Resubmissions

10-11-2024 17:20

241110-vwe3wavjhk 10

Analysis

  • max time kernel
    118s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    10-11-2024 17:20

General

  • Target

    locales/resources/Data/Managed/UnityEngine.TilemapModule.xml

  • Size

    40KB

  • MD5

    79fbb3d3b804c26c25aa870bd06b2c1f

  • SHA1

    58c1a47955d3254556c58d20e806ac1a805fcdd0

  • SHA256

    a54b6e4badada02ea99b9a560dd46b9eedba9d641093574f9fddfab161fa0456

  • SHA512

    e8d2ff769c350a109c3e4029aed71f7b30ad4d824d427b0292f44b35730791f165ff6547955a220b68d6aa2b2ad5a6dbcc405d9986b305d68a7125c57c483cb4

  • SSDEEP

    768:xkhjCxZU77lGRosoqsX9dE65K6tcluZfJe:+hjCxi5qsNdE65KFIje

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\locales\resources\Data\Managed\UnityEngine.TilemapModule.xml"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1668
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:596
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2932
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2932 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1376

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a412a6d2564966244c1f7d2db4a90d6c

    SHA1

    7b3bed885b14d980d4a90e847cc742cca48b667b

    SHA256

    16d4ed284dcb882e07e3f3a8b9d05db113c01fd2a54d7d3414f483d9b154910a

    SHA512

    1c4890ebbf63a520a91981c58714ef456b2c8e60a87422e9b657dcdf5b12dc5fbc80c35f8116efad8ba9b3ae4b79cc2c34ce255a838b8d33d3278b4d35a03b70

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5f4855c860871ac18e408818136cceed

    SHA1

    b65000d9aa8ab3c3e125ffa3f4d2609434a4ec4a

    SHA256

    82c370127282915abf6d1b1b4c61532c018fa7dfff614ffdf00c5aedac52c47d

    SHA512

    76f7cc57d6888b493f685415d7bbdf68ecb09e65b2e7f17d1fb28e9f8fe5605cfd9777360af11ff621df4c1296c81668402c54f43ba36b96cf9e78b4bcf0cb6e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d789a8453f062e73a3ab4c1aa36f3953

    SHA1

    baf6dd846b0cc154e01ac0845ce6862ba6570c60

    SHA256

    ee860eb4ecbb9a5bfddd6dcbeca9b4eab6363d2894c115438be796cb0e2e635b

    SHA512

    c1020a629982884997a7d03cc764319c9bc964d9943c02dbeff70071cb691420475ee75cf9e4ad6cd1012ecd943c1c1265c8487698ffa81b16f11722f59cb22d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    08a2230dadb0c00de1b9e38df57ac82d

    SHA1

    a6064f32828e1c4ecd59c4d086b50f6bef7506e6

    SHA256

    941acd87a1a9206c354128a1f6e49372643f059dad87c58c25d56fe574a42250

    SHA512

    d88d091542c90ceb8a0962e8a58362401b5c44a228259f7b91ead35c63e90e655aeb50bb1fc394b9f13c77eab9c24a19700ea44ab7d823987d1c200e8f47abed

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    faf3e980faba904d889f6bd6b3a86b4d

    SHA1

    c995221d4a2a115431aa747f73396459fa20c4db

    SHA256

    690658da712c5061adb0e839681330bcaa0a74e98494e26578bdf58a599fc2ff

    SHA512

    f3a8ac7a54c184af908ecf7afc862098756960a581ed29dbedb4d27cbae6603031569a1fe87de2e8b060ae64242f9e8c926e6f80155fc574dd00f5faf46cdd40

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f7dc3d65ff3b7930192e4e993b4ca458

    SHA1

    0682efdec4f83adf529ce46ed1ecaabb6cf7734d

    SHA256

    7b7b961fc0db7947b7c6fb351fd48bab392d62af75181744e4b2280c55254ed7

    SHA512

    fd51bd882e99ba3ee8adfc11de2803776138723c41704b8165aa382248844e75de4f51c6d9ad267217cc2f25282b80e8dd3fb7517f27bd49505e7a8cc9221535

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    18b2e69f79a02ea752d77ec7465c794b

    SHA1

    abcd58ec257e2e7c5599d88ce08b5ee45d0b0da2

    SHA256

    120c68abd41e537a0db6377638e45c3e24711055c018283d2cf7fe674a1dfa63

    SHA512

    41ee0cbb186312ef9ceebc0b67fb06a5a5acad69ea6528f7209fa8677986d5d82f9a18cafedf54a4f68e830bfb95f13a74fcbf8832cf4fad7d0d3b961d33a248

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e878e4d32c61418a0c66356db2deca3d

    SHA1

    2ed88a9bf12fa1ed225e6e2d6b77a17abef4df54

    SHA256

    13a123129324c2efd1f14d84ab910bcad38b79fe98182e0cae4edc65dde32e4c

    SHA512

    6258726c669dd39f26e9e60cd8ed6871755a47fce14e30397efa2de6ac9e4b35d47cfbef9409abe29adb4e5250cc3df3840675ae424da0c7662688372450a717

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d1cabdf2ca6d9af8abd1aa0fb11511a1

    SHA1

    69fc4e434b899427ab02c70029d5e243a42fab01

    SHA256

    0f20f78bf0f38c2209cf4252ed04c5ed6a3c2f991bd6c9571e7319585ce9b072

    SHA512

    e8ee50003c0a602adcac2631efbe3f3a8bc6b44c0e9877be78035b9e8a6f3975f03ab6c798319ed68876c1478c6517caad90d2dc46e6a5e8ec784087241ebac1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    678484f011a5247e9029f22227620b25

    SHA1

    ac64ba72f0958f8c42af4655a78cf127cef5994e

    SHA256

    43c9e2dc09aced7cdfefd78722ed796934547705ff41feb431b11fd6a74b12c3

    SHA512

    d8077b878049a06329101bc1b8f50a7053eb10933f3de9b48ddfa248296a8c33874ed31cc9c5a55b1fb881421025e4e15e60c512a355ece42388ab1729fca29f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    26eca4cdeadfada9250ee14f96c4845a

    SHA1

    b3f29733e5a0ee80dfa9c1fea53eb11a5ba55f96

    SHA256

    7e7d94b850b74c921cb661529c2161fead8d190ead44eaacd6351cd838ff1792

    SHA512

    f2cb0882982d39a5f4cd02e0d61a71264a1abad05e9aeaa8456795fb0ebb056edcb9b54088f72902a5d05ef914c0be4d2d64f5b5a1b2e32b8f5cee38fd932e1c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6987526d4d83a8f3b7b37704355ab5f9

    SHA1

    776fd93b8ba79afdb5b2ed6d34d83f6e446fac50

    SHA256

    3db262c96003c926b327f7cfee3674ed40b60921ed97c5194662ba050251aa59

    SHA512

    655ebff8b3ed83df654a33e264ab01a861b3b58e26b0a6c27d9f15749b1d6e75ff81bb8e04452e1f2b754a49a1cc6397921ec81e04692b2e70c6cedd8e43b2d8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1c85a6f1d1a095018aa1b4408486e24c

    SHA1

    f14c7bd5948a4b180053fd4639b7324ed1f3128f

    SHA256

    6c646002b839d6ac18fedc4e25e731332d6c3365b563c20e1c1de4fed8c47196

    SHA512

    7b39d99fddc4443cffa2a303ec173b3d3e3f6b44ec343f00e0d4dd225522f96f2b1cfa88496076740dea0e686e2ad476071af680baf0fff1e5b7f91ebc2fdc30

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0ff1c1ec3fe9cd5b01e7261a476c81fa

    SHA1

    2994e32faade54116034675f551b63afca78bec3

    SHA256

    b4dfd21279fd5bb7ee8100989f775f4357fdc0e14d81ea10dfcc5e130b505834

    SHA512

    a8ba6c0a9a8fb69bf51fed7bddf0d295e4da4443d2a4ba499aa90f7d4f5dc84b03363b9236c0757fa4da56fbb0fcae92129fd886a420f07d02d7f6d1396f4be3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f62fb1f57275cae4e522783191845f8c

    SHA1

    a3992c7b529542d61f274f2350b2668eb23d26ed

    SHA256

    c4d9cb030885eea8142845679b28d40eeeb82578bf7068b7d05d8f367aecb13b

    SHA512

    33b360feefd1b55e82bb8c72ac697593db29fb7fb9e61152b85f2505b6b3cbc40d1dce4b3d36fcedf45a11f9b801afee0d27653abd3acf919066df74e83319e6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    93fd7e5ebf5c4fe30807315a4c1459a6

    SHA1

    ad858fc47d74c81400eafb71d0372c9f5235150e

    SHA256

    58ae1e445670a3e0f7de8b05a5ef371e2c09f4b86954aee6433355c00ac53be6

    SHA512

    b5720fdc03f65fe0073e2e67fc091c7d1f6e270baf2845dcd47eb86370041ec9c96fc198dfda7bfeea8a532f51d9b16458843967be2dbb43c12ce70def2a4a66

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    01ea3d8b1840898fe734560e84343b69

    SHA1

    905e1e2d72740bc05b7815c5497b1bf54a971df3

    SHA256

    f8173580b6d1eda539aa494d9c45dae5f6404a0161453565ffdf3966dae048cb

    SHA512

    cea23e9a9953953966d2e47e9888c5c8c31cd2a7849b07ff2923acf8ed621aa2948fa3949e0f5b944bd772621d3db6076f18df34f9085fd0d1afcb2ed357fba0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4a81a52cafef623c42daf723b5ea4f8e

    SHA1

    dc3e37c54388b6b9a33a094a45c2dcfc8f691c37

    SHA256

    432eccb480fb0e838165063e43182e9457d2b921428eeed05d3ac06959942cf3

    SHA512

    ff2d9ddd9f9507fcbda69c9e57078bc6beb6f82294ea462eed632779327d37090f506094cf61d528311a7aff8fe5bdebd91f59645445c9cfac9079df305539b7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    af61258e15f09a66cd7a41a3fe7c376a

    SHA1

    923396f8996da816ff24afe8c1cd065e936ab333

    SHA256

    7dd67acdf550563a4a2cbd13dd981727d898f93372b1a59f6299c614c975b2c4

    SHA512

    738beb94403feccddc81f79f1815d9b61ae418d867fc00b1ac1e123802b7f14337d4c0bed555ab32e7857c6efca083359661e5bf20feffa0974970e0c10000ac

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0537899528f62300ec153ac8beb080b0

    SHA1

    470de0a886fbbb397bd52b5f4026a171fd678f60

    SHA256

    02c0ea43a2b5032c83c568fd5d0d6b4253f5090078069fd18951f13a4daf162c

    SHA512

    b3d7957d56cb81cab3581f0f36c27d8daa0a9d3d21b87ec7ec0464c2c0daaf2a0cd580cc2c0f3354da09ba82981f6a76daf9237a29aeefee35081f88a1647d3c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    374762288eb14e0cdcc680d66eaaf9f9

    SHA1

    047e9b623307db1a9b610e418a55b8599ceead51

    SHA256

    23d510168f2b364bb5b7ee4e892401d494a3f78e852d44e1c2c9818c65df496a

    SHA512

    f5d60a2d08b53cb1561c1c4195484288ba42b25aca22f00f497d053231c9e4f1b59b84db4f2427a11978a7354c814eadfa7d8e8ff41a8f7d282fcef67ace5bfb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f6f4f9ba64f280a11a7936ab887e04ab

    SHA1

    2da910371c0a5682686d4780c397f006544e74bb

    SHA256

    c0e1e0b295182894a352a8f9e9571f1931f0f771326fc827b8ef0d2d44cd4026

    SHA512

    240a7691229f673941173dd36067d386fde4ba18565c3fb9988cc0cd67bd55616cd05e4a8c0bf44e277cb496293c6c0870339962a8ba04308a9ef1e7dd0eacf2

  • C:\Users\Admin\AppData\Local\Temp\Cab538F.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar544E.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b