Resubmissions

10-11-2024 17:20

241110-vwe3wavjhk 10

Analysis

  • max time kernel
    122s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10-11-2024 17:20

General

  • Target

    locales/resources/Data/Managed/UnityEngine.SharedInternalsModule.xml

  • Size

    406B

  • MD5

    0544603fbb4f68be8210411eddd087d7

  • SHA1

    404a5f134d7f2856e0c0e24350084dd025919efd

  • SHA256

    b6f04e281e8b98f8df5e2ecdf96e0c1a29632511c7fbc170a36f8071073dc659

  • SHA512

    615ddcd4a98eb5d2a7319363d4b09fa79f25a757ba38d44eabfd4d342004fd96e2c70d190b5f600967e273ab20ed627ca5f26e070db517af9302361e9291e513

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\locales\resources\Data\Managed\UnityEngine.SharedInternalsModule.xml"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2128
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2840
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2880
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2880 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2856

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a51ab4e83b8af1b2d03530e262e19de5

    SHA1

    62ae517c217a604ab5a3c7e058b405376f7eaef8

    SHA256

    c5901b8964e6c97ea426fa620cba9744107b0522df54f7725524d9da21b2001b

    SHA512

    4a2bb9bc0e1fa6df3341ed83b521ecd1901b1cf1c4dc7ce1f7500a7d25236a31de3e0071b385745c795a7c978fd3c20bacbd3f8902a1234376b02d61bbcb7f4a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f35c9e0976ccc6a5dbf7778b75e34425

    SHA1

    805656452493159517cdd449ff33696810a21e8c

    SHA256

    ad88defe7b9d6a1bac6c5f90b714a5dc5ce4d765ecd59e473dded57ea0d4feb0

    SHA512

    f5debdac0547f5a079bf3a7abb6591062bdef288fc4a6b5c30c1d76c2764dc9d75ff771f5afebe2c006f1cca3c8b9c13e02de43acc3284108fdbcab0108eed73

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    88ad1617df7234e3b6df2e1de402f8f4

    SHA1

    57584fc680560e7d0e9f0aa8d1e7761af56539c8

    SHA256

    b7d94d65702d0d56a1c2351c1f4b9667fd9ef01ed34030b27bb67fe833d4423f

    SHA512

    e785c4504c35ea71e9f0be6f199d3b65bb41e9628ae7dce99acbf13b1277803d76667554db22feec0e199ca89b81af40cdc75f408532d64bbfd7b43ee89c1cd7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4d8d8a416a00981579df1acaad6ffdc6

    SHA1

    8e3d3c5cf2ef2620ee3ace8bfa5464d4b12dddb4

    SHA256

    183e9d53a68c9faeb4be8bcca48f0dddaf3d3a4d94af6820b0e808f2f8a967da

    SHA512

    11415707ed5e456c0ee56eeace9ce63f0cfd178e6207d33f03e76bb33762e4ceeb671d8bd2613889ec15c7c95cec700979e34976698db827ee10a947899e6d51

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6af27128f48efe5a68622328bad0668f

    SHA1

    797ffdeaae3efff9affc76d336045438665d3cf6

    SHA256

    6978d2e2eb668d07aafcf6eae6cd85af53ac885bedf31f4abe79ad53172f88db

    SHA512

    25682f97b22b53f74280460b086a3f7d72d278a645468b52347b987cb3f0d9c8a0ffcf58e0cbf94d0984cfe1066c693dd1bbccc31d3b60d96bc4751edf20c2db

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1ddb368eb9713594d6a8b3464e0a0602

    SHA1

    538259d49b6c10326599aa35a5d34421c3c46958

    SHA256

    de889a59155c8c4bcf6ff99b14cf7c319735685374d00a51c9aba197213048c7

    SHA512

    c7f018ce97c4adc316a4821ff2dd1ad26e4e7d952543a2bb3fcd1602d3659aa030afdc6a1fb4affa6e15c04d5570051a645f4b42185b085e8d225f969800fac2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    851ed95bb2ac12b05bf624b1f31121e3

    SHA1

    4dddcaa05555ad0a60d505449f09686dcf46c5a2

    SHA256

    e5292556a5c26704a263246efdd023a381739e58c1ea758763490d47b16d7334

    SHA512

    f88e19abb076f6dc295e68d10fa9ce0cade0b5cb3771e499bcc73ef084bb7f8e8e5fc6216db4e53b7d657beebdd33f5708a0aff58514d31296cd53506f80daa4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3bebae93d71a790be43a053461c45b22

    SHA1

    8125b35c50c0776f02a651a920d415e1d59f78b7

    SHA256

    6591a397c5d47625ad7a4780ace83bbe4e3d7ef22118b0d907896aaab22a0f49

    SHA512

    81d9b59ff125446c74f1d3a7832e1ea26b07ed07ba7cb357f760b2bac8ca82df2642e42edaa3aa54d6cb769d4397703858d41f77af9acf9500e1468bbd6c89a0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7857ceec261968825f2fdb71f7401508

    SHA1

    be0d9e26b20078189fca5e73bb827ba2fc517eaf

    SHA256

    8e7cb344405cb2755ecaf3048274bf92eb51d1b27ab9baa70421add6ad1f6345

    SHA512

    f43756598329fcfeed656bce0850f6f6e4c6d671971b23b94f48b4519292a7fd7eacedb6e01ca6c6b62e63c52a3fe9b30074ad0c50c06d4f5543f00692be6585

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cb3f9b1b4b189cede00f7e46e20d1d14

    SHA1

    0716c77b8e7ead933f5245bb920bb4c10f5a642d

    SHA256

    e4383e85bdc3a846f11a84035818ed9449a795b99472dffb865e2f67bf58bddb

    SHA512

    b15540648b7de3b1198115e66fd0bc70e065bfe2e79c9c069271fec1fbc630ce41f6ed07b98a6d01abdde1206316f0f5c5b6c5ea041db07c4326750ea53b7ace

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    79bbf87226e7252370b6074b603504fc

    SHA1

    1f918f3579246ba773e2963b2ebbeed0cdf909a6

    SHA256

    5b2a0bfc7b60a0d01beb19ab361400c45553f3d3c836c7805cd9bcc6bbade9fe

    SHA512

    6b26ad9e18caf45a11d02bedb47b01a6a8ff64427f0df6cbc9ec1ff0f74ccc95cd5db509a86903f1d92f7a3b9bc43dbef208140f9d5df09a8ff665c3867c5fa0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6af794ca59435cfccdfa42f4ea2af40a

    SHA1

    272d5e6a594e8e1d7a35b2f2a84ce3c425b50b36

    SHA256

    ab43645561f843922b37bb3c885df3cc7d42d7addcee0099d1404413d2764f90

    SHA512

    f47b0a7e7510551b9644c8f9ea843c44e6f2524e120fe0363d25f2edec5e96d75dcc090a467039701d0fc6c87a1faf5789b4cc44d3f361ed707590ccf0e60ad5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    79ed97c86b2d959c2e1e4dddfa081317

    SHA1

    9745b45bccd2795f3465a3faab8efc6c6bfd0a49

    SHA256

    9f3183004bdc11c815f413b8d3f675210ca34fc549dc7e9a074b92591ea25b0f

    SHA512

    5c6db5757731909a9d7ddbc6a870938093e3125a7eeeb73272512a0fb749194df70a5a3a20b589daacf01d5698c47354fbaf5f21263ecebe710647ea5b089ef7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    52163c512809ced222474ad8dfebc1f8

    SHA1

    1085410d95c5253d56b067f114c896d2d2a267d9

    SHA256

    3d8499a1d299c99b8636a78959140636f6691b335805411e3944999f6e779863

    SHA512

    6e6c92c632e3f0b523e81ac4d296b3f1ae969a6034119c89b914cf1a566733bd0093d5bca8190a43bbdf8eb4b6da53ea89fd4111676e8cd5949e713fbcb420c8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dd32bc13ddd4dd1ccdc816ea526920af

    SHA1

    38268f2669441175cb5c557d906f154fabaaecd2

    SHA256

    d19bed8ce7c937e7426429df3cb0c24435f41d6be638e61a5b1ac97c2d5f5133

    SHA512

    1f32dac95e08a2ae71e567109596217d5c5974d2602f1ee7520aae0323072e362c8d50a499b2a68e135b1fd532d3dd2774503a8d495ebc2422158f87df5b5dd3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    99c5c3d9580304705fa013cf74aba14d

    SHA1

    be763c330ae10bdbf9ae44e66b90f7ffee8da049

    SHA256

    6f72e4a31df586fb870dedfad73821c0acb93b22828d9cc5431d7cbc7d803cd4

    SHA512

    e7dba260cd8a1f6d4c4d0a1b3e9044d5410146029124e55253e678553e87cfedd122a62cddb9f2fe1392218faef66fc430694ba088027f84192d11049bb552da

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    502fefda7fc39ce676440fbe20bfbaaa

    SHA1

    35b055a88097666c39ba38759637f585a8100ff3

    SHA256

    0bafe85cbcac81804938aeba839437c203de35561a764bd5a0e3c041e506b0e7

    SHA512

    a0b315996ee8d8ed505110c84b30fe7cabd9e787f9989e7c296ed6187eb9e0b9df4f29a3e6f6a396654db588e1ac440c706dd72d30d8299581960b4823be7836

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0da55b863955987ab3b48a500b53c5d4

    SHA1

    2871e8079fdc7e0e5de96b805f3f3f7870c098c0

    SHA256

    558f7278cf72012ff60f4047cc0e54b84cc662b1cb0207edc1cce09eec6cd7c1

    SHA512

    e1ce521acb232d02fc9f1e83c7cc3e806f7db6ce1ab4ac1da2c9657934634f2899dbb4eb5978914ce45174b74e905c161f13b046679a9b2e409b573b1f7d4884

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    258344a88fc9bcaf9af2e892d3434e34

    SHA1

    3fd846adc720376448eb83a72aaca63233d9512d

    SHA256

    000865c813aea4071399ba7aee2d81c5dfd6e307b33f3003e109152c51810a8e

    SHA512

    2e80f0b112c7b905a8a96dd8eee4dea409feb70e62889a614042be64bdb6995b4238919c5ff03818b922e4e86f8446fe165a997800418f236b7102d1ec4bc834

  • C:\Users\Admin\AppData\Local\Temp\CabA7A8.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarA818.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b