Resubmissions

10-11-2024 17:20

241110-vwe3wavjhk 10

Analysis

  • max time kernel
    133s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10-11-2024 17:20

General

  • Target

    locales/resources/Data/Managed/UnityEngine.LocalizationModule.xml

  • Size

    175B

  • MD5

    55f89dfef83a868ea0daf554e7ce61c2

  • SHA1

    29a98142bbafbdc323cb8245330e3dc1374f9687

  • SHA256

    cd5367f466cc34c7f33e42ec8a6358e3e4b49439a7f83a7b2f678010a6be911e

  • SHA512

    64f2b8198e169ec4f7e221154a928d2ac7d67243aadd983933845df9dc89bda6cfc61a1dcc65e38275890a7662a27bdb224eb11a8abe2e9b6152a346f75ac631

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\locales\resources\Data\Managed\UnityEngine.LocalizationModule.xml"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1448
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2788
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2808
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2808 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:3016

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    facddd784e0f3e15072767ce141c3841

    SHA1

    a5496611dd5da9576baa676e0f34e36c5f09fee6

    SHA256

    fdedfc3af1d1336b2a0908f0e39287083910d18c59a74c8fe56ecfa60a80a8ea

    SHA512

    421e27478e095dc7853a0b7e784ddd010b413c5a459fd5f8ec4f5ebfea830c2ea46535be27f43152d042e72f9f840ba1cbce248769f04da753d209b7167b9e37

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c95f16d5f9b9f4043161000a8fd5c893

    SHA1

    256b3be7a591837d0b5f24a2c059cf10d93739d7

    SHA256

    8938a2ae39b072df321cbb6653d84bdcc2ec3932ba589c60208c16e184bf77f2

    SHA512

    b09d92d85a51f017d29d8b31171c69ca4865f1bea0b9709dc7cf311bcdf08c57329422118c6f5f3706db399a5b71383348ac7ef8bcad4f840b01539f7196ef42

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7721ad94f631ac21fb7e45b661f35c3c

    SHA1

    7721de85963d2c34d99795a178afb7eecc6e1901

    SHA256

    627d90de81a25644c951ab63b65e505e578ddd6bb0d89e69f9c9a09a69f31cca

    SHA512

    c3629df28d954d57b55e1d8c4a979db42b14eb31e94f75badfdd93a6380dfe588e6e9408fdca47033ebd6bedb7636cf082768fb681b788c2930843d31b410647

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    78ceaaf7adfde3027f03000989e8de74

    SHA1

    dc2780993d3f007da0c8d5df65107340f872a5b1

    SHA256

    c036e52ffbe506d825537aa61153776575e13c5d29707993cc668e6b2dbfcafa

    SHA512

    f1df4d8ecf94735ef61dde62f3f827e05576119f6c02f72d9a17dbd9352f34bee6e65fe1138a0663b8f2dbc1d488975d91fe3cab22a811b6955c5ee65524e99a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3820635c3af524bb58f6c1168a0fb237

    SHA1

    abef34efa66488d09155b225d0b6d1ecb15042e0

    SHA256

    9f7eca17d085e0ca61a92d2271135e599680859f6a094c14be91910a725d9d99

    SHA512

    acc0ddebeb0b6888f2443539af903e1bd4c6ff2d02e9f5ea0f1db8fd78edf49305e03b11695227e9c2fe344df69001d6de0352df5ebe60d1b41985d34c780040

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3fab98329d1fe523aa7d3f44048860ea

    SHA1

    ed3609988504d939d0c1f0887d1585c628cc5b43

    SHA256

    c7c836374920734aacd20e27e3a3bd4c2ca039a48872a33cdcbd491f3c7b779b

    SHA512

    3634cb3bf6c60c63bfc51857fe4f1b02d5e85f2bf16113563d69619561b34d2eb3bb3a7aeaec42705f2208e3d3e8963469a74e95488bb3a02b958beac80eccfd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    203f2904302e8ba5f44c02f23f1a0f0d

    SHA1

    6623357ea0980d2b320b6dbd90ed8042defaa433

    SHA256

    afe91885826ab2aeecd6da0860dbda9d7ae4358bb6a5d900cd3b3820d4f1f07f

    SHA512

    4fcb62b9055a88783e3e9f1591e5cfd19b0cb9e410b3ae355da6a9c75ee13bf4a79123d47e300b8517ec80429341aa2fa6ea20ed17c2a6df55501a86b0f8fb08

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    719c0276fb4dbef20279a6a93a101445

    SHA1

    01abf6267127a92065d45c31707d00fb5fa32427

    SHA256

    a0db328dc518bb159d0a83addbb60821553794c2c3a7a531dee9b1f84b4d788a

    SHA512

    952f97086442c3fdf28e6ea71f232d3897c08e4e5b548231a385f25ee108fa765a34a9d866f6995c2c37387dfa331c6569bdd386f06a34af1f0f41484c52618e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cc6d87e44e8b99833b54200058d8aaa2

    SHA1

    00947dd61870fe64f952bc279f547295f760e27d

    SHA256

    2059fe7b1a94dccc5f3241a0096ab9193b388af847ea9e9b6a366571c697588d

    SHA512

    08441dbc5422a0f8581f195a5f62007e97ebd4cab3ac822c58d276a1f01da52be8d0a9410ce45570b9573d9f619d42e7d7b129f6039edf55e6f1e4ac5ee7ad8a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3ca0bf9728f9fd9c36f37e3b108adf7c

    SHA1

    bdec7c8be2808c9479bfe49ef748196a8c49915f

    SHA256

    3eff49b5342dae967ca88c3d5e443f8c4c31007423257953d4dc79bb6047c789

    SHA512

    0f88739af81501c6b72475d7951e41046918a268c9c94329ea70525d74145b1e59e7aaea2531ef1790bf18df6d30cef2c3adb695bba32749456df8bf182989c3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    88f59cb6611e20c7b501c3e4e7868999

    SHA1

    d7edff41382f87ea5d08f3a16d75efc0d3eea7d5

    SHA256

    2609c220db3935c7b82169dc25ab8c97cad71195015d0b4de9bb89f50218790c

    SHA512

    792412c9376f74ccf8d2cb0e1684f9a15a93f2d48abf3353afce7d839a367d46a75d19806d575bddb1cc59dbd0737f4c030f4056575d7d6e3d30fe28f4165893

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    59f3f75321e580122bf215727e12226c

    SHA1

    d10a9813a76c9efb7840a12ba1f11883ccd7071d

    SHA256

    942b0177fe0979e1c3668a20d0c63231ca661b51c05de8d23fd259b2c68c4f7b

    SHA512

    533f6f7801913f9c01b7cda48f712f0e7b3ea93075e03be1131214861852b654b96b8d8af4b0f0d7302e1cfc940f04efda1fc0d1f2d4696484650f18d30d4755

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bae9cdfaaaaa816769d25212e5679100

    SHA1

    2900fac85f9ef91b9b8c5f72d1cd93eb41f8bc49

    SHA256

    937d34df1bfb3bb91b98bb9c44c68d56a949f9061f4131e415f8e5c750dd05d7

    SHA512

    93119dfc90df1477fb856847196d39cccb22ca576a69edbbee05786c3b9f547119b62ee3caff8e5ac6342e7bb8c6c442a7a509004da52603aa72e0b6aac9213a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    350bedb3e4e7c7767af736c259396570

    SHA1

    019604862198c1a36a9cf7881ca79096e4a5f3bd

    SHA256

    66459cce74d3eb056863ddac4d3a90f0a8f6e3d7cea60c3d5336f46b2c8a9fbb

    SHA512

    57803fd353d7150745a7746bbbbae3ea2bc984c2ceaa2333320d66162c24e1de843211a3a00c36bb72b23e8ac5bb24ece0ce53f3fa03bf5dc1aaaf04cdba2b94

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b5b2699e6959db659e3735a5587afb94

    SHA1

    fd2512db50d9bb8e5be25f0c3390852bf2e06e63

    SHA256

    a4d3e8543f90839c2faaf1c2a97c74509399507142ed3a40ab9b4ee746864e5e

    SHA512

    482b96d881b38ad38a6d23359fa6a4d0700aa5856defab4db4b5177d1f105ff67e250a5205544a4e282f76181120e95661670ea23d823c77ad2e415596189c43

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cc34119283b1c3e4d4833f04a0f023e9

    SHA1

    459df9cf07819232646b8cfa6703b821e7fefb95

    SHA256

    a14adf3e700c65c1b963a79d4875ac7a831a86e16a5bd81416191262ac95c6fb

    SHA512

    54963d522457cc3db2d7e641f5d42a3923a0980c1a43b3c683dd65f035d4e8d9d2e35cf5881df01e012f52e24b6998ec61f9ead203b12e71216968b41b1539ca

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    eaa94fe4db253de5d031075431465d65

    SHA1

    fe173ad92d33d8b2124e186051a5e166ba0e2b2a

    SHA256

    414e7ade7b181bc9efc310cb59f5de94ceb33a7f265a472e9425cbd2a34cfc4e

    SHA512

    3bed1f449b8f8f96b88a939d16a879c648cdf276523640d4169b18b3834bdb5facd2b04f84b49254c3cfbdcf2b76bee88594564b18ac121f88041f43a5356fd1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7584b834f4f921dfa686613629098478

    SHA1

    b00889358144bdd5f6af7a1f6b373f26083fbbc7

    SHA256

    62093a3af3278e604a71456d80daa4a1c9093d22d88b6d268d37c0339cea8e38

    SHA512

    ca3ea1a03fef8e91f7b9b7f86ba16d8a4a6d9b7928dc65f2c69f757cd7ccf3a9424354d18b08493e6f9ecde9f6e64a5f70effca932f4edba91424811c62244ef

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    768d5796c93c25de6e916c0c21acd20c

    SHA1

    dc6a2f43d946f079e917dcae7d1a8320ba955bf2

    SHA256

    a58105682f6d89b97dfb1cffdf650435530b5785fd62687860ff277b6c61f56e

    SHA512

    54ed6cf8aad63900ce02233aca4179f052feecc91a3dac1de1194245efa40d5c8579fd3ca5240aea2876cfbb7ec5758962baac9b2d4c52819f1be25b806bd99a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3bf38353fc5d9a8113c062aea996f3fd

    SHA1

    55ba554d0a815427d93a5f10cd7a28d8c81bd96d

    SHA256

    357317dde91b6cb2b312437a065214b8d43a27666f32354e166b7cb93cb2bb9c

    SHA512

    b828efbe0337d03247e588937d44f51eb2cf3bcfe605ec90994f273a6638756149e2181b44fdd1f70a3c31047b96a6cb3febafb1e00fb3c1af6b9d856230cd68

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ee537293445d10859da6003339ed44da

    SHA1

    0c5e800762300c81416e0a7b50e789fc7488ad80

    SHA256

    5fdd5aa07ee4990e3cd6d650b52961ffb56387ab40cda71b1a8ad9e60e61dda3

    SHA512

    1386fa1e8fe06d3bc134c9868d8127e52083124dc6cbf04b740b5ff4b4293d1641ef9a2a87e29612a0a06836bfb953c9b1eac259211d7e6b09ea967a16a5a320

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b8235af2f279cb09fadf399141dd388f

    SHA1

    992c32c0f4d5c8f5711559a02c0a77a0d5ae035f

    SHA256

    0981e9fc29f360730014ccfb1bc1dcb6d197f19499358bf625dd9618d77d3cfc

    SHA512

    bc4f854744877ecec184c5a98f53af0c3eee1dc068bd329eb2fdf0d87e1c7778102cd3fd88aa211a491de95f2123bf767d08240196b88d9edff57fe06a2f7e48

  • C:\Users\Admin\AppData\Local\Temp\Cab3037.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar3098.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b