Analysis
-
max time kernel
150s -
max time network
139s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
01/04/2023, 05:01
General
-
Target
https://drive.google.com/u/0/uc?id=1gB2CQFeZrXRXInGSOz-zPvyA0NYgIBU1&export=download
Malware Config
Signatures
-
Blocklisted process makes network request 3 IoCs
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 4 IoCs
-
Enumerates connected drives 3 TTPs 48 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 42 IoCs
-
Modifies registry class 48 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 25 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://drive.google.com/u/0/uc?id=1gB2CQFeZrXRXInGSOz-zPvyA0NYgIBU1&export=download1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1668 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\ERROR422 By Arnob Tha Fighter Gamer\" -spe -an -ai#7zMap30227:128:7zEvent52381⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x57c1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Desktop\ERROR422 By Arnob Tha Fighter Gamer\54 45 53 54\jdk-8u191-windows-i586.exe"C:\Users\Admin\Desktop\ERROR422 By Arnob Tha Fighter Gamer\54 45 53 54\jdk-8u191-windows-i586.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\jds7171662.tmp\jdk-8u191-windows-i586.exe"C:\Users\Admin\AppData\Local\Temp\jds7171662.tmp\jdk-8u191-windows-i586.exe"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msiexec.exe"C:\Windows\SysWOW64\\msiexec.exe" /i "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jdk1.8.0_191\jdk1.8.0_191.msi" WRAPPER=13⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding DCF5FCF438F859E985D95285B72E997D C2⤵
- Loads dropped DLL
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
61KB
MD5e71c8443ae0bc2e282c73faead0a6dd3
SHA10c110c1b01e68edfacaeae64781a37b1995fa94b
SHA25695b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72
SHA512b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6
-
Filesize
61KB
MD5e71c8443ae0bc2e282c73faead0a6dd3
SHA10c110c1b01e68edfacaeae64781a37b1995fa94b
SHA25695b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72
SHA512b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
Filesize
342B
MD59ef243b3ab982d4dde3aa53c6cb1f173
SHA11d9d7bd9db80991a5e84600e86dabe0d8d61ac39
SHA2568fb6a2e744e5b0da0cdc3dfdef665bce59b3c69f36279768823115310f764d34
SHA512d1fccb0be8a907aab54dcc3040d711796778c044370a661905dfe060c243d02601a85a77c671d98c53762e2f955cacb2cffc69f1a9f690cc2e410c6a9e8a7c9c
-
Filesize
342B
MD5c0cd2529d989dae64b3e7c3eefca8f4d
SHA1171dbe98a36acedf882ac07eded5206a1786bceb
SHA25642e04ac84551eab62eb9d4d9ed7f826c0695d5ac73ad33a4c7bb2ff00a9e0f34
SHA5127b2a15e3bf8b7eedebca40146f339d8ec80815c9af309add32910c4fe85aa0a6e83c7122f7e4d0f9873c285aaf6c86e55460511230456286253dfd2d7b56a0f4
-
Filesize
342B
MD5783f139865b0b3e0eabfc99385085bf8
SHA14b878e60455fbf1ad2a1f3b41d31b78205a76607
SHA25629c7dfabf8b2338f167854076b6b595c89e35e78cd7f9761d1b56b6addf5499f
SHA51292617fc5e94e43df51a591fdf9446817fa66938bc715b4fe0127733d18fe3425e13bb777b6a4d52855d1bb922188132d58a6433887f5a8a4945bf5a6a1863610
-
Filesize
342B
MD5b85722f7f5857d39dc895d44a2e42226
SHA1b6965bfd64362cebc80624f3555afd12156b2a3d
SHA256fabe61d71f4636afc518ad5aef6e3ba65ead7df52aa3b95735ac4ba1e7b40fbe
SHA512b472db22188e732a959cc6e66415cb5119fc86c397fc66747a53da55f3493a28521b2c55d46174e3f01f1b1fd4d080d476c3bf3b6d63b01b4331a94fcefbce17
-
Filesize
342B
MD5fbc93c2177ccf384b4ca673d0da9f782
SHA125d07296b3ce72fd1230565795d0bbbca42ea429
SHA25645a83d7e1b8e4efd14cf00f386e426cdf6abab03685ff0d264f9275ee8d7951c
SHA512fabac9fce36e97c8b52004b59a7c1854295ba62ad9242af19fb92d10a48a839e86a90eceba9a50b3b0374d2f26327c1f791445d1bbc3c690598353c903f12c96
-
Filesize
342B
MD5235ef430e64185a3e5b2c96e76c55496
SHA1b574dea9e05e27f27793476e1d03e9f9677a1ce2
SHA256e22b662eded7e2152e469968eacc5373f3ed44008320d33c1288faa778c0c29c
SHA5125eb4f6a02b181f9d8901e4762a50a28039d1128dc25732e37bd9a9ad35edb5f2db30d63fea688e99743c35000378502e5ae786bec51533f39042977a39acf95b
-
Filesize
342B
MD532e39ad77912216d9baa4d10ad66080e
SHA1cc7582b3482b2989b95b823dccca52a632bacc8d
SHA2568687bd48768a2abff73239ff16fccd2fa044447f1fad098622a8ce1f2170a207
SHA5123ec9f907561d440abb3495dd59e57e03d5dcceec11c9e216f579cd445e4583280da9cf193f8ac802c72e2e0426504fa64a2497fe3b47197dec8fd004114f53a4
-
Filesize
342B
MD51a515b4307a2d58555c4d06cc54b32d8
SHA1e9baa823fa37a2ea3f2d291eb039ddbd22035a9a
SHA2560ef5134a500c48da279fda88b9896ae00e1679047365338dcb2c356c2afcd012
SHA512f31400a4ec3e189f3c8e9afc08ba6e5074928f356cb10b52aa366d1ddaf20b010d89d5571b2a7c75b98288685e63074b09ca771f21c7f80c8c961c0fabd7ecce
-
Filesize
342B
MD5d62a29db4eb82d23c84f89d5c2677b51
SHA1bee1738189b181fc08c5fc43decb1d46fa9f7e7b
SHA256a3c50af8d8fda05621cdbfd9997bd358ff48326a79b1c0ecfacf6c411c36dd6b
SHA512cd4e518c9c1250252de46ab29cf72662f4274dfff78b927416e66a8c9c3aef4f2d2324bf29e87c085826677044d5047e5c8f42ff6cc03b7e6995df9449e922b1
-
Filesize
342B
MD5a1f2860702dd80ff3ec1e9d3260555f3
SHA1ec26934f3c20837c8b813b7cb968033cd6fe9630
SHA256cfad9bbe26ac1d871b67199ea6861ecbc09bca736f65143f8cfb20315969df51
SHA512de0516f4894fc50c805a70ef9140308d835e2694ade9039f657dcd053976ca79f690d23d1f855a0fa20c601b682aa7f99bccc35acaba9909f2ee3b7192e9f457
-
Filesize
342B
MD55c5cc2bf5595935707a83a15bcb20855
SHA1ee27a885172a4bfaff7b926291b8578723496444
SHA25642901c92e84a589c27603cd83d6c755951c9cc9cab4da6a0fb10f29244fc53d5
SHA512de7ef3323f0f14bcefc8ae00b3062eeccfcc9b5a6d4b5cdcb04466c077a152d860ae5967cdc431edd65ae61a38fe1e5a11614e296ec98ac1d257c9342d605ebe
-
Filesize
342B
MD58ada9038d867fd6e4893d586b002da5e
SHA1e3faaf6875d24ccaab63d43baba035393e692cff
SHA2562d5859fc053456726afe870acbcfa017c9475e0a74d5774b7f22a5533e2c6a6d
SHA5120050c06e122a7891279e4a18cc12c8723fa9eb08860ed90ff0fce9c0bdcf0324c29706b9e84054318817bd9e00237c942e6a1c796a741770cd825d38e02e86a5
-
Filesize
242B
MD5b4d1260967d2b6e292eff946748899a4
SHA1e4bf4308078057790e8cb6a338cc7b51bb7c3ebf
SHA2563a8e0251530e75863b3c19a760ad94e3ff2ce9f0fa59f447cde80aab6f9a5d8c
SHA512012320a6cf8507bb3859cef8163a2a13ed671f18598df7289557379cca9ef49b1c0ac5862d870c3d308132bdc1105aed767cf39b2a2dd8435b56e697d223843f
-
Filesize
948KB
MD584f5b7ada4e0c06a2aae07a8419c9f64
SHA1ed8e9b61e4967b0608406f1255e3e2dbfee3cf0b
SHA256530f769f400f371383aa1ffaab30b46791a3bb5ea8e9304e3efe9ef419a7faa0
SHA51284a341cd6ad2e6b560f40792042e60d4d68cdc5cfefee7a85f28a55077aa872dcaa16e27b4a95bb7fe2516a4fe3b0e714c746b69cb826b5bddef8a659fcde38c
-
Filesize
6KB
MD59f85f1921dee3ad222f109c9f403f9b8
SHA1a1b6b7c020188ce027ec24c8d32560ae527c1923
SHA25654b5414301ff695daf5c41d9ace916c0532576b3d123afc5756cf111e2737da8
SHA512facf423cf6c8830f3937dc6e793dc6a0b65be1eb8a65225d5204c9048398ff498d8ece1836e60391fa5534913adef24153cb966f010e5a9bb1e75461224122e5
-
Filesize
1KB
MD5c66f20f2e39eb2f6a0a4cdbe0d955e5f
SHA1575ef086ce461e0ef83662e3acb3c1a789ebb0a8
SHA2562ab9cd0ffdddf7bf060620ae328fe626bfa2c004739adedb74ec894faf9bee31
SHA512b9c44a2113fb078d83e968dc0af2e78995bb6dd4ca25abff31e9ab180849c5de3036b69931cca295ac64155d5b168b634e35b7699f3fe65d4a30e9058a2639bd
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
61KB
MD5fc4666cbca561e864e7fdf883a9e6661
SHA12f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5
SHA25610f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b
SHA512c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d
-
Filesize
565KB
MD54ca39f5a1af6d35e41170e8c30a8391e
SHA10ba37cf6d207c5401fc24687ae35fd6c93f10b79
SHA25632b059eb787925202eebe00ab45312f8484a9dc09c0b76df6a7b38a161133457
SHA512a4bcf340581edee8ad0fabaa9ee93be726d199022f8e7fc64aa88fb52cf713cb5be99cf2b8618aad3a7ac3b1715f1629394e8d8caed0ae113fea5b1674d13c3a
-
Filesize
565KB
MD54ca39f5a1af6d35e41170e8c30a8391e
SHA10ba37cf6d207c5401fc24687ae35fd6c93f10b79
SHA25632b059eb787925202eebe00ab45312f8484a9dc09c0b76df6a7b38a161133457
SHA512a4bcf340581edee8ad0fabaa9ee93be726d199022f8e7fc64aa88fb52cf713cb5be99cf2b8618aad3a7ac3b1715f1629394e8d8caed0ae113fea5b1674d13c3a
-
Filesize
565KB
MD54ca39f5a1af6d35e41170e8c30a8391e
SHA10ba37cf6d207c5401fc24687ae35fd6c93f10b79
SHA25632b059eb787925202eebe00ab45312f8484a9dc09c0b76df6a7b38a161133457
SHA512a4bcf340581edee8ad0fabaa9ee93be726d199022f8e7fc64aa88fb52cf713cb5be99cf2b8618aad3a7ac3b1715f1629394e8d8caed0ae113fea5b1674d13c3a
-
Filesize
565KB
MD54ca39f5a1af6d35e41170e8c30a8391e
SHA10ba37cf6d207c5401fc24687ae35fd6c93f10b79
SHA25632b059eb787925202eebe00ab45312f8484a9dc09c0b76df6a7b38a161133457
SHA512a4bcf340581edee8ad0fabaa9ee93be726d199022f8e7fc64aa88fb52cf713cb5be99cf2b8618aad3a7ac3b1715f1629394e8d8caed0ae113fea5b1674d13c3a
-
Filesize
161KB
MD573b4b714b42fc9a6aaefd0ae59adb009
SHA1efdaffd5b0ad21913d22001d91bf6c19ecb4ac41
SHA256c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd
SHA51273af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd
-
Filesize
161KB
MD5be2bec6e8c5653136d3e72fe53c98aa3
SHA1a8182d6db17c14671c3d5766c72e58d87c0810de
SHA2561919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd
SHA5120d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff
-
Filesize
197.1MB
MD506a347e5483cf47f3c0bc3976a115eb0
SHA1f882583e7917c6f125dc044cff533e27ff89d246
SHA256114d2ee05544387200bd22467dac853b03ea3415d4c5c8f36660079f3f676054
SHA512e0de7d9200f337cc165f317cd86a35f16e592f197871c0acb42a398a0066cf490fb46e904886c37c01ca6f39ff09a5c09b9209adc08a7131070e71123420fe1d
-
Filesize
8KB
MD512bf9ba07c065dcee937e73350fedd35
SHA1909cd3c754ddc0ecb2a707d3a8783ce7cf9b94c4
SHA2567fe75084990fc3ef39b5681efb58da8ce9ae3dad2b18300fa686f7e3c8c6897e
SHA5123f185ad718bfb35c37be6ca61fe3fc02b61c7c32cb34fcdae0fdb6831eebb95b30053438a550b3e46510cfe0effe90f6751552a3059186859d52bb8a13986e5d
-
Filesize
8KB
MD512bf9ba07c065dcee937e73350fedd35
SHA1909cd3c754ddc0ecb2a707d3a8783ce7cf9b94c4
SHA2567fe75084990fc3ef39b5681efb58da8ce9ae3dad2b18300fa686f7e3c8c6897e
SHA5123f185ad718bfb35c37be6ca61fe3fc02b61c7c32cb34fcdae0fdb6831eebb95b30053438a550b3e46510cfe0effe90f6751552a3059186859d52bb8a13986e5d
-
Filesize
10KB
MD511bdab6f0cf45313f197d95bacd3bab2
SHA1caffb2b88714c154b2bde9e316ef12d2d202654b
SHA2567fed5ab4ca10e09034399c4f400e2c2cb64eba1bd6fb9e44af4714c9dd45223c
SHA5125af551feb37df853861dc68a90f0b7fffabd759299ba51f629f4ee613eaf35e5f4d7449cd6cf8102a2dd46e2389e3e5c66641887f77ed435c6ad23a030da0bd4
-
Filesize
606B
MD5dec434e8f77e19ed4f45291a0a781419
SHA1012db5e9f9931e6f1eab2d9c88a6c55e00e7a94d
SHA25669cabe75c139a173406d2c0ca10f72769cc0b869bf773a5bb2241b1f1e940e85
SHA512d3066dd7ee9bf7e5e8aba87fbca3ae8e1bd52c915b99756c21e87d909484617efe225b5dbdf7063c34f493349363b33b037a348e29dd8a8da97c38dbcdb217f0
-
Filesize
203.3MB
MD590314c49fa20e9f74d6d749565dae98a
SHA105ea9fcd8cefe8e4253f226b298ace6e3494fc0c
SHA2566a7957b6b65c5f2117aedd42accf385358f3ad7be17040c13f0f43b3adedc96c
SHA51294e5f6dfedef1a267e310da2c9b0a602a64efa66b88a0f8fbf11ab94c3fa1816e6c5bc9ac82f0d2fa5776d835c2f805c110e4cc37bc035384ba405528d22a843
-
Filesize
197.3MB
MD550cfd28a3a3243bc5e9be096a3b9fd97
SHA1bc8f26edb5d1b6d93459405da76bc52c9b882e69
SHA256a92fce986622e9846b93e396a7eda6214e7f7ea90860794c934f423c10813622
SHA512859e7cc427a5ea990dd3b5301d0bb68aceac9b32f62363d5d21ed90ad45a7a7912d201dc276786bfcfb18a8683776623c7b78c4ad06c4f8002033bfaa6e8855e
-
Filesize
565KB
MD54ca39f5a1af6d35e41170e8c30a8391e
SHA10ba37cf6d207c5401fc24687ae35fd6c93f10b79
SHA25632b059eb787925202eebe00ab45312f8484a9dc09c0b76df6a7b38a161133457
SHA512a4bcf340581edee8ad0fabaa9ee93be726d199022f8e7fc64aa88fb52cf713cb5be99cf2b8618aad3a7ac3b1715f1629394e8d8caed0ae113fea5b1674d13c3a
-
Filesize
565KB
MD54ca39f5a1af6d35e41170e8c30a8391e
SHA10ba37cf6d207c5401fc24687ae35fd6c93f10b79
SHA25632b059eb787925202eebe00ab45312f8484a9dc09c0b76df6a7b38a161133457
SHA512a4bcf340581edee8ad0fabaa9ee93be726d199022f8e7fc64aa88fb52cf713cb5be99cf2b8618aad3a7ac3b1715f1629394e8d8caed0ae113fea5b1674d13c3a
-
Filesize
565KB
MD54ca39f5a1af6d35e41170e8c30a8391e
SHA10ba37cf6d207c5401fc24687ae35fd6c93f10b79
SHA25632b059eb787925202eebe00ab45312f8484a9dc09c0b76df6a7b38a161133457
SHA512a4bcf340581edee8ad0fabaa9ee93be726d199022f8e7fc64aa88fb52cf713cb5be99cf2b8618aad3a7ac3b1715f1629394e8d8caed0ae113fea5b1674d13c3a
-
Filesize
197.1MB
MD506a347e5483cf47f3c0bc3976a115eb0
SHA1f882583e7917c6f125dc044cff533e27ff89d246
SHA256114d2ee05544387200bd22467dac853b03ea3415d4c5c8f36660079f3f676054
SHA512e0de7d9200f337cc165f317cd86a35f16e592f197871c0acb42a398a0066cf490fb46e904886c37c01ca6f39ff09a5c09b9209adc08a7131070e71123420fe1d
