Analysis

  • max time kernel
    121s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    24-12-2024 16:52

General

  • Target

    104.248.221.3/systemerror-ie-edge/img/headshot-bg.html

  • Size

    178B

  • MD5

    7e2c427186d4e1bac52813383423e82e

  • SHA1

    bdede1efdd02eec3e5ee34eb555e44227d2bb2f1

  • SHA256

    887c8ada6058f01125a5131f1c495ba5f0171b2c40466ea824494403b87c1a22

  • SHA512

    09fa2c8d7d9a732abe7f118bfa20c1b7c47bec9b40e221366dae05bd01811f029d85544ff35b517e54faaf4b35a672e50e5fca232460fe3c0844132bdf0c818d

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\104.248.221.3\systemerror-ie-edge\img\headshot-bg.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1984
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1984 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2104

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    71028c9e95e8d71e43391629796c1739

    SHA1

    2e0620402261e289860db22016a6a3fe7792e078

    SHA256

    1e85027d28691e0a275a334052989b6dfbd5573c132e566de214a0426b70650a

    SHA512

    2dfb9f10ec9c022d4bfe8955fd851ee131dc1f03fd7e3036af14ec7c49f57585ca1b8113c14f4f776317bfa3ce4906ed05f55495e95548c4c6f6f3ffbbac058f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1d3ca883c84463a14f76bbe2de680934

    SHA1

    34de45d79b2e82c1fd2e8cd21269b9ed28c0321a

    SHA256

    efa078c99ae9fac86cc0de8ad9b340aafcb31a6d94fcbed044adab22fc76b078

    SHA512

    dd76067295589e024ab051aa0f2d9c32914bf89fb6111e04c1466995a61818902ea8c54dda8e664d69f6770e3000e23efba5eb6081550c8e82bc055dd37cb2b5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a4dc4231bf498a64b5ee191735f1ee9c

    SHA1

    9ec395d43ecd6ca45fe90454bab108038e3f0d86

    SHA256

    02fc4ecbd215655820928b2cc5681e3a52141e2e6ed31eb2fdc4d3a7132b9421

    SHA512

    49ce7a4bfeb80cb1eb874627c44a2ae8a9a29d8b65783245b0a242d40817ec773286a20b08bf79c576023b3e8ac44b3dadc6ea9e0d9eb327e74bb4122697ea4c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7d2d288364df1072d85d6d0a72027491

    SHA1

    25e1f71a4fb77526f76d596b679a6639d963a188

    SHA256

    3f6d7a4a4085a3fe0382d4c03b8614581b7aac23697f1ad50be61e7f7be38329

    SHA512

    eb1f530294a9fb0c377fff42cec7d23aec175e69a14a22e2b718340d9b46899405bf0fb8317c91a56e22e93b51519cd5a17a9cd2cb873e02cfe2f899da3caff8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2a3291d3e4b905ab17657707a8072e4d

    SHA1

    d4430b3a3d0b1be6a287f4c75ba643ac2b6714f9

    SHA256

    3d693bc7a52f4539f88057a21e6de5996cde120176e6f54e45db6f45733da7ea

    SHA512

    1fdb4a1dcd00923810f43f0154edc6a77cb1ae75d5d6392015d1ada1631b6155994b7dde437d34fb7319b466ab4e1d944094cb75fbc848ca374937eb2a369b51

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e367a1a2726d9f9a5fe27d37da128f9e

    SHA1

    b1571eaf189d7702184d2b373aafd6679fa533f7

    SHA256

    bd6cb3c4ca66427d6a189c06ca713eba53b53b1b9070ad49f8634ab2b2113599

    SHA512

    469878cc98cb09932bbd2a56ce07c17ee7d1a8735f659f1c5008fceb275cdfff73cb0a51cf234cba1561324de293d40b8843e6a5e308a7f64d6ee10a42728e01

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4034ad8363e7b89ed9dfb5b52edb939c

    SHA1

    85bad9bca0abafd672f3bfdcf8d5cc751d4c4ab1

    SHA256

    b794e785ba68e3f8d4a617b2d179cbffc953dd7d589cb97bd6ca727afe08205a

    SHA512

    dba3388d0218c118b16d09e257d6ce5c5f97652f0d3612bd041628d4d00eaa7a8591200ef7cc5694b136b774ef1ac9e3a03e11a71a09f172ba3385f0467a113d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    03832762b24619ff981d5cebf0041817

    SHA1

    1c7bf81d6a9c39905761e9646ed6cab468c9f947

    SHA256

    384399033c18e6136fbb501d2c7447891e9d214ec20c7c0544db733f49c31c4c

    SHA512

    1734d8e9ad46be88b1bee356eee322ba5fd011c2d2524a3eaae507374dcba4574eade09851a7a167af1837fc30f76c849355b8434e5e2802e6f4d61fce3625c7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    65662b4e845fc438b94fb4bca1c9af8b

    SHA1

    736cd98f78eb0426f0b4667fdf3ee6780c6d0784

    SHA256

    48a6f3a7f9d0501194e575b4f77502088ce3e9760f718673c2693c69d3091ce2

    SHA512

    a6a5f585364b53485754436347c0c91547b19cf1c7020d8cb7362bca21aefc0c34120dfab40d46c35c2be736543a8fd466c845c89bf5c50bcdbad290dfcd0089

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ee81da771907ec6ab6eba1db18472c78

    SHA1

    853b4cd427ce5f9d1684341f1080c33c792e7fe5

    SHA256

    1150ee6de8b764a89216a4f8130e36ba163d86d1f30a033aecd4e29fe93f966a

    SHA512

    dadebc1648db1f86461dccad98506cf41ca7bc0314143acc1e644d1b80f6fc6cfcf7dfc3895df1f39af421ade9c70d5f3064e856bd095c1c2965eaf9072142c7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    aaee92613d42d8e9bf12eca451a1dbd3

    SHA1

    76a35784b6f8c169c6034f8402d93f7d67fc9f05

    SHA256

    9d7d8315864302ed61bb14fd20bdc2db92e79a1aae67bd0016773b79a7d5727f

    SHA512

    b3bf305a2bbcea540f6bdb6d034c84cf0b9057868018ff35263eedc4574360e93012b569fc2b730e6ba48b65ae8492f9f7e331d60ad03ec185d61213f222240b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    59f64e343998a23328fd517d976731b0

    SHA1

    614ad632a624d18698562426f07801bc2f5c890c

    SHA256

    7a2534302314456e7e23edd0de67d804c63f47ad16727aebbe281c01e8eede4c

    SHA512

    d15d214fd797286b581587fb215966e94821213407c1bded41586b2cdcf70b35f357f3df8918c67b18a8730b9b2438b4ee51e068ab5efc1cbf6d4cfe51be1d99

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    36848f47cf083af615b75a970632c5ec

    SHA1

    60b3ca740e533b20b4fd3ea446a7aa376e415d4a

    SHA256

    a68c879ae61aa19d5c5b8ae73de090bc416a19f55c2144fc623d38180486a2a1

    SHA512

    c5595c8d0bea3e2a3234987a3d4daeba2a371a6fcac32ec8c3e0322bab6d47b2c5d9fcf54259923c9167dd74862642eb9df62ed7ed5c66bb1caea64a01b17c80

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    350e59a080b795a425387e6fde928404

    SHA1

    273f4f568ba71e04ae88e3db59095cae1ef87451

    SHA256

    8a9b51f93a75d5427c6ce3d8ba4bc993642eb10e57d118a8fadcf24968b5e480

    SHA512

    84778f32134ca051a55a89dfa5b98474313d494a9a5e1fe4d2ff6e62001252ba846d7931817cddf9541a3f2e01819968efd0eaf5135cd966214c820045dfe415

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fb34cdf2a138a7b20891ec4c867471cb

    SHA1

    2ba9de17d7a48d1fac84c71de19822ba25b6979a

    SHA256

    f12d4b6e2e55c16d5b55c0d6818d0ff1e068a2e1cc8941ee4d49dad5a0350458

    SHA512

    118ea33a2204f9f7596528c6904967d6a9309f5193764a25f4db437673a55652d149211e6167ca88a5c1ef7a4bf0fd731f90175b62f889724bdeb30d7709700f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    caa40555bd18ba3103438f319b2335a5

    SHA1

    273374c1d5a2ea3c9928571d4994a9334b27e216

    SHA256

    5de92f25e80235ca8211760b4902847182608e24643b8376843bca1c30837f30

    SHA512

    fd6d65b6a28c8fa190185c03bd177428af2504cd17dc6ef44207ed43349694c4ca77c4a06604a1c31272ad9a71aa18495fd6e986565e12668c1ac3c5d052081b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f530d81c311a1c23cb3fa02a72eacac3

    SHA1

    0ecff5cde196d280551b5d0efd18207ca054c91a

    SHA256

    e9deca947740831c99f38d29f546d1391be70521ebaef0b3d82ca20902d953a0

    SHA512

    52a72847e4e7912f3c949b061dd10d2b8b3cc54b8c60a2b3d472f2c71803b040c2bbbc9ada813677d9687b4d078b7383c7b1d8c39eab90424fa0f16e035d68c4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6c1cc7ed5ba8783ec3456920887d3994

    SHA1

    eb9db47f10146adb02563e3c6675ec2f40e8bfb9

    SHA256

    e2079373989f90a789f3e98b06e41981f180b8053b6304c216a3ba446b7aca74

    SHA512

    84665f86c217fb65c18c4deec2e11be72477b50a2a32f0825f5bd7cc5025317e239baf7f784fc749b2548453e15ad5e362a8299a8e6c42aa6e9ffac0657efd43

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2767d782be42befaa1483e9ba170c144

    SHA1

    aab33ff0d8ada2e1ed58a8b7d95d6cf7aee8b91a

    SHA256

    c257382f6696112e873f6d79c93dae2327652aeaef41e4c84dc352445a6adfcd

    SHA512

    5d84c2b594d1566482dda45d9709e235d2322c46ddd3f7eb0339f2541beed0a032fc0c3858863ba59d215f19c7af7a3f30b70335bc9ba6dc3317b0b01ef577fc

  • C:\Users\Admin\AppData\Local\Temp\CabFC5A.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar110.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b