Analysis

  • max time kernel
    118s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    15/01/2025, 22:08

General

  • Target

    $PLUGINSDIR/layout.html

  • Size

    6KB

  • MD5

    6aa2db1374cb302605bc41b2d189b1ab

  • SHA1

    94f39626ee2baa56f0b9ac91e947fb1972f0b1e5

  • SHA256

    7c34d7ba5a5a9fc26d702aa3f4fad2cff29f55830efd74543a56c8d84bd75c5e

  • SHA512

    3fce275535061085f6a0d15f6b07c7374c65b22d8d837bb54e3da49874c7f9bf8c70903a7d3ffb8c1e847b6a6421f12ca03f76a3304f549215e440b05003f6ab

  • SSDEEP

    96:kNCtQyFpDwAnwMcJzgG4RgobOuHclhNLXJymY993kONNN5Pz:ksQ8pDNnwMHn2+OAc6mgUyJ

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\layout.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2324
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2324 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2052

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          626b5ecc2ba83841cab252c8f6faded0

          SHA1

          4f507b5b6c1e84a92010dc1a9dfad5925adde3a2

          SHA256

          26e4621ae41bba371e12cc652064f6d75bc6022186a561d54c796f5091a60901

          SHA512

          c06f93739673d8ee84073591b0f14b73af1a8c0abc5ce026e286ab3c1443eee30afb9116840738014c482c3c20067bf9fd686de689b1c89b7a03dab5e00ab885

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7d68a1c242f665a0d7d6f26f0131462f

          SHA1

          396445bd73996c46aeb636c87b724daf605e01d1

          SHA256

          3e6c075dbeca64db17e33080de7612321c71ddb56dc2cadbc9418134c918190a

          SHA512

          060970d51b8f37397e220c2bd45711f87e1bed3e0ce5435cb7c9dd90c2be6bbb18a85edc59669b17c5e6e50fcd2be004610c2d7788b3997ec47306c676b3a3f6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          213dc435d671a6cb735f61fa5b52a0f0

          SHA1

          f62957e1efcf18137139fd87d97308ea58a6d06e

          SHA256

          e9472843bfab446f63fb0c120554065a480033479d50d414406b43a102576265

          SHA512

          5dcbc6a39db107ae1ee1dbe4220d341dce7c0cb8959ff53430357f6d44e36dbf54cf971ee98be8b4d84d00e9ab32e2f44902eb74a8464d3ad942c6ec9fd61818

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2cdce11c399f9982f11802bff83883a2

          SHA1

          22cd1855c18d4d1918ea9f9f51e11e9e008a9f48

          SHA256

          a81e225f84684d5a13a664b85b8a80c31873c65a4c1abf0d5a7dfa47ad8d9539

          SHA512

          a79937f5ba6c14303b5aaaddc2faeffca2494ada652da489007c00525486a498a6cb2eced8c2490291061ae44ad92889493bc8b7a4ef6cc890ba617ceb03e2da

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1075cf1207119672d9eabf1b701d2fd9

          SHA1

          5aebe391ee9dde6c10468092c6f0c39b7dfb0f81

          SHA256

          f10af0b307839f4130a0a9508c210c7729d82b408258737aae7bead02001fc0a

          SHA512

          9ebb753ac8bff45db628b3f1c262afe568f4cd3c8b2f57befb04cc41ef86774dadc5291635884573e13f3198c3d83c637f8a3c47762beed3a71db33a02a366a9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          0bbb6ba9a939bfe93e5ebd3bde93055a

          SHA1

          f3e1f4eadb7fd663d1821c65bfacf328e63d4d4e

          SHA256

          a74bf8f506efc2b66cf06511c51b8ef0564e23a48f21a7bf588c0c65cc048840

          SHA512

          1f7f28124e176aa16a1cbfe1466b1f202fcf961474ed586877d1a280a40e906bee85f49ac13c6b813fb5f1ad4de00312e925f68b254926dbeeeaac208b970fef

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          af8f94ef1f3c54ca7e06e19131c994a6

          SHA1

          1b5f62ef32fa417bb0d987bfcfe11097493365c6

          SHA256

          9bded20c083a482b48aad07c47a2eef4168fcb563b4aba9d9c9a4bcc9bf035ea

          SHA512

          82323fbe783154d7f4cd758cdabff382752174fb81a2171f2e01617c38a43e277201c0dd093befae12c0d2ad5897224dbe37789366d1a4ae644f95846db49741

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a47a509eb69c9bfa35882ab5bc778d66

          SHA1

          2334e4a7c91475ff2a9c972b375b2b4e12e748ac

          SHA256

          c48d725b2b1f1684e97a6e393e32c3b3f528d9e211760025416f1071fb6dabc1

          SHA512

          15d622899b1e47bb3c09c48a3985e560f6c4c91e03da9cf7ae57472758196bded368222592c10cb8555173c744dd48029fc01dcb7bfeb5782d3a8083340a96f3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          112c4f2fb835fadbecb0d02f7c6e780b

          SHA1

          0ffdbc9443f91be70fefc3b301581fbd12f1e781

          SHA256

          e5768c861e0dda65317117e0b0b319f963be082c54bbc0dbaf620d293d3e6f90

          SHA512

          ba8767e643040062d6c2b0f73844cc3022f8b12f771a8e8dbf18c4138e8bce80c267423efca4c53e756057221634723bc0d341c4fd84a2d2955e6249e9287fb5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1aea52c85989f6af03cbe35f6a3d8737

          SHA1

          f7714d631e7b60ce5aaabfc047bb44f192aad552

          SHA256

          bccd0bbd59ffba0c998dd4b256157ca69755faa7569600e0aef2db4fdba696fd

          SHA512

          74ec53c632c537d4754f498c7e65fc90e070c0ad9bd254bd84adbfbf27bfaae8799c9d087c4b2cd24d94d0e2a059b5aba334a18da1dcc4318e9dcc2abd8b971a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2bec3f238c316fcd2c1a5fb508b68cc4

          SHA1

          5430c60a0e26fb73b52be44bd8aa2af71a282f9e

          SHA256

          956af5122b1d45b725e4e4ac775071ef8d054e11d144d6d36f4563b8441f7948

          SHA512

          6ac481f508e44cfaed4931d86d1a1ef0ba9239f578c8eff8fd8fc80c91bf3a474f9074629ecf5844aa80df1c61bd9f719f33d2ba9d7b1845c3394c2a1659b8b9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          840e74a4524f5d60cdae07da78cacd2e

          SHA1

          d5e667147aff14e0d19c769321f7f3acfcac9f69

          SHA256

          3a3d28fe125b52f18b2e6ae8259c497a7bd3f74b20976450ce8d958939796e41

          SHA512

          5e94afafdbfa3bf4fcd271de997402dc523cb6766e6184adfdfd94965c42b93c70beeda9e6cc920c19fce9a8364349de9f0de26820daf2812761fb1063668e63

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e92f4f07d4d8786835fa8c1d1bfb172d

          SHA1

          bb5e56c9159dcce49da51c54c4e789a1d4c9b4cc

          SHA256

          8e57f33d7a3d57adbb7dbd46a2a5785e7c4e3f9c04c25817e92a6b2c4f27fc3c

          SHA512

          79494d9204b2bb8d7cc83fcf781cbabd2f244f3637a14bd024ce3799f66e604ba4af44e5e81d18d3e9398a76b972e3a3f7b13ee9e99e870488f970c219567783

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          ab33a416cc486970e361d7e9c190ba84

          SHA1

          df9739c07cd70a56461ef422f71d65ac53c1438f

          SHA256

          f274f8acdc84f140e29102303485e9bf7e0effa5bad05a1c9e2045b3a0d3cb9c

          SHA512

          fc20ab88ed8bf77b2094fb13e793e94ea86c58ac225ab6bc8c1aad04ad2b59261a618a5089cab615fdeecef3174f00394e4620d24e95225e73f83dfd33ad84ea

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          773b19c2e888f37c6188f405cb198cd7

          SHA1

          08eb97b1d6d520fe15bc5d9dbbf49e5184df846a

          SHA256

          b5c8fffd0cfdf9e4540aecec72bdbdafdfb839d943de00262100d3e0d453f4e1

          SHA512

          da32443625a7a8badc67a054403ecdbf857d4794d44a20dc479f7cfc8217d9614350373ad20f7f39ec5c314b0d5290a0ae3048c6c6171e181def3e00beeb7757

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          0fefffb7a8d3bd9f4b12ee5abd43ade8

          SHA1

          f574d46de93e228200cbe542687d870504a65aca

          SHA256

          c27e5a657aaaa509dece732f066b924cc0be8b1b03453849569dc55ba1857e83

          SHA512

          8a1e343ce848a401402c85086b8f060ab48cf49675b58adbaec861b8f13c4fdbcc26cf18befb7438209d3c8a848252b74cfd411a023bfb7603cda17edd4fced6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          bab81c0d9637dba02c202c895a9c25c1

          SHA1

          52c3da7ded679687d6c76533af6a42e0bcdaaf4f

          SHA256

          19daefae704a1e7214940aeb24e6e35e441d8de92eaa5af0194fc65c950bf11b

          SHA512

          964f1bd31ba75a3237e69049a78fbca43daf6035a21f797452c3f6e59d23bba10dc983f85997dfe0822e176d8f3da49db7c6ca7359d3c4423d96992360d792f5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          822a24c45bb69bb3e3158cd0a62141b3

          SHA1

          0511cce83ac18bb23aff00d3e6a1d2c41bba6216

          SHA256

          418ad3f3b58f5ec4fff76e8f63e762ba0be37a4ec960995343b0b15cb8277857

          SHA512

          9113b4ddf0e664a6c2655c41cd22bae008f585bd69e04dd2d6cd634feec08e9ceed95f9248bbd71432b7e77744be3d3aa8337e1f63c8d205a5a8cb704d3397a5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a87ed7c4241a97c1fe5b351b66f3fa2f

          SHA1

          680058b0ea7db7b67c75517d2c919a820dd93061

          SHA256

          6764357cb5f3b141192e30457ffce473226547aef26d2cfd127b4a47cd724722

          SHA512

          139e948b5281e1c91e03cc4ab49e7fdc6cb532c2d69267881fde3adaf2051efb083ead41c723258a37cada868f355987601181a4ca6ed3734186150e04659e15

        • C:\Users\Admin\AppData\Local\Temp\CabDD48.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\TarDE06.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b