Analysis

  • max time kernel
    120s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    24-12-2024 16:52

General

  • Target

    104.248.221.3/systemerror-ie-edge/_data_image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIAAAACACAMA/xhBQAA.html

  • Size

    178B

  • MD5

    7e2c427186d4e1bac52813383423e82e

  • SHA1

    bdede1efdd02eec3e5ee34eb555e44227d2bb2f1

  • SHA256

    887c8ada6058f01125a5131f1c495ba5f0171b2c40466ea824494403b87c1a22

  • SHA512

    09fa2c8d7d9a732abe7f118bfa20c1b7c47bec9b40e221366dae05bd01811f029d85544ff35b517e54faaf4b35a672e50e5fca232460fe3c0844132bdf0c818d

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\104.248.221.3\systemerror-ie-edge\_data_image\png;base64,iVBORw0KGgoAAAANSUhEUgAAAIAAAACACAMA\xhBQAA.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1608

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3141246ff1705cc02e9941f71cd6f757

    SHA1

    9650bf036787e2e72d88e93df2bc40935339e629

    SHA256

    7f78a6d996cc18e937c166d4dfe24b58eb67b14830da94b1eb575c9776a8a967

    SHA512

    bf7441f656a1952d6100234f4901e221b7ac34026d2397242c04e4cdf470b2d039063fd76cd91c788b20b704091a3595a677987a2c58f351f75d1554ee7f0683

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bebdfbeaac3dcd82df68bf80a2c2005d

    SHA1

    66860c4a766d7455b06a022540def05fc5eb3b07

    SHA256

    fb10f58c01d739d1daf1048b2b54d47998adba0cadb45d4d90bb3bfb64c3c55c

    SHA512

    25b1d5bc4bf592b6ebd2e5b5fd993c70062b3ca3344cf8ee924c707273aa910fe03d285a5baf7d6596ce27c7658d113d064c0a923eb9c6ea045fa0343ec32b08

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    eee8f212adea8c8f4516eb1173fef9f3

    SHA1

    1b0d70c2a749b54a533ab2f72403428883ec0b34

    SHA256

    2a3fc2f5451a49b1c3f4af1cbbb5819b4fcb598cbf30dd6d83f0bfd3f515d34e

    SHA512

    e01505537fd0af3700205850e0ee77f12886007d18d428f1198dca775c805691b54976735601fe755a9d1c670fd87828021032a21b1ba888bd4c6eff5d8393ff

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    74852677ad9496a2c0b322cd59fbcc63

    SHA1

    cae42162e949845b7c3ab45058f8a44babe21f54

    SHA256

    d3286981cb7aeca5288ad0ffded5578a822da4d4f871b24f3e8708460379460a

    SHA512

    152062991a309a700f1df3a5d9167043caef511329e6a02bd3afb80d7d48f16e58c0c10de2fe0b296055731e3f7a03d09ef4a01cea2d410f69df99b98e3da081

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6a70326e7b3258db4a28f594a3ccbdaf

    SHA1

    38cb9f7c6c1bdacdb3c1833d0200a1dbda9aeec0

    SHA256

    d87b80a07692d62c60fd468c40e9b33ec0712931e1730e4b90a524c92e852654

    SHA512

    5e185d563d475e75814e862ca6909f918a7bddfa984f97994daa503bc0a1b1b13b45b9042eff04e29cb6ab71a9be0e59c50640a050b7419f4ea61471af61aaaa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fcd079e7024484811cc7e351d514642c

    SHA1

    8c5cd762424bcdd482223696439e715c2af86b82

    SHA256

    3d0597db4c30bc00668b60186216e79f676bf8f83eb950e0fd2d703760b0badb

    SHA512

    068b26a874604ed432185982ed3a8ad4ad8f4d8a6d2d2e1509351afdb28a330da0b830f142eb9c9e9f3bd8d927c2a93773083b9fe333fb0e569cd9f3c3716b4c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7161d390aba1b1c9e43e489eda1f5379

    SHA1

    5e010edc73125e2fe117a75ae85d1ce65a885a70

    SHA256

    16fd9e491019d506b173c826096dc94de2e7a2f3b8bb7e3f12eb420704d2e6bb

    SHA512

    887fd8ac8a3d031d86471286c81e0a1b1163f73a68aa1db9eacd6d9d44bab4cc5bc2e9607d0e69a1a901f0f1f6043c5832be1075fba25df40df26dba8e9e7a10

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    86ed873e6c4e9385ef942c265a54873e

    SHA1

    3ac1d90ed8efa26677a2d04d926f00547ca28fbc

    SHA256

    02dbc75dd227dbd569f4344945e774dcb5838900125322029191bc1d59dd7978

    SHA512

    ba93fffee4f9aab96ba3e174c3055f657365bdc1834237ea0cfa279e945cf23577997f12aec59c0122a4beae3b58e9f5cc754d75f3cebee25447bdb4bd9cf2a6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cd8738f9f6d623d32c415e6c9ddeefbb

    SHA1

    28c848969506788a68ea3c1646c11a98ae6cafa9

    SHA256

    8cff6258dabf6260a7eecded5729a5bab6cc98870e40416b1a398501e16e5944

    SHA512

    1f24f540ea4ba68e30d55eb8d934ff42c1749246b9120cd54a1c7740766fbba01588e47a42d666d945dfd64569cd7af68b13fb3c2aded7795f84410ea1eac5c2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c23cc760d8e9691568b75173af87e53d

    SHA1

    c01c4a32377df124694be94e14172ed7eec74fcc

    SHA256

    7cdbb00149033f09d009b7f292d6af55eae97ce978d3618cd336a9af3f240e84

    SHA512

    cb1a5c0de2e642ab2354a4d00decede9fe795fef2e50dd92bc166d823362086138987d0bc05d2ea7447305990d6042d226e1caa0aea0f512797507328e1c9fe0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    635206335ff3ebaa925a7a34a7090669

    SHA1

    ed1097e0961a3de50ca718c10a9e242975981489

    SHA256

    71da9caf0eba867be07a6cc7d8e00491401bbe8b3b74ed3af6522b95aa27bfb0

    SHA512

    fd4f5fd00d771f2eab7a2a4e9f10907ce468179726ab4f73522e53f5b2c74ab9d20c3b4d60e09e39f299eb87aa2b4b043dfa595bac14675dd85124f560184de7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    db7ffdc485c204ed6564ce3bfe787ed5

    SHA1

    ad4cb3acbdcd21018217e6f7a735a05829cfa19c

    SHA256

    8a2f1d7870f113751869ea25385d3a404aa6f79d11304a38af600b289dd95526

    SHA512

    75239ea69bc71e299d4813482ac51b9c8ef7c38280d3adc2190a5adf9675ae39cd5055d3eeba03ce266295b04a36a015b9b980769539e719e0d61c6b248e049c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d3851dd11066a7599aa8ccc0fc110c87

    SHA1

    6012ab8a9b1fd4d714eb5cd9ebe4f9e324c913d5

    SHA256

    0aebe9fc5bd6fea2af706a5362e065496ddf88fae7f49c5d44e408de020d2793

    SHA512

    cc41e7ccad58f3c32d7516c28971e168781c10b077db9325dc595c49f0bf31c95145a780539bfda1189cbd93c92139aa3d611d3e7325bbef656bf4ec2e016d98

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    09989f280761d96cc14c991fe6c7096e

    SHA1

    f4066212be9aad4f45c483c12bb7a43dbd58f7d4

    SHA256

    7c5523dff31b53ab3ddaf397430387c6bae91e13a3bdd26bb31304a0475fc861

    SHA512

    eb2c95f72ddec42c15371c6d453906e16ba08aebbc10ec8d8bdc74787895871089ed6b9de79a366ccb02c0421a6efea74d1486600beed4cfcd05cf818985df79

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f3b4b2d2762b59981f14d8178f2db5ce

    SHA1

    001e6202615a4627c4a9d22265a1e2d1b20b14db

    SHA256

    f843694a4a40050ac8011536d31acab1c53b5176156439d1334ac8a992875f67

    SHA512

    ce1842eb5143913f11768d166bfb55d3a60df84cc67ab17e2235bd03420762c6572a12b2185af8ba481aabca1063d9cb8e1d61f5c640b50f5c0c3cd95987b4fe

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b937bff0c3c6d9e7d059fadbadcc12e1

    SHA1

    e4aa156fe3ca19e5a206250fa5f16fc077292ea1

    SHA256

    96699cec751b40e1f3c519689a0a0bc3561e7b96f3449b9255add9240f49d633

    SHA512

    dcc61d5aef3815baa4c05de6145607bc2152ff40c4a10ee84e80d3faa0edbdcab1bc8d16e986898a26033ea1a0b0b9235e59ae14ba96f7b575b254b97aaf5822

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    edd893f6f64594e13735f2baa287dfef

    SHA1

    96b3f34b3357d4b2642a4c3ad310182841ac2eff

    SHA256

    1f0d644653f4f2156a6e62b3fd84f65fd3bf97b0c8e7c07f9a587d9a5e62636e

    SHA512

    8e8c12e8bdd012a22b7394fcecfa176fa1536d0267aed449a90cef3973f474288d63f4c406cc5a07baa67f58250ea8e4291e60786aa504533b01c397d6529f1f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    83bb42ecc9fc2a71657cb43c22669f28

    SHA1

    ad1bab38a4d930391f5aaf4987e79cbe3288f7cb

    SHA256

    dd8f25649c611647fe6abc8d1abfd037e31dfbeba984557e74bc236bba9afad2

    SHA512

    87235599d7c19d7c13a1d2fd568988880697b0b3e42813bf89ed09af9a451e84b4b6dd9fdc446b87c0424f5319c93f50fff45d385999243a3d5074313d9ecd83

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e1da7c20279e600c0fdb9c49e148ce3c

    SHA1

    acf9eacc6eed3fd8f88c63c6861f243062c31346

    SHA256

    7da9df4a5ae87db2acca26ba5d26a4b2dbd0291b8ca9526c88b8052553adcf45

    SHA512

    d1f9eb9deb1665c6b752a44e9786ba48abfd302e3ba689e9f8ec5edfa45b09c2045a61cacf836f0a055d0ce774daf1d9588d8ad96187dd7ad27a5b34a4361777

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    36b87b3f665a8328c87c891308f74915

    SHA1

    108bb37aa5300eb860b545002b3da4fc56c6da76

    SHA256

    bb4cfa4cb74470e3b5290c054ff7c9d795b0653351bb3ade6ed8cfaff1066068

    SHA512

    d6211e9e9c7ae2175649518227d69a842cb0c28d3701aa1573f961a302ab3245421cdc4b9314cab990ba5899ec26011a1f1cf28c9c4a2dc95de4712231ac1255

  • C:\Users\Admin\AppData\Local\Temp\CabDAD8.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarDB48.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b