Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23-12-2024 22:00

General

  • Target

    Ravneagtigt/Sudder/libxml2-2.0.html

  • Size

    1KB

  • MD5

    5343c1a8b203c162a3bf3870d9f50fd4

  • SHA1

    04b5b886c20d88b57eea6d8ff882624a4ac1e51d

  • SHA256

    dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f

  • SHA512

    e0f50acb6061744e825a4051765cebf23e8c489b55b190739409d8a79bb08dac8f919247a4e5f65a015ea9c57d326bbef7ea045163915129e01f316c4958d949

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Ravneagtigt\Sudder\libxml2-2.0.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2364
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2364 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3068

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    60f3009c5c54aab9207ab19dd262c834

    SHA1

    1f16e999d2ae0526c2abc414d52bf5371cb74e30

    SHA256

    63a33684e9db0d5bd5c6685e744d682d7e714604c3927fdd735c1a6b9b5e7a28

    SHA512

    785c6e2e5df4110044c8696e73f71e55a97b1238377ff05ea330f53dac7b8d3a4e2d661f246f9ecea8651e827dccf3b858f0aa0566c6e4a61b886f7a87544d37

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5cc6f5c1cd172fa9e21bd83220fcffb8

    SHA1

    6674b1bfed9c8e9df806c0903d72897b0223b4a8

    SHA256

    3791ef5680ec078c4e23f7ec04708c1b67c2661e80614060f7a1a73985e05cbf

    SHA512

    f735fe0d893c620e3b4ff80966ad6465340ea73f32bf861b89be09e0a9cb4fb68c3778a2eb62e4d429d9cb2dabd61204eb8d6d8641e7fd4768c4f34ec9229041

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c206c20d7c53792a197ecb2f58db01f3

    SHA1

    61d7316e18b4fde3f286787bec824f01532fe654

    SHA256

    80bfdd239aca8792c60ac1ec94ed23786b64b1a0a32b0d700304d5153c3e1f5e

    SHA512

    88d816c1bc3dc8789b07a1315428733ce78e2570c2e34193bc990375f60d23547d194c2cd19fb44b68503596decf4018009ee2d6e2720357bc2f64f82ab2315e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f83b16a952087e6e67eee26ce2db9038

    SHA1

    f5b4382321c61e7a417c978da93e1202b9a9b27c

    SHA256

    ddf75c293b95c140c2192bbb73204431278123b5651b2b595268a21a382320f5

    SHA512

    49c7adb881a71ee4057eb61f828cad6811dc4aa01481a335a5bbb654b9a9c809d2dcfda932e2b0b8531e3c8684d51f85e0163d6f9d41a9199c1c4732e48439b6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b976ce5fd55641728681b512a89b63e7

    SHA1

    6d9c71c305322e4a6917b54b017839a777017481

    SHA256

    14b1a0bc747def723590b99b7583ad25166f5d1a8e88094273d7cd3aa696f412

    SHA512

    0787406162e2c8dcceac3b4a0dd49bf7d7f18ad2a5bdd77da840b1cc45f8de1e65e1a53a3184100fa6a224fa7b35c3656cbc211676c81156727d1dd52851aa41

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d53dfe6d1feb3a565a97ed1012b5195a

    SHA1

    2270f7e6b83f22251393dee6fbd6b6c5d97b2ab2

    SHA256

    eebd3720ba3c6efe66f841d244b3a9d414718e557982372ec47fecc1fa7f81e0

    SHA512

    11818ec9d6e9591b7c4f7dfc615ebdf32ea079085e38b60a83a06316beb362fcb5ac23eac84f8c2e91fa7e8dc0d3a26d22cf6206a913480dd0b2be3ec5e934ae

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    79b195cd29e7d997766ec6ff32b6878a

    SHA1

    e2a907f1e5af951365b0f3b4f0d7bf9da292c021

    SHA256

    d18ab344d25c4fccc3a104fa667ed25b22a9f74145fdff19652059016f612dec

    SHA512

    20cd420295e1a8453ca7efb72fa70e2ba4297c7098eee460a7106d68ef44b2b51ad55d6b76c325e7268e2b40c88da226648781ddb24a7403d6dc5bd5a0a252de

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cc2fbdf4eb6efb97c6745d646321adf8

    SHA1

    51268b501f6e91a37688cb092725e9f1f14a30a4

    SHA256

    fc3802f91f2daef529fd55d74b888b8218863f17158cc2a19c23e7933081b1c3

    SHA512

    a1c83f0d6decabc06cad717fd34fecab3445689bc97afe9ddb4de3989d70312e3330685a955cc8f284ab9b0a9502f331dedd72afc6a2d0f5c5d266032d8de9b3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4c31af987941e980077f3dbc07d64baf

    SHA1

    c354a63f93f4e0ba09c39663e20fce745bdd9aa0

    SHA256

    5c4e9940abd21fa194c225c530de7d1db97eec84c4ed1d29bb98c8a3a7ae736a

    SHA512

    d7f8b66fca82039735f9c0b94a2b908d510c6a2be9d11aa6a6d6a399566c427af9adb8e0014610431d7a209b7c7885b659b9de0928337af7ef3c7881e9cde76b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b8a21e007a285f3adc45eb952a611dc2

    SHA1

    4790d7633411b0bf2f571ccf38f2a877560fdc81

    SHA256

    fae45179bac1ed9145a3a137adc56582b8e411235618c263d64035290c69540c

    SHA512

    d7dfdada457839a90dfb9210a1336b54782cdf7acf0a3572679d0facde48c69ef5c38445f59243b05f1b85a2685c8eb4c5daa1b59c8723b7a34c4356ff860e8f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    88ccd736c18dda107016aee165576856

    SHA1

    3bf44f5da10077e8e707781c3650008d448e6897

    SHA256

    c01068e02b21926bf3182a20324844cc0bb922b3db729c2b1aedaac2ab285c66

    SHA512

    a956f273d91e04b9eecb9455d6712118611386ca5d1505337f298e1dfc75041a2312b6f7f87ca5ef4fcd7e00a82d03afeddeb3c1ce60a2e6ea21b689a795ffdf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1c1a2c33eeffbfee1665a2f75d6e0342

    SHA1

    14511b75b60699f687796659fd2d5ea9bf349cd5

    SHA256

    fdad8fe2bc3785b6dee0b25724285b9a42ce9744fac9c9a6a361e27acb975eb7

    SHA512

    80e5db1c2229ae49a04ad0a27beb23c961b7c0e4d3928d9d3f28fe87f5b8f62e2277eecc1b5108205b4147723c27d65a864943c620270fecdee0dbb8116c9ac2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8bb9a4a87b022862be46cba11b28264d

    SHA1

    8795cd29748d8b009573c30431582e3d6e5b623e

    SHA256

    3557a80f8e5bcbc24acd01ee78b9f79f72cf52533764231b05e2010b12b0a374

    SHA512

    7fc1f1db0f11d3770874566b5861a7e0887d62d5454e5473425a8bd5c6d44aeb731b432a00f1e65f764be2d0b64d3f022e48f95c9c10d0a0f687f9167073f839

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    33a9c004ca861b3b0f7f50ab290aa359

    SHA1

    2bbd7c8dfde0c5a2a305d21f12ce0c2b7d55b3e1

    SHA256

    e1f8c329e93348a3c7dfb2c75a9ee64ed450656a9672772814095d03e9fadc76

    SHA512

    f80832250dc8e1bc2ab7e449badd2b7d4bb01e85c7751264e536f2a042cf243570e98d81bd26c03b7ca9d1032e1090f35db500ef7308252bbc05717ec815e2e7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3959407f7d7fec92dfe99ce6fcc0ec0e

    SHA1

    d6af54fd7b5014f471adf663a6d10e9d25831282

    SHA256

    0a4d5c8d2ae3a6a36b732b651d03d50133cdb9eba21a27f6039fba0e1be63330

    SHA512

    1138e123837fd498b265eba7117f24f2715eea60341c7a59cbc444ec8ac6697564d62e6a00fda69e36f424a97fcc659716c1720ac7aff513cd3320aece915cb7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    58c0a5371c32f7a8c915fdaa20b4da16

    SHA1

    e0f40d8c8c050e22296fad1e1ed77093695280e3

    SHA256

    87ea9401e973dca0f51bebce883e9d0d90724bdcf199dbf2e22ced733da11556

    SHA512

    250f1d70e00b8f535e47b2c2b3596ddffd630f68d179cb7caccfc4a03a0e3620296e5069077a8a14ef24c7da17ebbefb44c8056f8ed25a22109acaac1bb73f55

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3a41b5a44cef7f8380b2a79ee15f067e

    SHA1

    a7de9332e7642d90fc9180d43bbe0a7b3133b568

    SHA256

    3b57a8965661c7d97185dbe9fbe3c14d6c4c7fd34d2b2d0052033159d8714cd8

    SHA512

    1b2bb9a6cdf3f60b7c804259422fc5ac61e9c3ad10ad8281ba0a3c625e9ee5a546808db37f4c7225015736e9d2a1a7a9af8fd559b4e7a928952a70e1eeefa8c7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    de23c76d9f688ebefbb1c96ee7c2571c

    SHA1

    16ee64f00d68da66b75c8d59cbb2cd6eebb55c9a

    SHA256

    61e240689a2e2f50b02078a17ecfc61022ed1c419016a5c20ab5516d101deefa

    SHA512

    7d7d5a983a3b0794adf9d6b0caac67257ab7d96c27a677def0b66b3b5329e425e36c4e7f579392df886c71906e597716eab533195a664aa3d18d98433ad9c1ac

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    852c1ee2187cac3b6861e88b07cb16cf

    SHA1

    f4db9c480d93c85f0e58b6952e688dda1ef58831

    SHA256

    e674f994168cdb5797c4fc58e8483e7b479a19373f1cf82379b751789310f638

    SHA512

    8919a9d28c8e5f6da16e5770e0a359d06a3282d7283c0649ed123b74190557ca6e867b904b21f5bbd202127db48d71268f026e8925dec6edc0466ab103c79b2f

  • C:\Users\Admin\AppData\Local\Temp\CabBB93.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarBC05.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b