Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09-12-2024 11:20

General

  • Target

    ns.html

  • Size

    240B

  • MD5

    178a6faf504190bd781107f1b20da7df

  • SHA1

    edb913befc77fcc10ffabfd50f07d2f0e28799c2

  • SHA256

    967a4b484dfd1aaf4d771f7c0912d272ef8c1c59cb20e4b3b3a5e3931f495c49

  • SHA512

    b4d13997220edb4501747c772eb780f52cbea3dd31940904979a52c8a63f9224f351c0ee3983525ba9fe83d60384e449e0f93cc74dacb210671a72d334a77908

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ns.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:684
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:684 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2984

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0e7e2aab0098bb2be203f1afe67ee2bf

    SHA1

    32573d8d920773ef781b33d0cd91967a6178aa34

    SHA256

    077d4dbea5cb5f07fc63083b4cc206c409f67e02d070ff7601c38449f5636b7a

    SHA512

    a39be6c53a15e794f978364b6431a8769264f9a21c680a8c102e001934e37b40b2a3e6f4bf4fae86ba811b690f37925d1077e97e664f7b062d2648644ee1e0e0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    abff340b0ae3bd3adaabb3886a296a1e

    SHA1

    c6a33a306423d21438921c5da7fc63a7dfd45130

    SHA256

    a9253ad585d14c482e7fa45f6af7e1ccf04b5ee3f0f03062dcab178aad6c2f6b

    SHA512

    9c6d330ad1f5d413f1854637c5e0dbddbccff742b6ece816c9b1433413e69aaf01b14dfc091eac146a095f502fe6af3a4d127a774790952fb50cd59eee099607

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5305da8ebfd7d2973e687934b1f18fec

    SHA1

    9e0ce718ec60a25e27c36dca5413d97542f1bd6d

    SHA256

    6bc6c85bbbb9236509af6402b0d80c7573031b1d5e029bdbff26a8357aafa9da

    SHA512

    8b97d7c3d02a7e6ef54eee169bdeb1707906faf3e6db2d384cfaed7780709013055cbb62a99ef9e8d4283306ec34a6b7fe887e52165fbf8d2cdb56de4e979427

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1d510387563979f59ab37f0ccf153f3b

    SHA1

    1c90552948efb5a64c9b8ed0be3ff22d66b3710a

    SHA256

    462e1ed79713e599c091dab184db62cc050ab14120514ceddf03e9b9a131ad8c

    SHA512

    82c1d012b9b0d9508430c918096d32e0e1dcc3904b9bb2b23229cc19c3036b98bbac8cb1353c6d44f81df7eb40deab4368605a2dc381c5da610e1880fe18024d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7e1de2d0725bfc32c4e34bef090f8baa

    SHA1

    65b2c3a920e08a01cd4989bef4727dfd34ec22dc

    SHA256

    8ba6e67a2846f44a9178dabc66f3755eb44458130a261df21e04eaa16fe51db7

    SHA512

    91a90f628379566685cbc20c94404d6ae84aa7c1c981341c1049ddcec1b04dd7a34bf8b24978462b37f777aa2706a9a9c14452790ce417061ddb1fd76a1846e2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0f248ddf90610fbf0a9a38c19552579e

    SHA1

    7bf499395d956ec8f4978f41ac612b4a3ba7909c

    SHA256

    273e683b72734595e50d80efa27a1b4c87f92f4fdeaa47c92c565672d1310220

    SHA512

    111034d9c9e76f63388167ffea62fbb01dfcb6a4f26d4663b8b3b98b6d79197edd08ddcbfc6eabc19b66ede3b740d8ed222d9aa67d82d2edd8af84afd8393b0d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    21b9607da21b667b2c02bd984357f891

    SHA1

    a18f76ce19ec5edbb8ad58c280ad2bc341450e7e

    SHA256

    1d62d3d70cb3103efe649278ae689cfcc6d9bd26afe8848f3c29a1fee164e8fa

    SHA512

    fe7f240fe413243cff62b5910fa708917aba9cd28822d2226f3a31e0711026d73ac6d2fca4c1ee592f832f4664a3159fde6aa41af6e672949021711874b83bc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2bbf0cc28d6de459f4f4358133efa79a

    SHA1

    83aebfe2b301bc0de8ad8f976464ceeca0eafcfb

    SHA256

    fd5ea16deb04c371360f0960c67e847fa16a86cbe59741c35cac4b27fab4983a

    SHA512

    60d374d20edaf245aaf880109cfa6689fa9049f3a4bd7b4bba0ea6c10d5550ce8c2e7b69bfce099698607e30bb08f7ce08132e91424f1a4a73ed6a9ffe7e6371

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    025c88806a20f238a85aa5b320d12079

    SHA1

    06c5451aa78826a87ff4f9b098d0d6430d0c4025

    SHA256

    696b96b77255a292129d35481af86db968e9403c7b990c9bf9aa87ccacef9aa6

    SHA512

    d210893ceeb7e75f0c117e1a1880a3b32a222e15c7c387df73b8847e11409052d5de756952a0e93ff7dcf67ee0e4edc97184784cfd314fd67ca5022a01ec57dd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6fe015ba3f0f65176648095e42302543

    SHA1

    2dc877575a8f856288342f7956795d50c1dc0116

    SHA256

    bd9922d555ddb1b65132975c8f1103c262c988eafb6a2a0fdc7e0ceaae064f3a

    SHA512

    cc7e935dfe4690a90d8547aad41b18c20847f9263a547f247c875d64e44ac5e952fc7d1cdad47a7e15fe875a666c73ee2bf5e3ad91ef795279d55ea44daef815

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    18a0314d92a6a7a597083b8e12b70ad5

    SHA1

    c3dc0fb7b343166a9a30c96dcc87d47cb038f103

    SHA256

    5ea74ffc9977339118ada681e6d7e45854d5e9053bb2b794cdb8253a3e438116

    SHA512

    645ca29a41a8288bc16d3a0c66dbf1bcb2281c181d29a387d7679dd45e6937772ea7d933adc3b90f0c0fddc5454e7a84cf72e7c1370195b468e1089ee121ac4e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9cfb32bc14550e76d367e2e159722a40

    SHA1

    14458fb5a2aefaaf0c11551e41bc8b0bc049b134

    SHA256

    c222137d01d5ed7947281964ae8035e77f613fb1145fae28a7ef73ed39707a02

    SHA512

    79826858967040856d589a82544b9d04e9364502800df7f726e920d88752d4008cf3e72ac3be82ba07b8b7d79b19f5a0145e46611f454f10c0d745ace0b1174c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5c0452b103fac701b8155cadf98f3103

    SHA1

    195f4521579e6e01960bc78cde157a208f100af3

    SHA256

    25336ee2b8339a46b145e06a3c3014787d444056087bc0721ef8159ef16b7268

    SHA512

    f0b8e0142c90385fab859e6eb5d2840ebdc3a6e7be4f9c01ec9bdd4c713ba01d283fdc31017ebf2a954d8443b6458bf4ef5e5e4e33eb555be81f16162ed3d65e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8760589ad566795468a681c741ce722f

    SHA1

    99d548559646917b5952494b57c6cb6503031c4a

    SHA256

    5e3e7931260d9f30ca31627f6669dc20559a2b23a81639908adf41b01dbd7e00

    SHA512

    6ea3f655301bcc9a98ef4d2144d66ba123894bbf1394d50de111dccbc5cff4057acb292ce38c5af63054744708424e15aa57665347da5597365d1c533c22f16d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4555f17ed87545c890249d0743cc137b

    SHA1

    fc86e6a2b7fc044fda536c15b0b65670aeb7e2d0

    SHA256

    fca72274ee8ac6dbca6e012c204e4312d7da90d4949bfef1263dfef20682f461

    SHA512

    bc4f9a0159b80809c2e3e701b9d100b77ac9588270648e2a0b9334cd27a2ef047da6adf97a1d381bc1df043d96144e2ea87538a30491d5ef35a9bd44d53a4781

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9e0989cde8d064860a69705efb281cfd

    SHA1

    02a114713bc5807295c041406302dba9907bd931

    SHA256

    e16cda06c943b12bdd1e0d0a2b2c06764e793fabe0f11796338f69aef7c2dd91

    SHA512

    a2e4f5c216fdb518b59426bedb825f82731330269467ac1f65b9962c83215b9e2cddfa2c5bf5653dc9163f8cc198f26c96d491564a00ffa92baed3f65c5bca1b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a92982166eb9abe63cfa3defe3724aa7

    SHA1

    3e65fcb1ccbe769aeff1e723aeb2e0ed28e670a4

    SHA256

    b566254d121a70990a1f8db8cf3e95d62c54dac76e6dd9fadf799f02761b4dd5

    SHA512

    b04377be34d35fda587a31d8c40ef1c6b21357d197d3ab65e14b4b98ca54227a0f6224fc05ff1fa81492d4eac8c2123639ec2d1992ec1b3c7c99e9c09fecb14d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0636440bb551c1750fa8ce963ec0f3d3

    SHA1

    550ebc5db4605b5b3dbdb314e989d37a192123be

    SHA256

    49876754519ad2b81eaf3ffb63ea415814eae60909d3ddd297d48e10c30ab37c

    SHA512

    e3cad662ca2a8e0fd38db06a6226e035804e96df2ae2a5d8c2d61492c7bf0d47f1e3522afe0b92afaad4b1fb82de2b6c49505506704159e70dcc543cd9c1e6d7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3a2bc151473b26f4261331dc75e59538

    SHA1

    89201a5b2453a0b0e04bf2fef36580b741574fa4

    SHA256

    a36dec9faed7990f398db2858eb882dfdf19686f4dad7157fe46861aff17f59a

    SHA512

    265971ef2f168e55dd95978ec658593c844b1b7279be8e42d654b385b18ab2db2ba03c4ede7253040cd00dd349df49138c9cb3beeb73651c34e8031981ca6462

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1aecc6476a1cc5301084232699d26bc1

    SHA1

    3a661c630fc016954121d4c4882c6318838c70a9

    SHA256

    6e026303c21c9b3e2e266012a6b79a7e1d291d357f177833a6545ff84c4718f5

    SHA512

    8b7eb63ba2307d4054b37755b8d6330dead15d12acf4c8c0615c9d2c943c5df3d5b8c1cefc6929b1f68a57620c62f0a9692319d1ddd3cd9adf5c40b34608e132

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a6b92da1db7635367136d3fdf248c3f9

    SHA1

    f1f0e86dead63e163dfbfe23fb54a819d0fbb79e

    SHA256

    0158fb81f1e2ea96ce08341a1d39de297190bbb4522ccccb9ff5dbeec5563a77

    SHA512

    0f2093fa15ec05d3115341b37de234c193b0b63eb38df67aa700c5209859d035b75f27d2e0a9c3f03dacff74066a769cdd0699129aee2e74e9257c7a8b6e1d8d

  • C:\Users\Admin\AppData\Local\Temp\Cab2C32.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar2CB2.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b