Overview

overview

10

Static

static

3

Purchase O...65.exe

windows7-x64

7

Purchase O...65.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Tikoor/Fel...-0.dll

windows10-2004-x64

3

Tikoor/Fel...k.html

windows7-x64

3

Tikoor/Fel...k.html

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    29-11-2024 12:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Tikoor/Feltstrrelser/Ribozos/Quartus/vsock.html

  • Size

    1KB

  • MD5

    5343c1a8b203c162a3bf3870d9f50fd4

  • SHA1

    04b5b886c20d88b57eea6d8ff882624a4ac1e51d

  • SHA256

    dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f

  • SHA512

    e0f50acb6061744e825a4051765cebf23e8c489b55b190739409d8a79bb08dac8f919247a4e5f65a015ea9c57d326bbef7ea045163915129e01f316c4958d949

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Tikoor\Feltstrrelser\Ribozos\Quartus\vsock.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1500
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1500 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2352

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7b34a3d0ecb4f7e0c3cd84b7fe2ba882

    SHA1

    b262242d8cf7b3f51a391ffcf1286a3abbebb9a0

    SHA256

    92b2594acd7efcfe2139cbb0434dffa744e5ba4c6b066838cd073dfafa74ac47

    SHA512

    16a6875cafa2a1db7460691403a88eaf1b302f749632b74c2cf419ff03495d93dee649877cdf2014c3652304440583f4e72a0476b17e6038cd7a0465224f9e2f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4ed7293fd2a9a828b748cb0a9be5a859

    SHA1

    6567540b0ad94f29f4acc4b6e8fe46bcd3e1116d

    SHA256

    431556e08e366dc3fbec7a4d60c95d7b59ef8722fc311aa215a17807a49650d3

    SHA512

    8b270652169208d194abb61ab9ae5145cf6b732b320e0d70549a829e474c40a759d638b1a9ab6abbaccc5a25dfd4cff7f742ece10083df48d35d24bd2beeddc8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    411ad520372965cbe44b4d59de570b1d

    SHA1

    331644d0bfdd1f0d24b7c82c5d0ba3a1438ddc1e

    SHA256

    94d1bb1640e2828bb4bb6c84597ef4c84a3ef779cd7aad7ca68403f94ac00576

    SHA512

    47208f76869b19b0583c5010496266e7ac1889e19257fb58b5f1d620e38a796b052f9e39a6a3ed15de5338453733b132febd6a5a27ec8ac19bd011f05401a88d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9d6f28c811fdb522f36c5b6d77b6b9fd

    SHA1

    a2d33af6f9d518b07aeec605e558432cd2dc4e9b

    SHA256

    2fcb692945b2b66065942a7ed198822d3e571f51bef66e6f2b51f742f8e6d6bf

    SHA512

    553574d321b5cfdd0057a242813f6de1c7aadb347b65b9af160c6a31b4182e407d10906772ad63d08237edfb80c5d592837bf4730903db72ed1d01664c7d4552

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    686b9d1d8cefc0cee723e499a333c083

    SHA1

    641fa731ad0681ba930c0b28e5cb697a0f374e65

    SHA256

    57a564e6b6af4cd7d7195cf91caa6e34296174e9cf2c4bf1f705897d2e0c75bf

    SHA512

    3c5b4ff6044a489e44be141d6496aff791581c77a4b6bc48fb3073adecfee1c632573b4f5bf436ac7719f603216516c5f83a4d0269b620f5d4b95dbbdb416ff4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    08ba14eb7e5074f6837454ee05198ff2

    SHA1

    79ee250b5f7cd7065d4d30e0f703242bc3682341

    SHA256

    1b20a8beacca6ee1afcce339886f4ed96b45483e0a12cc402fa63734f1c036d3

    SHA512

    329e21c03b546aa0290d3b7501b865ce8288efd89f3bf380d2419a9145b013af91bb1ae250773bdd11ec75da9bc7202bccc731d07f9be1c1897e752aaecd8cf4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    990a96f56e6bb17dd2a1b34630dc43ce

    SHA1

    d74b86048635e6206dcb536f88a1887a9006088d

    SHA256

    723ae398ab32ce2d4eb34873b4b337f386ffcaa2f9660e3adf16c9083e613612

    SHA512

    0a6b5b2efba8cce20b615ffd4011012460479cd20015520b817dfdb28d7cae6921db50f73a5e4a21015d0806f43aeb072350039547f4cddf95800cf8df269a69

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c151fa5f77ef45104793da4d2c3764c1

    SHA1

    1116a42d627fc409b77d79fa61fe8c811fc36362

    SHA256

    276c66daeb5b338996924bb88b2171c0f5f615d420f49c8fa73977316f2bdee9

    SHA512

    4b6ffeecffaca1bb416c191fbc39c3df34260b57111b1cea23938777e757ad066e1b73ea57a312da58e4b8ef2c7764dac5f0aafb0000f2c451ae8ac383aaae8b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bd85655a1762602fda959e463eee2d8c

    SHA1

    b2d8d20cdee603b1ce72c0bf93ec6171aac08998

    SHA256

    0ef0855cc55e076e98ec8cc120841e1f084259fac4a376642ba7ee3e54813c95

    SHA512

    e683bf6bd77eb970dc5abce4ebfee88fcab322c65afc20cb2eea242d5190e7dd65f53f46fc17549d2b5d035bbb4c6154018e86336b6fe4af92a7a08b86669ec2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee5b1aa70e389458fae3b1ef760083de

    SHA1

    c25c44c0728a8949fa5a385452aca39ed751227f

    SHA256

    1b317e32bfa43577dd1503a6dfb8e450012efd74e754b686fee7e45a859677c6

    SHA512

    e1b7c11a852fd6ff21a530419cd74f1399b4021fd665fd8186e1ae73b058f8d72be62de0f68227e1374dc46f83199cf7f5c811226ab22a8fb5c3ef781c55ab0d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    edd779cd117d4e38ee405257ae70c101

    SHA1

    09cc99c9834b7c430531fd02e201ff177cf20602

    SHA256

    febd4edf205b9fa99d337edec09add673c0923c748d262a5ea6893b8ee526f11

    SHA512

    17e68857e58e2f7af2f54e07f7401a86a56577fe17c8e0cad27868a330b6bc99cedef8834ce90934d43ee13411fe0d6c65011ea206a70d7364c809c01cd64de2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a85ac707636f3fac440af258a09502d

    SHA1

    d087eafb24060a3db25f269fffea39360b894ce8

    SHA256

    b43a63e9bd95a2527399afd898aead5fa0fd9bc82e7d36db0ab875cfee2b6b0f

    SHA512

    3a1e9c22ebdcc62752d2021530adb1512ebeb647fb2362056510e21d9a5b1046da6a4e11b5f774ae8d6ee3462c5975a09490b74a335bf4975994bb60dba6bdfd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4811e25364b0f34d0d697e7edb042669

    SHA1

    bccd3613bcc9f9cb770adcab9df50c14cc792a87

    SHA256

    60e3473fc068bf70fead75438c90cd3c33c3d4d18629aab00c5d1cf9fed1fe77

    SHA512

    d9ccf7d607895105ecf6372c5a9f98a9a3e19845f2e90831b4d22f535d144085c61be11618ba87af98ff6adcf1b1368ccf7c75418b228a957f1acaf3ad0e455d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8d974d557858c6e9877fcf16e48154c3

    SHA1

    7715060f9a6e345b834d583d1f6c0fc01235cb69

    SHA256

    6de8814e78e9eb4fefeb66c16c922ab8a7860ea81f0d4712345218da7af955a0

    SHA512

    ef12223cfeffc467da2a93e7de72e06040f3114ae2f484ab695bef987bf2f9401a868531a3896b64fc7e8da687790e64481fb35bef3e80d762680bad658f000c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aa1c748cac750ee4e99b5e62fb325485

    SHA1

    802f4b2e3afa2c5ada89bb162a6caaf5d3a302cb

    SHA256

    7b5c3fc579769f4c8b899eee875a6c2925229d7864e59cb9c86df4c2cbe288f0

    SHA512

    84166f66fdf9f097465f6cb4e65be2655c95b7700c4a82e569c8e263a32fdc1791b3b8560e56807e5f63f8d2813b8d78599ffa0826df7dffa2a368a9616d65dc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    58001686c788d2add71d714a8342c6f3

    SHA1

    0929a888ea0a965cd0e080417476929368a975d3

    SHA256

    84341b8538addbdc29f48cfcc5250b8b78fc5f7c1efe7c23c4a5152fcc5998d0

    SHA512

    5cce0d456809210e54ae8db485e1637dc21ad90dff8679bea5e9736bc4247445c2ac4aa8bbea27554619e22a637e6d41372bfd004882dbca5cdcfa67b28ebf46

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabDDF3.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarDEE0.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit