Analysis

  • max time kernel
    119s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    24-12-2024 16:52

General

  • Target

    104.248.221.3/systemerror-ie-edge/dsffddfdfdsawqwq22121sdsd.html

  • Size

    84B

  • MD5

    52bf3ccddb64ba07d5d6d79fdfba4765

  • SHA1

    f369871f7f1efa470a92ebb8ab98ad26b6754965

  • SHA256

    11359d75d1ccf8ead98ba93030fb3e9050157c154ac53255f9dda71f1465c3d7

  • SHA512

    56e5407cadabdf85fe16cb1fba51fffa92a8be23c2b8dcaa108a69cfb511318b2ec7f45c3782aeb49908d840a67ce62d4c18d3d1ffb7574f3edb73d355485939

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\104.248.221.3\systemerror-ie-edge\dsffddfdfdsawqwq22121sdsd.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2380
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2380 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2972

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    62baadf6859e8900abee18b3227dced2

    SHA1

    6fd050389e2807622aa76cf9157d9467158772cd

    SHA256

    75ee3fcdbcd513bca9ae28f8b29a2db17a9534c2060a39783643776589b61b23

    SHA512

    e855ca411740f960d8a74b74a224d237a3be7b7e3aa6e14a3bcc98f00c5f1e80c0d3dfdea53a089957ae2990d998c421b4635a68fc5a6626f8bda875c266d48b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    26df763d49191a59150fa953f693ae4d

    SHA1

    7e53ca00dadfe086a8a5c7ff453009d7cbcb9c86

    SHA256

    0e05f548e85dbadf108302774ba29e494e613a98fc2fc890277b34b1727a0921

    SHA512

    2d9ac8a97caffbcebbf134e4481c2082229b079b597b6a511736598e1cbdd272df85a95e13b9e095ad8318f5375188aa1f8f533570c1cc53848ba27546a0a544

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7490a8e2df6aa5d279c5d017cd92e9f6

    SHA1

    f0b19263bbb09b2233f6dea329511937c62b79d3

    SHA256

    63f29b1f0db6e30532082f4401901d8b5970da0421e3b0e4c22eaae1c40b9888

    SHA512

    a2484c2bf68f55ae47f6f6aa77ccc7f722afaf7ce0cc65ae69edad933d1ed8f7d6cf2246f8a885683a636d5c472cefd766dcc61fa21616850f0bbcc266bd2453

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    abc91c910bb39e46abb0f71c62bfa81f

    SHA1

    9a77b258d0b98272d314976f570076e6b83165ee

    SHA256

    fde2aaf5659300d41970c79be6b69a93d6d47412e45cda9e540d7ffd899166a2

    SHA512

    e4f08a4acca31b6f713102924719689977c487d78258ede1d2e0dfb42dd8aa1f4be79d316e3d25476d201637439a21f639f647ce0a21a6cdd57d527fd3b94a35

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2569299740090bb04aa81f007fa1f1e9

    SHA1

    34e7b314904ad3e393dac45714816e9e7e63412a

    SHA256

    1a15545cc125efab4438e72b3e426660704813b32e48b7644cc392da440e60d8

    SHA512

    a4cc4c44224831e6a3b57776a5e5b2618261d6e5c2a2d3a171a76ec7eed74d8b1229d45c7c09b58f852a565e6931c238247159b9f553b7d763d19643d124d7bd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    802a4fa7630f7ad010e27e83464479fc

    SHA1

    e34a7cb6d49066d35df3fd11e7c20761606f7dc2

    SHA256

    2b2f8b83ae00d5ca48d2a26622002ad6ca844f9b205fa2b74e5919c01f9a5068

    SHA512

    01b173d87b497203e1970711e4f26f77acedd8fa06c362694c04ecd87cfc08503e18f100fee1c088bb21950db4703b39b55b73c52279ee1b4d92c475b15405d7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    58083f72cb688a8e7a21875af13abc07

    SHA1

    0cb3b9bc8803a6c2423d4cb82333f7cba9455362

    SHA256

    8c776265b6108a69df3884e473a3c20b76024c28eb47b92bf39274eaf18727a4

    SHA512

    9739ffeceb806e98e35980070df888d4f36bc758b4ea2cbc3ffe59a1a796702d0e7d988e2110bd46afd811b04ab3327afd7e69828617d659d77caaa186dda4e3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3d6be11e7d1d9516a8706757ec268a6c

    SHA1

    3cb79f027f1d0ad7501524c9c9b60502c41db913

    SHA256

    cb15b54377165eb8eaf7967d05992fb2690a908644c78a973fb651ae625f1f4b

    SHA512

    6d78c9c30c239331cb4db77c2a8ee515380046c65f23e83f4fc9931f6d2c9f72b18d988a09b8a49628260ce940cb5026b175c083939d539ee8c6fc590cd815c3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0fff36e242a45e69fb7a72201944cde9

    SHA1

    bc6aec9421163ba9163b2ddf216dfe5785f7b7da

    SHA256

    a82696a17daacfacbe02461907833789cf2cd06be2d6cee51419b0bc057fbed1

    SHA512

    bad9d629015c6b9e1f078b54435db56cfaacb88c202d0539e2529942fa3eca313ac224a9abe594d6e5181558d32e7cdb04a436ce775a2bdc8da19d1521e66d0b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4436ee46de44516adcf5205f1fc1bbd9

    SHA1

    3dbc01985a809c115dd831011846c8a8dbb8d345

    SHA256

    d47b2b5c3c580e9f2c3ff784e2d11799208ce0656bce581e661c9a1e32d12096

    SHA512

    ffcb5ae3d22ef81b7a8c07fd353eccea7342010b0cf210f5b50240f00379897b3da1105dcab1708db8e780271cf3e5a96c174ef11ba3cf041d82df5f1852368e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cc82b80c50fa0c3618f8d82ec465147c

    SHA1

    0ed5834bde00b1a6f32ee352211d9a4ce8d37637

    SHA256

    bf2f92f3169eeacce0cbd7af484e84a060849bc8a8cc9d7e7287818ecc892da5

    SHA512

    e48116ce2be58733061ea6306189ee3e44ccce13dbe840ab4e886d300e8252f45daa221b96b93ea126bb404e0a3d72f7af57e176d66ec92798c903a503a523d0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    077726624dfa5659e8337ea7afb45108

    SHA1

    8d8798c04f00c275f6436de4b4850d7d89dca944

    SHA256

    9feac8265f3a9652ee9119328a40d3c0eb48079e53a77acd5154355975976c20

    SHA512

    bd3b8008c279fc98316ad9477a4385be3c7b58b242bac823797e84584225b92508bc4ee586ef6f8d382620a6fbe2f0a5faed1c3f3c38950f3f58a1086ce1f356

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    886b5a969dd207a991a6052236803364

    SHA1

    c1d5966c3f27fb968a63d629ba63d60d460ed179

    SHA256

    5842026ab196b60ec151de1eca52aa06bba3d8b3e2c10269d8b6796f7d9206d4

    SHA512

    0f9f5c9c898cb892f114c828c730172d9f396cdca9975fdfe3a1564253e86ece371bd0948b5897cd1d962f89c695f7588b6669c0c72c046a4779ed64cf017f13

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    17fc685d708a360e1d2d807bfcc52165

    SHA1

    b54fb9a29ad4460b2821ddfe5edbfea50bbd5429

    SHA256

    71baed08c9d290e052c02a96755c1abd349687e97154c7c14f3446314d2782b4

    SHA512

    c12894406ead8c19210b4e90fb37257e7e6427f93fb5713daf845536758f7f8f22601e99a1ab2a042b64873f95ae9fafde822113cfb01f9456b4f1f5699944d4

  • C:\Users\Admin\AppData\Local\Temp\Cab5997.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar5A56.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b