Analysis

  • max time kernel
    135s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    23/11/2024, 19:40

General

  • Target

    LICENSES.chromium.html

  • Size

    9.0MB

  • MD5

    ae174699b663bd90d8d06c68c6952477

  • SHA1

    8c76eda61d320779909adc541593b8e26b24815a

  • SHA256

    c6737ef4ed9de369077718824f76c5e7026d0e39163e26af8606783e41c93e18

  • SHA512

    3fb72dcd790464dde34978c9d0895376827f4d839b4a199c6e9fe77ab810d62b960babc4b21f6e189dc70147b5fb4334815730f4d1cdec05489c19e0725c2158

  • SSDEEP

    24576:h+QQf6Ox6x5n1nZwReXe1Gmfh6k6T6W6r656+eGj/dBIp+:oAPeGLp

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1412
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1412 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2108

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8267d3aafb2189cbb34cb399de5caf09

    SHA1

    bb49bc56effe49ef9e8b8f2f6a73097463cefd45

    SHA256

    a9dab5bffd0aa4739caa2543066bf83edd29f203003b0d2b6842160bfb89f29b

    SHA512

    ed15e7157eac9228960bc9a56a94afa5fba2e262128a968b127260aad5faeabb3a7ccccd1be44633e255dc1ca7c85118dfa69a4803208a7473cbf04bce8d0031

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    77f6f36fa83fe50832480f1fd01f9556

    SHA1

    0c958ba6c11455187feeb88197a58931e3733ffe

    SHA256

    c615ef8d54d2a84795f8160dc7dfa9e251ed1aec5fd065a6db3567efc9d95d19

    SHA512

    14d7b5868b685a6dad2e8a97743137d5ff76d65a15ae82d53e10f8c7c882e65f60163f7283f55928c29635c5926c1b03fedcd8be065499d7403281cdc0ec6901

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c9b818662e94d0d997a5be675110bfbd

    SHA1

    272602a8d0e82a2f2c3227b080fb9272977d55a3

    SHA256

    ee805dc24d5c37cef22a489e574b5016ce5037d8b3e9135124a625e915aa6a3a

    SHA512

    d66d3cb85dd04b7762ae7f6836761e1dba124325680adaf24195e2caa783ead39819d13487226465a340b74139cf45210f09d5e1ddf983cf496bd0c439dc39e4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2b16755ad98ee0080900359419d6a109

    SHA1

    aee7612004dcb18b82650a02239d7363db714329

    SHA256

    1cfc147cffb0bbc9354110a0d10b7a5ce393162d0752d5cce972d4c134268015

    SHA512

    d0ade8a64f6619b7c75965567ed18d056b9a129f3e41b8dec9a933fe25e9d73ffa1fe993e0d7002e129a616f98e9c02dd0f7faed2936485eb9615f8352156968

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8a78899ff481c1de390200c4741d917e

    SHA1

    0f480a68ba310f8c41a42bc0c44ff7d613160c7b

    SHA256

    e8e9d7904865cd14b5b89af996ae7c1197a6d0e6e14278022faa197364805ac7

    SHA512

    54e85d1d7623dd037ee7e1b9e1f0cece29c240114d89998c2dcced3eb291229e99a820c011182e08b738c7bd26418bb7c524f8b12a212bcc867589eacba9d063

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8369d6e896c6179b8b97917ca620ad3b

    SHA1

    07c596d38a68c0c8155841dbc780c1cbfbd43f93

    SHA256

    d778532f7163fb11a7c6e38989725303d9346fd6559c0d4cd22a8b51eeaec194

    SHA512

    fe27c9e0669ce72c3a5f1f6337367a614246012657b892c112d712c7dec7ab6d892182e064202d378d31568d4c9a9c09e1da6ac3eff9eb148fdd3f4a63b0a70e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9c76afee4615ed68105d18a4e8f38885

    SHA1

    6cdea1732d6ce356f5240bc48be0875ae7ef6bbd

    SHA256

    7aa3037a9b5ee6e0ff80fcdd2af66fd1cf10b8e3c94fe89dc3d28a656596ec46

    SHA512

    4885eafc98d8d0c4356a712432bef104b9057f4d31ae7348b774bd626c0c5836d564a2b09cb6b73f6395d0341214380aa77734d15406deb076a69d2b26992bf3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    18b3b1a1b4c8103e7c050dd30d5528e3

    SHA1

    e39bdca65032b9517acb7a20a3e9cc26d352b246

    SHA256

    ad91feb61cfbcea40b50af9ed9f027be055d900bd4baeca1d41deec4681db27a

    SHA512

    6fabf5d6f1499dd301c13768c14262bb76dbdf915f7dd1bfd3ed950f5cd12d15b88655aa4a3f47d2a16c0f53dbbe5afc18e522a3993a5a87888d9986c591a685

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2b0ecac9708b7ff1114562d448af5ea8

    SHA1

    1fd687fc27bd0f8e3f4e9ced70fae1a07f9c2663

    SHA256

    72fe7e219fc36515580732e7a544b7db9890d43e71997ba47fbf82ab30cbb8c7

    SHA512

    a9ff979abd57b326504664acf08895073c7a3b54d6abea1a41292f55862ffcefa919eed4014c9e3d28867f76bbb009b83e7acac64c3a85a7d044a8996c4ccc77

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    560ec6b3d69613dfa7bd059efaca77c7

    SHA1

    8e3774956f725ea519afb2e0de40b7ec4111cbc6

    SHA256

    6fd8bb3c59a4284b9b823a9df625f48ecd7e4d05df7a26b18806f82e8093484d

    SHA512

    1fb68d6e3d3215da5de2f63242d1c74dd21cd60443e5a9a7fd8e16a242233be7d4c4a113c8703e76203d0d3c27dbb31e4701093268ba2d844a32996e7a04d54e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    349e03c6d87e2bd51abb4b53f6aeae23

    SHA1

    5d9cac0ffd52b3decebafac4f52889cae26ebd8d

    SHA256

    b01d0a3514825bb35ba82a3928c294416feef9e23bb65827c86ab923fcdaf710

    SHA512

    13df9212098f42451be73f631a2306a13816227fefe6403a6be3238b63d4c627984774a09bd1ccbb81feb6f6a7348e4dd742a1fabc78402ba22e8d7861cfb07f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ed5ac9bc0314709279abfbf94716feca

    SHA1

    721cbf7c689e23b222f9fd399c35026cd238af02

    SHA256

    652532b9c151978a6edae423bda49eef89124c8a842fe21a8b4f7e48794ba1e0

    SHA512

    b359d862bd09a869b8a0fce6880577387a2c72db4d303aa4248f8f1b7d016dd0f592e6bac312e9ec17c9bf0c49a6b9011a9fabcd49df70b0850ccb140d8b690d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9102dc112a0be6e3045a7df62066ba9d

    SHA1

    e6096a93db02de99845233da0ca9472f8d435fad

    SHA256

    de379f8f40e6b38df26c23a5373a63053401595e49bc3f21f3c6b739ed8edf71

    SHA512

    7aab584c94881be89e0e18f30906808389cf2889b5162717409e34a7efdec4c969aedcaf4c980c34a7290f6a6dda02de99992f0cd8e2613d4326a5118f56fa58

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1afd9363e102cc8865dd59b624c9bab2

    SHA1

    2255948cf959c116888667faeae746763f2ff5bf

    SHA256

    3e6497c42e3ee0d3f160dbc19cc29e49a0f72b0c450d77349449f5b5ab7dc1e4

    SHA512

    34db2fb96cb22b0420a3e66d053ee02e302b40ed60f7797a68aad8ae47b865468a0b706657f3fb5f8105c05a1c09ae8a81b400631f9eabe6ae541ff48411e546

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a14269b8634ecbf13e8a96773bcfe7fb

    SHA1

    ac24b3ae0c3bb15ccd95f2d5f2c57446763bed91

    SHA256

    548dfa7e208f634f8587b70487b901fc0e35fbf7ad94a6fceba527eb3df96b86

    SHA512

    cb4608782c1cc07e615ae5c1c66988ad23e7b1fde5e93c8deb90abe6b13db6d3ca975cde90d5578d8da554dd5a14c3484544588dda604b9f9c98685e3ec3b2c3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    633d51a454c74e510d93618c6123e8ba

    SHA1

    c670cc4e020d1b3bd7ea7ecbf349d950ea1d9450

    SHA256

    d71c4b6fc4191a4ec137f9f76e4f6ec7e2e004299c9e7494aa3f95fa210353b6

    SHA512

    7f89216381a20c0ff4edf686bbcaddf1c4fe4763958628d07f3d90880ef54af9b4cc1d8b759cf938dc96037b4f9ee3ad0a38bd37b71fa1e480d80ca4916945c8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0791fd382a2014b7e185bc65e63234ea

    SHA1

    0a01c66fcad02080059a7bff6a64d83a111f5d6d

    SHA256

    fee236fb0e2f00c91db8b20c119c942f42f83895c1012fb756a964b24c2bd9c5

    SHA512

    ee4fc38d09b2dfc8e527af889a05bb290c57f0be001778e303c9453d58b3e22fc336e7b4a1a787a9d3f179ca5dbec575e0b0367644de6ff603813fa9c8e3b2c5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    31aa08361f61518131d9e9ec1c056a36

    SHA1

    9e4387feb0f305559df08d1f2a1811f0d87d0bd3

    SHA256

    af1a47a143e0b0930f97ee16098e510ea4a3a5673d8b96384e81cb5fbb61816f

    SHA512

    880c96f6c3ee6e3f957b1de33ef96d1f9f6561b5df5fed3d27def312a4bbb934b5f30ac02abf0f1228a3141ddba54382b47913a93d903b4b9b65b720cdc02db6

  • C:\Users\Admin\AppData\Local\Temp\CabDF6.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarED6.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b