2f3b956b7d5acbf407c3246c05aaf30f4e3b04d7cabc1c0e96294c22e0343310b8dc011176f80f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6c76be9e503f56b581c6e447d64679a0

    SHA1

    9f49f2ddaf8845c5ca0ffc2c3cd07ad92a3efc8f

    SHA256

    632ea8fbeb0350a1175d7bc7f62a10117d7f50a1355023ff5dc6840d12be7919

    SHA512

    837ffd6fb68b49ddfd7da6de3313ceeb634b69bf56b30f030063ffcfa935e362a6f8b96f84413f4b55037ef6311b4b5f5967df629b20420356604edabc23ae73

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d2e158034faca213d43003f78691efca

    SHA1

    b7844afe9f0fb715b30e6ed11410047cb33a7e07

    SHA256

    ac19b28742495595bb5acb5646e325bd3508c5bb50e22d11c341804f36a18656

    SHA512

    76e4963b4057191eaaf78002e01e4e215c10c91af37d9ba0689e3e03c529381361a7bb906a6e2accf8e0bea7867f06680da84cdcbe976dfa2a6f8ecfef219dff

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9c29d188121272edb076ee996e41ba1e

    SHA1

    623906e10df57ddb48051104384fd166a3c5f828

    SHA256

    defc16bd532aa1568feafdf8109c9bb515933dbdab6e277982c16274a8a54a2c

    SHA512

    3ef137774edc5306dbb061db48a1f1644e72169feb633e17e92dfd50441935c044a47de491c2f599e1fb3f97e52ea863a96e65a202e2a8241d5a80c8607af5a7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a752789ab1a744978b442f83043eaac6

    SHA1

    021500efe5936fae29eac562b808826b510b8f21

    SHA256

    57b1191f7262c27c2f9d0f054f6b115546d071326832e61d00bdc1cccab66e31

    SHA512

    7056f4f9f9b8c06d3385e6cf1a95b661969ab518edea52111e5f62fa7a4e945e07e620e913a3e5888cf7580655aff12ac9302237d6685f62badf3a6dcb72117a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b56fbab89761f0d06ccfbc2b37fba297

    SHA1

    cc132c1424d965ddf7f62a46115fa81393a4e036

    SHA256

    92dff2149ad4d673bae9289df84b4829075905c29cff44d67251b94f223bfcde

    SHA512

    d2850affd95ce29194c1e03d12d48c4b60ad831fa205b4a03b5d959c2cb5a31d83cf78f4a488821baa9122534396142df94c3318605f6244f66eeb5116c530b7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cea69c82ce1c9bf901d317602dbf0767

    SHA1

    bcf3209c34e94d76740d76d49901a0f0c003fd41

    SHA256

    ff58de318b70ef3b057c087b55eef5e5c6229011a541bf26a38d787d6c70a7cd

    SHA512

    e2ac8314f7bd006c6ba88ecc80d3b9a145c1d155b6fd202f53789f1eb278701d35e50c7e8363e0c892ec782dbf7981818e6074c5ab005cbfa628c19a388ae3ff

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    82c881252804e11ee6b5836cee562a09

    SHA1

    cf2b9f8c77561fd70a2b39f0f3031af53f270b7c

    SHA256

    bbc9a18014bcd3727c4a15ed3f8b564a0a36156b50ce6fcca347fec34bb23844

    SHA512

    0594ee951fe6ba14d13f19aa90e34d6ecd9034f0e86ac8a2c574a5b13c21d699ac228362707d0b66c049b01757617f8bfe426cd94136f3d0ed649700692dc1f9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5c0d106e68a6e67dcf907dad029e3053

    SHA1

    facec3a200742cd1ac83c54ea6e1b138e0564852

    SHA256

    4ddfea6800d95b1e543bbf556934f54bc9ffc800b3116a0154d6a32728d5eb1f

    SHA512

    b4b1cc0c1c1d8058d301f07092abdab0899c147586c4e1fcc7cf7918380e40637b84371ad4eb3649d14d80017163f51890b8aec19a729962eda3412ba62479f9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    afa5dad994ed66189ff5ff217d859a58

    SHA1

    d51df4af2ce1067744b467d3df165173d195a1be

    SHA256

    ee628c381cc9e03bea2def7dfebe02e10e5e4c24f787a53293475b84a1dadfc5

    SHA512

    9c7e8c1a854f7cf7d07ecc3afcf14cebe39dfa66875748cd2120d4fef67f6c116e520fa5811544b29c26050c16fef2f1c1353b57edba58acde9413e3582eee61

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    78a81acedb7bf684cbb0ec419477a5a6

    SHA1

    147e3ab9303fc4138cc21b7508c706f8c7a1479e

    SHA256

    bc84febf0b6b2644e6b1cb6a6aaf87ad454e38084c40913cbee7c6cde8237939

    SHA512

    e117a11dc853dac11d46f9f266beb991d30b8a585fbdb181cf1bd19a4abecca16b7dfb0adb3cab99be064637b3d8ed7e98c2d4a56b95afdb59379ced6905df4d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dfbfb056d02bdade6aa027f0185b6ab9

    SHA1

    43601ad2e3dc1cebbf3b5fb682d081bbbb9647ca

    SHA256

    bc7e1514097f43d4b951f2139dab5fdd88582ae4bb51748e0037e2d026b80173

    SHA512

    f11a9770358aebe41680a155769de4ea792a7ee1e5ce9701d9e4e16e3372ba5e1543cdb4965c8c3c7778a2dfbb6fd56bdfa68b0cd923e5a1fc6f262d34938403

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dd248c4b21ba6f81bb4cac157d57782f

    SHA1

    da05c1685f4730261b7a560faa6517ac898d1b96

    SHA256

    8d493e7ed78472f9f3ba4f9565bd36843bc9d2795986d2eddc633cac421685ae

    SHA512

    ac3b0852e94f050c22a8a3b6fb816be986e853f92733d451784dc2ab443fb36a3aa71707db722ea0739494ae483e491aedbde506dc291bb371d3e361a5f50e49

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    686aafe7b584144f74eca1ddc4919606

    SHA1

    d5cb51ef4c405ab3f2697d797762da0f87879b2a

    SHA256

    6001e54b3e0ad634734abd00e2cbbbf5355ee41d059e2b0d4688ff8ad4ff5c7b

    SHA512

    5a335129551a8ed5d7056cfe38596e9ea9331752a3513e9a130161f19f14d3efadedaec3437e1c78c72e3d30d4d3611151ec0c2490685ad52167e449a921a6ce

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    292c9e80296049871c6d237f96e4fe68

    SHA1

    993545b34fc7c90546ccea0635b6724b29f7c2e7

    SHA256

    2ec7907aaf175679aab51d5afce3ea22fbbc23561711c5c382833fbba056450c

    SHA512

    dc357110376e96fdd4399ce3d06482c168fa3afdcbac1326ed504f95aff239c0df4cbf85f3797cc62a888a6d879d8a94125affa0d52157fb7d5cb4cda9cb9b4e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3ff14776e946e045aca4a48ceb456a1e

    SHA1

    61784cae027789ab696f27978ce8c03732159c4a

    SHA256

    4524ff74d941c83767b308632a34d5f89bf86b53fe036e6ee48a759b1f8a231c

    SHA512

    f572a8ffd77e14ef9b14a0a7fd4952ce9a2017b17274e20fffd4718df25238c3bacd5de150d48366f4bc1df84826ae5ef97aa5d19a04efd9ab84707e6bfbb89c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7d1842e6e42fdc5e21323f6810d1cead

    SHA1

    50437fbdbf9180e3549a75b9b501a0bd3afe9563

    SHA256

    0432306f0b56f06e534466eb688f2e51592617e568cd411879038f0786ef158e

    SHA512

    ffe2c664c250779aa89563601c21a1ea4a2cde28e0771e84d4511774e924c8035615ef330b7d6a61cd7b04f98be11357cb6991c4f93fed8ab2ddf24833ffbfb8

  • C:\Users\Admin\AppData\Local\Temp\Cab764C.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar76BC.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b