Overview

overview

5

Static

static

1

ttakki.html

windows7-x64

ttakki.html

windows10-2004-x64

5

Analysis

  • max time kernel
    60s
  • max time network
    63s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    26-12-2024 09:03

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    ttakki.html

  • Size

    19KB

  • MD5

    4fc19e6a85964d098500a7f1a3dc310b

  • SHA1

    59980e378ac661f1fd2880f6988f8a6becec6610

  • SHA256

    c1e84d4b79642db69ec010174c00d5a988acb7ec1c933993380870aa016c6be1

  • SHA512

    0046e796fddb823365f054919b9de4efe466c4ab5965a4fc603a8c0249d2b12259351861e44d33893cdf0dee75209dcb7f369e1860e5be038d26a82157f609b2

  • SSDEEP

    384:EIbrUy9iTTPqQBlTvsNWILWqWQX9xZ/MUnD:EIbrUy43qQBCc2Wq/X9xZVnD

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ttakki.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2732
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2732 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2836
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:1228
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x48c
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:2196
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:2436

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        91eae23de5e98fd974527d57d6281f37

        SHA1

        8a3125855990e6ff508fabe59f6f7eefc718c7a4

        SHA256

        5ea39b26a9a6198d21fd52f60c0cf15cc17bc77bfb1964a1249ac899f623341a

        SHA512

        3494e255f4930bee43cbddaf7a5a39b26fd8a15c257edad17a787445eb3a1b81e6439356b6e8a659e1687928b91d571ff7a82a1bf66ac5c963f52816dc5c2f6c

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        ce4eb8d775569100fc3e4c8335c4e18c

        SHA1

        23d182a4822bfaef53f7f96c145a5c1ccefde47b

        SHA256

        6fe8d70b4f56357f6950a8ec44e86b4789b5e56b458fc91f101d20a5691202b6

        SHA512

        7548a1ec45a5470b2ea7fe92523dc5df1183ddc83963bd44b4ab246dfbfb8df7b4a2bb8afd00ac71b96930291d81a19bce75dacf908672567c6c1f0afefd2a79

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        3a79d3097346921ba460d063086eb5df

        SHA1

        cde23f9dcf828af27d7bc65045b69a1610ce0cc6

        SHA256

        bcf3558bb3b02e36161160b129848bbd08a78013f1f0bce974d554c2645027ea

        SHA512

        3ff4870fde4abfa7786199006306c8c7761cfc64a8801466a2afd4994568d3fcf1b1d564982a234eb530b779294ce29982ddcb433de9b85e745384d5f47aafa3

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        1356357ae05a8351ec69797325501231

        SHA1

        82d287f5fb6e6e19b6cbc0c3b1218b439bf3a4ef

        SHA256

        f07740c7549d20906332ea1ebe03f13248595f50de629adf1d7ec6e3ae6bcc4f

        SHA512

        79a9ed647ac930dcf65f44d9779deb13ecf808b1f63c0aa0c0b5a1c910067c0e1e6e1b9a658c2fb2e525dc469a1c099cbc7715fda9bb227a2fd5bcd2d444cf67

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        82c2b233f06c0cee083ca01a4330138a

        SHA1

        675f2ea2bd9bd5d4e2b717aedabb89e00b1e4921

        SHA256

        2b56c52bc5955cd65840bf8ca98c60cb3401944de5f8491f89c0295e3f715f4d

        SHA512

        b9b9f1a698757d5f3abd36598ca0926c2caa829d80a1eef994982d0fbf2d116a7cd934996dc1d24decb21bd81ea0ca8affc2ed97304cdf8ffcbb98cd75486586

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        a617f3cb5559adafad98c864cb367dde

        SHA1

        80554d736ba2a92771d94f5bf0bd9c47d2d31c05

        SHA256

        c32c25abb8c3b13058e5d215d519cb0dbb7c73e13154e53085273e195a38eb03

        SHA512

        502aee61cd83def5dd9d6a602d2220109005d5b80aba4f38a5f24310d8b0a2589c770c2c505357a798a2c363d351d34c26809d277a94d0bb3aa7827826827cc1

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        2956752ca2de19ac477a2314ce860c02

        SHA1

        57655ee31d115df03373c4f4b464ce25b76b4bcf

        SHA256

        9148dc9f724929680b6812e673d2e8af8b222a8df0743631331673a9ce8123bd

        SHA512

        d30f800f98b245b7f1df0779e1ab6b1fd37efc8665becd79cd219ea2d7e3fbc9bbb2eb17f02c79d4237eb0e5f7a9f1ee04fbcb48d210a03658e05a009727e6e9

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        b047c9e18a48fa9d58e58e2d0758aa8d

        SHA1

        f11151bd405fa8247fc9626bc9d2179036cec136

        SHA256

        6f67652e9246067bccbeddb3ea76cba9f10dac07c0023c16ecf0f2ffb183ed30

        SHA512

        92c3c21e7517c280b1755b8733033970c42fa6991b2fcddc269b6ad690b8feede07c03e622025efa24edc0a8e480d75a904ed9ecafd593ce9d12d53b3876ba07

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        9ff317c6cd705616c197fb2cee19748b

        SHA1

        f0c2c331773673140068e2711de9e2484487168c

        SHA256

        1789a39810b25b915663531cb75157274b53914ed6873eabae0a720dd1d5bdd7

        SHA512

        8abfee91ca80319599804a7e346e5675d3a5a54c13bbafe32318dab226c896bfb6715f47e16f5004bf82199efe5c3d7408493171cefc3d524f6aaf80eca097d7

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Cab3C65.tmp
        Filesize

        70KB

        MD5

        49aebf8cbd62d92ac215b2923fb1b9f5

        SHA1

        1723be06719828dda65ad804298d0431f6aff976

        SHA256

        b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

        SHA512

        bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Tar3CE7.tmp
        Filesize

        181KB

        MD5

        4ea6026cf93ec6338144661bf1202cd1

        SHA1

        a1dec9044f750ad887935a01430bf49322fbdcb7

        SHA256

        8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

        SHA512

        6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        Download Submit

      • memory/1228-430-0x0000000002E10000-0x0000000002E11000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2436-431-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

        Filesize

        4KB

        Download