Analysis

  • max time kernel
    135s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15-12-2024 09:08

General

  • Target

    lib.exe

  • Size

    2.6MB

  • MD5

    0bd541037d1794d63bb58654f1e897c5

  • SHA1

    a901fc2bc1fcc672b6dfee0d3e93b4ca8f11c710

  • SHA256

    2e8931e43c5674bc641651868ef311e2d3407e0132325c0795bdf4f5404fb30f

  • SHA512

    85412b5357e65ceebdd1f460e4764e3b5b11c242250500f9f55fdbaa0d2c6aa15cf0f68f7e1d88369a013a2d16c95e235db68dd48590e306de59cf01fb7128c9

  • SSDEEP

    24576:rVsQ6BKfC+CWDU2fy6Uuri8MmOmbCYUz7PH8Zeaj0HM3ow5Xt:rVeBB2kMOnYUvPb

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\lib.exe
    "C:\Users\Admin\AppData\Local\Temp\lib.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1832
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/z5vMmkQ8pj
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3064
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3064 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    d89d11d512f4d5b17bfb6075f3b98b5f

    SHA1

    d2d1b2c86d8df2f1bd7279b9ace1ed4bd159665a

    SHA256

    064751bc9e739379c8ee37b1c85ce95777e01477fbf7cfb6a8d4b30d6604063d

    SHA512

    e1a100029aa3f0ee7f07d005c6eb246400c6e66dc2558c593fdb18e072344093c1bea96b3532929ef4ddd9f968e696ddb47bd779ff169e4f092599c827a388f8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8ec8066f39a06c8a9fab355903061f09

    SHA1

    bbc3d6526b18302c697774f096e752c303d1b485

    SHA256

    4be36d675ff9311def5642d0299ff29ed87fbd154e6873b5cfc226d86523653d

    SHA512

    1a095462cff1988a9f68cfd10cfed57e4731ad91353f516cd5902de4ddf4535803958de3024bf6d569f6f9067018655081b23b74a8b0854cdb73119136254032

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    05a2e8476213b846cb3986ab037f26cf

    SHA1

    c6f23fd3ba4c70bfc2d326485415465ff64302cd

    SHA256

    5aaab1ed47d5e1296d95bdd7152fc41f80120d71b8ca7e17c01bec8dcf17f5ef

    SHA512

    10c4ad7f92bbcadbbc0260f2a465e04cb3b6d13b171e08e7dc237d386dda7d99d6f87c284318cc265a7c8e13dbd35dc1fe2ff1a5a4c8b842d21406c6b4f0975f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8bd78db31476295026bcbc8c1fd468dc

    SHA1

    b074572494098a36fc46e9bb2c543fd38c384ff4

    SHA256

    5b022eb99f685ebe157e14df2646bed29f976cd84df53f28012ac78f4cc66c27

    SHA512

    e7422ab95063c33b8bfd036bc65658b3307f804d24c1399da2d3e94798bcc2710fdc0cd402d02ba4da6f5de19fd5018cf60f1476c81cea716896138e42142d7b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    84ec22d3029acfe803926e94b5ce1829

    SHA1

    703e0a684dbeef12c18a440444fffe41517f296d

    SHA256

    375fc18142ca0775802acc4ff680dbf1333ee0b4b9abac79a0c245f8d9240236

    SHA512

    d37f79f68749dd56ebf4ff00e6cbbb40c8bb6ec12c17a1c2b8ef2abf6a802e89c9da6d244df4820d66342e1ec84df1d5eeda25b1c09292aab0659a0c0ba212bd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9d705b0b5f9980b968ac6a84613b9d5e

    SHA1

    9571e3c5665bec42c8977b7f5d8a1f758cc42333

    SHA256

    3c740964179bdf5bee7aefd65616bf658ccc4e9ebd40597fecec0aa3e773571f

    SHA512

    a039cf9fa0abb3e0c0a3cd660e26fbe8f2253d05f8df97390e364d7d21e464a768d23b6e24a8f9645242438418f6c38144774dfd89d82b262b8bf9bb53a0e11f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c8294145e668678f66c2f1b449490ab7

    SHA1

    e234a14ca25cc8d1d7d593119da5f1eb26074fd3

    SHA256

    b4a7d7890dcaa825a4dba5dcdd40fa380c85d7e683fc45216dcb596d8423c0de

    SHA512

    a14aa7d6d30dd268a4bc3c3546c30df58c47aa79f1432885eea55bd84c6a65103626ddf834271991754003189a6504528a10ff8d38cc54da537bf93ab52969db

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4ff564187f0525ecbc9be84d6a3eb0bd

    SHA1

    52e51f6eb6fd00bc20bbcbb5b708e06a88369f87

    SHA256

    c6c206dc52357a0173bf8318e998a6e6f59f52147e1308b42d17326d5c09a045

    SHA512

    1a0ad36808410e41e8a6647be050727a7c794e8aa359ebab8700a1c0c012a1e0c0b01a121c9e3c886c1f0ecb1c2fdf5c79ee4fada1e16ecdec28e8bba3f57cca

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    da288f4a154cdd980bae0db25476a3b0

    SHA1

    8ad749db2eb85997434fe97c31adda2460f0d06b

    SHA256

    9c0873815e591988fd49772cbb623f25c040965e8c125fdc8b37fcbc1da7c8aa

    SHA512

    114644b0d669d1e7e79c706cbdbabc11ad232a0850744a8e1be29788c8b363095092418be3bc0297f25c6b205ad9e67b14c9df9f7e3de9bc764dfa789aa648e2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    145dc16b332152f3b2dc0526a2e83bf4

    SHA1

    383ae3148246dfa014600b1b0cf6e1dcf098ce86

    SHA256

    689052e37918b998803859baeb53dc9d50fc87e1cba81236fc5b6718bb4803ad

    SHA512

    1accb462123e5fd7c29a16b3b6c87a03d5e9c1f320c7997406546132970dfb641ac455094d3fb16da3d537234ecf7e9a7108460792c8d970d9c6ca77458693df

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1de0750c4e4714043ed522b82f6f180b

    SHA1

    310f673bfd256f08d2c8e3907ba703297bcfeee8

    SHA256

    a5da7c16fa9b2d0755841c3c4ffc88011a464f8134004ba2367d5906c68d3c70

    SHA512

    00ca116d3c95ed9b2aa132a4dd894d0d022ebeaaa443acce57241bdc15e7ffd765058615a46b80300d10c6aa0e4860866e5bbf1fec8aa7061cd8b56ac04f9467

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    800b5637e40eb78043f2223347927343

    SHA1

    a73ac760eecc76445b4c6b06a6f23d69c9e32678

    SHA256

    81aebcc658fe099e5c61a7fcf0c0384021acfb217aada9adfb6d2cf1eb95b405

    SHA512

    124c208526327df16e9b7a827fc0f828db93b6d08bf15f9d8a04a2ea0e03205ed46cea56513856687becefac0c10b596ab56b69cba006c36f56483ff1d35ed7b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7ffa0bef690d2a523f30906571bafc24

    SHA1

    3d70677f9b8819595d32e9dac65c9ea2634eb744

    SHA256

    2ec290e20d01b2d2148ae6c59290753a509dcd571002d6eafd0d72d22cf14ba2

    SHA512

    915ae1f8f8fdf2f86f779a8d4f9e6ed901212ed75e30af4ae48ab87786fd63bc74833c600148b9858e443e89c61792a076b42d7f13902c81b1d23d46ddd9bd63

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d84ed4e104967372ae6b5d9e19fab2a9

    SHA1

    0ba9aac8150e2ecb08b8b098873e1c0905f85582

    SHA256

    43d3ca5a6c3d1ecc59acfb331d520c4ce4b43227053ee767b0da958927905756

    SHA512

    87ce244d97467278f83a8d4b5ad858e840e19d933867bbcece45fc02a068098c979988cd71e114a231a926a2515b314a23e8588761c5c0c2bd6f1e1145be6c91

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dbc432b55e60b5fadfb70b68972f5364

    SHA1

    430de156d9b34a0d09f44d054b7826a303b94a27

    SHA256

    4167948ec29575661b960b95908e160513d61e928adeaa9388621f55448acf42

    SHA512

    08b70eb7ca29075a0b413e0fcdb5097ffd37dfd47e6a6da1019e074e62c2041998514685d78354a5cfcfbda74ce851731be52f0d3d55702fb2dcff2df00c45f5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    28894d9e70cdf6029d2cb7113d9a4815

    SHA1

    4806e869ad5888e43105b32857ff5f837f6bd728

    SHA256

    822adf1ff53573c5f7539a9593342bcd7c87c7c156d8777f190dca57964f20d9

    SHA512

    311837dfd20ee0a545003f155a463b47cadf037e67a2323f780e19f902e50d0442b4cf5a5359b4e583333024a3b7e491a7e94902d31a1dec3e0dc096d99c1ddc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    414cc4a0435815c7306215b484fb989e

    SHA1

    8378319d25a714f66cec05bd57bb63cdef9e829d

    SHA256

    6c69adbfc62d9b0ddcab01d946028c94e97897eb6d9198b9d968f108f63e6297

    SHA512

    af3931c4f9a5a5eb7681a5466f03e68ca31b8466bf25888f924b6b9b60c00df9a7be92164cb8b177a0514006ca7207a03a952bfba94f889a59244403e2b24198

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    270461601ec4a8123d8db73428207629

    SHA1

    04a604d683000f6d713ee7044d6f51a932a669a4

    SHA256

    c9e5e9671aa08f84abebea0f46fd91447935f34cbd5e79af776d5c56a9e8ea94

    SHA512

    2a760f4a4ef338095610cf8d6477b40c24b511fd6c21eb1991bca1e8a754bc01c3bd04d0f7d636379c7c0c3ec3b82fc76119ea62c24b7ecc892fed300a17e193

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    52129f61070e7ec45bac066eecaa997c

    SHA1

    d266897302d3d9f79c95004a713656cbc2250426

    SHA256

    d9d89a20672cbaa24c41faf08d526c5d608304d8a8b4735c862645e05d8a5471

    SHA512

    ec6891bfa5cb68a0a3cdafd52343766fc79dac32dedfc6ddf23bd861212fb27806dcb6bb928b80407cc241ce6491ab5b5cea5d5274b56eb2fbcbdc46bdcb985e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    be797a7a91e4eb409d4fd0ab4a553640

    SHA1

    1ff75b4a1ff1589988daa7c6b1a150c0d8eb7c59

    SHA256

    9aef4f80bd86c4e260de98087b4c301d76e2cb970662b61a36bea10db0680ec2

    SHA512

    21f5017687f4820a1354c7fe05cdb99c45566c288e6c390d6f4ba9858d9c09903334eb6104ca50290a29b527b8f750bc35dcd9fc39f92437a33dfa855a2c83e8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    20cf27657d73dde06d865a9f144fe304

    SHA1

    41e1f1dfd0cfed50e07fd323fd0790a0ea4e69a8

    SHA256

    cef2b074fa5fbd67a9934aa04f46a28dbca3046f664ae6007b743081d7ef559b

    SHA512

    06b802782a2952f9f58b4f29e36e38955d033b3e42b53d901c8c49ed063ac5ab09521af60c5aba3f4cce1e5aa41e151a6872ff2fa0c3b5457a414a54fb7201d9

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\bl977i7\imagestore.dat

    Filesize

    24KB

    MD5

    81a9972dbd6043ef8ed6a3277941b78c

    SHA1

    b2845132ce664100e8229ed3d8fa61bceb2587ec

    SHA256

    fe5533052d6b9326bcb71cfaa01836efe918464271275f0fe161aa9d1a0e89b6

    SHA512

    c1fe622bc7081dd97bc6aa983645b05f83ebcd15958e38998e8080baae8579de711f4ee54ddc1c1c2336d06754cd6349182c28894e2ba98f659d6247a053b71a

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\favicon[1].ico

    Filesize

    23KB

    MD5

    ec2c34cadd4b5f4594415127380a85e6

    SHA1

    e7e129270da0153510ef04a148d08702b980b679

    SHA256

    128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7

    SHA512

    c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

  • C:\Users\Admin\AppData\Local\Temp\CabFB43.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarFB44.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • memory/1832-53-0x000007FEF5830000-0x000007FEF621C000-memory.dmp

    Filesize

    9.9MB

  • memory/1832-486-0x0000000002100000-0x000000000210A000-memory.dmp

    Filesize

    40KB

  • memory/1832-2-0x000000001B920000-0x000000001BADC000-memory.dmp

    Filesize

    1.7MB

  • memory/1832-0-0x000007FEF5833000-0x000007FEF5834000-memory.dmp

    Filesize

    4KB

  • memory/1832-385-0x000007FEF5830000-0x000007FEF621C000-memory.dmp

    Filesize

    9.9MB

  • memory/1832-488-0x000007FEF5830000-0x000007FEF621C000-memory.dmp

    Filesize

    9.9MB

  • memory/1832-340-0x000007FEF5830000-0x000007FEF621C000-memory.dmp

    Filesize

    9.9MB

  • memory/1832-487-0x000007FEF5830000-0x000007FEF621C000-memory.dmp

    Filesize

    9.9MB

  • memory/1832-3-0x000007FEF5830000-0x000007FEF621C000-memory.dmp

    Filesize

    9.9MB

  • memory/1832-284-0x0000000002100000-0x000000000210A000-memory.dmp

    Filesize

    40KB

  • memory/1832-1-0x000000013FB60000-0x000000013FE04000-memory.dmp

    Filesize

    2.6MB

  • memory/1832-285-0x0000000002100000-0x000000000210A000-memory.dmp

    Filesize

    40KB

  • memory/1832-52-0x000007FEF5833000-0x000007FEF5834000-memory.dmp

    Filesize

    4KB