Analysis

  • max time kernel
    133s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23-12-2024 21:35

General

  • Target

    Skottehues/Hofhold/PSReadline.html

  • Size

    1KB

  • MD5

    5343c1a8b203c162a3bf3870d9f50fd4

  • SHA1

    04b5b886c20d88b57eea6d8ff882624a4ac1e51d

  • SHA256

    dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f

  • SHA512

    e0f50acb6061744e825a4051765cebf23e8c489b55b190739409d8a79bb08dac8f919247a4e5f65a015ea9c57d326bbef7ea045163915129e01f316c4958d949

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Skottehues\Hofhold\PSReadline.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2756
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2208

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    45d8c2c90bfe15f67f42b7de20f3d31a

    SHA1

    a762cb84f6f34c7906a568d622182598aa1246d0

    SHA256

    e3fb962add5ed80170044652cbf88ca90aaee45cf1b8f2b8393e8b8bc949d4ac

    SHA512

    52836c5ecb09ddf80a529839c6a39aec04d009c92b26ea7205b4df08d31ea3abccccc020cfbe7ecc4897811bf8e5a1f5dc44e2ba6a4ddc0ad3f1d3a62b7595fc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a8c0a288cf47cd7937cfb313c79136b1

    SHA1

    3a7c5294df3fe5b56e543bf6c73c98b80cfcd2cc

    SHA256

    a7486cca9c402d4762b013058b67787c9be5fe451c55f6d91d67d055ad6539c5

    SHA512

    00280ce3aacf66ae291717f349e5ee44e15f10531a78cee4c1cec6158c21a2b1fa5ce139f549fb063629a606e095ed0ac3495b5747e93882de3c5dde402182fc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    35460e17eab71ac772063b8e76d171e3

    SHA1

    5b2db3a05205092eab8a9e31557bcc22ccced5a7

    SHA256

    df7e82e35b4e88531908bc95332370f6f0ef2c6395c97db879be5841fd751507

    SHA512

    5013e8d1b84e465612198826a287581788031ace2816c5c5da09502b9a36d4f228a5f06553dae148d4c03483b3dd34c5a6175662b73fdd6b1cec7a9bd5968ccd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b130095e70f9ad00c5e66c4cd2155da3

    SHA1

    f1ea2d6ce5583caa61399803febb40e56bf2bcd2

    SHA256

    2a5b5d3f60c80f65ebeb0fd2d25cfa8cc5ac4280a17a76fc141f81ea5fce8c85

    SHA512

    e80a526a52a2557cefabb67819fb412b2ddeec74d472aefbfb2ad0a6dcf944f5843c837ca0b8ae8b2ed06f5b7d6693b905a7ddb5e486464b84df05b3f32903e9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f504cd82ae5856fa461e0bf89af8471a

    SHA1

    f45356657262ca07b8810e2788c3b88aecab152e

    SHA256

    2367c6fb100acf7e3e040cec63ebfa720f8886a98426d5708ef242e1fb1d5be5

    SHA512

    88d1d5e53ebad840998df6ca609827fcc4eecd9e1947d1610d834c7edc07738e8cd56f86a821aba7f92769fcac5a3a3be6c42725938089404159ef2670871e5f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1b3a4e9fb0dc9a5455da3d09f1af4d69

    SHA1

    e4ed4a80cb4fac7cbb5220ee7f2874db021d0bb5

    SHA256

    aea3a4fa0d3a3df0afffe3e937e159ecde24d712944b12750fe640b22ca16501

    SHA512

    cdfd605582907cac79bc1c1d527c3a5f2fc0b1a8811f59fe97482186e53b27ee056e0a5a9f7aa53dbb34b10c3ced9e32b83102c9d27d9b38e3d48ca61089e928

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2704c06e4d154a2e6b5a8996c556bcf7

    SHA1

    aa6fe6bc95733a8127068c998ba385432d8fb8c3

    SHA256

    f7fc6d2eb33d021e6b35d400951fcda62cb4214537163914869ea4055b8c8d8b

    SHA512

    44e6f92809ee084da0f04ff357db261ca263d1abb9671bbe14ba71fd18871565cc6ea93c573956a5b8350909afb197a4a3d51e0b652b5bf134b6685e95a4e5ce

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cdf8b559b9ea5ee6f659ed5d35f84e47

    SHA1

    b5fbc2c7a7678289e8dca35b9a9b7b206ff9fe66

    SHA256

    8b847963e83d3a68779b0a35f3bc5200b41e5aa52c8bcb5e0c373aeaee8b003d

    SHA512

    f50f37bba003cb46664d5b5a5352d631a496ceffcb47cbdfa33c770e99680ae7480b5486d69b1148dca176f9c5111d04fa2bc8a6d0f0e276a3426ed781c4f366

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    643f8573b382e3085fd6cb3a130d57f5

    SHA1

    d22ef99ff8660596ccd80995cc4fc9a9bdf540e9

    SHA256

    7c659efb7566f849246d6264c073c979491fe0d2bf70485aad68e68a11ed18ea

    SHA512

    523499c634c17a12502e6d0f997c6a747df6393fc28fba3e144d91bdbb12ca1326ed8d8b851b4f67c381285dcea8f9b3f222161d693ff68725aa5701b5028c7b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3c4cede1d963ff1d3d6d9e47dbb06389

    SHA1

    81b19b2de06133e60f159c6b52a47128e7cf4886

    SHA256

    8cac88299de699228224cbe696ff8c0a290cef2f9ef0ad113643fda6c64ab492

    SHA512

    c05c578bb2c75198da720cc89c51b06862f21f8fd1cd98248d2cbf3b327d4dc8f788bfc58f7dc76f001fa39abaae35bc7782a82950b69c8d7907ad37be383f7d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    67f757ad1d0504db5485042554a31749

    SHA1

    eacaac94b4c6ce444fe947c066b5d2cb313d9c2c

    SHA256

    ba12339e2fd9a8067c704c92beee3c33c9fa0307772bd6004693e4e89ba3ce40

    SHA512

    1a16cbfcf0d36cb4318051fbaa95d08ec1680f8f108c1338a9d6a56296426e2f4efb7314a5f965ca02a95ec3a41616ec8ac1c3ac5c8df726671d40948021324c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    82c6b527fb1376de2059962c90810d74

    SHA1

    fcb5262b2c6d1545606b7088f3b96852461e5779

    SHA256

    226aad3cf7354de92853977f8ba0300bcb6b59a446f117df1190c581133143f9

    SHA512

    9c50c4351b594239af9900ef81e4f6e7d6825bb15f987879446f1d632328827fc77f5c71aea582da9f921a315d488f8f8a88da96a176574049c68693a258678e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fe75caab7aadc0bdc97c6f7ecf63acb8

    SHA1

    2417bcda075d580d370c4923fe4b3607342dc261

    SHA256

    1658b86a7dec71c1912e125e59c6b70fbc1a15645943887f7b8bfd08c6640f00

    SHA512

    8590089af0fccb9b677935ed5baedc1a834167a4785abb3b25d8e487b35dd833a7626bf44e75bf1c2f9fbaf5249b624b2712b17d963b025a4cf4b6b2676019c6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bdcc1449523ef4a2c7360f0c1ef3ce7b

    SHA1

    39e3e2ccf7171bed8f7cae5e14453e9b45cddb77

    SHA256

    2aeba4fcc99d179a8098869142d590071c6c46d37871b26593c076c02c0e7eed

    SHA512

    f1f01f76b15496b6b58a47c7b413fd9e27fd29888dc09faddb4440f9f1c1e960a66de8a841c7266bce76ab615d6e40d154ba27802d4443ba5fb0218ab5f7d388

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cb2035ae750b2458bd7e5a8b31ebce84

    SHA1

    48871a47af5eb4f077081f17147bbd10123ad480

    SHA256

    a0c8adb4d6499485af7f386c3248de4e3e7b1b6b87884caae8955d9385dbae91

    SHA512

    aab052db3b72e2447fcca83d5041d8d72f898004014418fda4d259b5f519a19ab0c0a3261460500ea639632e9a99873b756278605684e85242ed45733c213aed

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    96a3a55c1db33ff415a16afaecf0e3e0

    SHA1

    dd448208b6b6c6bc2c4401eb1168332eca9f5a17

    SHA256

    e278bc2ae9abaa03db1b9ea83c8e3c9790db83884036a3ff865c7580b1ed8f0d

    SHA512

    f9eb501f0afc55419fa47457cd87c9c40fbe26a095b90e550cd1391318b0fc22c9cb85b2d44753b8b7a3c70f11339f1ffa804197b6046573711579332c84f046

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b46cf6b0597504c964670ad900ea772d

    SHA1

    7487782606b9ff2d913d86539932cf71627bedd1

    SHA256

    5d0f1264d802753985e6e74a1282a8648c2ec92a8b60d03e69fed3e58d07733d

    SHA512

    76b9f16c62aa1560abf8ccd9d7c6ba830af5a812254d8c3402b6999697af0236f0f8917c47a9e950a201347287aa6bc5e11c3c891a678442513046f96f1fbfa3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2f9a6bf96114691c1d8120fb44cfe522

    SHA1

    c620a5a791af6c1e164d1b6bd1af21f810174f3a

    SHA256

    05b48c1d6deeaa7107fe55705c44cfd1c8d81df1d146fb294b3ec4826aa5f485

    SHA512

    9d2edaa73d736b66f9fb95aeb2015dcf5c6363e4a3e72eefbcdb63ea3e7c8502ec49be85914529d99c0a9ce32204c39bf130d7e6084b27e04b8fc993b5ab648a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3d6ce5c9f6ae79d6825d782de3a4cc0e

    SHA1

    15791d7a20ced946046157af79d025f9bfd4753e

    SHA256

    baec65823c338d6f20ca1ea40993c5b329198ba411492ac629d835640e697a42

    SHA512

    1f17f14fa9b3a8faa6c8c2fd355852c726a8bac0a21a84b97faf6ede62e9f93b8a7846b120b97843a774684fc48b1134b21a5ffac9ddf0aeb177d6a3c1f64183

  • C:\Users\Admin\AppData\Local\Temp\Cab5A24.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar5A94.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b