Overview

overview

10

Static

static

10

beed61dc63...0235e9

windows7-x64

3

beed61dc63...0235e9

windows10-2004-x64

8

Resubmissions

12-02-2025 14:54

250212-r9zgwswmej 10

12-02-2025 14:27

250212-rsdtvsvqet 10

12-02-2025 14:17

250212-rl7hlavngy 10

12-02-2025 13:47

250212-q3q2hatqes 10

12-02-2025 13:43

250212-q1d9xstlap 10

11-02-2025 01:03

250211-behmwstpdv 10

Analysis

  • max time kernel
    143s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12-02-2025 14:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    beed61dc63e3b01b93e6c50c6885b89988b59a3f6abdfa24e922e1402a0235e9

  • Size

    8.5MB

  • MD5

    2d690d32e637c43a18aa8f4f2fd28e48

  • SHA1

    f8a5f75a34d2751c0e7195cd4adabddc1ece465e

  • SHA256

    beed61dc63e3b01b93e6c50c6885b89988b59a3f6abdfa24e922e1402a0235e9

  • SHA512

    2641192c4ebb0a66fdf6a9be16ccfc38a4cd98a32467d5b6e719c73b2893a28888b7c9c77d3db3a0d2e93d14408081bdc92238dc3a5b1479229843f354c7305e

  • SSDEEP

    196608:exCyu9hdCjcHsm2gTEE/OBBZVaMKb0QqNnJi6lWzVYK5P6qwpxFlWavvy7:ervy

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\beed61dc63e3b01b93e6c50c6885b89988b59a3f6abdfa24e922e1402a0235e9
    1⤵
      PID:2300
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\UnpublishUnlock.mhtml
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2680
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2680 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2356

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5cf4554cf62dc2cdadd327e69771c727

      SHA1

      a72c49f61bef9503ee503311114c0d7f02f47901

      SHA256

      8a0cc60645d7452d3f80296867ee198522e89ed42cc36ee4974c9dcb1a5ddcec

      SHA512

      024720d31fc8f87afcd6e00d9d4ecf3dc1fcf588df2d15fb9f9238425b563c9bdcdc18a4219132c7b7ed52433c567afb60aef3aa8e6aa9fa4a663a0c9aa79414

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      471bf18c06b6eaf4fbe4c830f1b28f4c

      SHA1

      73b4e58bef544ce0a638df421f364cdd4a2436ee

      SHA256

      9df18b6e7b43a428ba23779b9e46f8173c7b8ca90a93e15d00437b4a8ec09f52

      SHA512

      3f59bc0dddcd197fd12a0bee207db27e1a5055fc6cddb4d69f528da18d7cc79b904b2f7dc25b808d536ca228f4b2918a6ed223cd59368425f5a48cd4cf500e0e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6e036ab7e05bd2d29a75e7879178486c

      SHA1

      832dbed05310d39726f6072075c70f8f4fa234a8

      SHA256

      b24e6951668b2cf498a7807f9ee6afd819a16638545c68c038d0705826f82c87

      SHA512

      cadac1c9efe9cac8a7ec68ee7589cf6626a00586cb6359d07c145e3d2525685a86971ca12dd6df37eba5bbe5146887517adaf8d63d9833d91f7c89f0de896cb6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cf963bca94be94f203794626d6e9b69c

      SHA1

      132ecaf9aeb89d101f67dbe0539aaf4dae1e4bd4

      SHA256

      ccffb4005e3880340161e67a4f208ebf33603ed14e83f965033a9d7a494624e4

      SHA512

      54b94727b9d4b497c3177be8e292a6ca9d51185f6bfd727e0fec8703bdf95b9d6de8dac75f616e5ececbbe69b565c14048969aafcaa94e0a5b54fe9d439dc7c8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8389024889b0675f4d9a212f782411af

      SHA1

      a7bd8b0c61b99a7cab20b3862a537a93f053ce96

      SHA256

      b9d93e681f00828d6418ee5a942ac230cc3bcd1f363a702b141929ee24db01fb

      SHA512

      0ff22831bfb5c25a0b66618f922cb4448cda3b4a7620baf88a3563bf1df9dbaae0cec22b9e40107086e62a631cfa1f12c57082d0131facdafdb7a7a9d1176301

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      2c51e142209213d9df252d433a22f19f

      SHA1

      8fdf8854bd91ec0f2fa877f8aa4aa8e5f4397f71

      SHA256

      4e95c6b268be97bc537ffd6f6d186a53844b75539faa92ccab4d977d98291b2d

      SHA512

      1ad4ec36135cf0496fa385dbb6333e3d15cf0fa80110fa4ea06b1268bb71ad68b2488d66b3b7ec605a01f1d4acced237f17ddfc20b3b53121959df228891323b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a2870a7d78956179dee84cef18140a1c

      SHA1

      892e2a943734cee888467ce179f1ddd9f78661b1

      SHA256

      d6bfafa3ea054ba29529f66cea943472af8124d96e3e4fa33669ba914bde6d03

      SHA512

      1f75c275fb8a7d24f35b206d47856c06d4b56e4b497096b2da7f960c285a8f219256586df2959ef4b87f3aa2286b805ef98d7337a54833ed5390bf4b732d0e91

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ced6d429644f9f3d3c29c60c0ab13cad

      SHA1

      9abcbdfd3d8bace4dfb99c9b66d778d50d9ccd07

      SHA256

      30ab76d6cc04ec90ebd953920be8c2a86f071dd6d5a17bbddb9c470320206b1b

      SHA512

      1886f8d7bd6dc3d2876373168d6d00be85b5504526b54111995549980962704affbe2ec7cfe9369cd7c6d81f0da83c9c8a49f214f3582bb80771b86f75afa26e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ec01fc2fe6850a144b07c5c59652d732

      SHA1

      e376d3618d29c9a03af6c9b983cbd175671750f1

      SHA256

      4b9332606b014e457012cdfa619ab9bb7bdef0cf9249914df9a5ad00986a0952

      SHA512

      09c5bc5fd40045c427ffbd84d6dfe1ad5439e13755c732d915038fff7d2de87b33d3b3f99b3d156cfe4ca7599b86dd67c086549a2581611eeb3735bf9e650cd8

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabBBC4.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarBBF5.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit