hxxps://github[.]com/Da2dalus/The-MALWARE-Repo

Analysis

max time kernel
7s
max time network
10s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
27/02/2025, 05:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A451B221-F4C9-11EF-AEB0-FA90541FC8D6} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1760	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1760	iexplore.exe
1760	iexplore.exe
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 1760	2420	explorer.exe	31
PID 2420 wrote to memory of 1760	2420	explorer.exe	31
PID 2420 wrote to memory of 1760	2420	explorer.exe	31
PID 1760 wrote to memory of 2856	1760	iexplore.exe	32
PID 1760 wrote to memory of 2856	1760	iexplore.exe	32
PID 1760 wrote to memory of 2856	1760	iexplore.exe	32
PID 1760 wrote to memory of 2856	1760	iexplore.exe	32

C:\Windows\explorer.exe
explorer https://github.com/Da2dalus/The-MALWARE-Repo
1⤵
PID:1832

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/Da2dalus/The-MALWARE-Repo
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1760
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1760 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
71KB

MD5
83142242e97b8953c386f988aa694e4a

SHA1
833ed12fc15b356136dcdd27c61a50f59c5c7d50

SHA256
d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

SHA512
bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
1KB

MD5
d96b92c30c1a1616cfaf4ca0ab787369

SHA1
18ae9bef58f2e0046196b6a147027bdfa64e3265

SHA256
14bf670624bcbe3bd02b1cfb45113adc678645500829ba270b83bef4ed9506df

SHA512
14f1b5fd94b3aa9c8adbe050742172493570dd2b579bfc92a95b8d5d98084292426c266e06c12f7319839ede52045b5a70e430aafd2c711f32997b7075ef7e4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
38398edd9dff8aa04827f0e19fa06317

SHA1
fd93134cbdf4e32ca5662d065b3a141b5d87312e

SHA256
a829990377c90646a90bde55b978a7c139a3a8c8b252f453c2caf3464cad1e56

SHA512
a8e31f0c9a8874c662e759523eeac156c07c73e5b40b5395e255e7785cb4e3a2efce51624edd09125c1d7b2a025c4ee3d99135bcd51ae2b3655634f01bd8c5e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9be551e2fbdb09f401c7ed4b274f5183

SHA1
2eea7e4ccddd8cd58e6057a1e56c9566a76277e2

SHA256
52e40bae4758e7f38d3da1a685b9e30446dea6a2f8edc3cf1e0b06498a0f477c

SHA512
965955106732f7397d8fdaf385fae6b8918051361503ef7780935ad47c18d9812faaeea44225a94f87adbe53f973087a42e147bd31b5f17de516dff073a520ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
628c0f5b47853e3dfe01a83da9c21e6f

SHA1
3deb2a1b2c6f3276a10293d9e006ee58407fe9d0

SHA256
bc640e4714342b1ebda0aa9c52713a594e6ac3612dd9fe9067845625bbdfee35

SHA512
49dbf64e887f86d716758e02c7612d9fbcfd46e61d50a89a7e71e70b45a103d422c02e4469e7548c18e1381a72f5a8c1d70fd7a146d5147563286dd34d98a238

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e355698e348675fb4308fe1b657e748

SHA1
40fcfc247758861e0d4fb2874e58943c30a63b5f

SHA256
edb873fd365ce2bbea138b5bc1ad65cb19c6204f74ada1c3a47325227d64272e

SHA512
a0eb349ae9f3826955d7db936e038c8c011d903748a726cac96cd6a6048fa25ca649aa06133fb6edfbc4ddc146a4346b41722e855d2420d883138d41b9740a36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb4c57dffc86c4ac57c1afdea81ba1fe

SHA1
7e48e3ce2e384aa459adc5569471e8260ebce6bc

SHA256
7119790bb38f86d3ebf6a18d64beb62840a78099f2759c4267bb932d68a4f91e

SHA512
81f89389a8c3ac1ffb592c2f8b23d8f4337ca2721283ac1d175fad22977c81be1bf661000d64770c01da811996be746bcd3bc667b94435f9fc57d94121abb224

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5087541944a7cbfd0c9becf650172e9c

SHA1
766493134d22f0aebd122f9e2d8d658da7641d69

SHA256
f87b2cb16041dc2241562a7b37d1cdc02e0fb3b835d8d56905de020f102ea562

SHA512
28f96cc858b50aa3e45b10a74e7fc4b739ff20a6e93783be2d408ee4473804d14c576677373cb279b8a06b15cdc680286114047f779f5f06bf682a601f728efa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b6836bf3444ee78dc97bb74fb552415

SHA1
07ecc99ea34ac6f8d92b7bde9bde4e15cbfdd405

SHA256
ed4f6d6976673e80a52e268536d283b07aa376197f2471f4ab31a1111edbcee1

SHA512
0981e5dd64e16dbc146f106cb5a532f3894df327e5c6e7a672619b4200bd6245468e26ab05e2d1c669f214bb82d358b26518886dff65e9d23f94f2d8ef24226f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e328d21762a4141f1be8fdc32a5dd03

SHA1
f2e7def89f629db1596bb5e850884d642153f92c

SHA256
fe2f9b4ed032f5ce27939fb3b2beab3dd4e4d8df9d36e1e94c722cbcef7002e2

SHA512
a7487dfb9d04e3d51679e693f6e1a0ebb2d53cac06c261dcd6f410314d76b4642bad0407dd1e470704c0cdeab5692bb32cd5d2b8b01e835e358320318fe7a118

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5aaed338444569a55ac9a45b5d620f08

SHA1
34a89951d5339c5b8f66023b81fb7ed404760f6a

SHA256
978cf985586d41943d8544646f1a2707ba7586fd8804ce47e46a79dcdf2d6650

SHA512
61a231fcd8abc01779a3ed121cc47e8084328067c6ead835919c687b9c8c2b1e4cf09981eb6f01299fa081085d16f94ae567170b7c11130f332e9abce41bc247

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c07014849c0f76f0a2170dc7d9bdfc93

SHA1
10d0e252d1e4575abbdbf22f1dd7c78de6bb7238

SHA256
94b785934bd8227bd420f916ac8bcf5e2c8fed5daa9cc33d7f9b62b654ecabeb

SHA512
c135c72f1a4f93a6fa1194e4cb227d7b0ed070e7684a12544767da8eb48ded62421f7d105e03d427e2abb471431cc047d7c825b2b8ddaeb25185e69cf77ed8cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
540e00c0ef47bb1dbe083bb2719c2c28

SHA1
b62b6ca869e331950b274d2e25ea445e4d3761c4

SHA256
330453b4bd427fdc6723bebed3b81726463c657e9007ce1c44ebd1857911fbc8

SHA512
0eb4d11e627ee996b8bafd3ff42ea9c986e4a9a03f04a2eed39fac7b435af867aa4d539e19632babd763a76fa2a850de0e457c4929814620621db01ee5d90307

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0fbfa884adda0ec15446cc52ac7e922d

SHA1
6b8e73cc22e4afca474ec38a714248978774b8df

SHA256
4fe39b5b163443a9be51e1fb75cc8b67e4f71f9e4ab3c2d80b9709d09b6232ab

SHA512
aea6945ebd2290876b898c2d3d4515b1c80cc09c1c9ffedec19dbae5c2fa841d8f93e57ca7c1573f91be720a9599f35d9a78de62d4f9fe2b055e192c81c52a47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1df9954a9624707a13b9f29cf80f1db

SHA1
904fa1180f6f359876586f6910db2f7a7cdf5f87

SHA256
426dc16f41e3264cd8c9ef56f0d421c83e82a90d8fa6856d83ea197aa86937ac

SHA512
6cbdc8ab35137b532d97631cf9ed03574acdc179dffbea53c3a875fd3769dadd4e4b4dd747263afa75853de6faaeaaa30e8ab11eb7c3a9777565eb150779f56f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e8831a81fe5f2197d931275201a28fe9

SHA1
28afd308a5f17c200fab0828e4b6a1f31c5c994a

SHA256
0f2c7e1b812a794e38285c26612b43ff779ecd244340709405dcc01cade8b97d

SHA512
20345b436a104e7815404b5f44823fefb346bf2bc834aec015a1cee326fb7c386b5ef09924f4cd014d73b137de3fa9505829de635201cbf0f0ed97079d3b807f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\78076te\imagestore.dat

Filesize
1KB

MD5
1c3fab698756b3812947ffd9b10f3967

SHA1
fea8a4ee85cdf3c1c7d1fd8659e479251e6902b7

SHA256
5ea5460c59c1c71ff7a906f0d7286508f4f9d415edf125bee6d0db82d684f5f0

SHA512
c30e3b18fb2bef111d1fc79e36ae94863cff567d5276fb8b9a57b539aceb0599386a7eb7478ef595aadfc982d88a864894a9f2640caf56c24e1751af8e1d9d01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6J4GCMD\favicon[1].png

Filesize
958B

MD5
346e09471362f2907510a31812129cd2

SHA1
323b99430dd424604ae57a19a91f25376e209759

SHA256
74cf90ac2fe6624ab1056cacea11cf7ed4f8bef54bbb0e869638013bba45bc08

SHA512
a62b0fcc02e671d6037725cf67935f8ca1c875f764ce39fed267420935c0b7bad69ab50d3f9f8c628e9b3cff439885ee416989e31ceaa5d32ae596dd7e5fedbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA527.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA647.tmp

Filesize
183KB

MD5
109cab5505f5e065b63d01361467a83b

SHA1
4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

SHA256
ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

SHA512
753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

Download Submit