Analysis

  • max time kernel
    120s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20/01/2025, 12:04

General

  • Target

    $PLUGINSDIR/eula_en.html

  • Size

    11KB

  • MD5

    f8aee788c2a09699cd4d607e1db670c8

  • SHA1

    6457b766f043d901a6dd204d00626c4bea02d503

  • SHA256

    503477569d8a48c47c4febbfd4ae6d3cb036856432c8212dcb0226580e7034c9

  • SHA512

    424ef5a4f2653b27b3ca921c35e5e36f28c41ddfe9bcd6b5aba7968d87129826770777fbbfcdc78fce8512c1dce819be0e355282d4a729580591ff296a751162

  • SSDEEP

    192:CuJ1IwC9cgY49ui3RkHXh4Uy0nzlb/1J3GaocWtS3oHoPho6Sxj66riCmQ:PJCN9tY4Ui3ROxJ1d/GBtW2xj66OQ

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\eula_en.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1696
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1696 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2376

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          34490fbd1e2bc26aadf72b1b14f58605

          SHA1

          8dcc11fbf84f1d26d0a9c4e5bde3eb0baed1617c

          SHA256

          ea2cbd10ed2daea2222407619884fc365f2b2030a823179a11bdffbb61064a04

          SHA512

          9d7eee449a65531ecf0c346cc4a6b20a250a16fd8a13a4984aefddb1cbbbcf015a908db2dfc8b1e34abd08b323b7a35f7f9eca7d21b9cf37e53303ddb95474dd

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          cec89b0d615d4a0e037253a1c4bccf6d

          SHA1

          ffef05feca64f6eedfd6da43b7a481b134c63132

          SHA256

          865897bef18942ed7c06c0b70db899b48bab9a1b132ab4d0b93cef7c8e1380b1

          SHA512

          a1dfbff92a5586a49940d0f6edc321087332b151c496a17101e9a47ff3381793d58d128492ba65a9875d7b4621317ab910bdeb64f8f6f81e49f69105345c1a85

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c25cfad2bbde6482b67cbeb2021f5bb4

          SHA1

          712a382428800e829fa68cda67158cc5ea4a2ced

          SHA256

          fd0d37e70dc428919711dae3304584b901a70c5215d2a264861710f950da124b

          SHA512

          eb1ec8ebc40c4afba67d16883c43add63e77346e182d2841fa5922a17edfe42d19b3062cb1611d7b9900b6a05a6b456a0c56e6480a855b0038efb30058261a7c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          f008b4ce51d3cf20ef728fcff2c2cdbc

          SHA1

          d00c4e60c9244ebf7d4e0661665ced32c037a421

          SHA256

          8c20794f2aed5c2c0d004e0c17854cf42b59732779bd5830c7ee4f6242aef05b

          SHA512

          9b9c1cd5bc045d83819913f6af6a7e9722eeb957625cf0d704687395648947b5ca76d98e7bdd932d2f1cd6da0227b1cf1137735f6a3557d6ab385f6c7b38b7db

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c5312f9dbe01ffeb1436cb335044e414

          SHA1

          dde51d67e612090c0a029ac28853ea9ea89d2b83

          SHA256

          e9b74277c1c2ae55791d57dae8ab8b8e9a724e9b26950611df4ef7ba38caeadf

          SHA512

          ad8e39894fb64aa3dd01ede99abfe6ede195ada0f51ebdf3e3193367226ba8e792fa5494875de76a4390a3b0d95c3afb66cd0b30226d84bda20c236264965f06

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          65891464663a214cb4bb024de319823f

          SHA1

          b2c6de0986d7f72526f1ac0f6a80fdecf2e6b4ed

          SHA256

          39760f438f01fc2c66259a7ef74eaf2e5ff747db923843465501b03bd87d811b

          SHA512

          8663bd215855a700b751661b3fee5d35929f036c1ec397b8537c3dc56f8b20363ffddd5902718ad0a5117dc0b4629a9a701452aa4d76d1ce7f2ca4446acadd99

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a4432b97a18d691c9205c39af8859412

          SHA1

          e3b1edb0088ec265aa1e816bc6658e0584e61374

          SHA256

          aee5408a91267c1b43e4b996df8c61d00320faeee8fdb45e48652f48bb04f031

          SHA512

          74590acd4961024be7fd4a00473fcdd6f2fc372078a1008269e0bf1d8f71e92924884613045e5794bff10129eb6b0c350ca7b694e584e55992ad1490fb1d0bd0

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b2bcdffdaa40a94e8a5b490fb3b9f0bc

          SHA1

          22b011d86af2ff7e5937cd2f12c6e4cc7bbf34eb

          SHA256

          a0954f88d1fa1663bd96ddbf0c3468ba6b8c5bd11d235456287e84981113c371

          SHA512

          69621e609a778bfaecc3ebb4e0f25f7159bc3cc2190512154e7612e404d3a0a3e0286cea6c6c277569d32fe528bfdb0507e85b315cef2800956beaf6c7b01b7a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7b0762eaf72dff2d3096cec53f09f9f9

          SHA1

          790903604d84e62e7aa3fb7a516ac6f9d86d5785

          SHA256

          2e24498ca25cb1ab5925e15288ab00dc928d34fea91854ee590addaabc4ab37b

          SHA512

          3eaaa1ffbb35f29d8878d1e49256ac8816fb99be4d0cb19f5f19ee467ddaa42e2cd8cec37cd358e8348dddade25e74b99bc8dbfe1f0bbe8433ee03d479a38781

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          127088a6bebf68e8ae7084cbcc13281e

          SHA1

          e6beafa2fce2044c853a6b32e5489f685d40adc0

          SHA256

          17f54c8355efa50a3eb32aa56af0183056667204ff3cc6e62076f2492530bf2c

          SHA512

          2a9ec16c61057413b0412c9b8418704c064765a11c177363aaa5789316536137d711e9f2eccc219c91161c741c5cb746079fa2fa604cab3f320904d4a5d4843f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          dc78b7a86edbfe50b766dc349126f253

          SHA1

          99d74b5f3dd53872bf42f08926bc97cd25d2ed36

          SHA256

          9207e46663d148174f936cdab0eda9dab8e3f7d9b502f50c1043c4b2c1b8468a

          SHA512

          2f4ff33c7f6d45993835bebbd786311810190f45b4618336bc888fa2fc07279db5f7311a64f9bc181fd56a686a545822a69842eb2eeb7170ef903554a35a0ad2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d1d25f82d29134c2a06f0d0de27d3530

          SHA1

          2765945128ade3d2f64478af91454a6ef3b224e2

          SHA256

          2939240419e38db88fecaa50b8d27cf23cb468a5c151f838b0510e7024f55b53

          SHA512

          dc9e6a7cc799aaa1e5d38e1ed6ce1953824e9b5569a2529db4cc92482a6075787bec75feb5780ca64509d50e805337819e5c294babf79460d2b2e1d745395b25

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5c97a2cbb5406a0721f25450eec2f5ec

          SHA1

          e5ba0a5fd71930f1ca4d675499af44e9de837cf1

          SHA256

          486d39d028800081a404baf51e885ac8179edd503b7338f41079286d0dba7abd

          SHA512

          043d184e877da6f45f7fd0f0f123b6d761c80604b06a080e8c86fa29c7a277a075c96b3e51ad06abc7aa88563f8a8b9db0c63d89fb3e9d0e33ea88c5aa8691b8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          ffe2a868daf75bfa4426b2a58be6bb6f

          SHA1

          3104a0fc4174eae9b93c15c3909c6241b129c4da

          SHA256

          90cb75b9769848f67d3d8f1bbf8209d2dcd330b746f4846c9f8198c970f90e62

          SHA512

          77b41cd246776176a225bdab01b4307df2b1210813b479a6c8738a86c55c9d4f72b382b77c22a5b18b361a51fd939dab80380a85da417ced3c329675d77ee6f0

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          958241f8f8c2198890fc349953c78c67

          SHA1

          9a160e20a84fb220a5d747d3f32ecf3bcd7968c9

          SHA256

          8f5d4886f9a4ada8cde70201e53914c2841952c3285ef9fb80f420c6bd998758

          SHA512

          f60a4b2f3ef4ce083b98964bbd8f2873c555b1c1c90cf830ca615b0556e55d7dfb8d381016b5d17a6b36289501bcce64f1667548548a188fde9625315ad86347

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          22907219f506eb7625bbd80331f9552d

          SHA1

          9df9c3013abca07a3a70cd0549e5d0b63d580f47

          SHA256

          4974f08c701bba39ed9a7c213391f4b2d52e5b9514a191b0632574e83b0bed1b

          SHA512

          decdc641830e2b3071f2f6e8f91d33993fb0b67c1cb9e608cb22048de76604a6295b8371606e8f6ea5f908b28899ca758fcae933c673576f96120d4aa3c233ff

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          9ad6cb1984505edb873b4557f2f9e0b8

          SHA1

          45a824a039c2d2c13e3ff025b547cb601ed112fe

          SHA256

          e195d93290f4975d48e45bf58e6395780dbd92d5ffe3da652665e8f806b66534

          SHA512

          95f426d712432a0af0789cf3c4d4320f264080c8e8a4ff9df1a24247bea669713d2c1fae5919286d56749eb162f34fc88e2a7dd58c39dbd53d67c796c99386d3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c987899cb10774a4d31cf48050ee31a7

          SHA1

          195a2a3b2bb28b03c726a8d8cf2cd8c675b7805a

          SHA256

          d509be7a6752293459ccac0fdcbf698754af45998dcd04276a8611c376e9e3d7

          SHA512

          52c9185c96360ef184d791e66d7a4d94f5e22e7e031f1fd9ef3077c4f014648b3ff5a3abb4aea7a654d6d693daad8377ef8622a66a77ac09a52ae6f32e516039

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e172971c7a8fafc9b9dc754c85fada7d

          SHA1

          e960838caa43e667d1547146aefecdabbf1e4ec6

          SHA256

          780ec35c6f6fe8b70725249451cc505d8bd4687e6cd45d8751a9dcf7de490248

          SHA512

          f1996d49b392ed00a360c76fed1b2b11eab612a172d26a0d1920398762cd7eca669c3bffb10e1ba1d612b180d91313e62edd300c2f8a829b764eb1ddd433a981

        • C:\Users\Admin\AppData\Local\Temp\CabD655.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\TarD6B6.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b