Resubmissions

12-12-2024 01:56

241212-cc56vawncv 10

18-11-2024 13:48

241118-q4ed4ayarj 10

15-11-2024 01:42

241115-b4vnrawgnb 10

15-11-2024 01:41

241115-b4c4pswkbz 10

09-11-2024 01:42

241109-b4st6avbme 10

Analysis

  • max time kernel
    17s
  • max time network
    21s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    15-11-2024 01:41

General

  • Target

    eade1332ee8d089e13ff751acecf54b559beadff7e2b23f719eee21ba2d3df10

  • Size

    18.5MB

  • MD5

    bd4dfea472d4fa0e9550f739bd8d04d3

  • SHA1

    c462a46f0ab1243ae616ccb03839e7f90b993315

  • SHA256

    eade1332ee8d089e13ff751acecf54b559beadff7e2b23f719eee21ba2d3df10

  • SHA512

    940cd64aaf9c476fed8d2031db2edc8f626be244ab4f78f392d0e608f93796fdc2d87b0ddd20ec2db0ec29c008f536192da65d2bb31442f34c73142fc3b26e20

  • SSDEEP

    196608:6dZItlOME4gqh+r4R6N8Gb0VKgt0JjLIP6BxP6LOfXAkZ:IJ

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\eade1332ee8d089e13ff751acecf54b559beadff7e2b23f719eee21ba2d3df10
    1⤵
      PID:2660
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1184
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1184 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2860

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      78378b2ec3e4c11388acadf49aee85da

      SHA1

      0bb13b7d86c8950a436bb8b204eda519f580d70f

      SHA256

      866d53c4f564a5f05c71cfced16b75053c5496454b9a491729535599dccf6618

      SHA512

      1dedaededea4ad75d6638cbbf7b2f61141439ca05d0ecf4ca85293074700e008f359ea971b36c0a539ea3713f46be4b229aafee500667d7a6e0f11fde0616c7e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4c6d7a9ebbc88dcf292f691dffcfb1dd

      SHA1

      c35cfdc1ee87dde3295e97d0d0c18234e299bee7

      SHA256

      3fe184ae6fadd8ee0046cbac9df7ddd788a70a98782337b2a3d018d48b4c8be5

      SHA512

      792887bb720cc829b17ee1a58207d45ff6db2a3fe87ca8f8dd4f21bf00b99eab7306e3037576831aeacb9c5becd00367841dc935a509a33e7f3ede3eb87cdb8a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      99e8bad87f50238032c80fba66ca622b

      SHA1

      dd2f6186864fcef9af56de3f8ed580011697b3a5

      SHA256

      5d15c5d27f92dfbe602c744e7a9e954f4f3f4b07393a02786c06f32d556384c5

      SHA512

      7511528ec0c19d10df02a047081aa2986bc202d1bcc729faa3b1cd1321e414ebbe9372b7b91d0a0b6bbe16ce104631c3f9e842757dda0ba0c8196eb2bd297337

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      21608feb3963a017743a864330c00536

      SHA1

      a345f61600bf7c007771c219430745fdefb11129

      SHA256

      7fd70a0f139e60513a20caee9a0774c80f2fa77834eb6759df4b27b7cd493bd0

      SHA512

      a8451ebc9b03761b9d69f78e2a6de0326546834640aa8158254d4d585a2af0083071e0267bb8071973a8fb9a15844992c28039b75450a85b9b2058dbf4837322

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6b3988cf4ec3eaaf0dd7b64fcb281028

      SHA1

      b397e52b4d14cf8dda17cbb73988887bf98bf7bc

      SHA256

      70c9d04909a6085e0b12ff5bee3ff69950e513bfc1616cfb7fdc78c903bc0543

      SHA512

      4b361b45e8f8cec8f0c74066dc08afff9ce9fb3a48d5568dcee809b623502b654b923174763c9ae03624d750360bfba4ffe924b8d90a62150c22c5d2f652998e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      53d2d660d267bf9aaae527da407922ab

      SHA1

      08f4c996b340dd435355b58a7f063a4ad5f72424

      SHA256

      0d47d1c4bea20c6cb3a365e9b659d70b07140136b7757882287da81dc219c544

      SHA512

      4198665ea6105777e3e8ee90a1682067d73d39016e9e2fb051d5321c47ee92c7b92e8eb61bb9c9661c2adfd14db7c1e7cdb7a4b70782f6adebbc7af71c034149

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0b0a077697130f2452e957eea12c795b

      SHA1

      274177db7f0921bae1f8a6abae755bcf0c787dad

      SHA256

      dedfcb1d24bc6fa44d78931fddff3229986a60e3877dc49499f7d94f7c664759

      SHA512

      eab441778147347cca15868c77c467efbd684c9403e3a0c05738fb7d1366bd3dff4e40e4c36e22623c81b802a1addf1605afeac7a6327549d9f83d342039fdfe

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2361ca8e6a3734432032bbcdd77c43ae

      SHA1

      8e713d3b68bc0b790b3791613fe31882e0e74860

      SHA256

      5b91f8aaa406a5a650c1586a96df01299b3fc687a6202efb29b81858b94bfb5a

      SHA512

      adb4c747d85770821482efbc1a24e6f8c53416785368a7ccac20dc1eff9f8378c5ad56b1d3c013c15a51de34b6187a7cbcb8a48bb29ec1db97c072cb48eaaa63

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d29ca887b8d0c4f280ccf8878376e65b

      SHA1

      f4fdb3ef2f81a1d5dfba47e39adc7734268e1d8b

      SHA256

      9623ba71ca75e012dae736cb72c84f9acae27915cfc1018dac3ae2510b80b7ff

      SHA512

      b8cadcaaa4b1a37ea743c68769a6d706400eab76df77c54695fc22022563e8defbd020aeb61f3a38224a282e60f4b585e6fd3a71a2552a7b108426a8b2d7096a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0ba79dd9136c7c04c51fbe019cd60ef4

      SHA1

      99091f36bc99f636bb6460043ff9eff2fcf1f58f

      SHA256

      9beedda37eb71748a1b2c5942e21dcd31ef7482e0d09d9eec914905bd6acfab4

      SHA512

      a76220d2cdd6440b8de838b7262710715a26fd5a53a1634fb03b4e265d8f77c5c5bf31a0bef3ae34d962fb3e5a386a0f92f8717f6349070dd8e2c053048e9c5a

    • C:\Users\Admin\AppData\Local\Temp\Cab62BC.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\Tar638A.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b