Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20/01/2025, 12:04

General

  • Target

    $0/Resources/BrowserSearch/alot_search_defend.html

  • Size

    1KB

  • MD5

    32ad78f67cba13b15f746cb9b172c3e7

  • SHA1

    1a9d093b854adb26be538730f31b2de89db80b5d

  • SHA256

    a98eab555814276b5016d687c3945093705dc610a755892a712b7b7a423c5f29

  • SHA512

    95856f4924c5bfc6265e9767c2c0fb2fb4fa10bad780c4152c07c0fe9123f7efa8766d80ab82150755fa75979f4f7af4b3aab2e3181a66cfc91d04caf2f8bf50

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$0\Resources\BrowserSearch\alot_search_defend.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2400
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2400 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2856

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          60219023c5f31345241eb17b14ee5b71

          SHA1

          bbbc0962bd1f82d856b6966686c8ed726f6f0061

          SHA256

          f5740011a803bee0142211e4989baaf17213d7f0622d6f5639ff48fecaa84900

          SHA512

          d8c82dba1666618ce956b9457f9e3a40933283a1b70202cece867d5568a094b68c5cba205a82be4818fa3cddc8b63392b7d41d7c2b4073e5334fce75ab677e74

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          0989033652e6b2a4228692e933ff22f5

          SHA1

          6cc521ec116ceb30cb934d902f03c20ced62bd23

          SHA256

          11e81c42043c52d77c3f68e30cf5d04a621bf27c9252a983004c890380437a10

          SHA512

          ad99d5c552fbd58f0119a3665c5091741ad34af8d428d3fe9e8859798f8632f389e1010827401de1f2ab4784cccf801df7c60ab1d32cba96fb924c9986f35442

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c671236dd89c056f4ae50ad15e566809

          SHA1

          d1b2cd38b15682a71559db93ba5aae2c718fd552

          SHA256

          a592012c468e9ae22e7fdc0a0dcce6d59f767dfbe1388de90a5bde98913ee728

          SHA512

          080eadb3251078c03c8b3f0a38eb8e4db8240a8071311934e422fdf63fbbf09fe83fdfeddd67696534600ba1f317edc85a24720b2f0c35078360f5e55b6dde79

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b98eda7ab67545e50dd6cf6708bb77c1

          SHA1

          a54bfd05c08937e6e380933a34f0b9f5ec0bc960

          SHA256

          5e93010119b7970abda3e0b6ff45139d221da67178da57214b22e58172c4e29c

          SHA512

          74b43c29cc821ffed7dcd649f17786d8e4bf11ee5b544ee40cd731279736d040975417e3302a8f5a5b071c55790d417a4635b20fa92100dada0fb6caddc30a27

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          aafd7095850ff7520ca86ba6156ecf0b

          SHA1

          32a7149e45356587604c4f856219662d4deac29c

          SHA256

          586a8b6bae3953d64d38085c564d6080e9386f9b43e451f8f0a039eab2b061f8

          SHA512

          b9645375c6358d4c1279472aa3ef55f174fca68565a1c8f9b064dd78103ba25ccd5b8b418c9414c2490a2f3b4d2ec3eea6b74990dd04a2981753be2ce2d70ab2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7e9f7f748554bdda8e0926d0df24c80a

          SHA1

          809a53182e79590225e1b4df5d61e2274b7589bb

          SHA256

          ad42134dc254edb71f18b543f58da5516199e836c9461bd715a43ce3adc9dbb3

          SHA512

          bac6fc823df4a38bcacd3ce8a16a48b29efca7c6f1e965c160d523883f789f4687d7eb889d62170dff2e038ac6651177df29b41e9d99f034a8fa1ed604139175

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          f08894648a5e7e58581c8a57cdfd9db3

          SHA1

          d04594556e238badfd12aca6e0f0d733a243d66b

          SHA256

          f44f47af1a2b91c8fa3a8673edf88ed81e69595eb9fcd4d6682c68b28697fa10

          SHA512

          6aab4aadaebccff38b70b335772078ac92dde9bd70b142e4dbdaed7a4dd1215a869a76c0ec94f408bbbe43467e042efcdf93d3fb45e37864535acc824d5b6d17

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          9c1e3f771f83d07f7927f1c2b484102a

          SHA1

          2dee6c4e23779f3608fd30d9ee5fbc03c39fb841

          SHA256

          0f7826d69d61ed0e188a07dd5c128a55b2b94458a8c99bcf02d3dbce4722fe8a

          SHA512

          f7fd5bc0a7a223c51bae9484357cb52fec5d7a0d046eac45735bd97ee0293082d65e32995a86455434ad5ddf5bf0b2731e3440a5bc0480eae3f6ab38b18ae9bb

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c76dcb27ff7fa93e86e029357953e98b

          SHA1

          3b679ec2211dc8809ac1193ea925e666a0b3532a

          SHA256

          fcd5aa277a388fd1b3477b94fc73b4f4b0adc6cb8e893f9274636c29dba3d712

          SHA512

          0ab99d045722ad54cfef5bdb8143990af581df6dab45442f53a8cdf435c12dd0ef205ceeddfede12f3534f0d235b5dac8ff95209dc6498937be93bb1a2034a78

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7cfc74f2335fb6fb2d662c4b20198558

          SHA1

          0fd5237b0a0a13d5e47092150fe32d750d099711

          SHA256

          76b860121fd9335d0d4c807bb84ec59fafb33dbc0e230b71926c0c080e51015d

          SHA512

          22d3317b34a52d35314ad2390930e7998af151fcd3997aef9f411bb1d7259dbe73b77532c12a7ea684340a93b198193d4e419b9c1ab1afe918a5b21fc8c13802

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c71688e0add556d712ee42d3ae7a2755

          SHA1

          c3be7e3172dd201c0c11e7129ed95ddcd09c31ed

          SHA256

          552afb5f81d84315db64c909f7f0ae96f83387b34e0b9f2f10888fcfc72c4088

          SHA512

          249012266d41d9b483edceee1ada7724938b60c0b909139e8bb3c1e053d0c70ef312585fc0c54e87b8c48adffb1ba9b25e59a2f226f795376c28f4c6cb5571f8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          df3ced767a86d2ec6c1d03847ee9f936

          SHA1

          77356eab5eeba05dc6a5b84813e3acb3fc852842

          SHA256

          1de20ca7f7a30e76933be662f94586cd89e30e90fc1bc325c1e32236690c2a61

          SHA512

          e5afd14a1bfcfd15833b586da9d397c735533c9c0c5c9934cde4266aebd871dbe4f99bc4f3c1369ad2e0ae60f97230c7055af05530cfc384435289a048ab9f91

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c969de67598ad8f5d07ce15cab56915c

          SHA1

          da476c1f31adaad8bf4fb4414f9db89559b18d2d

          SHA256

          6c1d51a874015e68d79556016e17e19bcc24321f4248061c4f0df03449645f1f

          SHA512

          17a7922d42d1c0bfee14ad91cef616e655bbaf8c3db12f8df021902528eff772b8b13715d7163ad316c8fef2334d0debc038e0df1173d405a8624f57957677b7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e6692c06fd16fac7eb60261f7c67fe83

          SHA1

          d92bb9d68f25501801877bc9883946e14ee7aaf8

          SHA256

          5ce6314736326b455de111b617bffec697b38565a604b86759ff7a6388fa76bd

          SHA512

          b0c46966c0b51751bbf56494390cfa07b1c68dbf7915d4fa446eb16edaea816978b7d776d6917b7a8ba7aef4c3c6a961190b35f9a75c0859dc0c763c23b2fcfe

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          548879cfc4bcfcde1b5e9a23ff12539d

          SHA1

          3edd5980d19f712037ca7832896c7e8011d50363

          SHA256

          50c520de3b83e6ea06f840a4944d1e2e639a06add4342f3b6748ff842b6ef005

          SHA512

          d17bb25b6673d7f059102ec4df6b68c40f13af195977e6c6de3aad3e594a2a433c3048e54443b1fa6af7a74a21dfdf573e6d81bbd73cb4a0aaf1f85341064a39

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          ed696ca1778325ae34260ade5e5be6af

          SHA1

          eca8f9c539d58ecec54bba1fd1ba28894ec36937

          SHA256

          6c9796647479173f43217784985cd2da111782c6f6943444b7ddba3543a309f5

          SHA512

          af9f8985f23ee10fd7e615393c2d8295972ffb86035c7336dc32ca80301255257c19cb62746a8082b66b967ea341b111d7b9de64a302f50675bff13c8602bd17

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e882fc52d7a3f20f62001a261e3da42a

          SHA1

          3cd74682b6762f05ffeae73e3b9da8fa475c1b16

          SHA256

          dfcc0da5fb99df160e9456a7c025939a15ef7b4c0ac21fbbd91b4c52ee8d6578

          SHA512

          ca2461a9f435265c74cb18130104fd388c31b8ea91ec69753375ec58c9b56f025515b9cb2c6d68fd85da979f06c033b03c30a6a190e33adb7372180a2096fa28

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          58be22b55b56b36e46ea268b30854b39

          SHA1

          2d5cb892f9bd05f7c03644170ce1d8da2fe33694

          SHA256

          70e99482a1ec6bc9195dfc8ac8b543e61909e4869659b0543c21d3ec6534d919

          SHA512

          f8635f1ec6ae872f5e75629e803a272224be2bd1d5d1d781538bbe80170bbb6328c130d88eb0ad49984571821d410e0c6a10d7cfe61f67f39f0c7290e41fd9ed

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          543f1fa16f5396585ce9d03c99db2b9a

          SHA1

          4a4725076bb6a49a3e6d226b516994e8163fcf2f

          SHA256

          9b4b91317dedb9d50b4e4938989be07058e8184b5cab326fc51ada0ec87bb540

          SHA512

          59eb602e6f0d3d80f379959549ddc92838df4833d9e5bc601ebb3b3cf86218cfadf99a8f1bbe84fb8ad462049af7b0e8ccd8f57a2df78e4509370f20b6ef5aa0

        • C:\Users\Admin\AppData\Local\Temp\CabA048.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\TarA106.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b