Analysis

  • max time kernel
    133s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    23-12-2024 22:42

General

  • Target

    automatcafer/pvscsi.html

  • Size

    1KB

  • MD5

    5343c1a8b203c162a3bf3870d9f50fd4

  • SHA1

    04b5b886c20d88b57eea6d8ff882624a4ac1e51d

  • SHA256

    dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f

  • SHA512

    e0f50acb6061744e825a4051765cebf23e8c489b55b190739409d8a79bb08dac8f919247a4e5f65a015ea9c57d326bbef7ea045163915129e01f316c4958d949

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\automatcafer\pvscsi.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2160
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2160 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2824

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cfcf7ca7ea8b10bfb026d5d9cc2a259e

    SHA1

    b2c765d646d576a78f7a48739c71b312d44eb4a5

    SHA256

    232142bbe53832b9035f4cccfa13851038eaddcf79764a5c72008ae12fb2898e

    SHA512

    fcc64e7f851e95b9423df1f6f8a249a228805b1bf986944ca8a4e03645f16414732c14996e65c68322de0877d3e6f09da224f52df6c917c7941415ece7a4322d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    54f04d69b5640e2e34945e9b0ba83830

    SHA1

    39cecbf4c4de9eb94c47b9ccbf14207149f31c0d

    SHA256

    4878683fcb1324cec979b1cefe12beb64306b485153681cc32bcbf6781e90e4a

    SHA512

    a0033f2ee21cd8d5132162418fed3767b50570473a66c8104ffeb3722f7d7f903a79018dc73ce086cf45d11e73154e3991e16236f7c546bf5431b0c9db3a4a47

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    019a6470a2b020093d8935ffe85d2081

    SHA1

    3a4d8562196892960d3f45cc78acfa7d2cb0cd91

    SHA256

    29855ffbf5cc264173925e54bb3dae38fdb9c00e28eba549f80e0812a0cfe6c1

    SHA512

    254975082934249ffbc5fd203e21037d8057e4bf2e45da1bf3357008026ab6701d8e682c40585c0cf594c769e8112111bb12a8b287251088ad534d59a1f2f60e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bc7e9f2315151f66a85dc14a80c68585

    SHA1

    ee5bbd597812b84fac471a972697fbd8e7bd7246

    SHA256

    36a0b0db92f3c66644d2f9453fd1f6c70766c214af3ad2d739997dc423d56ea6

    SHA512

    8f431f62d49dccf191f6eb7cd2b33ab6c38dd3e9a3cbfc9411ecda216bca1e4f64558b8a1cb5a19c2adf85bb5ccfeb0cd5b5c9588ab3644ac8d893cf86e58889

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    634f60fc6c9c59d638c1a36fc5a7fe6b

    SHA1

    f8905be9d634fcb1c79136c353584db8941e1f4a

    SHA256

    3eb1ecb3b7b7c6f2768f2fa2aabf8574d864145bcde72101d2d291167de4ea83

    SHA512

    b370821c530e57bf9b46fbbaa3a4bb2bffa7948896be32ed9d1fde9c7efba861fd15eaf8693a2ffa97462528266e091da375d9ad81e8f374e8c5eb28a3c91aad

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b26beeef9abf1c2b8b310feaa9af3b12

    SHA1

    86cdad9250dc77f3a4ba4b99d6c9f4d9a85abe3a

    SHA256

    c8ad53212f7f8fadfc8ead36d3be10a5406df22ef4bdc67d261426509416a8c5

    SHA512

    a8242d07a8d0e5cd2c9cfd0262d97b4c917a47332417ae53db5758ffb36f655b97db42461900951ed52799d2e7d365a873fb1a65a7955e4448a0a3df69bedc2b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    21cbfe8126c1809be9a4083596b334cd

    SHA1

    c80ac2bd71222f7b8f63b31b71fb0a9954ac9174

    SHA256

    ed9fd89484874d1ebc5a3cae14814e8f0d3c6b1dac28e22fb5e64d6985e316d3

    SHA512

    bbcb0d7b96cc81f13180f60749ebd52a1c167359ab2eed230b73a8584f59ca152f1f3d4bba61c341dd4bd732eb3a6ab576fcbaf78e32a3faaff00c4c9ad2078f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bfadb49c1e1029d56f1abacea1aaf3f0

    SHA1

    3d185a7a8abf52614cddf427d916c96a64d86430

    SHA256

    9bfa4a5517e21ed88f2db1e29015cac1ae19c6827d85a5c62dfc5a7202d378c1

    SHA512

    00e5cb32f68df4728b8cb17ce12122410e3c3d7a1274986b39a4a95c3aa59d5d7c15c987c88261c5e74f894f18103fcc82b2bf056083b075b6a89c80ff54b49c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    98eaa09a39316ca295f25bf2260cc453

    SHA1

    4737c4bd181855a4fda3279f932a9f639215458c

    SHA256

    55424c455efb631f6e62e80a348e972238cf7406bd4a9c90046e6bae65832cd9

    SHA512

    433250835da0b9f1983277921a69a163025840145bce9d040feb1ef259010349438df82b60d4c9a01c4b89d1a2ef09918c649c635122df9fbfad6d55fddd0ab2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fb63aff12d03bc26e48669bbd4f41e02

    SHA1

    9189acabeb24fa504753ff771d65ee3de3ebcfb7

    SHA256

    7ebf230ae975dad47cfb5912f4af16815bf48b293378c7584ed600551ef85d3f

    SHA512

    c72f525569ec6b93e5df44652e70c239cf3c362bfb6d89cb4cf640825dbb574cb3ec8e797984f6f56e7e3f4acf6063d51924e4514509e59df7946f1cf439e5d1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    01c7e2cbf10606b241c00a25e792f1d7

    SHA1

    0165fcf57b3ae63419410875a1bbbabc8be8b09d

    SHA256

    9398063c77df1b19f2c3c5a66072c2a7481162fac9a262101418100159218b90

    SHA512

    1b21509f26e8d920d303bcbe9543ba5bf15e8b053867199908a3c4e1bea4418c355e037082567f2ca6a0c1d0d3e2fa2ee5dcfb98627726d056f9a2489b30c922

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    45c4f1bf9985b61de85f390b43776424

    SHA1

    bf67f8c2a01fb121e3dc07dfe285f8c7c6976a16

    SHA256

    d22c014bff6eea85c2506b258ffcffdc0e0380977ebdb3b839f3d8612b8c33d4

    SHA512

    5ecfe7c922b6e839ae65dafad570c2b5056c25636e1a70b95b73e73aaec23459aa6a9d5a88c53f0c372da236fdd634f5b6cdf40f3cd24d6aa6baa32b110dc514

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0616d41878bb9b81cfab7b27cec1910d

    SHA1

    de42256cae0b791611276d4c43b749194ad9e266

    SHA256

    c1c32ac36d612b1389e3c4457e9cdb7ac61aa6c0e726468b34f7a07b7fecf08f

    SHA512

    8fbb363744b4f1853712d37db5aaf2622b8387b67f4fc16fc452748f336e0ea4fe844481e95293e9f251d05bc249e0b443343e295a06143a6968e1434388a865

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    91878f6450c0d0cf04bea16933d12b71

    SHA1

    ffdd8c909e6aab0de2457509e1c10816023379e2

    SHA256

    6291da5038012dd9dfc9bab47daff0972d8d72350341b4acfd2d2123e1c1a63e

    SHA512

    2ef6b0a1ee34b41ae7924af9ef59e93db7df2e3dbc219bb5a6601ec14172c88834b1977988326797391bb7ac8200a578fbf5b5bf446d2b9d4281af79368c2402

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c7ccf97d03c7c2da4ec9a358c7aeb7ff

    SHA1

    7b6a470a7561375de4bfcc268c860633bdc47b25

    SHA256

    be3be2a3d9db3992617dcbe757779f7ac8924dd232833ba749a28a3125d3ff1e

    SHA512

    00b5c5755d88444547345af36338a4dfc035cf47029f1236f2a1bd8cef4131dba2a1a31ad044afa7ce9005e0cf68740efcbc20939897c6d410445672cd57dbce

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8349b75bf232b4782347cf5a49e88178

    SHA1

    510110645feb5ecce18ae68fba02dcaf68947149

    SHA256

    6966d4af2d8bfe7e21b604d0916a44ec13f699c7aa6904efe20a033dee6d7611

    SHA512

    d533baa24a287d61f1613b7ffb8d74186424ef90a0f0dfe1c60ac2dd251bb3446fe2e3e1f7275f68bd6df9c9d39304b8169c5e94e444fd591d304fd0dfedd873

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0c8c110461c79601145c29ec53ac9899

    SHA1

    80886515255b9c69105226bbbb1fc388b9822b41

    SHA256

    bf727a3dce66e0f61b793780d552ae5b330e96a084cf0a55621d4269abc0cbbf

    SHA512

    74249fd3926639a3a65f2313377dad32a6714a749a460be91dc531f3536aa31f07a4ea370796bf4e04b794816d870a2df17eef1513b2e5522bfdfde2edc9cdb2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9987d5a805a9777e453f4426d41080ef

    SHA1

    a26a7f47cc2774a24f52991c8f003eada47837b2

    SHA256

    6578f58fdb87c4be0a4ebd6e85100aa9f5a8a7d84afb7778d50568bdf0f0bfda

    SHA512

    3bbf779507845558527468e671bdb501de06b5a76c9360f87e349e4f33648a40fc29d9a166736c881e9a949c5badede5fb5b01c917201aa1dd24cf830807bbff

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    186076559bf298e052b1594e918abd16

    SHA1

    d521d5049e717fe58c231df6b610f7cebdc0f55f

    SHA256

    b46602d6df23779480f1ef7b5bd1a49354c096920ddf5e35e285adbc0d86b828

    SHA512

    0930f3334ad91d0948b69379ec7a03aac0af9f8241fd9a042a227bbbead43209e6a9bdefdd9681fdd04a23a33399e909339582b579b9223310728c802dcd98e7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    078ea087571b32be5260bc7891ebb5d0

    SHA1

    bcb001ec1334d72011eab7b6a2c1c03f9b28700d

    SHA256

    75c9a38b2d7346f4960ceea8c77bd10bc8924302ccb52f659c5859c33cb3d215

    SHA512

    eaf5c715f0f321757eb65f08f59477e5413998f6fdd9e0d858191022429ddd6195bab8aedcba5e2cc14e2820307c3c8417263da59d0eea3762d332cb09811bdc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    149f595073eb36d1e1ff19375b6c8708

    SHA1

    745fd749f145d7d4fa1a929fcb5bf63054d95889

    SHA256

    987ea492f4ccedaba87d2184fb40b2f07d32ee7d5b8c8a217080e8dbcb8c0f41

    SHA512

    a7e20c050221e1192719e41efa9e6a9c82bf0e27232543d9518c15761be8e31179ece46a171e47d3806432c11b433d6c64213f500cbc01d82a301ee619981f07

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8465618ff083e827ad9aef208111ba86

    SHA1

    ac9596aba4749858a65284494e56b5607e646724

    SHA256

    12cab56c7ec20b31ebacdee4ddbf622ccfebd271c8b89c89fee394d3e91e9b49

    SHA512

    b606277f7f97bda6fec2bd734cc895dd0343346ca328ebb3957ccdc8030f9e086c9f699fd7cb167dbe1efa9f0bf0d4c87496c9066715ee21f95cc43acbc7d021

  • C:\Users\Admin\AppData\Local\Temp\Cab7917.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar79D7.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b