Analysis

  • max time kernel
    132s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    23-12-2024 23:51

General

  • Target

    LICENSES.chromium.html

  • Size

    9.0MB

  • MD5

    c5de877a372447fdd303c1026fb432f2

  • SHA1

    6fc0a751edacbe061e97248fa550691225891030

  • SHA256

    4bf4dd1a05ecba975c90d85117dea74b0e94114f882bb26a7e7d1029afe8fda8

  • SHA512

    b3079b18419ca854118e12e8d4681c9e66ae55fbb1f69cfb3ef6322a1c17557c0adbfab5ced030133af814d39483a2b5c7090ca3abb545e8808ffb6abe6b3ae6

  • SSDEEP

    24576:G8QQf6Ox6j1newR6Xe1VmfQ6k6T6W6r656+eGj7dOp+:fGyeGd

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2308
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2308 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2028

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c42615784ed93511c136444c9b628bc7

    SHA1

    ad9ab12d29183ab0f6ffc07a6dd3736e4929980a

    SHA256

    cd22919e26d2d4d183eeec3ab57f44c25e7cbfa9e4302c42a4d282e2f5c3e059

    SHA512

    c1e4e49b89b39f1c7e99528533fdce0cbfbbe11dd420c3ec3a2103df9788744bfb5a5f82be30a6e88eb081f2d39991bbbd949e6cec2a369229aba329993a44bc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    405da9f276ca3b40fd8276be95bbe431

    SHA1

    310064da7f4c31f9e340fe8c93512c4c2378f2b1

    SHA256

    01b7e04e5268a354913d3dc503fc532254f2965d101e69a33d63649de2ba5b1a

    SHA512

    2fcfa9e135f5ec505d0ba04c9c77761c62680d759ae099677c3db337b0aa412dac08d182ba782e6ea10239187c8b9eac9c1c7ce949af0ff70b221b897c5da387

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9fbbc0cd026c280a861059c89c2f58eb

    SHA1

    d7ae4b1393819f14418c18defc315789e6ed6652

    SHA256

    e4cd19593d2ce998c57cdd002f52f33c0897a86d743730ae5e9305b8f04b4325

    SHA512

    7d81cf560b12113ae5f9b6ca3279191d94faaa242de9b3f99a2a623faafe890a656aa8db69aa9d1a441699526c703107f29a396a46dbd7745c5114eadaa04580

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    33b14ad5ed7e324fa6103a6740883f02

    SHA1

    3e7d7a706020372b51a5dbb21d0e7f14c1f0173c

    SHA256

    89ee4c971629a4458898a4f8178c9f7997e00e0a236922f39a4086642cde3230

    SHA512

    e982c156284793ac93621b275a9b31e077a97c1325d18ffd610f95265fbe81d38ec05a0ce9b77ca00bf921b879eaf91ad8880efbbc0356f8163dc3fc2bb93a2e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5508565ef962113de7671071a5c20ba0

    SHA1

    d43a175b23854a30c2da20f1176efb3109ad60b7

    SHA256

    4da71751fa2239d16754f3c1d4fa5e357eb1a52bfc14755c653080622694e337

    SHA512

    4077970377ef9201980219a9ecac5a45fbedb51c91b0cb56f92c7718968f8787d26eec0c2478b4caf85cd2b255173054de4e8845ffcc89bbe5825d6ab8fd872c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    28b9ba0e7c104fa11e6f8d5e07860dfe

    SHA1

    8b8f0588f8c3cbf60791b9d2b36eb5c044bf10ff

    SHA256

    559431ecf627381670d134a9a5563e916f11aed631a8569a98166befdf59db9d

    SHA512

    754dcc842d2bfddbef21dbfb2b870715f5ce0c19f9f7ce2cc339ab34467ffb5fa7ee4026bcef3f2ade2cf44d5728bec311c8e7caa56a098c0a4cb75adfdcc385

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cea9088cec9cae29f27adbdd642875b0

    SHA1

    90497729c7d2781ac1e9520c9ca539851a281bbd

    SHA256

    2dc0081dc528ec20e60fa535b681119f127e5d5af1144e7607f34c664937195b

    SHA512

    b7fa5a5e3fc1aff9d662400df2f14a50ef58945a446c40602244df9a5a80731654235adcf375eba3405e50b764a9547bd6657ecfbe9b3f856496f940ab271ab0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e78183cfa87d4a3b39b0cfc5710e4cca

    SHA1

    e2935c04d8104dc6a72355df98720dd3c26d7292

    SHA256

    7765e1543c968e67ecbe2663b231e40e21376177fc3f4707ee870673cbf27926

    SHA512

    255df4e68c26ee2138378bc7d2135d0177cd7784627c147d805f00c42aa96b29ef15f5dce3785766b5d3a650a463150d99d2f888336794d2ff0c9da1e07c75d2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ccb982470152d5615ed2779eeaeba99a

    SHA1

    40548e554cc702355408c0025ff225dd707a8e0f

    SHA256

    9ca4568856b5c04efaa9da1e92fbf5ea882d7cb064f9ace4b0630e871617744e

    SHA512

    5627e5b1d8f2596f883dd494f70aaeddd0657ac1e72fd8ae09148a440eee0239488dc7f2449c3b4f81efb91b1e7f6728789d538712ce87bf987314aa02c9519c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    581f4c107ed79dbb4a239998a13ab23f

    SHA1

    044fdd7e2c0057560f51a65ef909091bd237745d

    SHA256

    54afbd8ff95e699a44586750af26a16c63c86d2a0bac1f0c2ef98a0198ac3541

    SHA512

    6020807c8251de0aed0d40bfa8b766c883373aa2629a2a02420eeeba1e107f9cb133ea02b42aadde3c0b663c98d1102d501419fc990bc77aec82d8dd96579046

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5ea8ae7a5433ff964b87e9cd6eb4f27b

    SHA1

    23dda0dcb030319ec6ba87af7a9815bc17df9968

    SHA256

    002926c6ff272c8f30b001ab6f0eeb19baa8ec17998b2f49742a43ffa0d7215b

    SHA512

    6823fb342ded6e5e59643b892e37c33c35a1985bb15f6e43a21b4434f47806faebc500b5e44a569b36c6e08eab7b8e0f58b98f0761faa011411b8ee927648416

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bf3a61a060d6508fad4949ccd0a3f076

    SHA1

    dbef8c537a2a7b32c1612c9002a730bc9111ed81

    SHA256

    f76ff527a11f787afd9b6ff24537155425231618f36e036b80c7fd076e146519

    SHA512

    494fd7f81051e1033e455e4d634f6303ce547874a0c7c39f9f60ac559c0e9b5a3a7d27ed01b87c1cdd19faeb6d591f2757c18f801430798b493bdc06f9173ef9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    12c38e9dc8fb2489561ff4f538a05822

    SHA1

    e8afdf243005c75df8bef85d7b55e86df705d034

    SHA256

    7bc613e5123f72ccd38c0b52061946416b4667e532c010ccb15d40d20b83db55

    SHA512

    060dc6aaf2fee2081c484631b3e52c3c8310c6f964d30109bcb41bf34ad551f2157fd4bc78fb5bc2fcfa7bea7f4e64009b7f1a6eea6d8e35a505f51fec952e9a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    09229369f37aa6a010341501943b07b3

    SHA1

    525ee0245256b719d60c297595d0919ddd565732

    SHA256

    beadb9053ba9080fc27b25dd6c8ce3e6c64e1fdc74b26146131148993b23d2fd

    SHA512

    4de7c2041c4d3468120e41a2e3d4ccff2fd202d2e32a4598bd036916801827af655b73ba351e2f9a63b6844df8bca63dca62bb7748e7fa323e85d5a81341e590

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    360b60128d7aebfa6c8b585aefda501b

    SHA1

    db080837093f71eb90106117a2769a840b05e8f4

    SHA256

    85af9a026efe50eb947cebef59b6efd026e51bac360646be21d60253ef6eec86

    SHA512

    371342eef6745a633620389901981b834d260e98b0f7d0ecab7e61e69c4dea327cd73e3aa1bb5ff29b7026ac8fab646bf818adc4a5326fe048d88ad84af38997

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b66222bb670abb67c3b27bcde5110c11

    SHA1

    f7b2e52455f8d93c50f04ba4220a24b5af33bc6b

    SHA256

    e23c2968443a8e555c70087a4066f18c4dbe077d11ce595e13704705ab32c479

    SHA512

    c65d9a4080630426b8b5e94a5fbb9267dcb152a1693aa657fa8f2c55bf06980b5c83154c82a6a4c44489bf5a1748c29662f3be65b5ca7d3a65ec608a24eb45dc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    133c2463db3a99157567e7fd3dfa60ec

    SHA1

    ba690f523033d1d95bd2a23cede7dd3abd36032c

    SHA256

    9a30e605d476ce0b4c713ca04eda6d3dc78cc6f371a98385bf193fa44d3c3d1f

    SHA512

    6005fc3737567ece22c1753bae8a040a58ad07d60398c4e0b8c277eaeab9637408ec5a04fa54ea840686a5e1ea1c241276de20cbf0e9f6a4b83f3429ce4396c5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1ca045315278fe6267dd38294538ecb7

    SHA1

    27092b106470e871a67cb8777a3181cda3bf71bc

    SHA256

    3abf3042422ac3bf4b082006f68f1452737046c63b054611f76d9705b7f737b0

    SHA512

    a128ef947e5600cad4152e642400ee68828f0ca81ab7167fe48c8db2cd98ffa0ad6541649dccc8246abc98a3010564cbd5d32a29277f89de6c9af3ac40bd6dd7

  • C:\Users\Admin\AppData\Local\Temp\CabFF0A.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarFF7A.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b