Analysis

  • max time kernel
    77s
  • max time network
    77s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17-12-2024 20:40

Errors

Reason
Machine shutdown

General

  • Target

    https://gofile.io/d/Dmq7NE

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://gofile.io/d/Dmq7NE
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2012
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2164
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:2872
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:776

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

        Filesize

        914B

        MD5

        e4a68ac854ac5242460afd72481b2a44

        SHA1

        df3c24f9bfd666761b268073fe06d1cc8d4f82a4

        SHA256

        cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

        SHA512

        5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

        Filesize

        1KB

        MD5

        a266bb7dcc38a562631361bbf61dd11b

        SHA1

        3b1efd3a66ea28b16697394703a72ca340a05bd5

        SHA256

        df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

        SHA512

        0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

        Filesize

        252B

        MD5

        1088b9ecab5a10cc013ad1061b5c0e03

        SHA1

        1dd46f048eefd26407ec8fd16276c5257d3eb9c7

        SHA256

        c334c05dcf0a55242c2dd635a149585a5e7dd5f26c16cd5006cb0571a874fabf

        SHA512

        8f6a5aae87fbf301989d0a9706951fd59619a8dbdd074cd68acdd543c6b91f318fa66df9f7c486f16790c0e06db59d7c55bc1875f37c77cf47afae0e0f67133e

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        548acc04026b5e2f42cd84e7209d41f7

        SHA1

        fbf0b256edd6fb6b63337411354729746c413735

        SHA256

        aa265767d6aad99b9ed0ef442ac02736d58f67d4f267d1e66c10629f4dec5d9f

        SHA512

        f36a3d9933401b5503c14d8bd067073fc6073b353d7e23c31a8ba37e1b2a6ef4e2e48f13e66e4565cd5e5f3d37f917e0cbf2e0dc080052d75df4c785e97e0fa5

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        511cf2db2bad82cc1930cc72651dd320

        SHA1

        cdb4756bff53eaf54f1000f17a856f2f58d520f1

        SHA256

        df32f6f964d05271e0fc94ea37c2870ade11479a2a0b93b4eaaf6802c1daf719

        SHA512

        8fc12daa82b2a2ec10dda4dd3e091841bcd53121a52907b52f3cdc932beafc732319e3b382b575f14a300fc04a2838a7556b229b8f9792c9d617d781111d3ab0

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        2e8b7339a4cc64330d2d27842a69ddfb

        SHA1

        50dacd30d4c1694492a229893479901bed06c79e

        SHA256

        941750a6968f5f4c79e3bb232205eb8d74d94e01f27a739c178d213dd41ef0f4

        SHA512

        6721c21475e1cb5b546e24465de99cbcddf2c57ddb562af4f6ccb39454e5a65708df8ab82eba950bd8f8e63505051b8f146e48d0fb8d346d8fc798bbe28ad56b

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        64a92313e4a8a1223b3349362ac2e14f

        SHA1

        df9142c0e3487cfbb605dc444aa6696cee742d2b

        SHA256

        66d82a6202e15fa87f7e9ac61290979e1bbafa3d45aee8fbb08710e087a97eb7

        SHA512

        198a12512911078902b491939ecd4d2e5f7277f334708feced7110396882bcb26afd991c2f22c330da71342ee011dc75faf1bab8dc6b8944785bb21dbd4380b3

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        c808891398ed6cdbd92db5fed9c70033

        SHA1

        c3778803c81306a602b85ad54ac263f923172a79

        SHA256

        7b3a84b4862fa74b670c9351d71888456998da7da8358bf148406ba3b6bee925

        SHA512

        2d88bce2bcc72206452e24d43c58ff057559c37348166681e64ca59016c4c1c448280cc3ab228c0bd3d0fc63a7f9f60e81c9d94cca0ce18858361764a9cc55bf

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        1dbd64ffd6812d05c82b60f86fccbd81

        SHA1

        f34df16fbd3058ba46d67dd4507c89b118ecbc77

        SHA256

        e3c716d40eaa71d3600205e9eeeca4e71eaf795e72141a752fc7297c940a0623

        SHA512

        c313abdf26ce9439fe04a6223830524c491f57c0ff1511f70c3abf9f4cade455c779baff079517ab45d74a8825db6bf343247cda9c9c1345d685c798a6f82a5a

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        e43423be8cf37b29548cb7148fd1f3be

        SHA1

        c5829e33bc055558be1a91f3fe18233f69b2b5dd

        SHA256

        5f84e0f7e6466b8af4b43b4aa7a9ff9390e3015744a2e7791b834e60f358a6b1

        SHA512

        07e4f66dc6ec3447539cde1c515a6403e305ab3225e65cd664e2a7be4ac532df9ab09527bc91308030bb98c6d6fd97063f62a6eb50ccc47c55d21e109eac18f5

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        d2f54fe4e2dc33e34a48b16e54a20ba1

        SHA1

        12c1fb9e901549ac3c6f6f0802ba9a2a57c6d28d

        SHA256

        e22ba815ef03c3b6d79bfcc97c6ead98c7a426c5b5a1e33158a21292055623e8

        SHA512

        82e5125315f60460fb06b4562c9915d356c412cef31a325cdb15ab924902eaea9771f799ac0c62ad081db6fbcffe1e20bf608880e8196b07a67996021b071e39

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        2256b625e1a0b200686f57d87e969d7d

        SHA1

        0f7a38850ff2359b5ba6f3a82475006562b93443

        SHA256

        8f199fa2552c9ffe2eeade2c817d3a88d4ee97323fc7004d33f06036a299e35d

        SHA512

        84efaebf6c57c1f3014233de6e294689a22406eb05349316a4b5800e0d928c800e105148f3b57fad1b7b3bdbbb6752a8f183132e981c50cac0011b0dac335ba6

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        1a9e833238c261d84879dc2d4aaef07e

        SHA1

        27267af73691ea6eb16adc742c94b19d6723bf1b

        SHA256

        56a5b4155cf6594275c34c1a5f532a38be8efe8ed3ea26b938a01dc9331d46d8

        SHA512

        7eed23a8cdb2cdb6120d5be688ba8581bbdcc556dfd4421d1aa8170b26bea4fa084415d21872c2d37e66da989f3eee19f5f3dbe21d8dc47fb2a799b39092762d

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        4e1b1ff8a8e0c7ece15a864c2a0b18c1

        SHA1

        710f51503849f401fd2e08042e12466ee4a61f3e

        SHA256

        e9c6739c29a5a3adc278c4cf8f36c88bc5a69edda0c8ccc3eec7d13d080dd383

        SHA512

        c0d6c09e5e6a9ef41210f8fbea51b6e72bf5d64b49bd72226d30449014345ed7fb66bd8d1975956b57dd4ccefb771363aa188650759eb27d741af70d3f5ebc99

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        95a243136d5add78705f8c12c9e24040

        SHA1

        6a93d60bc53910cdeb18ff0425045879b7565dea

        SHA256

        b0c70d666ab1fe50bb2073b391a31281a858ef907accb13ef9127d4e270c0996

        SHA512

        7a3148d50d2f2b2ac4181b6d68c79e0524a6194e7109ddcaa9423abb05bb5bb60578bcd1aa1ed57e1b932d67e24491f3509320e2dfbd2c588850c193ce2da1b1

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        b79212a398ce7215407adc24a8fff8ce

        SHA1

        12475d1a3e6e088b018b3f49b8a39fa3d8c5fa93

        SHA256

        5c8f9c47732efab064502882b79274c61a79a9034fe925b5472f4e7a1d572678

        SHA512

        bb8073f0c9a78b952972c71a0f791648677d73503e890a5c1e1aeef41bab6b57e18a6e28bf7483b40717305bef755cc9153e6dd41c18fa84555c16f48787ada8

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        722ef3360b5f2727dfaa88a07f2f5ebf

        SHA1

        4201c38690d0095aa156925027fcbd5246bb45b4

        SHA256

        1c25de7868132587760b8959d2e2a01b14135aa912f0cd1498c7e6af01a4e0b1

        SHA512

        bff9b4a8a09f3d5124f6a1c6401b5cc01b80a608f30823fb24fc20c931d92df544d3bfe7c8fde2335e946fff43379bb360482d851ce2d0acff7a2b52d80d1795

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        6c63b8ef8abdb7b0c53b8d2bdf35c469

        SHA1

        13e2090395835c91ad338d383a547bba06b620b7

        SHA256

        364eca146f2a2caa1bbee1793dda7412862d6c3f8b599bdf158fb95867fc34cf

        SHA512

        1dff3964b4fb9274a105c24b8e1afe0ab7ebd10812ea7f62fa535339f26aa4dd396dd970dc550fa6fb4eac722413ecd584136caa247b2076906254329b82e717

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        587d978579c92f8673a8a42c51ec49bd

        SHA1

        90f4cc307b9127e76be58283cde1719957001ff0

        SHA256

        df2c600cf6ba06755ef58f399b03bfdfff60d019c68c6f9abafb723cac661842

        SHA512

        bdcc5d40357a79fe6a5b8082b0dd0a7fc3722c2fdce10f63a0233d64a12f0d74b1b7991799642f731344d3fa38bc7ae8c87b267f9a2f72406d88d07ff19949d4

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        12631d77a17687ad50f0762be9d8e5dc

        SHA1

        4c122f36307b90c14b2cf2222b4352b998bf6dc2

        SHA256

        cfa53f0b974d2960b8b04b0d13f0b4d50ded17c78f2800bcf4846cdc9d39684c

        SHA512

        894e0bfbdb65a7227eaa8d69b40aba2b0875203a0e3f151b883d4b9453e71f69c99cff7020a28c48db7e46ef47acc3aa9f695489a110f3b1fc128c37faf334d5

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        fe59e19364718b45c4f880815e0d9960

        SHA1

        cf15722580c99464460997fe1e1c5e07d1cf3b47

        SHA256

        80ebcac5ae6dba3ed60b83f47b365d7951a0860b95945e865e955826bca2bd29

        SHA512

        39c9e9722b53e77ccac582ac0120140122ba07eac9c23921d530b18854d50dbd392d84a63f05ec52981406a49c89f098f2d03452a08ad5257289a611bf74cbec

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

        Filesize

        342B

        MD5

        ff3148487a2377c4fb150603a2b0e82f

        SHA1

        11b2c4fa0d9ef4e5b3d3970c7fd8661b569c7fef

        SHA256

        0a42447bc09b5d0ce750447436ba8c13839145cf7947bf0340a3e431a8a4f0f7

        SHA512

        783837803028db69973ef7327223edc4714b6e04d58d201e56e653fb4274ead6541f10ed6f2320bfb2a6279ca63912c4a5873dabe9c7c657d2125320021f8aba

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

        Filesize

        242B

        MD5

        55b3af92be59e546b571360241b1256b

        SHA1

        9c9ff04d3cc759322fe8be770a4402c0f2752864

        SHA256

        91f465bf699141e7182df2aac0eb687270001f668ec209292ed7e49065a5b556

        SHA512

        7d0109e7d8925a45193b5d34b2de5d7abfd2a44ea7cc1c457052947a1d0cd5352249f4e8074dd2bc4239e3bb5a47dcf7b8cb81b1458d79395b2a6a05277e59a9

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\gsz3hkd\imagestore.dat

        Filesize

        629B

        MD5

        6b2836980707b831c3320cfdd8d29898

        SHA1

        cdc818a377ce92002c496fe4e614b367924862a0

        SHA256

        ab82231d91338d4aa94200289efed9036297c001725414b6449cb2886eea8edd

        SHA512

        b3d6074f5a8484c99cfb6a738b7a16ceb51fb2903e4bcd89300147ad4d47f748f9789907939dacb86e11bc4a4ddefc7eb3ca759a0c06bf81dfda845738c0153f

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAE3FJ0M\favicon16[1].png

        Filesize

        503B

        MD5

        ad98355e85075a8ebc15a01f875e1aab

        SHA1

        de8398fdfeb3bbd48a58a8b12453e1fee61e5f2d

        SHA256

        6a437098dcbb8a0354ae28a5f7825685f471c13cecb83186cc950844df7c76c4

        SHA512

        1b5d5402256ec3ccc20f1b1b635a9ea16131c2aec49c94105c8b7d3e32c9bfd45e937bde8af35ced6b22f39526de2672ba145ec43f49aba4d7a66da79e13819a

      • C:\Users\Admin\AppData\Local\Temp\CabB932.tmp

        Filesize

        70KB

        MD5

        49aebf8cbd62d92ac215b2923fb1b9f5

        SHA1

        1723be06719828dda65ad804298d0431f6aff976

        SHA256

        b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

        SHA512

        bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      • C:\Users\Admin\AppData\Local\Temp\TarB935.tmp

        Filesize

        181KB

        MD5

        4ea6026cf93ec6338144661bf1202cd1

        SHA1

        a1dec9044f750ad887935a01430bf49322fbdcb7

        SHA256

        8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

        SHA512

        6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      • memory/776-1042-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

        Filesize

        4KB

      • memory/2872-1041-0x0000000002E10000-0x0000000002E11000-memory.dmp

        Filesize

        4KB