Resubmissions

28-01-2025 02:28

250128-cx5e2stqcz 4

25-01-2025 21:45

250125-1mkjwssqdr 10

Analysis

  • max time kernel
    181s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28-01-2025 02:28

General

  • Target

    http://gifthub.click

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\explorer.exe
    explorer http://gifthub.click
    1⤵
      PID:2900
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2336
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://gifthub.click/
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2448
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2448 CREDAT:275457 /prefetch:2
          3⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2768

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      88be3f6cf100ace345577a974c0fdaef

      SHA1

      5e95ab5b7d059e2caa80a5a860c87dfbc007facb

      SHA256

      153d2532d4bbd8dadb1309f1da3005e10d22a81d0ce529f47527d5a16c80ed66

      SHA512

      5a22f3b7ba3c2360c80bc1c2096c8581921f558d62d512492c7cb32a11e8393ae320e4f451f7ba0e78117d24da5585bbc3ea44f2b583a5f6951dc46fab380523

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7188ace73a4968d6d10822571acf3b13

      SHA1

      8d2b6634f9e9f19548dad86bd205ebd1bdfcae22

      SHA256

      bbccfb9cab3a57edec79751bea956947912afa1fa3c927230bc8a8c7feeec601

      SHA512

      8359c44b29da9bb703761f6e999ac48fb06aaf1254263e280cc627dc4dfcac08064c0999f2d4d6c5e86ac33fbb0edf2611e128c71e766801b95138ed458bd715

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4be66ea4935c841695363c96015a72ec

      SHA1

      a8fd7cc759777e5d50d8fd2f631f01f0b51ce0f1

      SHA256

      d08571c173887a8c5ce144cdcadac8190413c1a2e121a52093deb80c1645da7a

      SHA512

      eea4e2c900fac26188daec3b04825e864311ba9a580a4bd64bfa8a92eff0095d8bb1502c01e0e5f72e6f13d4eba14dc3b190ddeb1a43b658ee871c2f672793e1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9f50b5279cd6e33252e9ff759ae759be

      SHA1

      196d6c02215451142fedc3a9e67f4f148398ab38

      SHA256

      d84868c21c02d7fb48ab6edd23a32c1773b8c78183ce57c1ff0c164175199009

      SHA512

      a222e8794fd52f8b4e1d755c39e989987203c8cd9667a5a26c68fdc4752c41783742c9a194888c98317f8d8ac001e9300464e034a7cefdf80eaeff01006d7223

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b1cb0ec489688586849618b4087089be

      SHA1

      b9b68218a6c145613453b744635f269bfe2d6b24

      SHA256

      aa224655d5c7d795e222d08b0f0a6f355e4b64912ac4a8ccdcdfc4c115380c0c

      SHA512

      90fb8f81928d301bcc9f3151869226708c9082b9cad2c0f06c393b0129ded638c29f558caffbe83961e8bf916c8aca2fe9dd0dc7143d83d808671b44a6418270

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      55aa7abfc47a6767f145447a69c438b8

      SHA1

      d98ca357d90de6436f898063bee14d277c6afeec

      SHA256

      a4c7a01da3c55695abe88b6cffd5dc079c176dd24e715bcc7a459e1ce012373a

      SHA512

      edced2f3e371cf38a6d3b2240047ca50df40c12413555c70c70d03b1ebd5c645ca2a8d6248b7350d6bfec2c4fc473d83d7cccddbc67e3f637753e3719d31345f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      825f8eac657af4258adb552ef32bc721

      SHA1

      66a0e0d47cf3f86f8faaefc27230a7d87d6dd78a

      SHA256

      a9480989234d3316906824d3f9293dd0efad5f20ce74e201c460012b608e2282

      SHA512

      d3f95dd21419ba5a443e4da210509869a0c2f8a1718f4fad20813715cc63096b37a842d5bd7ebb9463cf8a1ecf467f1f5628ffd5ae7a72951255988cfac9aa71

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7187b7d585a9c08714042c46e90159b9

      SHA1

      3a34bdced217a8ef85cdd632799cc2936901900b

      SHA256

      e411fd5f6e2311f40a190de9eeafc8415ab63b6e06eadaddb194b94d813ac8b1

      SHA512

      25ea7eea245d77d0863130f00220afcd7b6500cd2e711da43b9a46a3b15ec44823c0a6f5812ac0be78bb19bc1067c48743741a7f124fd17cf33d8989210fe438

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7f9dfc9ff54186625fb6b9f0543ca5f2

      SHA1

      98afb8a90f58d5d7ddc562ba5ade16cb4ba6fa9b

      SHA256

      0a13f3c56c32d9635af0198802848e62bbd8ebfdb53ce21f3872be627289d479

      SHA512

      ae10e47a5cf65f8fe7c9e150d266694a7a78494e4ffcbdb7eee849e9da0e7bd48665c500e91c6a478eec52082b39e7bce09a792f25a65114aac3563c13a33895

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      d128b5fa274b3d56c9b0032543a0b34c

      SHA1

      efaa0a018df8e435084fb18106d79a99ca615bc4

      SHA256

      2931c0ab2abdf69e794f073b7f884a417d225dfc7eafacbc013a4c8082db0e0e

      SHA512

      8b107f4125524b661ad52f47324dbe09fdba8c1797dfbdba3d777c5db6382606b6b05b5e1335ddad21317751f8c2c573677457fcc1e357abc2510ef03705ff24

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ddd576c61c2bbb055c2132b6e5e2fbb0

      SHA1

      c80652a30729e9791b7951aa128baa70b3fc259e

      SHA256

      f4aba5d2f5961a6e9566c82f82c4849fc10ae697c0de6934ef431106c6fc8c85

      SHA512

      5e2bfbfc0bf41d6558c1f641342797e56f5b0f2f3dafcc50c52eefbaee8a06f2ba31a7cebbd2f378aa51440978ca8b6b3b9a46844cf3f1f152de4b1102ed382a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5c8ce5c78b17061ed2efb1c13dc8a904

      SHA1

      c84b9c4764a92228bfa4b70b5ec4768f93d5a8bb

      SHA256

      001504a762da99e9aa1a0b089ddcd214e148708ee575f93371a6ac401d3c6100

      SHA512

      e530d79f39044b54ea680a162ac1a779e6687b20ef805990de460a567e5c1edc77d765dd51ce7658fe7a67246fc2a8b824b6e1013194daf232d82d30c97a3404

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      7dc63567efaf6773321f54a59b350d99

      SHA1

      2f5a5b0972d18a69cc721da1c2f25e3bc53731ba

      SHA256

      8bbf22435c398a6fd46bcd7380d29c114cf6d1909d6cca8542e7c8f88693af9b

      SHA512

      38f35b6ae4d01fa8fd9e4daf9f4c3e98c429b3a947e2c03e89a0fd28a5303cda063b28d48913b7af36c19d72f70fbc78e50ccd02cd769456782bbddb3cc26411

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3ff9260eeedd9ae305ccd17ae58131ce

      SHA1

      a19821e47ffd66d5e2749035ae7f4d2f1b553c0b

      SHA256

      d877346767b175b53368c12cb4a216c5ef45a5b16996230973ced262218cd4e4

      SHA512

      b200b522223eaf1f3439adfd2e10a2fa6bb841e81647ec768f84420b55d7591fa43ae9f4d4a1e9a4f1f9f2e5b704fbcdfb82a2d20d1b93603d448906704994e9

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      733ae92329bb28e6fc9ddf92edc7c27d

      SHA1

      b28a7dcfb747e09f187466cd08110f19837f92eb

      SHA256

      739623531d7507cb960f14bd2850b71a406953e5b4c2179edc10767c5ef99097

      SHA512

      321ad96ea17bb65c61aa90b8457e6b8ead45a24947a260f24eb3ae3ab141038052aa068baad4ac568f96d7e0fb6a21e8e6dfffc471abb5048606ca9d2be69b45

    • C:\Users\Admin\AppData\Local\Temp\CabAB9E.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\TarAC0E.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b