Resubmissions

15/01/2025, 14:47

250115-r58vrsvrhx 7

03/04/2024, 12:27

240403-pm36fsda7z 7

Analysis

  • max time kernel
    37s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    15/01/2025, 14:47

General

  • Target

    Administrator-DELLXPS1456- 2024-04-03 13-52-24.html.exe

  • Size

    67KB

  • MD5

    ceb9e6829d00ad6e8f25b30d77aba83f

  • SHA1

    865128c3a9baee65deeab14f1fdc9a68969df6f4

  • SHA256

    664582c7357c0ea9f0f6ab524867e1cce887251b11e917ba5c9d81247e57bcb1

  • SHA512

    18703d353319cbd049dfe3d19469eef2ef26615e44101eca43d1c7da515553d2c98e8098e5d2cfbf1c32984d77846dec320223ea4b8189ca9f64d570e7ea0ca2

  • SSDEEP

    1536:j+wPW51r8EHsL71ELMt/RYKiq4vo/1oHHbwr/Ye2WcMX6F8:j+wIiEH+u4/O1HHbwse2SXE8

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\Administrator-DELLXPS1456- 2024-04-03 13-52-24.html.exe
    "C:\Users\Admin\AppData\Local\Temp\Administrator-DELLXPS1456- 2024-04-03 13-52-24.html.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Windows\system32\schtasks.exe
      "schtasks.exe" /query /TN WinTask
      2⤵
        PID:2744
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\p.html
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2956
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2956 CREDAT:275457 /prefetch:2
          3⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2308
      • C:\Windows\system32\schtasks.exe
        "schtasks.exe" /query /TN WinTask
        2⤵
          PID:2296
        • C:\Windows\System32\schtasks.exe
          "C:\Windows\System32\schtasks.exe" /create /tn WinTask /tr C:\Users\Admin\AppData\Local\Temp\Administrator-DELLXPS1456- 2024-04-03 13-52-24.html.exe /sc minute /mo 5
          2⤵
          • Scheduled Task/Job: Scheduled Task
          PID:2780

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              342B

              MD5

              d42dc547cb3220e21e1c803e175b11de

              SHA1

              40dcde920398078c299b36f17178dd529ab57c1a

              SHA256

              3efa7ecea8b0d10fa169f3082f96482db11e21e09205544882e10fb2dc94313b

              SHA512

              b3ebe03303805f6ef8539e4424262f8323629e4ae73d1dff0ae0c301cd36c41358a6bd234310ac5e7fbbdeaba98987cfc93d7e27e8cafa3118e85133cf2839c9

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              342B

              MD5

              cd570529136a520a4789bcb3a5647b66

              SHA1

              316141533668e1bfb7564b80f14c0af41e17a670

              SHA256

              a5241b3e8d8e823116b9b2f3a14b176911a570e40fcb0cb77abbc9b0a982735f

              SHA512

              500553bc4cd7ac24cc3499092196c192d8a80bf32858ff45c4fb66d7b3be2d55502ca13f38bab8bb152359a5aac29deee25a3d11c053492fdae59887d3f00c9f

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              342B

              MD5

              8fc5ad0a19fede858280cbeff388d983

              SHA1

              53aebc00988d6bc499c9f13ce55f9b01cd48ade6

              SHA256

              8c01898a74a80b3837e3ed54a70683d2a3b6a2d7b382bec279cf738a4e8462bb

              SHA512

              5fad37bd9df44a9422d77b8598d5ec8d93c5a2bba80ebea75796524ee7bdd0a9bbd08b78b05cc8de1d8f24c8df1e02ca2b2a0a141cceb861904a3bad56b9d217

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              342B

              MD5

              e0d95ca59e9e873249a3c636284a2ab7

              SHA1

              bf3b85f6859f21d54009bd022ddbf5039870ba53

              SHA256

              4f9aec068c1fc81029e22664b697a4454a8035ff58910668deb4aaa2b5e950fb

              SHA512

              d2242e51bb9e3594f5d9f7ca6fe939e9b932258c221fbc2304d55db91fe86d40c408471a3ba08f47eeee5c7736025b5fb19817df1e264152375c8694eba94153

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              342B

              MD5

              0c7af9d730a722349be39f9388c6d273

              SHA1

              1166bfe57a8a4926a8cf260601ad818189005cd4

              SHA256

              d89b6594659c4cb1b973adbc1fa25f9a16fc72cf65a3eddc1b7902b613171421

              SHA512

              53cad903e1da96dcaecacf0036bf86efcff4c214323f04c7becac3353fa53119ceb63748996b22364bd9a73b1646bb698ab199a144ae06ae4047bba535d514e7

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              342B

              MD5

              c761fb4aff109b779f4171725e1bf659

              SHA1

              5e010b39c9d85279328b2b87b3c9719875de09fe

              SHA256

              42b1112caab0eca6ae2173d12923d6fa08c900e674574f3ff7f3f5c2aa715403

              SHA512

              ef542b55ecadb39282c0d688e24fbc786cd2b32193a091c9f552b697f6b9f5c8fc2f5d9bba6f6e80931e4c98645b7bd4028fec08684e04e5f3970bf4680f0691

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              342B

              MD5

              47dc48d45d1efc7d8e7c22c44b20939c

              SHA1

              b984a3a2a8b24653a0196322b9b2f845f9c8b5b9

              SHA256

              bc25cdc9758324f907912c2da233c505d66daa47f3de4180b7e925225829eb74

              SHA512

              f33aa5fb5b71dc073020cf5c644cb03795a11c16681ca975c3b1980b8da768b539e24cfd64458b095b3861b685c78f936b3185f512afe67380b78e45e1553a56

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              342B

              MD5

              c5f850d5b8670ab9e9d59c58cd5ff150

              SHA1

              8a5bc2aa962f50efd8ddca45f4b50ad08f0a589f

              SHA256

              703d1d088883f46e8ccefbe8caca8d4efec9fd18db4bfd8afa6268867bc1302c

              SHA512

              4b0c4deb61c6838adc1b3642f0d1bae5a9d5143100c8f847ae86d904fb17b9699d06105a417e0fb4f3abed93caf83918472e9775e5aa2b3f20320c834a617a5a

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              342B

              MD5

              22c9cdba50cb388fbd4b47ac5db12b67

              SHA1

              9811f63670fe87755bb169cfb81e5f287cbf3062

              SHA256

              607d8dd9265dd51de802a190fa787184d9ce979c24cb4130d5383aeec3c3de80

              SHA512

              6e867f7e1f3fb93e003f602ff700e19d495098c91ae34a090bb92fa4153a7eb700f25d7805d1ed6ca5990674dd358e445cad9ed1e4158d7c5da9d1076e68e450

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              342B

              MD5

              2db5f12c2a853a5d8b90d7f6dcf337d6

              SHA1

              308ca94fc1cb6d057091390567bf970454e73d9e

              SHA256

              8ba62a6fd464a3e141895ef58f1774c1655f0f7173c28a80ea28f9d0245616a8

              SHA512

              67f421f7df8fcb97ecb8c131e0dd6d3207f57bbe4c05246783a156ec080959f2387e10c3a1ae249ea69070739dab56cc33ca983a0a51d71ae25c76c579b7fc35

            • C:\Users\Admin\AppData\Local\Temp\CabFE3F.tmp

              Filesize

              70KB

              MD5

              49aebf8cbd62d92ac215b2923fb1b9f5

              SHA1

              1723be06719828dda65ad804298d0431f6aff976

              SHA256

              b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

              SHA512

              bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

            • C:\Users\Admin\AppData\Local\Temp\TarFECF.tmp

              Filesize

              181KB

              MD5

              4ea6026cf93ec6338144661bf1202cd1

              SHA1

              a1dec9044f750ad887935a01430bf49322fbdcb7

              SHA256

              8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

              SHA512

              6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

            • C:\Users\Admin\AppData\Local\Temp\p.html

              Filesize

              23KB

              MD5

              4e4349147d3cbbd440f7f3fac5866fa6

              SHA1

              563cf45b4395e64993a84665efcb49b3775505b1

              SHA256

              732efd30bfed7196474ada4a5ffabc01f116bb2b3c68c099991f291ab0c6e325

              SHA512

              7f2e285507d699b1362babcff71b56e1ddd56fb819a27007f492b2276a10648aef6e5880306a60e2d0265b57b999dfabfae0cb7909a64cf9eebc21f8fcb1a440

            • memory/1992-0-0x000007FEF55B3000-0x000007FEF55B4000-memory.dmp

              Filesize

              4KB

            • memory/1992-9-0x000007FEF55B0000-0x000007FEF5F9C000-memory.dmp

              Filesize

              9.9MB

            • memory/1992-2-0x000007FEF55B0000-0x000007FEF5F9C000-memory.dmp

              Filesize

              9.9MB

            • memory/1992-1-0x000000013FF80000-0x000000013FF94000-memory.dmp

              Filesize

              80KB