Overview

overview

10

Static

static

3

Purchase O...65.exe

windows7-x64

10

Purchase O...65.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Tikoor/Fel...-0.dll

windows10-2004-x64

3

Tikoor/Fel...k.html

windows7-x64

3

Tikoor/Fel...k.html

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    29-11-2024 13:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Tikoor/Feltstrrelser/Ribozos/Quartus/vsock.html

  • Size

    1KB

  • MD5

    5343c1a8b203c162a3bf3870d9f50fd4

  • SHA1

    04b5b886c20d88b57eea6d8ff882624a4ac1e51d

  • SHA256

    dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f

  • SHA512

    e0f50acb6061744e825a4051765cebf23e8c489b55b190739409d8a79bb08dac8f919247a4e5f65a015ea9c57d326bbef7ea045163915129e01f316c4958d949

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Tikoor\Feltstrrelser\Ribozos\Quartus\vsock.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1620
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1620 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    48a11f099bcd4626e7d27ebfae14f05f

    SHA1

    07eaba4dae9fa84dcb13ceedf2948fb68a004495

    SHA256

    f61d1efa4378abacc65ecab2637075392245a6619f38df0a50172964bc72611f

    SHA512

    10f594d1188988e23f9a64040b072f1ca03240950133754dd3066132422c4cbdd48ff6ff44b110028415ef6f662b63be92b3dcec8a055c78cb5e8aa578fa9e00

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    93b826a78f79ee435f4bfb710ce0c7a3

    SHA1

    d53bed9c3078812bd5a1558d9326c7349c546267

    SHA256

    bbfd1d2f2cac685dbd1fd092d43b8939ea8bfeb1d0de18b0ae4cf5c170ffe54b

    SHA512

    eff604641cd4bb19459c5e43857f2e69a4ddc708525425983ea71fdd523eadfa30d43d1a5f9931262c1028718d0288d214b67c55ed67b1d2c82febf178759c65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c735e97d5038a3a7289466bef723c3cf

    SHA1

    dc6a134db75f96fecb5e5e5ef9e1d8ad4eda9488

    SHA256

    1c7b07dcbad9f7d7a05169d2477526b00a0623b246fd0a8a7c0b173cfccf0212

    SHA512

    258f015656e26f36abce5b01f851bbf6999c37611cc21b235e1737e39f598a2382b5356d8e93320183d2ee5ae533a18dcc374fc0caa852de5f7f337537e63646

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    63b2fce1ec94db40be748fa0f5498ea4

    SHA1

    d02f32664f8081b3f0497a4c5e32a2b53bea29f6

    SHA256

    d61b208c5d7a2db96dfb5a274726ff2f6cd5398e6547a0ec74c8e42d15de4092

    SHA512

    c755e24ee44036d6698553824a0c13b5f303da61cc1a1c439a61705b414d55f44b5be9f2e9e161376170ca86f3c207e91fbd3fc2048098d968dca0f8d1bf3e47

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3d0cb941209dace9515dc6d06332e3c4

    SHA1

    0aaa876469e6995ae4767d15b4179dda7e9621a9

    SHA256

    d691829f1cf4c2e1ec7937653870c849b9c1f86f90ee683c2ea5ff25447a998c

    SHA512

    34965e588777e98b8497064a6a8fdf35c38b3d0c943422fd8626a06d5ad0c8359a5df581ce6382a8c6944c01b3a3152b8b6a58b20f053cb7ad1503e468a3e776

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3a8d911b061adf6d93c883ef10a4a9e6

    SHA1

    eb2adf0b48883dbcd9d5e1a5954388fa7ca6c57c

    SHA256

    ea97b261c42bcdcb2654d1fbe44893b4db6faf6de774882d5fc4d2b83c0910d9

    SHA512

    5307033c182c6e67f78f34eb208f664ed714f858f39d2606ca6af44d3669fd3554b97fafe3359f8fdec971b79ec03ea31c0cea6d009b4b279d9e80ec11a92465

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    454dfc29e9e638df7f6ff3c06985f8d3

    SHA1

    61be70d5b14726d2276549997783ac0efd96726a

    SHA256

    0c154526a1a7afd25e5db8ea9dada53d3cd5c162e971d4778888fc8d030ec9df

    SHA512

    1d527e515bd262dd526fe00abd187f7c4d4aeebe9b88d5bec59ef78db898b17ee72378967b7123e2ec29bb4055f1f2f0b20ed087a82065d3e0f49ba41ee26874

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    87cf761dbd469803a1b5dba48e5dd1e1

    SHA1

    e1329de9d8d060d7e547be7fdab822dc6c44cb35

    SHA256

    de8815f71dfaeb75c34d00b704d76a2f9aa57c4c03d1b071b1479f069a81dd03

    SHA512

    91702c8f435eb342151ac9efbf1b9328df6ddc4b76c1276f3cf3fb04e1646ada48f9bfe297de6f77488361d04859bc04860ef061e4ac58e4a05779760dcc03cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6478151fc33e46744641f3b841b7d7df

    SHA1

    959ba077a775f676bc0aef4c662013f6cc462303

    SHA256

    6a46a15590359bfd7d3234e958cc4ace6660aa90d06e244525ba828f97b96e84

    SHA512

    fc35e60f46e3d8baa04695a8b0db06547bc3fb494e4339472dcc87d35eb9bfdb5448fc24efb0adbb67892057320bac4ce4caa89b89529b26ee3349ad716690c2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    92f8fc66a6b974843c7213acf624dc99

    SHA1

    3373955146d2585dbd15eb4596b19e6511725de1

    SHA256

    ef133cf2dd50a4bb588572a9de1735bbb92937885af17da495a803032ad4ed6e

    SHA512

    7ec313ab7a2b0f32b584baa9ad848ebf6d9ecdbab3c93266391218579add69bda6cbcbd6ff081dcfdf45a8cc06dc2a504a44ea3f9282746283f49eeefffbc848

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5811b60abd8f533d0efa6c7954329c6b

    SHA1

    c3ad6a7f3454379fa5421d334af74705fa0c4257

    SHA256

    c05f9f5cc1d16b7b5d83907497d823e58a9638d1bc7a0887b85fee242b59c0a0

    SHA512

    9793b5e50f23eeb732064414faecac027855dc4e898e414a0eeb6538be9ffbc3e6280c0d991561f3d6fad45f6b1ca59bf292e3553e9aa7d1e8fd1181d6389ff8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d831b53eae7bf96a01aa08917b4d7afd

    SHA1

    57222f4de9b6f6fc5b61e9a096e0beff12458770

    SHA256

    2fe737c7657f6cddf294ceafef1a67213fb835e9cb4d6c1c2059103031b856d5

    SHA512

    519b8340c63b1c82bc422c3e997be9403f3d064da84dfd0fbfe39b2f9fcfdefbdf6d5344928b5dcae2e64e9a56a3424b9bb0d3bda1356602a2166feeac46bfe2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d292b832ec9105ffbffa69de08f83361

    SHA1

    5bd37032777f93e58e29f27ea958c2c670968fc1

    SHA256

    6c7473a7acb2d8afacd7288bb9de372980322d99065a9d6b579c0cbdcf5d7fa8

    SHA512

    fdc0db428f76f19155c1771cdb176695c81eb28bdab5fec371454a91eabff6514f5df916c2b4798fb54cb40d47ec255fb22ef5f4c4eef8013a3633ec3ef969bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3314c8be6973e452920d610a3f52a2ea

    SHA1

    5813f230a213a949d050a3f780f06e7c5b50eac7

    SHA256

    c8209226c25313d5f2cd853cdf7bcbb95610b6b1fddd94fa9dabfdc7b5008057

    SHA512

    4c49175a69f873e01eb95fc7f9d71df3fd6c3b29b3efb1c33462b5dce64ce6c7611ce4e34f47ad82093b65511bd9385547115f5537a19e9da3b2bfcb457af9b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c9940e60674d327c4a226790add9b790

    SHA1

    a580590f5bb8e7ae27cb42c626ae9652cae61355

    SHA256

    eeab8a122e3e735a3243a30efe8995f90f20e0aaf48da7b636559ef3ed3c146f

    SHA512

    e29013cbc21df5e49e22dfc077a44d105ee56fb29106d5743978ca110af60354c91a26cdf05ec116cdf7bec84bf8b0599d536cec4c5c7b8e9f0fe127c118b368

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7b4d921015d277b0cee8701db69c85e0

    SHA1

    c0a35e4364316a4c63e7e44b7ce1ca68579c4e25

    SHA256

    37d346845a8a4fb8ce89c335fc7bc88853d882f59a7fe09e1409ddecf1959b7b

    SHA512

    3ab6144ff19dabd1e3888da5b10b4792b71b4238edb7a0f588afb89d3ad8228e24b298cea18c541e43cd7e830960b78318681e44f4f42ef5d7074031019d740f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2ED1.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3098.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit