Analysis

  • max time kernel
    73s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    16/11/2024, 23:49

General

  • Target

    LICENSES.chromium.html

  • Size

    8.8MB

  • MD5

    2675b30d524b6c79b6cee41af86fc619

  • SHA1

    407716c1bb83c211bcb51efbbcb6bf2ef1664e5b

  • SHA256

    6a717038f81271f62318212f00b1a2173b9cb0cc435f984710ac8355eb409081

  • SHA512

    3214341da8bf3347a6874535bb0ff8d059ee604e779491780f2b29172f9963e23acbe3c534d888f7a3b99274f46d0628962e1e72a5d3fc6f18ca2b62343df485

  • SSDEEP

    24576:cpD6826x5kSWSsRinoHnmfm646a6N6z68SH4SApTJ:cHSek

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2792
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2788

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          22df1f6aa70ae0f7d99d96e276f6bf41

          SHA1

          9912ecc99acae910b1f4cc24e24dfb9b15aa741e

          SHA256

          703c6ba1b98ba2d8b6dc2c132129fe622249d4657533dc379e9731b0a9946f3b

          SHA512

          f694869ca66632a2323551819d9ef8bd41ee5138e3357eb3e25fbeffbe7b7e8bbdd98b2ff5b7809c613e695997dc720ab1aeacca18344bfae39a118f78494859

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          16edae3ecbf6fb8c5efcc260dbf09dd7

          SHA1

          90b6fa57c18756343302f56b515d766fac34c3d3

          SHA256

          e0fc11a32c9bc5620abb63baf995ec3c07852932a0b7231112a3ec4eb6e1d7fc

          SHA512

          d904f9e2724df50552696dea0d7e755e17c0fc1a177b4043cb38b67701dfbd5428200cb424454db3f25ce1562cf3ac06436e3fd929a84f39ea7b863c47f3f72a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          05de398f2bf82bc963a12d3430a99f97

          SHA1

          9e51173cd375b7954bfbe40e5b256cb3a1e12327

          SHA256

          a62572c31edd4a7f29e1139920269efc111061d59e1dc1f573b27bfb449bed29

          SHA512

          d888fe36f1c86fa7afea9d05119cb10dad1ac790ac14f2dd8f781f4b728d337bda994f6e7b098e71dc6b530fa01aeae1506223c0f7fdeb863c94a9acee31d9a2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          8ac9a9a75f967aa10e370ed0c4af14ea

          SHA1

          4425eb39594bdcaf718e0b7976fccf979620f32b

          SHA256

          3d8b27932148e5c0b492361ecd528145f95dab2141243dd426438b7edfd5981b

          SHA512

          7e43c348309085d9fb3a5b733c8b874040a95d2bb17cd6ced84a3fa49de355883c722a9679ee75fbf5119dac0614ac0ac66e22a7e6d8fd9912a3d405e8cc1bf7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          707ab7c4f4c3126b6675a1575612b4dc

          SHA1

          4a41ae0590213b16610d88ac12f3ce61cd8d6afb

          SHA256

          56b73d165115ee6a16d015ec7c2a1ce0c5a6f067ad98f1e0e4843dc4d0e3d811

          SHA512

          09e5a36c76c2ab03813a5936c00d440f533963dd0892cbd119488e0666bb57ed824e674d1bb2f871426e0a1cb9a6ab2bc38144b4e69dc98a7381cc6237fe74b2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b14726c15c5119cdde76ca7a231732f9

          SHA1

          3b1b3a8a6c665be7530830678bb780df72cc1596

          SHA256

          6fb056cbe168eaa46271e7966ee2479436d75fafad45925199ff4ac931fdefaf

          SHA512

          d1fd24ec012e7531a5133a6e4ae05b3bd571f392e0d95520d329ea6bf7dbfe684a9d01fabfd1317ddefdf7aafc0ab7f4b9d0fd6e7a775159eaaee799a735315b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          4bb2f2472c84d6081960d90a5923d64f

          SHA1

          275aed983b021c8294f2eba371e4f7ed2c764c8b

          SHA256

          f77229f7a406d757fc6636aa845fa58c58f69cd95d7e99f044b7afb8f95fba91

          SHA512

          5e4022ebab138e9eb0d2447869cbfa1b4df679f11f83f2a7609993bc908da7d8f0b9dc804e34e5bb6491f301a1c961c5bc4733d84bda40ea35aa6371f1fbb205

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b09ee26d9184b88714298d8623d81c9a

          SHA1

          29071befaa3b786a5a34ad0ac07cba817f995074

          SHA256

          27d3638cafff9162d292237eb8789632260d122f932b6aef469237d1e7a3e33d

          SHA512

          64f025e4b06788866e860534747562d522317533df847ba482ba917698ee4ea8e70e8670bbaae2a1fe93f5cec9fcdcee442b6b48a56b4b63f997bb98a53c5c66

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          74169cca069ceb5749b71b39e5324021

          SHA1

          f8735ea01eb7e62dfcad17e12e04db69122948aa

          SHA256

          249623a977b740a9d61d59164c4114b770cb3f340627f8fcbf4d0fe58e7979f8

          SHA512

          b55fdbfe59e1a415ec81aa8d7c043a6b9113bc4d3c0327ba70b813dd32bf13fd422bdc4814c74ba24cb837161581e1dd7a0fdf7384fb212eb679282133820540

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          8a61ea5ba2ecf2149f44915e6e9b3202

          SHA1

          9bb2850f197ff63585e8d5fd6cc3b3ba09045a9e

          SHA256

          574ac8fe2864558c8f5d7fa3c3bd4682b611a312c1fbef712db8a763bbbf650d

          SHA512

          8698fa7225357eef65dc47d1a9faf9743ac4f9822048bcc111f39affbf256a0590594dd5c1f0968723fc80a7991493d8f6f74afd9a4732a5a57483986a9c5028

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          492f211328f237e35152b73c0c0ff9b5

          SHA1

          93e100ec57dfd860ad169dbf7313757161b21960

          SHA256

          c02c05538d0430b5718344ef234e3945010e712a8ffe4ec876a875b96d34fe25

          SHA512

          b83aff80045a6fa638847cfcd9f5ab37b5adc94817b5e02196b3bc749015a37d1b8f9afabb74942d970fcb0d46362e44caa2d0f0e1cfc45cfd81e54cd559f261

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          ffce6f61ec1ba3217fd4831d6da8a85f

          SHA1

          56ec3cba92cd9d92561d664f541dfa60e42f7f98

          SHA256

          70855176cad07c83b1e43696920799c6ff66effad6df9ddbfbc27070ed3a2391

          SHA512

          bbcc17e51179ab1444bac8717059539a278d7c86a57bcc9bf802cea397ea24c20196af0069e6261326567b85d65897799d0d92dd469e1296634b28db1873f693

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b97b80b4af01033219d018e887c362e7

          SHA1

          05ce91faf63023ddb2005aa3733a71b79fca764e

          SHA256

          f047033f8c804adfeb074e284c721259a666a91c655ec3b3b9be343330b935ba

          SHA512

          e6580e12f2a4b19d523b4be51ef5e70097a4bba470788b4a176c526c805480c3c62025339e014c46bc96d714cdb2ac6fca0ac60c3201510f7ffc26a9c8d25ca3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          27b442a0480edacfe65682a39c75c360

          SHA1

          dffd2c0749c3997cbfd6049b2d341bf11ee50172

          SHA256

          9608f446d46abf4b6d445dcc8677fbdbefd2f525d96825348ef9d30cbfe48ec5

          SHA512

          9f030ed3a879eefdab7370a87be6e93ace9b57991c7ca0fd6cf8a61640956eb32ee34d8a9988b69660aa76c11a6b1a31e2b32d9c3571d5ff255ce1f431ff6dea

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          8bfd8c2fea7c9a5fd537a60079bee325

          SHA1

          8e6069c0dc29abb8e571def41e9d2ae18804587e

          SHA256

          dd32fd200439bd650eec5ec8e6bb532e87f31ee4f36753613cd4bbcc0aef5f9f

          SHA512

          9f2d08e02e87be5455497ee8e89077e6f41b0442498bbb84a6ab6966ca0a50cac12d4017575d724fdcc1f42c37b14ae4fd5ead4c96a0d1f9d03f9337331a1fa5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          96b6b2e269f835f546583d0c637f1f13

          SHA1

          23f125a21f4d37f6ce60b59d3278902ffbadd6cf

          SHA256

          18dc41c99b19ea6c0bd84dc21fdb2cc03d7ddd18074bb43798575a45ebef4d16

          SHA512

          2c33b2d256b5d193a8601bd2377870116c3bd92d766739ded0dc92dc3b46645135168f575ff912fd9772458ab786348b5064b35a17270c58dc86411012deaaa1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          bff395e664dcf57167303c8fd8bee8c3

          SHA1

          438daf9847711ebaa64d5671f0d3ddaf10c5caea

          SHA256

          59b93e287bcce9c492e0ede52a52c0ab59db3ff61ec816ee988aa82df00403f7

          SHA512

          d1af0bd7c40690130c698a1e3f3c4dbce5e3fd115f4378a5060997e7103950010e6a5d299889698318bb04a3476e5d3e8e21fdd6a42193a339a98336debaad88

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          8f8cd8ccae423aa68bba91cf9c119b64

          SHA1

          022be4b2e42856cc44b277712581b66676f55114

          SHA256

          c1f850d1e9a2895c34b4c15eb7ed25dad8dc964f351fa6aa7f36287703f1a5de

          SHA512

          c0edcdd44fc3eb791bca57b7f9f3eeab0ffaea11abef60717a7b6658f7289aea3bebfa95282f61684bb0a7f54412d185d91ae6d29da2a672089f4b37cba4b40e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          77b5ca615a0c60e485b0fceaadcd4dc5

          SHA1

          ec1ffa083fe9081324ee69a5e535399d308dadac

          SHA256

          497c31614723547ba69c36aab2feb38844514d8dfddbde4ccd77068c5676c44d

          SHA512

          4678d94934d666ebdc40a40043b7e4835b51d31e98a70963031da40ba41d3cf66e924d44e02f7c5085a8c6cf5a2b3e35fe173d7194619fdfea70a9b38ad698e8

        • C:\Users\Admin\AppData\Local\Temp\CabCEE6.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\TarCFF2.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b