Resubmissions

10-11-2024 17:20

241110-vwe3wavjhk 10

Analysis

  • max time kernel
    134s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10-11-2024 17:20

General

  • Target

    locales/resources/Data/Managed/UnityEngine.TimelineModule.xml

  • Size

    171B

  • MD5

    549492497e200aec7b51948ce3100b19

  • SHA1

    e521cce6a52ce975f54b201a652376087e264d96

  • SHA256

    030df7c77ed4b9249b6ffb7eb72ef139933d22313c7921f87d340d8790f81fbd

  • SHA512

    1803618e4252b87f0bcf60655a22cd639ad63bce8a93aca297d74ff91bc1f4add078d588c1e078d8c71d9414ab2fd8d3d7417259ce22e9179252a4d7cced6d1b

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\locales\resources\Data\Managed\UnityEngine.TimelineModule.xml"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1644
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2476
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2448
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2448 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2244

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    40bf90b4d96d1863228c033576ec3543

    SHA1

    a90454f5bb7ddadaf7a16f918e44ac1518967008

    SHA256

    526863566d1fc4daaeb07fa8c4934174aed9bacc94db7ddb37baa377a5805bfa

    SHA512

    210220da5791e722bf1f41578212d5a543dc973fa682b137eced926032b966c2205c5e4f38fc19c5d1af8fd70748f491cdde94d68a29fd1ea5bc6ca80fabf61b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f49bdd8a69ac033246717b37164e5a56

    SHA1

    7d350ddc07b997ef37fa684ee7ae28a534f17d60

    SHA256

    0cbcd5fd9e29cb0cc5c685d6d0a9ff133d8d21cabc3fe6a363e4f96e2a283956

    SHA512

    6e2f57b87c958d8c997370b6a82113552a0e8a0f59468387185dfd4b9912e97f303ba1b0d215faf1a3c54b1c63bf4eda7a933a2f2313b605d6b1d2cfbae59be8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    876173e953529d9998d75bf1661d0543

    SHA1

    e8e7ca5f64aaeb531b6a52b5c9c13bb2d4ec6be8

    SHA256

    0fec1b8aa04a2bd5067ae844cff5443d58ecbd3933d8ea79ef295e2b751de987

    SHA512

    66b0a5c4766b52f2e0022e61013e56ba20bc8f3fa1bbaca77e90de10cf6ce912449506e542d52ce904b8b46c99e6ffa37209cee9b3aa56656c93904983abf496

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cde017a9819e32b677d7dc10d525c6a0

    SHA1

    69998ddbf7512a63b28c92a05d3d7bb61c56e5fe

    SHA256

    6b79359b26a1f75504e5c951c0f2412668402910ab855902a8a3223ecbc270de

    SHA512

    7d4b445e3fbe5e1bfd3c454c9f7e5c1fbcaad46161d200deeaf131820417022ee8a41c4a927c1681d9ac9b0a8a8d062890cef27da5ce8b7c4e7a287541ddc143

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f71502e1541d41fa2284947e46a26949

    SHA1

    9fb9dd55e69f56426f4ecad715738feffca26ba3

    SHA256

    a8b918fce135ba7af8ac02b0cb6802346912274162e2b69d84652e5ace19cb53

    SHA512

    5bdc9af9d89d37b1807e5989c4756f08c04123cd2c0d044b32a954f21bb339ebf6bef95c639e51908f1526705f4e0011b49fb69c6d894710ee1d271778cad01f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    67ceb833839f825b61006cce49d3dafb

    SHA1

    0b4cbeea5f92bf747f4d2d40b573989a4e48f380

    SHA256

    04a56c80f1637e42c2a18c739c6279f832b456e9d27029bcfd9bc5f0bf63423f

    SHA512

    3dadc5627a15e30b9ce5b5de262e20e9bf92e6b54ea5c35c8cc8af1ea1589e2c526c59ad6a972a0370e6da0a917408e6c3d9248eb567118d5c57f9ebb7771b94

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    38ccce7bf6211ff05cfbf21973fc7df9

    SHA1

    04a25ea420145694e3785f3f90b102f112530786

    SHA256

    8c5da0a41046b0c04ac778f1b759f5d3d6f2fca41a4d12b9a99d8ab872d56940

    SHA512

    3e5897c19fe7365304a2ee5f784a6ced7973fabde12799de31072269abe3eda003d3a9ea57cdfbc531926752fb1246f684cc1c8fc1ed04f7edf6502d10aef814

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7fe6c8c2f6fc7d827a91c40ea1d1e6c3

    SHA1

    198d6a4b3b9e88ba5e48034fff5b37ce0c165236

    SHA256

    ad489ccb5d06b2b9f48cc27dfb23d8706131cb1bedffe392f917c7c93c6ff47d

    SHA512

    58e3430b73cb0834aa826c6e3b92fa390887274ea8ed45e64c2b5e956ee851c3d2322de6870ea829cab6ed448e569a73bdd2c890cac2021f3403f747f0968fa7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d7c85dd16b013325567e75812c2e3e5a

    SHA1

    b5d18b43e87af04acacd5c39a2d0c3169ee3a677

    SHA256

    b200a4e9de5be2384cc88111ad7d8284c005ae1aab093df2b748fdf7d2924402

    SHA512

    977d6d0f78941fea99a98ffc828bc6c46b65f553cc789c1729670d44a6807a377cd461e98838d058abf0d887435e009ebca6aa9b72645d2996170118344d7a4e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    738030ceac230289fd31e912bb6dc2a8

    SHA1

    4efc54f4ed0f698330851ace762c3ee063268e6d

    SHA256

    8f1374358edb01bdc12017d35f73e9c513ce47ecb66fc124eab0c45e93e0b8d1

    SHA512

    a096cd3285207ba79d5ccc10395631286b081a9acbc1276245c50c1c4e0019464e51a2413f02dcd6d7b4663309fd5bc2c3c8f9b31f7a85b65c99274e08922273

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d7da48f41656b2c4d77fc15533e5bec5

    SHA1

    5d491d1690fca3c92d717cacad39435cde417101

    SHA256

    c4d3566075f56d2b80047346d35bc2ab190333409afb75a42572f7c28d84a042

    SHA512

    634c702064eec86e53db2342f83c1ffb69cf201d738634e9e65fc4967be417b73eeb6b5c948198bde029fc75d81f83cb5f7897f697e832acf85acbdb5038b9c3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dddad0353a4492ca92c949f79dac60ba

    SHA1

    41f60895c0a7e896f990c5ce78d071d62379f625

    SHA256

    cec315311fef9742fd671e243e4fd7ce3233702bf9e796afa00bf8d46a3a6a0b

    SHA512

    4d3d2b9a5bdbe6a92d7a6751e0ec2949a694b4a7f2ee5b4c82e75b4138a8b272bbb023d06abcb8b73f55100108b59d9506abebbafef15cbe5aa315f133fd0e06

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6de821d74fe29d07ca8219f46ea8f798

    SHA1

    a1268ec25132b2f65b57eb80e96cbadf970131c7

    SHA256

    e4ecce8da63fadec9bde922d796cf28e8ba83d45293169b85066fc2ea2f3ac71

    SHA512

    66e198731407adeade4bba116a4a3175f54f04e03c7989f7b205d62fa3080d2e9a6c4ec84084a1c1d323ff0b322769d41ce16535a693bb6c684472e8c3df2c16

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d24dd8977c430f97070d09d384e6e06f

    SHA1

    37023276270abd988a696447ff80e8c8897ab1a2

    SHA256

    2b0e5e1255a529563ecab0c910224e0da3c3fa86cd176b70fb597941877cff54

    SHA512

    44aca121f1255284e2713ff30045e361e233a324c2e78ca8877851cd2827c8b22d477467effa28066deeb11dd1a64542245bd395977d793f4d4420013b518d2d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    89a218a6b22558397001ad30497384f4

    SHA1

    c2d3928dc8f847b1dd2d252ef0e89a9af3deba54

    SHA256

    94bbb0e69909b65e7de4e59e423b756bda82da2ee29beaed8275c92d94a0d1b0

    SHA512

    455a68ed7aa08b9404957dab996a69aa0b5b603d4a5d366cf41d91d45ca0f47480c96f56f38c00c3762c9e1ae239e73cf5f90266d9086d16e25d9acdf44b64c7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8b61bf82c2bea1056b80177d222c2094

    SHA1

    c02e665eab0afea387f1f3843a417becd73f1154

    SHA256

    e3c1b98b02429590fe353050128878843e057595456c6a68e9841715fabe7b8d

    SHA512

    335e4be50b09e0e35d2f177df98dc561ab2518525e86056601e66f7d39ddef2901cf9e357f62e51e0209ed945d6fba2d2585dde4b7a5cfc56a62579937626ebf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e0f3a87b82012f0fff8a7618227e37c1

    SHA1

    96a35d1e64f76b64fae29fd8479600eccd55406e

    SHA256

    ddb9aaf4a172f7a9b00e6d1ddc588357635154bd272371a6e2be4320a3d0cc72

    SHA512

    486f9ce6da691a94e0263e8639e19463ab8a0a0df4c58374d8ad955dc98b9d7c355500e05365ee20ce9b215ddca499f67011f0a7ad7918abf1d67c8fb0edb2c9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cf8b44816191594990346734d367df18

    SHA1

    2b511434dba225a5191bb20376a6562c57ee9c03

    SHA256

    4fc525b3bb712460d0d8c84fcc3fae558b953537ff28381ce24f1824def8c376

    SHA512

    ed4afbf74497e9fc597b168a1c5016b3ff7f2bb3e322ac191af0cbc0e5a0a16ca2179435a72127dac6884fda4f085b462ddb7de258773d5c37f9b53eeb0528f6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bf549eee1a25d92001e123951c5ef29f

    SHA1

    0e5ebeabc2927d1d26fa6a6e96f95b7a44ca0ae8

    SHA256

    d876905087b4531f4631f834387ed40fe9f7c28b85aa8b6433ce7e1406ec4f63

    SHA512

    c403051788d43d2c3539f5bc8bb82911334c5da7d1d55b1d12941643d4f0e1ce77ac92af05db1ba9ae75231a6dfa9bcc52f0a404e99cc8973a587dc38e73f583

  • C:\Users\Admin\AppData\Local\Temp\CabBB16.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarBBB7.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b