Analysis
-
max time kernel
840s -
max time network
844s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
03-12-2024 13:45
General
-
Target
https://drive.google.com/u/0/uc?id=114V0buQLSEn0UNRWuiXdJXfyU8pyBvVj&export=download
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 14 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://drive.google.com/u/0/uc?id=114V0buQLSEn0UNRWuiXdJXfyU8pyBvVj&export=download1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2268 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXRG2YQS\WinXP Horror Edition.7z2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXRG2YQS\WinXP Horror Edition.7z3⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXRG2YQS\WinXP Horror Edition.7z"4⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
Filesize
252B
MD5a947f74abf70fb38cb05082e90940e18
SHA11a9b28e1501626ebea33bf80a5824e284548c1dd
SHA2562a8756dfe319029718516d607ece4429993d23f9608714adc6e05ec959901bdd
SHA512d70cc4a8074f2065bab0a7f85304610fbdd003e4f26a4a7639716d3f535a73f6d7222eb16a58631cf4e15cd586ada000dce0671179c9fcf8139e0c371b5f6590
-
Filesize
342B
MD506ac901d2121a7d48b3567ffb55d4d88
SHA1914907d693812b0b6e8eccc6458c442bf1f12872
SHA256cd424404a6dbe237723c7d8db47a2f8d7deb12716df5ca4f6f4b1d11b3481017
SHA512c3c3ecbc0534058c77f6c67245aa6c765b404abf4553e837df4158c39e1559e328630d1266525d0c2ecc0a4e288d7dbd3bea976ab2c72bbfa8de84cb3a0fc090
-
Filesize
342B
MD5acd1b75d67cae0dd89e00ca2dcd36bc0
SHA1b3662cfb8325d56915310c12ed6b38d5d821647e
SHA256921add52fabcdc3e8d93fabab0b82ebca05d343161d2ed4e2133490ab1a76373
SHA512c583205f2e51219f00581be509a0dd3f260528102660da4f578bf1dc63cbcadc8deeb209b5453d14d8c3cdd3057a77d41867cec9d6808581c3d5a5bd56399283
-
Filesize
342B
MD5fdc7fe22663cfa2b92f328e85c3f04dd
SHA1c0ca3d0733f4016bef04c3e05f3f2ef28d3bd09b
SHA256e8674e33f1dccd7815a0dff79a291c63156a99d055c543eba05d4fa81726a754
SHA5122beab3515240f2a0894490244c4852817772e28144fe9570f578624d9da5e3f514288fb83a7ac7e4fe361e38ee0b23e003738028123c31d74f2ff4f88b362884
-
Filesize
342B
MD51f5894ece5733d5c0d018bfc70ebec55
SHA1d62d1608795e1329560a7f0529c13134b386a606
SHA256cef7c2117cf5c2ee1351f7f23d04a693b533319b5ee24eb6a95ce051bdafcfc8
SHA512ac97de6895d4cd430af373e59b907a6f56c4d2bb92ba71966796d98684ada906347c300350f7621db4d71b1db93c26f36e22d9ccb73adb81c448c1417e9922fe
-
Filesize
342B
MD50d7b19d56b2675d6d40dabf8b55da471
SHA1c9057434f6eaa01e3a0cd1a8798f58d48904ee70
SHA2562283a9e5e028c9cea3d72237538c6a2f245bde346a7f57ee74900de03e8aa1bf
SHA51254ee4636ecf9661b1c349f5af00b6a9b081a6b6fc4b09c5211bdc95e5e525b2accc8797ed801007e4d73258a6761c45944ec74679ed14fd652c6d23030f1215e
-
Filesize
342B
MD583062dde5c053da45a5b9ca245061573
SHA16f1d8f63d296a6dda5dcdec6c86680eeb30d211a
SHA2562249f22b815a43b8fdc1fa9303e1fbd2f35ac5ed1b7d83660fdb50837809428a
SHA51269a9bb00cbb57c8223cb4bbe06b0637188cc8e776dbf0ca3b10e1b2e2c0c5e1d1d52698076b9d47cfe6d42ef984fe34d0c1c692acb20d867d2a7b77f7c03bc9f
-
Filesize
342B
MD535e6b7133e15345169cff255bb82d152
SHA1aacb5c95fb8a2fcf3150e44933822e4945de4ebf
SHA256bb2836141a7e990d29f6705ea08116b69edabada6013b07c77f4844dd8850296
SHA512a046186d3e1cef28420910f87899300d2be7e9012d0fcc2e427296606fd445c6a8e4a1bd707be2eca02365a2c756fb18d97150772835f5de78ef86de2c19283c
-
Filesize
342B
MD5c0bfeb7c231cfaebe1617ce624e623c1
SHA1c128f52d1842750be3e2376377e3793742b529ac
SHA2565c00a13ca8c3ccba56e8ac0607b9d1ea934bdf2398ef722a886c121a6a9f2289
SHA512f0aa6bd3c0ca4d7209340ee85c7f676ac27627c34f8569e91d0d3c0df6f5cafc6d43ed3dfb111ad931a25f69ecebcf8a02bffca49a54500e7f0e4510c9ceae09
-
Filesize
342B
MD5c91c25f32a7a3a63faae2fa613a7e641
SHA17d5f0da17d8cfd206076c34b4255d95e5e7506e4
SHA256db1bcf0358aeb3d16f01063d4f83ecc7ecf2feb7df1abe89983cca62bfdf35df
SHA512e03c91e752aa03036160f12adee29cb7f7d7b0bd9f2d60f108dccaa84dfb879de9c2d1bed9cd8d555b0c9096feb91c0be0acd13bc2646b3079b17d56be5ac482
-
Filesize
342B
MD5b52c96eb8ebb7190f04d8b123722f4c9
SHA10e44d520c73cef7f25e07eec32a3dc56cc4b208d
SHA256f6a1e04f0c79d926d3a50f6449638e42e359cfdbec84f930ddd23f87832ebe33
SHA512011886c5fb63487014c6075316ca56a6d1d39d4e190bb1288c4f18637006a92a656e7ab1008d2c629173716e83beb1b4363ae779a6f0217f6346a4efc15ca450
-
Filesize
342B
MD530ff858b91c6367300b7df8ff730c717
SHA1b4875da049b3a3a5770996ffe8cd70f5f4cbae78
SHA256fbdabbf4c2707990f130531eee5b66f1d66278ec16cda0f73771f623b750e76b
SHA512d32a32e5edfe8df13cdaf524b69418576a16dce17f99f8c3474f84379577d77de8fc3ecef71e0a9db4f2275db30b2cdde4186395b30363458dbe5dc3631247f6
-
Filesize
342B
MD5604c4176036bfac8789c8a27540bae81
SHA193ca6cc88e2793e7132f6f724d945df26cfccb8f
SHA25674bb58422455c8bde9da50ba554dd4d038bbdcab43586737f5cbebce0896df03
SHA512d695a7b2d1c7d58e5479ccdb5dd1daf70030dd4c02694b26413bc3527e73ad81f86eee88fdee13864570abfb961d0cd5cdf37d5472317fabfecaf913fb3dc8d7
-
Filesize
342B
MD5caf1e80d10406e9e447e70d653c56c18
SHA16a64178bee6128cb0955313319705714fa2a5f3f
SHA2565d4f401cb9a344a67ac8c9560e5a34eca82e49657da2f7182e53a016583d9114
SHA5124bf7a0b4200e2bf7d235650b7f5ca27fcc49343e818549db8f0e48ba9c2f7946df49ddc58e50b92d2b1ac076b7081d3c5d96fd1f947e0da28712abcf83b74095
-
Filesize
342B
MD54b7ee5e7bbc3e5b01846e1d9edf50d0b
SHA1180283d0044cb309894dfbc3b80f8be5a85d4cf8
SHA256a78eaba19e1abd27c8a7939b342a324c3886d00459a894528f574568d8f4ddd0
SHA512229242b26667171c24a5a6b09e2b91e678cc0a81b61fe8ae9aa1a0aa7dc1884b8415a790a46f8a3bf31621e4aa11ad79115096f0abc9547b8a8a5039e28b3c9a
-
Filesize
342B
MD5733a3d1be333cec3f6b1ba22ae9a3c91
SHA1ad86c1a6b2eccd4ca94055fd42f302cf911f5926
SHA25657e193929113bf7190fa9191f306a2c12bac1e2e37f634ec916cedbf50e326ed
SHA5128d03500aa7e4170f8c5fd1dbcb9f8f13fec0d3cdb373ed094205a90a048188fad80a80cf3ecf2e655be0cb3727337dd9290c50fda736ba7f75f2f6a0b6c1c8aa
-
Filesize
342B
MD5d9f20c8bf0b8eb9c9a1f81aec032d9e1
SHA106b46f79492264eb792d75cf229d94ab3eabf131
SHA256cdbfb00ae3b14d6f9611b7090767eb87f08bfba0b7af79216d8bac09b9b33fc7
SHA51281edf66a6e6e33902c7cfcbf0f306c674f08231204cab39ef822d58fc906ae306089f8c35366122fb589620191beda68cf257ab5fa9cdee1380e0e9be4b77408
-
Filesize
342B
MD5f76880993add2f432a60d69be58ba688
SHA197df72e22d5a0888087d35b7fd4590bd633cc67c
SHA256797514a99232e6a022e1ce168a7a726c3c0d56cf94ca91c4b803049a5ea486fe
SHA512eb3402437c24058d0f5c5619077e7ccd2439e3fdcc338263fac5f7954281c711289f4a6d6666f9080c63c4ec8204b2670f4d6d3277260ba41a9581ecb4213535
-
Filesize
342B
MD51844378a5b13fcd7fc86aacda8e9e79d
SHA1c26b214744b051a9725011d6ca2d5ee3b287182d
SHA2563f26e5586dc94205d39b3d31c02302625606c67fd419437cebd1dcbe3e75df85
SHA5121fe701a05a38e2a9b224cd91d025b5c6b2f03a1e89be007840296d2a948b8d71b7804680cef07d5f4a8bdcd15f46c2fc135c25172dda075f43c29f50b0dc8a4b
-
Filesize
342B
MD5718267bc6a247d698c790e09f37acee2
SHA1bbb333efd4e067b5b6fcd2a2a11a07f51b853d76
SHA25669f50774ba72829a73d3b48f6dd76f310b1b6e4d23113eedee394679d1dfad90
SHA51234d8cd1c88ab15579ab6feff24012b181cecfae561a8a80281bf19b5814b811dafe190a6d1d6111450b02706d1cd4bda9a2e3b17932ab8ccd1fe113192244d23
-
Filesize
242B
MD5bf8c0b080f62b5bb5f0df9f16d8286a3
SHA16c306d6fa64bcd3e178018eb106b7fb5ffc2a1b3
SHA25642568995511b3be4f362476769c4e150e92223e8868e1fe5c4cef780de79e086
SHA51292f34551aa82d7d31ac148c09996dff4423db78d954b1bcdf1d86aafc9970b272a2867abc864a1ac84262421b5c6a648ea7d5470d0fd0814f631fc78e6760980
-
Filesize
1KB
MD527885d8d9bc61a95f935ea4d2a5659be
SHA127ccc746295d3f70de72f409592a2df4246cd1ea
SHA2569ee4fdce8315e5de44dcd66de10ff38cb41af4f322db992e88247effa7a5780c
SHA5123abd3c49db345638522a38ed8846659085b57987b60beafb3301a01aae22f927d180f5f3fb3c777ca305e46fadbfd61237863ff9f2f41370273565a2e3351926
-
Filesize
44.0MB
MD5aa45d1d70efa630ee7b64bf5fd0a493a
SHA1454090d52076c121ccf858291461805f0272d559
SHA2560c0267932bb202aee030f44277881680dbe0f9a9387a2b1c601dad2048243454
SHA512a1fbe8ea113fb3e4cc266f3aa50c46e87acfa129e08adf98279da2ab7dfc52da963bf7ab179fdc68e23e5bf8ff5fa3ee7e277e885f719c23e831fce714540248
-
Filesize
1KB
MD5c66f20f2e39eb2f6a0a4cdbe0d955e5f
SHA1575ef086ce461e0ef83662e3acb3c1a789ebb0a8
SHA2562ab9cd0ffdddf7bf060620ae328fe626bfa2c004739adedb74ec894faf9bee31
SHA512b9c44a2113fb078d83e968dc0af2e78995bb6dd4ca25abff31e9ab180849c5de3036b69931cca295ac64155d5b168b634e35b7699f3fe65d4a30e9058a2639bd
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
