Overview

overview

6

Static

static

1

URLScan

urlscan

https://github.com/w...

windows7-x64

6

Resubmissions

27/03/2025, 13:07

250327-qcpqrastdx 10

27/03/2025, 13:06

250327-qcewjsstdw 6

27/03/2025, 13:02

250327-p9s9rstry4 10

Analysis

  • max time kernel
    12s
  • max time network
    13s
  • platform
    windows7_x64
  • resource
    win7-20250207-en
  • resource tags

    arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
  • submitted
    27/03/2025, 13:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/whizkydee/Awesome-APIs

Score
6/10
discovery

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\explorer.exe
    explorer https://github.com/whizkydee/Awesome-APIs
    1⤵
      PID:1852
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1288
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/whizkydee/Awesome-APIs
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2376
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2376 CREDAT:275457 /prefetch:2
          3⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1032

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
      Filesize

      2KB

      MD5

      b56c345c0eb862a7cb537f2b793bb025

      SHA1

      a872bc36baec5c4abc2dffc43c76335317d9106e

      SHA256

      c536324effc17040174d1f23427dc55b603d2f2d79e555f1f030503b02fde015

      SHA512

      8659d86db9f5058637185bd22f3046fd1a7328333ee35bb4ca764c370d8982d51a39f23f76890f4bd3bd6cea4f08884477f276bd692bf027c53dcbdf7c3ab44c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      71KB

      MD5

      83142242e97b8953c386f988aa694e4a

      SHA1

      833ed12fc15b356136dcdd27c61a50f59c5c7d50

      SHA256

      d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

      SHA512

      bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
      Filesize

      1KB

      MD5

      9243562a066395834ae5e0596058bf7c

      SHA1

      7717a58dd2354fc12fe1b7ae6736579a0c6f7b67

      SHA256

      bc439d28c6860771ea1746266bc29f66c813aeab1c9dc084d46375fe50e0a4fc

      SHA512

      debad4940211e31864908afc6a63fcbc121c3b3813efc7cbc1e64130c1c5acf924e37d1e217384fb0ed0fe0c40b93800efd26d50ec857bfd52d4c4be0d9cb676

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      79ae697142ae3761068cc0c103bd4b23

      SHA1

      4bd2fb705506fa3b4331a55cdc03ac14d170ae9e

      SHA256

      2d980b403c062f0129c9f80aa5485b3b228467aa4f965c9d62b32cfc51746c56

      SHA512

      319fda3b45247e9f8ae9070357227319a890e76c69b016badb9c7e5e390e85399c889030f4aa6f65b9e7cf05f8d2e815b1b7193a8f26979bb4eb188ecffe688e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      853737515624b155e21adf2c91837f99

      SHA1

      4fa08e43ab6df0b5111032f96c8e6be7327e7a3f

      SHA256

      bc45338e516288fc306f641b2b838880d4268d9fd9df56def9a3fc6eb3fe1a2e

      SHA512

      3e35987a5db8d7b9e2233cb2f8d7d9384668d0ef26a80b9db318032f9616d961bbe132e60b5cd95180b80a561f44847b00342748e206bac2e458656451c3899b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      095fbb459020633892cf580cefbfe1f2

      SHA1

      9fce243b17c2a2386a460a49f9f13fd627b7fe8f

      SHA256

      bde79e08199a86fcc0892f16aee6a6d8fa890eb27966dc04cc777daf3a76e386

      SHA512

      48b0d4cf8e94c893b6eb664a8b9610a5c3d4e7edde51517b70b7fb52e4125d9ab446220a09f32674b33e33d42c7851404b809954cad2a399f88e1783fd020a0b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      380398765094deaa84176e0dab1b5a95

      SHA1

      86e6ca080e66fdb5f51b8f1f4822d35aad40716c

      SHA256

      8400bbdc2d9446172bbe19a46400b366f88187d20ee0e373ebd67b00a1c62817

      SHA512

      92b816b1e756f3f7b13a8dfed8959ef2b36936702040f32fbc00a768ced1b256b2579b4a91ad2446276760ecf27856188036332ced49c6955f3f12b83f7d1249

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8275f3d49f5cd34d80384a5b95724a28

      SHA1

      aafa0953c779897823c4c02d6cc6a2d583b698e0

      SHA256

      d97e3da2e8345c40f5ce77b000bb89575050683ff9cee598680dddf02830d05e

      SHA512

      25d630896e30e9dbcf44fb828f79842b0ee73178dc7f615af3687f754cd2d2348a30acd34c80e12efd1374129a6be84388ccf1a533a253c1cb108c1eb1918a85

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4ecd98ba36272aee3d5a017469b51324

      SHA1

      9877cb238a691f31b282877aad9ecdc405ede23a

      SHA256

      fa98609e5db710f26a13fe926b124979461daa8017e40759eb16836809149d29

      SHA512

      ef135bcd498e2ad5da531ed2d96acbaa9ef3cdea41945d697478f11db2a976567e738c74a41124e12a1de2a78174d70cbe1b839c729e1541dc6fd7c9524a35c7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a102c5da9c15de52adeda97f4396bb47

      SHA1

      de05ced67d349a8b97759e0ec5a444aade2b79a2

      SHA256

      9d7f43fc8e433019d57782f31253ad533a0ec9146c3e0aeb0bdac0f688168876

      SHA512

      4b97a8b53050df85f83bd2a3b94b81df036c8e2ca95309c096d4cd09b28c82eb09a8680f908f0f3fab80bafda7850a92d72918d728e2d7746f61f6422c9d1507

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a2d80f4208639d414db242a1813a3a52

      SHA1

      00504462be6b60b08b0a7ff81c7936abfc0beae9

      SHA256

      33470ce239ed86bfb89340f9ced794a0399f11f5de143c08baf6456dde4d650f

      SHA512

      a9647972d17cbcc05e080c938745f6625220b0d23e197a924a585a8e5c0661c48e24ba7774078646d9d711e95a96aaff400eed4b6d322231eb7eac58cc406f67

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6549e0e7cc283c8e2889700c9ba8b03b

      SHA1

      0677ebea4f5b61020c9c08c6be7605e2f16e9edf

      SHA256

      d7a944c913c73d1dd2e63735c7e508980c2e1b8ef365d9293d69d1b289aaebbf

      SHA512

      f2de6e2f5754adebef5536fb92aaa12b3dd4fd634cf004848b061201613ff17ae23f72d9237898509d057293e13d447f5ffd186aa75c5be5f6ef6e1ebefbc49d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
      Filesize

      482B

      MD5

      c5dd85ec4af97ca0da9a2dc401318e73

      SHA1

      e93858b1dc77b57b8d10f4795d876c25d5f17c52

      SHA256

      b66282c1af3c295c3cf9fb644bb6acda54bb3b04ad4b07334868dce159677ca1

      SHA512

      bacd50db95b1c7a5a213e5d5ddf4c576801fe33bb15dcd4b2a6f8c5339168b9e5d9fa73bf3cd5b81fd9edf6ad4107ea37b48b78cc93d73b385b445944810d50d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
      Filesize

      482B

      MD5

      44e7d845a0997bda9d94c44271ef3c84

      SHA1

      c7498f02c81e85710499608b99de77eb5273208e

      SHA256

      383b0d1511bd42025171f88a6df4a1704c647cf5b0dcd99a916bd6c8f4845125

      SHA512

      afc8be00e4f2a01269215e772726aa23ca621a1c3a152f7930f97d44d78e1ad5f30f56507c522007f6d9e5aefbe47d308e22aa5ef40530906d109ea02467d878

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\zli6be8\imagestore.dat
      Filesize

      1KB

      MD5

      1b9c1918de22f0c07f9c471eae190262

      SHA1

      73e586392eb43b38d55d5cf171c8bfc90f99eba7

      SHA256

      046aa7003405b4803a3621273a24337e78ef77e5b513499588a0f23af998141b

      SHA512

      d42c451151682024a887b6d95fcf233f6d68e0d8b475e8d30bbadffa7ae283fa94ba4da4415130ccedfa318917e6f8d1efc1ff55f2d6dc8146740604e3d54a2f

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FN7UQQ6Z\favicon[1].png
      Filesize

      958B

      MD5

      346e09471362f2907510a31812129cd2

      SHA1

      323b99430dd424604ae57a19a91f25376e209759

      SHA256

      74cf90ac2fe6624ab1056cacea11cf7ed4f8bef54bbb0e869638013bba45bc08

      SHA512

      a62b0fcc02e671d6037725cf67935f8ca1c875f764ce39fed267420935c0b7bad69ab50d3f9f8c628e9b3cff439885ee416989e31ceaa5d32ae596dd7e5fedbd

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabCC36.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarCDF0.tmp
      Filesize

      183KB

      MD5

      109cab5505f5e065b63d01361467a83b

      SHA1

      4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

      SHA256

      ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

      SHA512

      753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

      Download Submit