Overview

overview

4

Static

static

4

BINDInstall.exe

windows7-x64

1

BINDInstall.exe

windows10-2004-x64

1

Bv9ARM.ch01.html

windows7-x64

1

Bv9ARM.ch01.html

windows10-2004-x64

1

Bv9ARM.ch02.html

windows7-x64

1

Bv9ARM.ch02.html

windows10-2004-x64

1

Bv9ARM.ch03.html

windows7-x64

1

Bv9ARM.ch03.html

windows10-2004-x64

1

Bv9ARM.ch04.html

windows7-x64

1

Bv9ARM.ch04.html

windows10-2004-x64

1

Bv9ARM.ch05.html

windows7-x64

1

Bv9ARM.ch05.html

windows10-2004-x64

1

Bv9ARM.ch06.html

windows7-x64

1

Bv9ARM.ch06.html

windows10-2004-x64

1

Bv9ARM.ch07.html

windows7-x64

1

Bv9ARM.ch07.html

windows10-2004-x64

1

Bv9ARM.ch08.html

windows7-x64

1

Bv9ARM.ch08.html

windows10-2004-x64

1

Bv9ARM.ch09.html

windows7-x64

1

Bv9ARM.ch09.html

windows10-2004-x64

1

Bv9ARM.ch10.html

windows7-x64

1

Bv9ARM.ch10.html

windows10-2004-x64

1

Bv9ARM.html

windows7-x64

1

Bv9ARM.html

windows10-2004-x64

1

Bv9ARM.pdf

windows7-x64

1

Bv9ARM.pdf

windows10-2004-x64

HISTORY.vbs

windows7-x64

1

HISTORY.vbs

windows10-2004-x64

1

arpaname.exe

windows7-x64

arpaname.exe

windows10-2004-x64

1

bindevt.dll

windows7-x64

1

bindevt.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    134s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    07/11/2023, 14:22

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Bv9ARM.ch09.html

  • Size

    67KB

  • MD5

    5c16a0832fa48b9d3bdc5e1331187b42

  • SHA1

    2702b7c1e0eab3555730120478c7c7d3792ccaa7

  • SHA256

    4a471d3d4d3057b81125e49ca99f3368265162d68bbbf618588d21af581d2463

  • SHA512

    8f2bacd96023b48ec715f17a0e9430e00e6daf0ed71c9cda2d33cfc83dfd3177078b81ae5a0892156e63feee9fb28c0f98b94d7132012cff429da3083b9d013f

  • SSDEEP

    1536:Z0OvUrJ625vPMW+WBcqZKMGSSxMgxXkyZ:Z0Tr15/BcqZKMGSSxMgNHZ

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Bv9ARM.ch09.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2820
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2820 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2684

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          1397b039acd7b386b7b0d40165956f0b

          SHA1

          4c2b9aa7d0b73356d1e55ef2d49fb9da47302891

          SHA256

          4dac3b51ac68e6b19199d180ab309303d80f8a30d29b4794d69aa5912b3fc825

          SHA512

          d34c18f583078e3d8a9d08768c7e1b835cda5c168c50897135467a0b3f4f19be67ecbfe52e1bf912a317faaa9862b5226e08ab1aaff6614099d9daa8f8f85f27

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          a3ae5dc90dfbef9224e0ed6f1b1fccc7

          SHA1

          b75447b417597b444129318da86dc7b95020cac4

          SHA256

          b532f6891208bc6f7f7587d668d61d082bdf5653086775f1d2e87ed2d9eb8c1f

          SHA512

          fcf9973b34b92fbabd9bf26a4ab0012d3763cdee7815340dbdfd4eb79d28fd22a5c4f121cf0fd02b506b8d19e4cc7737dc89e9364f97e0c11a568a4a8d753c26

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          3c0944a33bc9c7b0e3608c358cdcafd1

          SHA1

          c4eda1fb4a902a0a12055c87f1625e746d5e731b

          SHA256

          2e347e5374f59c42d6182610052991d076e0ebbc74e0a4a564fba9be1641ddfb

          SHA512

          93cf866103ed4574d1a491ce0805eeaa2d372b01ab6bcbe6ddfb7fe5c48d7791b43df4776b82334c62332a80553d3c1518429ee0937f3744200bd57789d806b9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          aab3a1bb084683f8cca00c82dd39ee83

          SHA1

          8408089f0a9a52d8bf816f4f443fd8942a402df4

          SHA256

          cd0acee39e1ec6721c448857eb201f36a0707f82c64629b22766e698df7bf601

          SHA512

          002dca35824a8650e256da6bed369f16b1acb959456591832290f5be9f1c0f1e8766c5e6b73c72057afae0d1fb2786e81f35d2d37c6e8aec8a92b31cd5ca4472

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          b7635a592e66252aab65c3f0e4d08f0a

          SHA1

          26a4ccca21a16e3fe773e64b37471f62dc3f0413

          SHA256

          5d2b2b3535af7b0ccd077cf6d721a3a58212a4e28ef9dec5a4d011831750bb67

          SHA512

          e6105f7d3db0c133ac6ca7a2fafa854786e533ba25fc91f18d7d17ce3597fdce82c4c37c237cf5f941eb7998e2682bf030e47aab7dc7df146d4ce7c049e09b6c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          cb8df4815c1ad7813df288e1f927e7aa

          SHA1

          0b4c96208c60cd5c3f9563202d457bdbcd1ab2a9

          SHA256

          a88df6396c1833ceedf34e43e36dde7400bb099dfc3c016caf4c8dbfc8d680a1

          SHA512

          f2c68808ee8dbd4f655852b9b68d9e9eb702c25d89d27087d6407df882b16eaeb48d6c91969af769a4f489a2d38892b274ed4d2f3c5ab6d2fe8d1f4b5e928ca8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          d776efb0514f1cfaac0eeebf59231a1b

          SHA1

          68e965a2963f23b909b4be14bc93775046ba3a85

          SHA256

          7d15a14c2cde7fbca85fca5ffa7685d3c0dc9b42edbc289f31dbbc2fc2e833dc

          SHA512

          180c839ef4d5a4377cf9129f1023b9728d44c01170289dd2654b9786b1dac54ab3a81cfa6154f1f4f7d97e78f110df4228914c83b0d63dc5c450bb4d37fee559

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          235e1d6d841fec304d67cb054e412b2b

          SHA1

          9c17108432fbaad6f0df46f0492145d53ea8b7ce

          SHA256

          bbd2c99ad11351d3c224ff3ac2b2c53f92947d9d634f82dff57bd10250f8f44c

          SHA512

          478a847d4febc5c2988cd853605ece1e0d3a89a09e8c9b22db82337a8773d9d0f499f73dd96ab398462fa9f5f7e41f5ef24fa941ecef5f711aa3761d688ea972

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          ceb7077a4ee761c45fe4340df1e497ac

          SHA1

          c7ffe85b85ce98bc0ecebd729fbe7ff1a92f3495

          SHA256

          1e526f3abf1b295dad63f1704801bdd77c0379cbbbdef634276bdd485511ea99

          SHA512

          37387239c446d48630c8144a534b669e21c48f988b21994e0f33c676516036cbf2effcd9a42927b814a7299703c0b0a0dd6ab01174796e937773b0df2e4bccba

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab947.tmp
          Filesize

          61KB

          MD5

          f3441b8572aae8801c04f3060b550443

          SHA1

          4ef0a35436125d6821831ef36c28ffaf196cda15

          SHA256

          6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

          SHA512

          5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar979.tmp
          Filesize

          163KB

          MD5

          9441737383d21192400eca82fda910ec

          SHA1

          725e0d606a4fc9ba44aa8ffde65bed15e65367e4

          SHA256

          bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

          SHA512

          7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

          Download Submit