Analysis

  • max time kernel
    122s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-11-2024 11:26

General

  • Target

    Mercurial Grabber.v1.03/Mercurial/FodyWeavers.xml

  • Size

    139B

  • MD5

    d43cae162166535ffb77fe23ba9939b3

  • SHA1

    a90ee3518fcb92bc6fdf16a699b141f22b9b7946

  • SHA256

    4448546786231d0d396a9987bc8776509a7a6f6fd755fc68ce63bed29ca8ee33

  • SHA512

    30c836160cb51cb162391cc8172e620564d8529bbf618c930a0de4b037f977f03a9a3950cc3546194c5d452435aeb2fcbc416a8c5206b05710c1b11168d51e2a

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
    "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\Mercurial Grabber.v1.03\Mercurial\FodyWeavers.xml"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:876
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2336
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2356
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2356 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2864

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b915b6ebfc716c0cf8bb2c20c7c64f4f

    SHA1

    bcfccfd1c347467f31b81a3ac1a918d217147846

    SHA256

    a2307277dd2386bbe735f9e0e7e760a33191539d0ea03410f218453aa4c2d6f0

    SHA512

    03014a0f6d4309667d564313ffae0cf388a27e06583f49b939cd21b763b1c337632298195da5290dc4364800b812be62bd828a924fe08df307784f11c412567c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    895100c1dc8df2e034cee211cadb5753

    SHA1

    82c19e02712b78163c20a407e688851ac94bfdb6

    SHA256

    65e045377726410837f2be52306cbdeea7555bca8acd533be09d841243c3da14

    SHA512

    ac86024b94f6ccb12ae9c6632f3af2b9ae8c17c0490ad9f7a17ecf47405a4019d4005f7b48a7886f609a01865aeb75a00dac69e31a22c86921fd590f24c78ff2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    eadd1a9f86486b30abe751309aaf0d26

    SHA1

    fb519efa758f7787b3acc08e7f3eabf379a0849f

    SHA256

    a66c269846acf0525a174b82184da9f3acf5e62f9e32a1db0ebbe3251e8099ab

    SHA512

    635bfb49fa22be918282836d9242a7b6dbce528c40de0a7525ca2cbe83c6029902ce7ea657e2edc8b29116bad0da6b87a827289948eeaa437b862a053a51ac22

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    90906c4e7bcd5bc88d7e005fee1417af

    SHA1

    d21304c355dc06a3ee2f72504bc6e841aa8c9ef0

    SHA256

    b7b60c319640e83bb8b94abaf32d0dbd514c31f5a8619baa987bbc2bb20af1c1

    SHA512

    14b088366f4eda3a64b4b3287227784841a112b74ba91a61cb82e0f79ff8fe209f577b40f2ed75755c2db238c89c4244468a03a33b6586b51fa5f0e79efe31b2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d4dd2517bbf148fa49507b56e981ecd9

    SHA1

    57307dd7109da565c244b349feaf7580fca4b90c

    SHA256

    af36b21aeb17a708947daab9f29e143b2c7835350285cfd674cc7e3222455479

    SHA512

    77978d5582ccaf026ccfaf7015b534daa7c4dc5ee983f338c5618def4efea2781988acf3c6fcb538323a52c8d6be7f25b9dfa51979efa4724813b35b8ba35726

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f9bf3f91d96b512f8f223929dcbdbc18

    SHA1

    746a832b18844543a023f914dd2b6e8d11fba359

    SHA256

    d821a0ae27f1a246c155d2701e05d25deda07cae7013e43d35c1b02176367591

    SHA512

    57383d0936b90d84fb4258ef7ddff119e30d2bf3c942c56a0091296c1b936b7cc884c972c5fe17d1bd132f1045cb5c24bc74be9f0f9fdd672033c0925a64b62e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    acba6e15210444109bf22e9ceb8d21fe

    SHA1

    0a91caa9deebd72874869c031ef8b784335388b8

    SHA256

    00d08f096afb643dcfd7ad9fd2197a9c1870113aee88b72b5ff7ebaf4a89c0cf

    SHA512

    a5afb2a2481ecdc9483a5753153677b2ee1928475c22b96e100c7eb0c6aa837e829755feba3e05f9b41f9891b87b78c36af0a38a235ce18425a809f858cc3b0a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    23361b10cbc8bcef8c153b2ea5955f07

    SHA1

    5d2e517aa1e550d9992c0040ae6f610c14adea92

    SHA256

    03d09158aeb0d5a13f7d1d504afc069100f1dee63f6ee03beade69c52d27ee72

    SHA512

    c28ad5a425f0a4e50c528d64833e68526ceb2f52fe3de25f85b60260af3a37b1561de244fce4e20602958752fa039c6a06dbbb27e6647175bc5f6cd1a6db8a71

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2b29c6a75f42808543d7fbf048420446

    SHA1

    232b8a9038f67e944f61107e11613c8103e82233

    SHA256

    d71cfd9b8bfb9a24b189c04fb02b141aadbdb76f026197b498130152bbab8f49

    SHA512

    b8cb4f628cbb52a7508381b925be64a38d0937627445b0b4525620823cd41ca275c97b556697aad632f47d267d17cf6dbbdf7154ffdf322f43068f13d32d83ee

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    424ddbc3dd180f55645f52d3f8b1ff74

    SHA1

    610e79c1aeef725e80dbc54a7b068c21b3d73bf0

    SHA256

    de526550b2dc8e30b2347dd22ae8cab50b7a65fd2727e773d15403c562ff8108

    SHA512

    2a1a4f4d775444bd0d78b543ea9dd1367faa9124a1167956f20452345760aec51a6d59c3a623efe9ed2d6fa1ec3fe837aa3f36e75f117ebbdf98487454fe386b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7f1b676565de2562b042b89902079d73

    SHA1

    2a6f0cc436415bbac7164e98a7a6a3a5c2e212ba

    SHA256

    c17833bcb310433d51591491798115ba24b3c9b7ba07561998586fe3e158f36d

    SHA512

    8d08ec03474ab51acfe9029f22a121cc09cff57c4f9de79d28b60ac207e711dbd016c5816b9e46f5d52db28f168e1a6272340b5ca8b5682f9a5b2166d3475923

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4315866d980c6bde93e204767fe41651

    SHA1

    06fa18f41f4866b7e17a9c846e9d4033d9ac8731

    SHA256

    a9fa22300ba2c425708573b2991db9a11280f6f056a703143d7f0c6831b4fc2d

    SHA512

    45a409b387b9270786f8d8de8a412b367e439aa2156dccecf209d963c0e5e020a29a6c470a6b14a7c12ce5006a375920ae73434d5c65aa728b5c3e46b551e768

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    349a16b16e318d64f33c6888426a492d

    SHA1

    a7a453095b155ea46b4c81268f69acdc731c65ad

    SHA256

    59b491984e708001072e535d8d4b4bbc89e6065e10a57bbf4b33429ba38fb090

    SHA512

    86fdf8d435321201273da35a448c0cd568540e6cafaa25d815ba9d839a2834dafcfe26998e06ca115099bedb30739f08d307b5003995fe87b58de5bfa8ec3af3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7c2c1e48da98c28b8bd32af5319d8797

    SHA1

    227ef72e5c7a121c60c150ef11d012bde589e7c6

    SHA256

    81ff3c417bc95f3a6fd3508fe0a642ccd4e980d75ab71fc1a9e4b6b6405bfbf1

    SHA512

    ff53ddd03b1dcb6c9df18a1e29b577e1902704d1f3ea33c3b7f44a8f2362d3bb85ad932078318dd7b591b673db3333c4db2a7e5f4d33c799779d3ef758c8d9cc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    73961f1ec00249d888fc73038f0efdec

    SHA1

    e6e83ed98b6e1fce7f32f4be477b61b344786fd4

    SHA256

    5d912853ef5c0a0ab2ea23cf1c0cdf84c05cc6236e7172c706c49a3f6a0549a9

    SHA512

    0b801f88ad2c6c9b7b39f6a3e259e0f1505011ae7d266e8ab4c5c04d6e4df854d62a404d0782fcc2d1e84daeca02d8f54d30731320fe247138ddc758707b47f2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    79f5f9cc4ee0a17e723c220c5ca1c50b

    SHA1

    238e4b534b2613ce8fe91e274390c0309165306e

    SHA256

    a86e466d358011d605fd5044762dacbd4b4550fb54fe2b78424b03a69415ee8a

    SHA512

    4fee43d75d4a3ff19d4d819cf9586a3195c1b2d173a25c43c14fec497dcfc6546636bcece28e3abde299d90e9003c09b7f9a8d51ce8286a63082891c1a6c0763

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c7146510d4de72e865cef02c149d22a0

    SHA1

    e46252830e60243da7c3aa4a3613d0a5b5321d00

    SHA256

    8f8a0dac29d1137ac81ac3f22243285e4560f0db1c8ae2fc9d7f90f86b9417e7

    SHA512

    1b7a08a2b616edf2c65ae03e01215e766de47dfecc7506d220aed670a11eac72e314dcb59a8c3e6d2ede896f82bf264ed680ef3a0377289bf22533003ab8114d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    80c48057972a8baf7bb449cc6f20009e

    SHA1

    e918362a6062e187671682a8d57bc8003b2a22cb

    SHA256

    154419240c2296e5fd8f2bb7c7e952fd873d5b3072392d318fd3f3a78c1a911a

    SHA512

    c6a2cde358282784a9eedbf764faf7e09cb9132276940236c1e3397f8f9a27af07dbbf052592115ac58b2c534c4b5b8f6502a6d5422d1950395bd15a93dc71f3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f6241652f62710843e43a90d966f6868

    SHA1

    012a32dfb9103b002667d170d75b824cd7cba3ab

    SHA256

    4bde331050cb95cd26d589bf65fe4ce6f1ff720f63a75a7ce8fe1742ebfa78da

    SHA512

    b117f2b04092d31d6d5fdc0657e42bed94f7ef4b52ec98796697fdbf99fed4efd03b53cbfb9426fd84542e76f2ca730b06aa36df163f246abb48cf2d0a416cc9

  • C:\Users\Admin\AppData\Local\Temp\CabF45E.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarF53E.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b