Analysis

  • max time kernel
    117s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14-11-2024 12:41

General

  • Target

    LICENSES.chromium.html

  • Size

    6.5MB

  • MD5

    d18c09a075cb6531d7ffd7c3da77bd4e

  • SHA1

    571f29b6004007111782bf5727c4bc9510cca286

  • SHA256

    86f5222580a4ab03dad8ea62e6cea22b23454dccf1c77e74ae0e0410a13b16fc

  • SHA512

    091cd68e12633919fc6100b606f3002b16f4b9c7c6d7c820ff20e31a3b9ea690c8a1fc90529ff3e5c21e8d778e254743a8708049830c3bb046eda8f2653000b7

  • SSDEEP

    24576:8P5K5WfWSJiJjQlaCmf2P6e666A6o69/kHPZQHpuQ:UrYR

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1932
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1932 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2464

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e9ce9e1a538741ff502bf3482925d949

    SHA1

    2fc463d7f9e37d4299e44d4bd5b0e9cb87063229

    SHA256

    c6371291ac39748dcb2ab043601f1c2c4427687f98d8bc8a0aa0025d4f6c1da1

    SHA512

    b19f127e9736f3cb795e05c57187b689ce78c1883a8cf8dab9789aa93f143d89c1e422690e71bbaecf7c4e75e93c869d46f9da6481c6950396667e5303068d33

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    440177ff192432bfed523473ba6a4031

    SHA1

    c9228fd9bd5d1247641ffb09bfef217f8eb6927a

    SHA256

    0d707d692fccaa0a8d419c9165103b12ea3820717c4932291b5209d71329c892

    SHA512

    ec90b0622ef5dcd546a396bee4749d56de2a5265e711b1bdf1b7c90ed63dc4edd54e066599321e870109818c477044cdd5f10f51c690ef10b8d28f21c8d8a5fb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    19e409ce4d779b9ae6acec9110e0fff7

    SHA1

    3b2a960852ba89a16e07f31aef767fe80394b016

    SHA256

    996a43b0668d6af19afac691628e76ab591c92a87c2feb4e6636c8a0ffda1bd3

    SHA512

    8cece8bbfacadd4c8666730c142371adb9a0f2acadf5babfb4e40005c5bd5689fb124d4ea78dd83823c607788efa786e4a9830d4b44afe812767dbea14d5d499

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dd5e3724ec081661d811c0c19945324a

    SHA1

    f50dceaeab0485c84913d68ecbed469d38f47b71

    SHA256

    c0f0de6a9d7101b20ddd1941018371da993670503122ff2ab4a6b7eb279b3865

    SHA512

    17c383ae555a4e0f41b280489c4f39035fb8549d8ae3c9081dc12634698e93d8b67562411900dde4c595f19cd4cc32803c0301bb55b8ba6508ec2f72d3259425

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9447e9d0b146b61442111d6abbdcdcbf

    SHA1

    5e7ca4da7413602664436c82a6777f1806e109f3

    SHA256

    a9e0354ee82f939c4b86bcc2ede1862231d41ce2d80b7b078b55d0105013ef33

    SHA512

    00d5b5e5e3584e93c7eec85cfa1c53e706b19bc1a19327912e601c263013202c99f3769961d8e7fd4cafb06d6e874729439c229989270586e48aee3ab5a3c24b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5edf90993a0cd8e3d235adb7fd888ec5

    SHA1

    7f6501e2737bf218b82486551e1a7efd19ec92ec

    SHA256

    fd172861b22004d6a281fa40080b394d97ba6ce26acf9c699e3e2cfb58a16a31

    SHA512

    9e5f9e78554683342ed3e472b1ffa1133ed8da49cda12f55db81ce79111eb0a713a12f3aea00c254a0dadcb814e58d7650003496afc3edb34c8968190f06596c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dab83addade1cc4130629e28e9c8a58f

    SHA1

    dca2efc957723fe9fd5887bb9b1ce8b0ee85da17

    SHA256

    a3a2ab77a36f847131a06dba3ee9ba558f8862211aeb0a48f2d5f06ccae202ba

    SHA512

    e3e2f46a5f50bcc19a6585a4a35ba30e0f8484f9714f04d2f402e62756ecc3be68688280e8e63a624e7d25e20e5c0ad33103654ba59092ccbcb4ca6ebeba924c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e685b0d4235d7ee90d1125bf83f84279

    SHA1

    d920b7f7e61256abcca26c26a724c2b115838212

    SHA256

    ad692bf5835ecde742f874789e72e7f8363e634220656df65df2d1c0e8587744

    SHA512

    0a605d1e1524ebd7683a3a8e67e35cbb972ff5becf90df1342c8a8d5e5495548f9e42d3dc7c365d985fb6157cb91a57316e71185d18453de8da0f270c1c1e5bf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    08e96c457861c6be45e61814d3314ab6

    SHA1

    0192796b1f83944c5446cbdc4ea8b7fd151978d6

    SHA256

    b93ad7b16e1d51825dcfa3d1f8ce2c4bc21ee0528da4c28ffe674dcb2a095ac1

    SHA512

    e260b9b49434f738f43fe4e684b0dd026646053cceebba0fd99c540e11bbdcf72ef0074ce0de98e99af172ca1d8e19fe7844cfe4fc2851aa12eaa8861ac53785

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c06abbf53fcba9cbcd8f45b8fc019b7d

    SHA1

    a1c8feafd21804fc05055e5ae8c6615cd039ccdf

    SHA256

    364e23c9e687d584748aef184ebb5d7fb272d02838503f280aa93efb55436c84

    SHA512

    22d1df629d544dfa9a688558f9fae32d6a396a6b456bfb2a1b3e13f7971f358eeb7ae932172c179496c5342929413f71ccca375f44333b4e8d0bb11c8624da23

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4305b4ba65228fba3dc1f690a6e0bbd3

    SHA1

    660ece662116a553eca0bd6bce707347ea4abaec

    SHA256

    4c4bccb851fc15920d7cfc8d5a5e4e8bf0cfd9a07644fccdb927c7b848d0b219

    SHA512

    787f74fe4d693027332bf963e6d28872bea1f8be6a298edd875b6d50affb944f6d5011e233445b0dbfcb0c1d682f0071ac9eb4d47653cdd4fabe7e6599d845ef

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    abd12ad55a418b47f4714cbca611e639

    SHA1

    fc445262bf97cd3adc33621115ac991103d70ad9

    SHA256

    07a7e5fa1597c2fd4d4d6c270f0ba7470ab9fc520224d151af47be488f577f1f

    SHA512

    cea4ec124eacf588355eab95eb8df270157c2304cf0a598b24b4e4c9ad8fda171bfb6239ba416b3f4aae5a034b778c861d621aeff50b6030f07d399cd19a604a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1b8b7e2da4ff9a859caee0a39417ad38

    SHA1

    6aa332fb5aa1701cc8962dd3e04e0de83e99988b

    SHA256

    f2fbd350fe65aeca7a30d13312b9126dc22a88c83f8433146fbcd4b0c62a1ce7

    SHA512

    229b4fdbc354dffe22b7e0ff650b8928615946e7d9551d43253ffa235ccf9b5b582b52e537b97fc4eecef0dfe5a2fc2da57c1b0c556aa70542392233421329d4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e53cbe67c6e5af4bcb85b472bd34fbf3

    SHA1

    3afb0d80365d6836765ab2fd77d5075e1efa812e

    SHA256

    759618c31d9fafacdf9530f8ce67c2f1f83bd36bc8413034d486834af7d1d3b3

    SHA512

    e090dab3be86b5a58880765e78f0a16cbded9ae5c8edfafd710261cfb1143e32d552edd32cd5fc695a92070cea5642334940cb9cb876badb81e54c27b27001b3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7db9410f1880f51ed9b9af085bc798c0

    SHA1

    8671b24cabee405a2f129fe19b7a62a285be8d0f

    SHA256

    0c9293b1bd1eed76897ab9896054950852fcfda007a306efdb53b47dfa636b4f

    SHA512

    4c888fba93e79d9492b610b55977e9faed3661eae9a4e95cce1c5f1f97759d051c29a035becfe5b796c52d09c538d4192dd48d7f37b0f76c0c0cf67b98df32dc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b52db052b93049ebf5015ba01b09d16d

    SHA1

    1bc4b11a7ad4f0933476e21efd197ebffd44bef9

    SHA256

    921346274271e016c780dc82d34b1f2693d91453452574c45787772673803727

    SHA512

    b3e27154883fa5bab409b36db483ce54ad5353c2b457462274e2965f9572500254420373389fc1b506c84e281a3c4e9025af6f14741a0ed79c635d3826b83b79

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e2f1a418500efffb8aab78252b6d8536

    SHA1

    0cc18b6def48ad99f5cd55d2b6dd386037fe1658

    SHA256

    73f4d8e2a168067ec0dd8892ad5c41e5e139700dcbb007b4187ef315a83c599d

    SHA512

    6a9cf258208de00fd36d03c86485cac3f83eddb6a7e81fe6335c5084a4ddceb7445ab55e6c0ebf0753daf8b92cd2778acdfdf8bd7c14211dc5acbdcd45f3233e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    73900815f96ea194375ba52fa0e6b2df

    SHA1

    b292ea2eebd462c486ad3a063c3176b31f0ed5a7

    SHA256

    8f51f2e199cc8866af9cde9b31fdb13659b35343a3abff3aad6777b8781087a2

    SHA512

    63341ee4bd1f7c16a4b5aea16cda76e14449c9c48203f65c54f0e14fcabf44c05cfef52efc22a4c81359bc0b22aff7809ee5ffbd624184dc02e9cd4b30c5c93f

  • C:\Users\Admin\AppData\Local\Temp\CabF856.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarF8C6.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b