Overview

overview

10

Static

static

3

data-Setup/Setup.exe

windows10-2004-x64

10

data-Setup...za.dll

windows7-x64

3

data-Setup...za.dll

windows10-2004-x64

8

data-Setup...za.exe

windows7-x64

3

data-Setup...za.exe

windows10-2004-x64

3

data-Setup...SE.url

windows7-x64

6

data-Setup...SE.url

windows10-2004-x64

8

data-Setup...cc.dll

windows7-x64

1

data-Setup...cc.dll

windows10-2004-x64

8

data-Setup...kv.dll

windows7-x64

1

data-Setup...kv.dll

windows10-2004-x64

8

data-Setup...mon.js

windows7-x64

3

data-Setup...mon.js

windows10-2004-x64

8

data-Setup...ub.dll

windows7-x64

5

data-Setup...ub.dll

windows10-2004-x64

5

Analysis

  • max time kernel
    85s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    10-02-2025 19:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    data-Setup/data/cacert/LICENSE.url

  • Size

    73B

  • MD5

    d4eeff46fd41c739e4653431fe2511c1

  • SHA1

    f0e013b1593394cf7bb0bc770a7cfc9b2ff95aba

  • SHA256

    b9954f88a27e8457cefcebd076fa533d037711383f6b28ae489d063ef8c61f79

  • SHA512

    c0d809e8e561f19a9629931cda0bd8be8c8b919d6926fd63b50512919637a9ee676369d546744f5d1d7aade58dac8f55d23e2421dd24f255ec033ca3f5b001a6

Score
6/10
defense_evasiondiscoverytrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    defense_evasiontrojan
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • NTFS ADS 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\data-Setup\data\cacert\LICENSE.url
    1⤵
    • Checks whether UAC is enabled
    PID:2744
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2964
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2964 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • NTFS ADS
      • Suspicious use of SetWindowsHookEx
      PID:2820

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    9de3579fa58e8f53627e55be605d7770

    SHA1

    0e67d6bb94696cf6b02ae554be634710b4cf6466

    SHA256

    2513430f3aec42316c2646ff708f2a3628f83a20c941502f34ccde8137f72a72

    SHA512

    b4614723d40995e91e47ce35b0acc2dc61ac4505dad1063dabb70a6113ae9504d33196327466dd85d70cb03177c233f1e417957c26d1869acc7de0587b655140

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ac55c8a17c71b5bcf4081f5049d44bd

    SHA1

    b8e7e092ac4506c7eb393a6f923b1b2818d0f283

    SHA256

    b268208fe6e776332716306dc93d54dd930c517be5ef0019c650c771cd52584a

    SHA512

    0556c486f62b64ef5b21f8e4ab974ed5a75f418ee07e353555e4f27718d2a7ec119a484ee6d5dc92061645e3bd2fbbf8ea3d806b2026b5f49a0689f59faed376

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6d97f01c1dfef350e29d512eea842f6

    SHA1

    301e8be05ebacb4a67704e0278734fb4f34f7c0a

    SHA256

    3f5710beb82da13d0cba18a63b105a7387a49e122a160e6f33bc5d6667b22bfa

    SHA512

    d328b8cae3bda4ff691ccf5a13a717dfda4c5926545fafbd3b53a12f7f5edc9a7f69f649d349258bdecf5d82df17bdacd60f9d3c5c8c994a206dee287a52325c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    55bfa59322cb45867844a05335baf3fc

    SHA1

    2e22bb21d95d50100d80efc557dca0d47df88ad0

    SHA256

    85f4ea32a1540ceb3d52209a3416c2f712787e31ef4b4a5e05ed946a96e8ddad

    SHA512

    2e881f19f821077d03aa9c80a718d5ae57d3edb60f03541d18680469dc356302993f2845ba4712a9a43e1385e62c23b22d813d1280d2d0223be4a92a58be80e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    62543e5220761b521dd90749c7faad81

    SHA1

    b4a8f2ad24500719a23eb521de9c0aa91e1a21e8

    SHA256

    d305ff98f19b3a26c55c5f10add0c986e35113bc5ac12b46619ffbc504f872cd

    SHA512

    541ba466f1200858928d863b6b33cc435a0f33debc5fbead88a0835e72b4d92a2c6523dd1f4d70a2fe5deae38d7cc6cd8e9d8e11504b15c1763e560d373cd4d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a8eb1d4f5eb89f1a2e89fa10fdedd543

    SHA1

    f86e8f1cd86799ebc7915164d1c788d65d31956b

    SHA256

    1c2d87865f0fcc6f7b076fccf9b9014b3daa76c3783e5828e5c9773b81eefdbf

    SHA512

    a029d55ca19913ba34e43ed23ab7ab413f39291134661b054a347d7b109dfaf381fa6cabc5c3b045601f3a66091639a7cb5f1cc2dfb5bbacbdaf20c662175805

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0090025d16f0c8b683f516df86cefda1

    SHA1

    bf4bf49e99ca0f29b32905665f4f6d88763d80c4

    SHA256

    e63dbf8f4599eddb642b9afd2ad33e84bd731b9549f68728d97ad24df827c79d

    SHA512

    caf053011bc1f3ab6951190612ba5da9d2dee31e65697d1e362388e70dd7271139180c94b65f0f8aa29db873820771cbcb1c50a5b649c3d50719236c485b7151

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7955d727c81fb6a63daeab1de0f84984

    SHA1

    a95a979ed32e62c57c47b929959da1351be518b0

    SHA256

    21c3d229a057fe5493235c459502179265464330339de09ada8f7576ca104d56

    SHA512

    29d496e2c7f44533bec9cf1037e4a9339748ad0c2b96b84352a9cc0020df54a4c8945b1896e622be0bb3f47d921cb049ca177a6d74d981c11cf1edb4739390f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ff806b1129fb16e7e8a3215c75ffe767

    SHA1

    78907e99b6e40d2eec58d869049aa7978f0f09cf

    SHA256

    b605e4cfb5b43704a0a3d4a0f5fb8701e62591cbb668764843f8237950b6bc98

    SHA512

    88a18ed2114dd2b484e434292ec30776936f0e106dcae4e3b5289a5995748dd60c0b14018a6381d7a712d8b55673f42ae26dfc5c3f0af24ea10c6b74a4501bad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6467ba1e26afda09f463355eb3c6eb84

    SHA1

    b9d5749da6878e6259fd02dbe43b89c913fb4464

    SHA256

    cae7cc2fd7c9da0fb8d934f3f640979ce265326d47dc9cd7b08d23592cc87a50

    SHA512

    c9e422d489018a496feebdb93f21fc625f071852ebb4ed42506d3b5b1aabc8fc9c830276b00dcaad724fb4c76ced1453330c4daf133ad3da7259ae8c1d3e1223

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    340c14db0214e4599caf881096f20e61

    SHA1

    7c57216cad0dc2c5ae004b9a393697cd1600cb0b

    SHA256

    443c5592a5a61c05e3f92762ba1cfeae7c4e50ef055f59b64f664b1cfd6422ca

    SHA512

    dc6696625dae0d0b76760de67acf27f63e095b26a7aa23df6eb68d752c235fe8b4ae40e1a5ac05a544af8d57e6802a97ba82d7149d63e915740d201baa69abf7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    49ef9e911c2b0698951cd52b2a28e5f3

    SHA1

    785c675d45c4bb84130aa6659a5e2f8abc52c801

    SHA256

    657c72beb9e51a37fec086b257c0ee66b921554f47c92b221fd32b66453b4be0

    SHA512

    ab83543de02c64e0166a9a0d0c61d82e04d99bfce1bc0b493ca15382e0b7ea1b3244bbb389e963bb0b93dac8a6483ff7700cfc782c00e1750e69974f9a14cd7e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    dd7c8f2f0a713237c052765767e868b6

    SHA1

    6dcc1ca859f56a7793865c53bc137cdab0eda60e

    SHA256

    24f59fabe20b0edf7a43cded28d4fe894845c6e3adda6053f6d4f58704a834fa

    SHA512

    d4595aecee1bbb963150b69d4480b3ba84a2b17c89e1077a6a599e13b7648321fbdf6bc754bde47d7e33a734cf8ef5e939307d339f289371c2cb8db76ffbbfa8

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\pzrzu69\imagestore.dat
    Filesize

    7KB

    MD5

    954c718205c8e24259f300c6f5bdf5a7

    SHA1

    0f86276dc5deb0f74c8a0073560e672cf435ae47

    SHA256

    a57f453d2ccabb024b27436e9546b89aac614ff0c3c941ba916c51f57f9a9665

    SHA512

    a4cacae4cd45ee7f749e0aaeae588bad11f7d8b5682c23267ba188f4e9eda6102ccf3a63cc3c5ea0311b15a5e8f4c9226fdddc183682d049bf2b7f16c87d523f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40WV1DY9\favicon[1].ico
    Filesize

    7KB

    MD5

    d25d81d3906547e951713b44e9081cd2

    SHA1

    705e131ec6dcaeb2f367337d86525d47d007e313

    SHA256

    3e5e524aa82385dc1b35bfdfb4b5b527654164f7c519833d64492588ada9e002

    SHA512

    ab9c03a0b0da5757459611e27829fb3abfd3fa67d2f2639683db1767d2d6a42b139d95c4892e0ddb8e49402ac99fd80c08e2a3e6bb8869546e0d114024a84b9c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA9D7.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA9DA.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\data-Setup\data\cacert\LICENSE.url
    Filesize

    132B

    MD5

    63c9bfbd436a3bd236fa03ef9d15f584

    SHA1

    ba7b5586a9b290ba5a015a194a7a43da0fa593e3

    SHA256

    a052e696c621987d97e7fa5c64d4bb0ee15a90f3c2b43e38f7d27d411edb8621

    SHA512

    a43bf1576b64b7ad5d8e58f8f7a24de96085e3848d07257c1dbc593c4f659f1c6a62c685e1c2f785e3c10ffc091cb6dcc5b6118daac73a6877f38a236d53cb02

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\www95FB.tmp
    Filesize

    73B

    MD5

    d4eeff46fd41c739e4653431fe2511c1

    SHA1

    f0e013b1593394cf7bb0bc770a7cfc9b2ff95aba

    SHA256

    b9954f88a27e8457cefcebd076fa533d037711383f6b28ae489d063ef8c61f79

    SHA512

    c0d809e8e561f19a9629931cda0bd8be8c8b919d6926fd63b50512919637a9ee676369d546744f5d1d7aade58dac8f55d23e2421dd24f255ec033ca3f5b001a6

    Download Submit

  • memory/2744-0-0x00000000003D0000-0x00000000003E0000-memory.dmp

    Filesize

    64KB

    Download