Analysis

  • max time kernel
    31s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13-11-2024 11:29

General

  • Target

    LICENSES.chromium.html

  • Size

    9.0MB

  • MD5

    f017c462d59fd22271a2c5e7f38327f9

  • SHA1

    7e1bbeea6ac2599bd0f08877aa5811d32f1aceb9

  • SHA256

    40f314c778851106918aae749d75b2d913984327602a1bfb7ef0cc6443ff2a37

  • SHA512

    72177281486f6ec26ccc743b43481c31470c7dd53f17b0a67ac087dded190c2e3dde5570260150c2e9650186a515740af7f81e31965c95bb762340f9ac100c07

  • SSDEEP

    24576:G8QQf6Ox6j1newR6Xe1Vmf86k6T6W6r656+eGj7dOp+:fG6eGd

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2260
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2260 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2816

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e18899136845d460a10536bd23dba3d3

    SHA1

    10418eb9df43a0e12e6a4dd45e3a6b47216bf229

    SHA256

    2c52554632a0cb595c3a22aadebbcb9b0577c02e199762bbe7f598a9e468d2cc

    SHA512

    6b1e57da85ace06548d5ec1b13fd6119c4c259b1a546c430d16a94961b5d07d2fcc084891313fcae19591c8c691bd17f9aaeafffa2d2999e48618be5fcc7be74

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3477083f19172f8deebd10ae98b66405

    SHA1

    7704abe8f3bce54b011c96007108d85a7a732930

    SHA256

    781b92a3441cb7a6064ca04be24ccd0e8524b13265c120505bfdd69e85e98948

    SHA512

    9bd52febc1edcb525d198cf7e02878dc32d6194641bda09cfc46fcd7bb5a1c68753e0a383e8bace698d1c2f615bbd3de337d5e42e50e2f482a4de734d4091e33

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    277d47b643f3a090fe18c405ee5dcc60

    SHA1

    2afdd562f9aaa1159fc4eeb979b80dc313d12404

    SHA256

    143b63448980b42719415ea760d7af1f2c28c01af593871649654525cd39fea9

    SHA512

    b19515a170fac2524ec7de11bca24c4b61baf25764e0ac7a543b62194c8e22834ea1788af595d5356b1fe04a86a541e28f1a10d8bfd858e7e264768771005670

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7ff6a1a3eb80be35f99464f93b4116b1

    SHA1

    4b0a88509a63fb4cf8a3b8d78e21db4eeb4ec706

    SHA256

    85c1aaf71e71ec8ceef74789b986872a11d0ab3c697d545296c4eb8d1dd5380c

    SHA512

    485e9e4134b7b34c74f09e9d23ac33eb3ca9e21727418fc2d71797af4a8122a696e1d0ac192b639927ba03534c635f237f300068a4990e60c368319affb148b1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    078d7e75e0f8ecfa07d347ee6467a16a

    SHA1

    369d8b77673ff9bf0497f2b92928b2778bb5c798

    SHA256

    3844e1d2a2455e10c0441ecbd8bcee59c499d239db4aba39d878f478dd0c7761

    SHA512

    f34fedecdd98e0dfa38ea79642934d64e9ef54e39d99fa2126fda740fef4788b1f37c7abd6f5793b5fe5cbe2a980a43036376f8d57c785db8e4567a94398a298

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8131220f566c9ac3203215c508ee3bd2

    SHA1

    ccce8aa9a34dfd58ec06b7cba715624baf69cfca

    SHA256

    f3e89de8e48e125b99b2a68476c864757385e73963f16880ad4e63fe7c47df7a

    SHA512

    160a309aae9926e237d86d32a572e64f5303c8fdb68efc34ed45524f46fc3be8765c8b6058d6d68da10c30d37585aef971b7be039ada96abb89bf93cb2713d95

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    93e1ad6d5f24c46a12335d798938b219

    SHA1

    590c2a7735340c97002f946868daf72eab6c36e8

    SHA256

    059b70f943e2e95ced39448e75f50e1c234a068203b1503ce4cdb28e66bad164

    SHA512

    d0f90cc545ef4e9aca683caafb10d8517905b5e05022f8df175ce1310ab32d6235c5981b05b0fddd10dc603a8c77924670dd8fb35f0c2a2de8a34259ff6b9697

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4ab85121dc5401c5e7604ef1cb162e34

    SHA1

    edb64faabfd5343c91812b24423946f8761cb1e8

    SHA256

    7148e14922ebf6328249cf9dd9239173c0de75c965d8cac09b5d97f057e97864

    SHA512

    c1c16bacd3de89997dc1535e52f0004480adda0d454b4ecc8ebd85f6248638f438618f7d8af648eab11fce8b0506567f19fc617fd2505672ab858e39df400b62

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a05b78b22a6c50b9dc623185f47d2cf8

    SHA1

    e4fa52c0f2fbe00bddb522816dd611edd500c1bb

    SHA256

    df615decf897b61113e7b1766bc6cab985e5df03598c9b71190915acd5c8e79e

    SHA512

    6935b3eaec5dd8094190cb7f6bfc379bf6dbef5e09efdbfed7f76dbbe5b538b2dd21231d26c1649dc492932f5396f24d9fb13a9508dc3181fbff692af6e46daa

  • C:\Users\Admin\AppData\Local\Temp\Cab348B.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar34EC.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b