Resubmissions

10-11-2024 17:20

241110-vwe3wavjhk 10

Analysis

  • max time kernel
    117s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    10-11-2024 17:20

General

  • Target

    locales/resources/Data/Managed/UnityEngine.TextRenderingModule.xml

  • Size

    30KB

  • MD5

    eb23085529ea8113afc35eb555ef0358

  • SHA1

    9869036f7fbccd3e9cf55d4856658fde995a30f8

  • SHA256

    690557ad6037a231bb4e8efbfed72f29a66363b2b24da31e0701c3d9ede2866e

  • SHA512

    901334c0b15f1ab3d4a684a114fea5f10670d86967b31c713be3ddb1375891f008d48c2d6bcea8347f50c69ec8dab35853a49e9e565209da44942eef87f8ebce

  • SSDEEP

    384:KlO/dHELwsP//Iwe2venYNh0gP4m04mmD+LTP:b9YQ9mZm3L

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\locales\resources\Data\Managed\UnityEngine.TextRenderingModule.xml"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2248
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1716
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1720
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1720 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1872

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a21680800367e2b54e7c148d5b807502

    SHA1

    8568348366042444f53c83817cdf254543b73279

    SHA256

    c50eae8aa573bc9735ef6d6f4b20f247b05f9fb5a5f93259afe36617c0335c66

    SHA512

    17be30c5f45dd28b3fd94b1ddd1997f2a8d24a293d02f6b7d51b2169b21e632c196b2153d2320503d585eeb0e4260834392be4841ac37466e7ca560fa2699d09

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ee0500d56679be9c9121669489f53314

    SHA1

    04d254d37d58fc65076176ee857487b46473dbe1

    SHA256

    77b106623776639169bd23db1e2d002997349cfe0228c79de808fd9c799ee1ec

    SHA512

    bda0f22893485096d08c7528b0e4474a010602222ab128ad605ae980ea52ae78f7e46e3fd71c7ecc2a8bfa2cc2c98b5a996d8d612c02cf9ee71f888f27311681

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a8b40d24411f338e5046fd7596df08a4

    SHA1

    95f0c6fafcd5351bf411a3884487d821a903a65b

    SHA256

    6be870e06106c5c3b0282044549d876836961e7a4c1b7d70edf372d620f44240

    SHA512

    bb1e58034be4bc5687b952a250b7431cedb1c55cb3c79b14ea2b2881eda63de4d6e936af9b5732275d09b12c964209bc4a1017faec89660f1514cd2624a3bf07

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    be05806ef93c597665a4a00dce702eaa

    SHA1

    3237fe0ae078973d2c1484edb6c153eb0ed68195

    SHA256

    8fa01ab7edaf71e12095a85f2bab460f21dafbcf9aaf6ff1dcf62289a3471588

    SHA512

    112c13e02d57a4681dfb1d84496c74d50b0a88a65a3d458027161c870205338ea6b0d4487155e49f2f84d2e7c39f668bcd203a53df5b165eec5d8d0460f626cf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    45c59a0036432fa291d3c7c6ae502518

    SHA1

    1904751d82910722165edc325690a7a710036cd0

    SHA256

    7236d178fb3fabb78200dbefe4e52207ae1fb1f4d4dddb4d6fd45f5f9b8500ab

    SHA512

    6c9fdf6d933414bc9e11af2b00029a5a4d0c557a6904fe79f542a4a64faa7483e1d7d3245e14728e090a0e8e5d50b514491ca9c2ea377078b3cb170b5212d71b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    343fbc248e3afcfff1768ddeeb268406

    SHA1

    ef5ebb220aee1c347b0cf0dac80b5425d3676851

    SHA256

    3d0a776c4eb944e21a11e6c0efa3f15cb2cd87560ec3f1cc210cb5d3991960eb

    SHA512

    f31778cb7833ba6855e0ed71eeb031812a2326c3f7aceb8e93d8288746ffb901e68a88472c81ff1fee732109476e2f84ae32d3716ff2e5303aa9812024ea5efd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    15df2eb19213c1706eff16c6800508a5

    SHA1

    aa93aaf9c2eb20a488d1d47ff745d9f8514ddea3

    SHA256

    4e9e9b536abbb9cf0afdbfb2f2b3e1d46a5aaec562d7abf9eeff98ef72f5b26a

    SHA512

    c69a8ba7c20c290092317f3dedea6de4a7577c073495e19707c917d608d3699673201fb12e44d391a6a3e5190a59412a0268234c1297943c800329f86f4dffee

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d51bb561fe4764502970811b15feee51

    SHA1

    8b19b04d0103d1fa2cc3156ceed1bc773443ce79

    SHA256

    998fa14024feadf7487c2a4e9eacfd81bcf89edd67c61874f81762a42773c2b8

    SHA512

    23a8f5df10646ddeeac47befca148b6940605e8a22e5cf992246b690c813a8cbc374a8cb0b75c03c2767ffc9feb1e6e34cb66c1f89a623a462bfbba01eca3802

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7fac9c0cf59faf0f7b3a89be2bde8602

    SHA1

    a17e641145391520def64a36ae0d2cc4d4b2dd65

    SHA256

    3eaaf2cee1240394811170227e64a37bc763abc55d3ca61913ebe74bc2e3903b

    SHA512

    459cf51e6dea902eba4c7875ef39061e7224edd15a0ccb057088d1c0cb36a8d511c59267bd7b8cdeef54be348f3405367d262d5f1c7c27fef7b35f23fb698bb5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    be6685ca6417fd08d5eaa13c29f4a28a

    SHA1

    6cb0ae497dc6c69d8e5d1bcfe1e4a9478feec238

    SHA256

    738109cfbedd384058e7e0a7ee9ac5defe14f3c143506d5cec254ba25d016c5a

    SHA512

    40f3a8b318756db108191719fa9d1481d69f8cb11f7d1fc7414e322e6e65e7d36b12e25bf8d3b78546fd2dc8379e384b10bd2b6162b2f46e6b0b16287d5a523b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a0bb02ac1757cfdf535c1b759a293dab

    SHA1

    220b9cd94c71684a009cb0d3131bdf1a6e721469

    SHA256

    9ed6bd8c8d93435636f1249f65c452d4acab6829d94e7791a46ff12022b6fcec

    SHA512

    0c56c56de4460ab3d93fd95f0cfd09e0c303e4bdb89465676321c6dbb91ee1473f115d7313531bee8252eb327f523d03ad918198d6faad297abbcca795a4fd36

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c79d0dfb82104a875897afc748c79fbf

    SHA1

    ba95d8e81d1937d3ad3ca0c6f1daae3e3624b6e4

    SHA256

    398ab9340afa3e682a016839085e33be87cb4c984f642fa5520dedfcd608a362

    SHA512

    09d9907227c71f087a990557ba9d8c7a69f8ac51b90338515a620632cb517cbd252ea922196477a9e3b397737dfa72ac5e116b62f2ab944817c641dec3656005

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d4216e01960420c830cd737b3878bc8a

    SHA1

    f4547388e530c5adbf1c75019941d4a23e0ce21e

    SHA256

    445b5ae9c1c16257dd5106e8406a1b2a38326ebaa17fd75d683202a4c5972b37

    SHA512

    f65ea126d21b41302e605c5b53ce0e04a98e1c5282a46f1601fadca4256c3c58bd78e2f3539d2b6ccb4af5761d96cfb34eb9a4a5ee8155429c91174a6d076f2f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    381986dffbd83a08c363fcbfd3129d15

    SHA1

    770fdb27535afb3f6d7c13d191ea7758bcce1b34

    SHA256

    a801e578b6983362a884c0119e6fefe1fcabbf5ca23152beeffd1914d7d35bc4

    SHA512

    50961d6573b3e8f87759e7d45346fd0183430b097b2cc3f4f6587d7f20e71cb488d5ecb46d7cfe3702d0d85fa2af79ae9a197850b30b8fb3b0e14ba4562b716c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6867baa46e6e99914b8abb7c18500448

    SHA1

    bcead4d0bb36d9f4da11f11ed7cdeb42275cc969

    SHA256

    45a75af91e55b697308cd20c3f46e84ad292836797016b4e097ed3c9201c21a1

    SHA512

    3bd39d9f1af3f0d2d29d251697bf19ce9cf091fb776e1e688376dc61380371fd11827d6a2b7464f8ea023a392d0b0691d20078aad4a7f500ac9f18c7c771d488

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c18ded0d4fc73f7b7aed15f62659cab9

    SHA1

    c8a30e21e44af0c6d0f3c2321ef8297b93430587

    SHA256

    46e9a87490f8db554ec41ceab1af9672c29e1fedaf90b488ce2e62c91f583fce

    SHA512

    08df3f6b172c2cc9884f99e74632c6488f74b1adf0d52f277522844a9399f96ab537258104f53ff94460bf5386d6d09db05ad2f6d995f5513d19d846bbda1c49

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    327f860a127633f9a945f6e6322ee004

    SHA1

    2be2e60fbbcb1c2fa8e47700f07e3f679198128b

    SHA256

    4594d6b27222a8a8c4334950bf0b52c27e7741cc9d564ff340895feee656617c

    SHA512

    d79cb53e6ba8b293ae6c56c3a037c7f8ad12ae60745e90063fe203e093b10f36e0604b4cadf3f81e3aca5b3508586418353f274cc0d02a582931e46b19982751

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e144b898f1fd3a2ad1fbe810d7ed7470

    SHA1

    2a812dea93e2f5ca86ecac1edffc62457d45d34f

    SHA256

    928b6199a27f776e6df116e39480b3fb44c1a9bef0a133cde60627c55d3e1d2a

    SHA512

    82a1079e1a9412243433b3e53d6b93db7445a713ec9c660b0d5c482e35192fc8a26362ddfb3353a9d0da621fa59f619fae053e6db041250b660d99fa171e99ed

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f192347fadb863bc7aa8b05b6bead57c

    SHA1

    8bc907ca2b0775e5a10f43107ddd99f6947c5404

    SHA256

    e3aa511fc87aff8edb2fbcca0ff524aaec4ff17bbffc7003d68e963a4cf3b7e9

    SHA512

    1ff77737bc5c02db41688132a068d1f9a0c67890cf9e4738034978015c9ae81c9810bd8f096d9a4c87c89a43706f9a856642669cc007cdb02fd9b4ede3dbf4a2

  • C:\Users\Admin\AppData\Local\Temp\CabCAD1.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarCB72.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b