Overview

overview

10

Static

static

3

c35b3b6eac...18.exe

windows7-x64

7

c35b3b6eac...18.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

CI3.exe

windows7-x64

10

CI3.exe

windows10-2004-x64

10

GLWorker.exe

windows7-x64

10

GLWorker.exe

windows10-2004-x64

10

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

bass.dll

windows7-x64

3

bass.dll

windows10-2004-x64

3

readme.htm

windows7-x64

3

readme.htm

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    04-12-2024 16:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    readme.htm

  • Size

    9KB

  • MD5

    5b96088417f22f5e29a2e4085001c336

  • SHA1

    3e65d8e17273abfdde2d03d01d112e0672db4cc0

  • SHA256

    8505c9dcfb645ebb69674413fd343ae032b17655b870aa0ec05527fb0725e21e

  • SHA512

    31cf772129525a9a31502715ffdc3b48144a294bb54e092a943de0d6218e31e873687e025572502c518fb733f90747a8967a2d0022f5af3ba166b1d34626c7df

  • SSDEEP

    96:SM7bUxV3bpKQj6ZVcZPBPMDhi7aJr0QDBcjrfB/7fZN+D9oP0Bq+XEZuZSbuJgr:Sz+ZViPBChi7aOZE9oFZZv

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\readme.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2568
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2568 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1936

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5cfcecaa1a8830e274e43c3aec82353d

    SHA1

    6214675f6f1daaacabd551c6c86094ffa0236598

    SHA256

    5aa3485495d62998635aecea281cd9ea6cebe48b49733d243917105b8ab7a28e

    SHA512

    14eb01663b992a7636ef8ecbf8ad385da3dfd7a338870b69ad119b6919bd6850016938935aac0152ff6a60ccc6804cf97c63e1cb91d4f6a20073aa892d3c0602

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    43f37a436f4d3dec259a9c01a20eaf2f

    SHA1

    3dc44308e45079a0dd1770eb64f1dde4d9ac4171

    SHA256

    ad5dc06a869ad6ae5290566e1d8dd5a03a498a6f91e39bc0eed2bb80aa4115d2

    SHA512

    91a84b0de78eeafb522b77958d2424d9ebab00b57aba1683ab8790013d8b1c01b840f51d133872a5587f227552b3df727b990423c59736e847f0bb55ad0a286b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    faa8adde7684b00497f53bfaa8066497

    SHA1

    799591a005bce4ace7407821f7e68537d1119048

    SHA256

    dd5ccada9f8b384b0c277836cc524c4d09b9a30cb951b68de706f6804f53e307

    SHA512

    630e9f09b559c48490a313a96f30c3b5a264a5fd91cbe1d8d6edfb14dc7c7e080c5a8bbc40f018fc1ed4653993d5f5da033698d7d9c2c5939cd12d532bb7d474

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    beec7b7651d67e0317f75f8fd81c23d4

    SHA1

    406e99edf35d5500918478c09b5b835c740dad20

    SHA256

    f41f49d0fa58128293d08d9e3e85d200d6d687e58a7da2a183dc27a8c3e68d28

    SHA512

    e173d8e6eea1f81c804865ee94d058e5522528c2ff316c9b410aa70c4819743976c97fa82f4254706ac555d47a07171edfb26163ffef064af242298bb835ac1b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3758e4493184326cb586eb959a915af1

    SHA1

    96934e16e63daaadf77e0bedb2c76dd98d6800bd

    SHA256

    f0367d93c1c37f27356aa849e8ce255f666a552f430b1813690f2690f6f7eaee

    SHA512

    bd1f0e86696a37a59b85daabf4f0a49530425ef7ad12c6c684aaaab1811c3c698ab18f1dcaa74d47385e0c85f7089d6ee67f7d362375623f347a388f1ad52238

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    22c38736604c5e211654af7a8fa85926

    SHA1

    a64696891fa94ae7ebc348d894c00591bda1af6f

    SHA256

    7e6a2943d611cdae982edf7d7f03ff0518d77c6147efdc2c17d2d5e9c1180ae5

    SHA512

    e7e634b0ad8680903aeb51a1efca1dea352a7c2943f8a5c039ddc7c5e17fe5462fe263babf3504a5f40cfa8f8c9a6be3af21541ae98a75f7845aa9e880c6a009

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ec83ece8cf020e7676e81bcdba2a2790

    SHA1

    d82f0d80d78d7df1185cf7637ed7374a75357349

    SHA256

    e06c4c7a4fdf6d1104a722bde9d8f488836092e091cfef291157768ee157cfb7

    SHA512

    4b4c41a15a38ade4caf3d92d9570ea78cfde9ee63f7ba545f9b9305aaa2354ed39825f70d5d22807c1ac939a9729f0feb533e7c4fa717daa9e953a774fbaba11

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b0f7221f8223e7acf53c6df7877859e9

    SHA1

    dfd6e999f8ee589f13862943c2677f9061fe0af9

    SHA256

    97043ec81d72b94af420f1654464a25cf1130d358729a698892b7e54c88e1082

    SHA512

    2655c3c4cdcb489d8225f30e10103734ac28c1401c421633e8b6f22a6d42591bc3447ea344e9253b88fbfc72aab00e3af22c8a84a9b79be1d4bd18628918c32d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3dce69d2587103d1334b0ed1712dccb9

    SHA1

    60e756888c7f8dc9e6e6e7ad13edb6127f4be606

    SHA256

    31b4fad6f0bf481ab980457c02831ff472818b28cc6cdea54f948580e573e3a7

    SHA512

    19373b4a529fcc2d298e452edccbec1357794e23aa2aa7205845b8d78b3c33a761704d9ba4a54aaa9cb7b51dfb9f9aeccd8696785559ed62729ca2d1d097fcff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1c23a3c84d8050ed704c4cb21bc7db40

    SHA1

    2f67cf28e49998fa885efbc2f7ee09f6b6215f92

    SHA256

    16587a294a2e0f4ef5818f2840f7a08671895ec89e6d1414f64e873204b43b0c

    SHA512

    49563fb484e7b6cdfea24189b3daf59b51a51ef8ca261ed82bf52b10593dafda31c14f2fe365ba8961c8bc6f3f4422e03e903d8482c1b6128d0fd5ae30a9d28e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9b6173c1a5f42ad97b8864c46e26f992

    SHA1

    70a141d443982c2c92d58bc70dda01409680a4f5

    SHA256

    9c4d5f82c4f8d4f710681e642c1351d6a8c0e0b4c2d771120ea0ace6e5dd0b12

    SHA512

    5b59e719eedceff7a7685e1d9cee7913a304ea524880f807a48f3b5dad6c698867487af9159f4c8ee35550f3398236ff0f7003d27b37239dc0068dd41085235d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    78ce3ca838a85d5971e2c4f12ab44283

    SHA1

    b7233d8c68cdc4748fb4868b03f8e69e9cb2ddef

    SHA256

    80238516b7d13f48a8ba097836c3e98d9731dae488a000e48f2d9a3fe8e9f5bf

    SHA512

    1eefb0215b0f606ec938bce375b3ec4a7453342578c051935f77d828500f4baf335bfeaf17a46f68adf420f4b88c519b8f109d29dfab8ebe56bf059574228477

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    588cc801c01421a447afc21a0cf22e84

    SHA1

    30c6eafa291f17619ea211bc5a3ca179e7b83524

    SHA256

    7201145a78314c97fb1cf882c87b3bd0d9e2359c5d5784f93ea7eb61c75d1358

    SHA512

    b2657d68ca2cd0c04d0e894947c7a1a8718e9d741a330b576fba4af6a3828fed9d741c0430ea3a6680742a01b50abc75746c271f5e03282474d7e2531dd2eb37

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD184.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD243.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit