Resubmissions

04-12-2024 19:24

241204-x4fqgsspcn 10

04-12-2024 19:06

241204-xr4a1swncx 6

04-12-2024 19:03

241204-xqb55s1req 3

04-12-2024 19:00

241204-xnnq6awlhx 6

04-12-2024 18:20

241204-wy7fksvkdt 7

04-12-2024 17:37

241204-v67kwasrgs 3

Analysis

  • max time kernel
    119s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    04-12-2024 19:24

General

  • Target

    sample.html

  • Size

    19KB

  • MD5

    dcb9d87a83da8972f5cee58389fd1805

  • SHA1

    04288b3a9f36616088c0111bea2473c8a32a9756

  • SHA256

    2ea93fd81425d720cdfcbcccfcc878f16f5e870139e14b851d149679ec82375a

  • SHA512

    2e5cc2973b00f2d9688c4cd051c3b40073828b5e65fbb4cf24f0123a2c262c5bc09e8383d4a27fafd4acc96c380d9b7c646176d4d92c77f337065dd69acbeab3

  • SSDEEP

    384:X6CdeU1ocy4K4lbGaIBvhpNC9CKVlObz6r0sZZfk1xCejiw:XVdZ1ocy4xEaAJpNCCVbz6r0sZBexPiw

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2700
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2812

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2f780364f4608954de3bfe5ccdef9431

    SHA1

    18db9b3a2690363aae3d640dfb413051fcb72904

    SHA256

    bbec7dce898487b2be084e49007023aa6e6a5c2e6c58ceecb07bd5068e59d2e2

    SHA512

    4652979111d5867145cfff76f7af405981414a4fea67558e642cdce35f9a0e155716e7c8a95ee5d81cff8a9a75b77ca5e7069c3ee399edda2bea115a9ca5cfff

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9e51d014b87fbdbf55df90efbb90d14e

    SHA1

    b51446b14f8335cefd289f148271b05da3d7a5ad

    SHA256

    0c110c861ab779bfe131c00bf6e36c3a79b6f39bc6fba5ebba1ee0c266cbb4f2

    SHA512

    7173371d0866c54e7412db24933852ba42a0ef72a34baf4778ea07b23d4ac9a0d4a66ead9cd04bab45024e14e67c3cf63d51b963ea59329f8ff28ac3e74e5c3f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    af0d45fd88f1a5cc655b7209a161dbb9

    SHA1

    344f9e1c0b1deb9f811c47cbeb55ae4219fc94bf

    SHA256

    fb98e2834c213cfa67db0bbe5e05f5bc102351c54ca13d44edc4cc82ad18c85d

    SHA512

    ca83aaffc6dda0417609422fd59e3b8c5d3daf5d9da623c42cd5c72a4229d5e10df9d391a9c2d8b648dee41d73f37281af135e2922f8d336ade4f7fee1423592

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    92cedf7bdad86cdd3721c5f78f939254

    SHA1

    8f2b24f5210f6dea1d64d4cad4b575314177dcf2

    SHA256

    7d0d0a33fdd0e733778d9bd976804f654ef5eb2aae0f77c10057741208f6a721

    SHA512

    6e13b63eb97f52ff694b61485ab1c4128f78e2b4b5dce53b2995ec226672d373318f87aede9fdaaf43d50b58c992bbd19695422283bf5fbf0454d216fd60ce83

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6b3f612ec9bf5aee5af4b1f721949156

    SHA1

    61ccb3712c8efb8c87283e8125d1bde358a6c347

    SHA256

    2829e4ee2ecdcacab17ee79d93c14869dc3aade7bd26327315557fcba9ca2c83

    SHA512

    ae98d41140fb1f9ffbacd8664edf1af6f0721b455efcad542b9059d4f3b314355c5b1d8587cd2f4a026d1edaf029f0424bde213288d44f480efbd59d6ff7342e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9291926fdb5a2b04c8cdffe788fbc99b

    SHA1

    b21b1e9e92505734ea1ef7fc88c9231238052e6a

    SHA256

    9e15c2cd16cb3a400ac8167902ef78b11826f5825be79dbb14ad6af3d3d93365

    SHA512

    ae3295da41be6ca07a93d16bfe1be8341a95f8d85968f9bbde9f613fa04757e53894b4253a35481578b406442901ded41473e0dfc56f897e634b9fea0860ee6b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e93502fd98565b8cf51b757ceac9cc87

    SHA1

    ce998ab0529e1f8a83b352c714f27d04c924dfcd

    SHA256

    436c356e45132b210f43c857d1a523c1066b765ff02d48a699dd6e882e813fc5

    SHA512

    bc4111e7f0a87ad770ccbc46220e96ce07e3195256ded2b613759f10ae6259dde2af133051853d49b56e620e2b76487a2bd208f27366c910fe9adf404874520f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b25045453c2ac0410493b53c5a50457a

    SHA1

    bc10682a23e82b1930fd077b901dec2a1a0412dd

    SHA256

    baab4d11bd448545729408d902ace28675c6605540f4533f7fd2a189d13f06c9

    SHA512

    4568d029ba4ba14336791da3792cc3bdbab90926aa5b46f92e928dc18b09ee2b4bcc8dd772e30cdb673afde778a5852288ede4c0c635f19c3e77e3a4c6f618e2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    723f14ab2b145a503108a3b6fd810d58

    SHA1

    19d8312c3e14405fd899d3bc0975cac1553d6f71

    SHA256

    50ea6b86a4c8c4ecb28b9543d0ba423210c76e85b284c39c38bb5495f8e2f627

    SHA512

    1bc267b37a033474ccd623b0e7a9aec2ea83713bb364140b6c9faf3f2d272a44db6416de6d5512501aa3f84aeac9ea3847cc73e2cb770e09135b37ab3f4ffa03

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    234df794794e8bb847b79560ddd16244

    SHA1

    80bfa2df316028f78afc3e7ccee1449345eb521f

    SHA256

    201bd748f1b1e0cf331c8c5a0aac91430dc1384a0e382fe93613cfe1f7b62fd2

    SHA512

    0583639e5d0a67e3d677d0fba8a6214838013b70ebc21fd61639758ed6238900d1fc4fca2b1495b0045276d76f4d82e1b63bc006d9bab0e5608679c264eff090

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    96593dd2932884f03407b15cc57fc017

    SHA1

    dd6de0f627bef47485c77a8eda3def0500d4c015

    SHA256

    ac5f9f27abc838e8a4fee0e3223629bbbdd0d01b90b66c6ba51c1dfae9cdb204

    SHA512

    ff2c6e5b61d0456d3f5ec3d3b0d38abf2ce29d11a37d25e97962766cc6cb1c5ff16817129c7e0f3b215d287ced4f6bd413a81000b0fd4dda3c136834e4cea39c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    45d0b26a84ce97df88b9a80968453673

    SHA1

    9bde404fa981fd4bf3cdd879cecb7abb2a9c7821

    SHA256

    937196130c5927e47bb3210eda8f1c76b11b7b7167078a45bc222de87c7b614e

    SHA512

    df156f917df3fe76639339eedccffbddad6881bb4e18df529a5172f2f39b632ccfa8a29044eaefb8b420830bc2d1e9b8e6132402c659c64707f342fbe5693afb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3e3364b8a9f4fddae02693761cf6d7bf

    SHA1

    48062d9a4dc0f28929d757c71fd013634100f846

    SHA256

    61a6d3345bf3feaa727ddbfdbbb0010970e4247ab5b5a313ecc5853d48ebedbf

    SHA512

    453829ce4d3591286063038d8135af9a49f3b8b52513472b4c0e34638e9b7b82b9052b0eaf83f97e1dd6b3883827458e7c445cf1bf4075e6c276c5bf99fc5865

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dc409708c709b42a39c69069ad29ddd7

    SHA1

    7d3f08b703215ae0ae5ab0591fa13683ae77c888

    SHA256

    e69575bdd41f6e8d01b1bf9a2bdd290cd1b93b04f5ec4ff386d509dbd51f24e9

    SHA512

    ed695a1489fa75015d8d944d517f09e9631e5454bdc161668413d3adeb883aab41da512cf4a071b446c7490eb3d7ea100b91fe4b7ad9d5362ac9fecdace48bdc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    54b4cd79c47441664271d8886f7d44c1

    SHA1

    8dc1a97f7249ce75d25fe3eac350146fb02cd039

    SHA256

    8ec32643f090dcf8ab543007515c3defbdc97ef66c1d9829dccc6270726b9007

    SHA512

    e7075df204f62f33c051f9d0469c7acc5d08d011824bb394de49aba05445363b97d8c1a5f0c8a0a0b749a04b53079317e77c63b235ea1c9eb0962eea4f68fca9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1eb8bfcf885c1303135c4fc7b17a7c30

    SHA1

    ecb2b790d82fd23aea59b76fb4d615a3dc7bb298

    SHA256

    9af83424619c220bb947578f59b39ae12346279a2b2dd35055030058a5794184

    SHA512

    ceb27c8f23305504f41d466e6e8404fb042f651785f58c4862db66dbb7690c81b7be13d131e0e754ee181cd7632b55fd207f74ecef01cc8defb6427ded50860f

  • C:\Users\Admin\AppData\Local\Temp\Cab5CE2.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar5DB0.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b