Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
19-04-2021 03:33
Static task
static1
Behavioral task
behavioral1
Sample
file.html.scr
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
file.html.scr
Resource
win10v20210408
windows10_x64
0 signatures
0 seconds
General
-
Target
file.html.scr
-
Size
21KB
-
MD5
526c41c610a041009f1466f55b882063
-
SHA1
ff51ce695aa471ac5f482cae9d33db9928f12a94
-
SHA256
6889280387829eab8dc3210c6b8c7d88a19669f533ad75a078454214211df154
-
SHA512
abdd70d5dc9cd29d97e8824c606a940086a5ce54c525cb55a70dedae754eba2b520f1f637a12332e61a65d2accef9a8179d2efbefe1ed3a93ada091aebded628
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
file.html.scrdescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Traybar = "C:\\Windows\\lsass.exe" file.html.scr -
Drops file in Program Files directory 64 IoCs
Processes:
file.html.scrdescription ioc process File created C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\7F90D34A-6846-4B37-9E6C-DA49ECC4DACB\root\vfs\Windows\index.com file.html.scr File created C:\Program Files\Windows Sidebar\Shared Gadgets\index.ShareReactor.com file.html.scr File created C:\Program Files\Common Files\microsoft shared\ink\HWRCustomization\Winamp 5.0 (en).com file.html.scr File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\Winamp 5.0 (en) Crack.exe file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CONCRETE\Winamp 5.0 (en).com file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STUDIO\WinRAR.v.3.2.and.key.exe file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\index.exe file.html.scr File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\Winamp 5.0 (en) Crack.com file.html.scr File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\Winamp 5.0 (en) Crack.com file.html.scr File created C:\Program Files\Common Files\microsoft shared\ink\th-TH\ICQ 4 Lite.com file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\LEVEL\Winamp 5.0 (en) Crack.com file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SONORA\ICQ 4 Lite.exe file.html.scr File created C:\Program Files\Microsoft Office\Updates\Download\PackageFiles\7F90D34A-6846-4B37-9E6C-DA49ECC4DACB\WinRAR.v.3.2.and.key.ShareReactor.com file.html.scr File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\Winamp 5.0 (en).exe file.html.scr File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\index.com file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\PlatformCapabilities\index.exe file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUEPRNT\WinRAR.v.3.2.and.key.exe file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SUMIPNTG\ICQ 4 Lite.ShareReactor.com file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\FREN\WinRAR.v.3.2.and.key.com file.html.scr File created C:\Program Files\Common Files\microsoft shared\ink\es-MX\index.exe file.html.scr File created C:\Program Files\Common Files\microsoft shared\OFFICE16\ICQ 4 Lite.com file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\Winamp 5.0 (en).com file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\Winamp 5.0 (en).exe file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Resources\1033\ICQ 4 Lite.exe file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ICE\ICQ 4 Lite.ShareReactor.com file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PAPYRUS\Winamp 5.0 (en).com file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Cultures\Winamp 5.0 (en) Crack.ShareReactor.com file.html.scr File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\ICQ 4 Lite.com file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Web Server Extensions\16\WinRAR.v.3.2.and.key.exe file.html.scr File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\Harry Potter.ShareReactor.com file.html.scr File created C:\Program Files\Common Files\microsoft shared\ink\nl-NL\Kazaa Lite.ShareReactor.com file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\1033\Kazaa Lite.exe file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLENDS\Kazaa Lite.com file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EDGE\Winamp 5.0 (en) Crack.exe file.html.scr File created C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\Winamp 5.0 (en) Crack.ShareReactor.com file.html.scr File created C:\Program Files\Common Files\microsoft shared\VGX\Winamp 5.0 (en) Crack.exe file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\en-us\Harry Potter.com file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AFTRNOON\Winamp 5.0 (en).com file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\COMPASS\Winamp 5.0 (en).com file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\INDUST\ICQ 4 Lite.ShareReactor.com file.html.scr File created C:\Program Files\Common Files\microsoft shared\ink\en-US\ICQ 4 Lite.exe file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUECALM\Winamp 5.0 (en).ShareReactor.com file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EXPEDITN\index.exe file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RIPPLE\Harry Potter.com file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\Winamp 5.0 (en) Crack.com file.html.scr File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\Winamp 5.0 (en).com file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CASCADE\Winamp 5.0 (en).com file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RADIAL\Winamp 5.0 (en) Crack.ShareReactor.com file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\WinRAR.v.3.2.and.key.com file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\Winamp 5.0 (en) Crack.com file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ECLIPSE\Harry Potter.ShareReactor.com file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\NETWORK\index.ShareReactor.com file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SATIN\index.com file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SLATE\Winamp 5.0 (en).ShareReactor.com file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\1033\Winamp 5.0 (en) Crack.exe file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\Harry Potter.com file.html.scr File created C:\Program Files\Common Files\microsoft shared\ink\pt-PT\ICQ 4 Lite.exe file.html.scr File created C:\Program Files\Common Files\microsoft shared\ink\lv-LV\Winamp 5.0 (en).exe file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PIXEL\Winamp 5.0 (en) Crack.exe file.html.scr File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\Winamp 5.0 (en).com file.html.scr File created C:\Program Files\Common Files\microsoft shared\ink\sv-SE\Harry Potter.com file.html.scr File created C:\Program Files\Common Files\microsoft shared\Source Engine\Winamp 5.0 (en) Crack.ShareReactor.com file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\Kazaa Lite.com file.html.scr File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RMNSQUE\Winamp 5.0 (en) Crack.com file.html.scr -
Drops file in Windows directory 2 IoCs
Processes:
file.html.scrdescription ioc process File opened for modification C:\Windows\lsass.exe file.html.scr File created C:\Windows\lsass.exe file.html.scr