Resubmissions
27-05-2024 22:11
240527-14ae9ada43 1027-05-2024 21:15
240527-z3zhbabd59 1013-02-2024 12:11
240213-pcwzdshd2w 1013-02-2024 12:08
240213-pa6qtahc7y 1018-12-2023 08:13
231218-j4g2nabaf5 1005-12-2023 08:54
231205-kt32taae27 1005-12-2023 07:41
231205-jjdthahh6w 1005-12-2023 07:38
231205-jgmcvshh5x 1026-11-2023 09:39
231126-lmxf5agd87 10Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20231025-en -
resource tags
-
submitted
05-12-2023 07:38
General
-
Target
Malware-database-main/butterflyondesktop.exe
-
Size
2.8MB
-
MD5
1535aa21451192109b86be9bcc7c4345
-
SHA1
1af211c686c4d4bf0239ed6620358a19691cf88c
-
SHA256
4641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6
-
SHA512
1762b29f7b26911a7e6d244454eac7268235e2e0c27cd2ca639b8acdde2528c9ddf202ed59ca3155ee1d6ad3deba559a6eaf4ed74624c68688761e3e404e54da
-
SSDEEP
49152:5aA7f7tlVmdqK23H2bpHI4Qs5ABV9WRHZRsgI82lcHGAaKLinXBgJ:Q+VMkX224QsWBq5SfARGRgJ
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 7 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 6 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer settings 1 TTPs 53 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 3 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 19 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Malware-database-main\butterflyondesktop.exe"C:\Users\Admin\AppData\Local\Temp\Malware-database-main\butterflyondesktop.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-SVBB4.tmp\butterflyondesktop.tmp"C:\Users\Admin\AppData\Local\Temp\is-SVBB4.tmp\butterflyondesktop.tmp" /SL5="$70122,2719719,54272,C:\Users\Admin\AppData\Local\Temp\Malware-database-main\butterflyondesktop.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"3⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://freedesktopsoft.com/butterflyondesktoplike.html3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2916 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.0MB
MD581aab57e0ef37ddff02d0106ced6b91e
SHA16e3895b350ef1545902bd23e7162dfce4c64e029
SHA256a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287
SHA512a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717
-
Filesize
3.0MB
MD581aab57e0ef37ddff02d0106ced6b91e
SHA16e3895b350ef1545902bd23e7162dfce4c64e029
SHA256a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287
SHA512a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717
-
Filesize
471B
MD593ff9d8aef14b9eaad737532cb00aad6
SHA1c25d1e6db8ca7ddb901afd77e889336fa943fec0
SHA2561a0b537a453f43a1361113d7aaa3079948bf2fc6183de9e53ff60d56dc3ca9be
SHA5128b4072c9f10bbef6c40ece5b6187af263a4986705e8ba53182d50032d42495fa9dc38894afdf3ef52a4fc8adeba01505e948fefb319f53fb59f1d8b5a3a15c3d
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
410B
MD50e899c1411e11c8869f94490f5416daf
SHA1694b168308c1d3b6999f74b86207ecf908b9a3a4
SHA256fd9720bf89c7b993e8848a8c453ad0e3c98d9114c773e7bd54f20cf6f1cbd2b0
SHA5123a837e1bdb8594fa900b480f3ec6660fd46e62a6daf04fda70ccaabe1110d9df6452fa5dbe674006ecf0434798807c9337501d7aa395d6f09d76c3bd5227daa7
-
Filesize
344B
MD56524c65558f0bbebbec63fb493d7afd0
SHA1825558abc45be340e4455d1d668d8e16835f00a3
SHA2567e9f28c341870afeb65f7620fc6d9b8ba5cd7158495d6c40e1e5bfb01af9cb93
SHA512524fda7510dd63016893acf8112c2f9b299b1a88ce16754825590b0208ab4bb586209988618b93892033bea57fe4e9e1034e19b803530d685f27747d113a9a39
-
Filesize
344B
MD5e56117d5f066e5ea6cbf1d7d06f46d84
SHA1122966bd4396143ef46391370c2ad88fcbd26426
SHA256d82523d5f6bdf45ed5ae30269739dbcdeaaf1b60486c7e5b6aa7f187284e69e7
SHA512308a4991f860074aa49b12a8151a20a45e8bf0e81d643d3f893cf947e3eaa628161dd324cfcd86ddc71274b490cab91f339d7622f7e0985c8a7c8eccc078d862
-
Filesize
344B
MD5323131d9bdaa34fa9f0d8d35be3bcb0b
SHA11729881c39d0260cb5c376ac679080e941eba1d3
SHA25610555294df04213c95700a2fe8cec150aec895e74ccabdd30002307f06140c10
SHA51276cb01908be0f4626c3c346add07acb423099e0b3ca45f3482f5e0460f9f3acc6aaf175ba1fea4653e75e9aec3065092edd293b3f02c811a465d9d4149d881d5
-
Filesize
344B
MD5654d4c808f715d2a2d5133d7b6b7083f
SHA1f344bbbcb716c6005d82ff05414247fccf946daa
SHA256f72fd33a14e8ed071df20cefb745bcc91e6e1e2962be6d6bc00d285afdce8fa2
SHA512d152a800cc2fadd0bb222852f9b48af27bd9eea68b89af480ea86bcdfdbeab8fd53d5d4f67e7a5192c063c242b84b5281c6ac4ae1ccb3d2e2236e020036a47da
-
Filesize
344B
MD5cb48b862508f1dab291e8e3dd39b7cf6
SHA1ac3b75831944a626d4f4557c8032e977e73947fd
SHA256d130faf272c0f2259357c0b0788f00480455700b1356c5d1fa0ac0cef40d796f
SHA5129757ae51325ebdc77804d5528263c2ddc992b0712a3a378d7c9c2201f448e6da60ae9e2e431afb92b19ffed707f793169820ac334da6f842e9d95077264fa476
-
Filesize
344B
MD50f59f9f4d5917d968f261d95875cc5b2
SHA11d4c973022befab5bd096ffcca42f9e1f1e339fb
SHA256f92f3452aa351240a76cd6eda6a6fc3411328c1e3a36d8471a7d89cce930ab64
SHA5121fbca2494881703a697706f024cc42234f151b875aaf2ad1db60716419f947408d93590330dd1aecca2e43539b400d1c9f1695dab9e1b9f71df194dd149baee9
-
Filesize
344B
MD5d3d0a8301bab426b9bf8cdea05b7dbae
SHA10a696004c5551bd07edafd1e0a6db44a6db999da
SHA256b933dce6a05e6b6ec87f6aba5bf37c3473dd4a520fb169cb183e3cd44062f3ea
SHA512123210ef075ff0db4416f09315bbdb618db0411ffedd1ebc2171a46c76266a8f88844e5c21e2290b2ecbcbe51f4fb2a16901e7f2dd339370fb1d223f132ce711
-
Filesize
344B
MD5e33361b03e28151d1ffbabe2f72eb4a9
SHA1ccfdabb8efde0b20d85beeb201122738010a3cc4
SHA256675388726ceb90d34d629628057a31e416a65214f9b39bb9bb27f1543f070714
SHA51274dd7979356986f48c5c3864d7cfa5d7ea3053aed809e5ca671c9f53caf16fa3fb9ad166b5c0068c30af94483a7b7795953fe4dce05755818a82122afacced74
-
Filesize
344B
MD52c8fb487441b3be70a5e155014b370b2
SHA1841482dcee965d90713080a7ba1b4f045aad09a5
SHA256216412e40c78ec7aa07f09fe9d64691fa5ce061f2f5123ad5a8a02eb76997ef3
SHA512cdbe17078d07f96ce7f619344c317ba1dde3b55f85e46dba85c5d659583920723569747b6c42ff4cbc680fb5cfbccca4899365e7e7e38fe948946917e9c5085b
-
Filesize
344B
MD52d41bc95eab74c470e22157bd923f260
SHA11c7809735a8a8d5ca3f7c24eb483ce57f24786d7
SHA25626d53f97a35f551c3a114a7b00312296b6476b9c429dc5ef4bdd49c09019e0d5
SHA5121f31d21d3467a48874be8539886c8b1e770b2193e47d43e8a8b923b7ff8f86f2b0f08783421efe51949d1d2c9dd6ca8934ee9ac0244b660ce9ee62430deadc40
-
Filesize
13B
MD5c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA135e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA5126be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed
-
Filesize
5KB
MD5cd12b0836d9a7436627ed71ecc624b8d
SHA1ca25935cfc848b70053f81b18dc76889d9121199
SHA25623edcd5c6702180e6c57b496e9496058096bd86b12c86ef6c49a3afd4584bd16
SHA51285e83021c0557761cb43a55d5bbd59d231cb0adb6f48afe99917ce167718f540a0e85bcf8c56f2cb9da4a3a297ca02f2f156e994ca4051dd4c752342c6b95e63
-
Filesize
1KB
MD596d2d7beb999d4817506d07d540137a8
SHA1fba481ecd20b706f7525b24498b6caa1a1e6066c
SHA25669f733f627944d3345dacd8dc795dfac2b80774159c087f3b9d9027a7088f729
SHA512659b3acbbce827018fd0e0e2948c8f557902f9b155b40e1ae55fca2edce6a0e418de6ef80b444a1871aa3c9930fb4d07a3147bbd6699c0387b2729aa2282d1da
-
Filesize
52KB
MD52f759d02216bdc9ca647538387472213
SHA1ba9b941ba62d6c310589e9b71aaabf5ec60cb4a7
SHA256a41abf79a18d7903cc7a4eb40a7296cbf20b957f6046c2cb6e4dd6198c3f1586
SHA5124200051a06002a42a48d7793428dd386233dd1977a84f9de676f2ab4ba3ed759be93f3700d8b109461765c86507bf247aed39d8f9fce78fbb5764a8c12a57dca
-
Filesize
202KB
MD582f8e09973a0342fe3a4abef0885fd1a
SHA12432658b42c1008d4f41c4302f6c6f1c4fc1c525
SHA2564dce4158779dce6da3ede11337029f817a03f45c9559b1f91d8a7c5ac130f38c
SHA5126ec16edad5325700775374ebf39bcd5176820a33664e345f6b71dd085233411b761b1b4725fb88d1bdc6e3bf11e4dc95d85527b9b8b8ce1f2671563fd3901632
-
Filesize
29KB
MD51a19b293e026e10fa30034f7f85a3219
SHA185e0267d67b10b1b117c41b033698704acd2b3f2
SHA2561a9715e1af7ac7b2f65f32a853e2da82c6a584a53f45cec9061ba96e2d11949a
SHA512f6587a6cee9b5856f33e88adbd280e28b5c3218d1807dfa1f880ed8134710aaaa271d2a8afc8cadb160c1f541e949d02197996224eed10f991a2102a72b330a7
-
Filesize
31KB
MD582ff8f6d177d6bceabfd12c21f797595
SHA131ec08a7032b528bcc48a86722755e4c99f397ec
SHA256f84f4f65c00630a8dd0f354e652293a2cf51e95722f447fb2ea869bbbe664446
SHA512c5c509f9c31ace75a67381fed073d3bd963be90cb19c6e3ab6984790f34ea299afdc909bd23e290c9711e48ecdc5b22f97bb6f4a6a59c758f69fa38f07cb9a8e
-
Filesize
1KB
MD5972196f80fc453debb271c6bfdf1d1be
SHA101965ba3f3c61a9a23d261bc69f7ef5abe0b2dc3
SHA256769684bc8078079c7c13898e1cccce6bc8ddec801bafde8a6aec2331c532f778
SHA512cb74de07067d43477bd62ab7875e83da00fad5ac1f9f08b8b30f5ebb14b1da720e0af5867b6e4ab2a02acd93f4134e26d9f1a56c896da071fc23a4241dc767f1
-
Filesize
53KB
MD54c94415208988a7b27a42059de663f18
SHA1eb965354f8dee13c651207b7f31a1cc4b26b96c2
SHA2560efaf29dbb93fbc3d780879be8247daf94ceaa7000b32fb036aeaa21257cf24e
SHA5124caa4c3915533350c099b70ee06cbdbe08d3f628ba92497927fa4b6f8895fbf1c9a46478340e597e0d52c8c89eb32ad47910358408af22d58e65be2b05c49228
-
Filesize
2KB
MD543df87d5c0a3c601607609202103773a
SHA18273930ea19d679255e8f82a8c136f7d70b4aef2
SHA25688a577b7767cbe34315ff67366be5530949df573931dd9c762c2c2e0434c5b8a
SHA5122162ab9334deebd5579ae218e2a454dd7a3eef165ecdacc7c671e5aae51876f449de4ac290563ecc046657167671d4a9973c50d51f7faefc93499b8515992137
-
Filesize
61KB
MD5f3441b8572aae8801c04f3060b550443
SHA14ef0a35436125d6821831ef36c28ffaf196cda15
SHA2566720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA5125ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06
-
Filesize
688KB
MD5c765336f0dcf4efdcc2101eed67cd30c
SHA1fa0279f59738c5aa3b6b20106e109ccd77f895a7
SHA256c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28
SHA51206a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891
-
Filesize
688KB
MD5c765336f0dcf4efdcc2101eed67cd30c
SHA1fa0279f59738c5aa3b6b20106e109ccd77f895a7
SHA256c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28
SHA51206a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891
-
Filesize
3.0MB
MD581aab57e0ef37ddff02d0106ced6b91e
SHA16e3895b350ef1545902bd23e7162dfce4c64e029
SHA256a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287
SHA512a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717
-
Filesize
3.0MB
MD581aab57e0ef37ddff02d0106ced6b91e
SHA16e3895b350ef1545902bd23e7162dfce4c64e029
SHA256a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287
SHA512a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717
-
Filesize
3.0MB
MD581aab57e0ef37ddff02d0106ced6b91e
SHA16e3895b350ef1545902bd23e7162dfce4c64e029
SHA256a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287
SHA512a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717
-
Filesize
698KB
MD51fee4db19d9f5af7834ec556311e69dd
SHA1ff779b9a3515b5a85ab27198939c58c0ad08da70
SHA2563d550c908d5a8de143c5cd5f4fe431528cd5fa20b77f4605a9b8ca063e83fc36
SHA512306652c0c4739fce284e9740397e4c8924cd31b6e294c18dd42536d6e00ad8d4c93d9642fe2408f54273d046f04f154f25948936930dd9c81255f3726f31ee65
-
Filesize
22KB
MD592dc6ef532fbb4a5c3201469a5b5eb63
SHA13e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA2569884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA5129908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3
-
Filesize
22KB
MD592dc6ef532fbb4a5c3201469a5b5eb63
SHA13e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA2569884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA5129908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3
-
Filesize
688KB
MD5c765336f0dcf4efdcc2101eed67cd30c
SHA1fa0279f59738c5aa3b6b20106e109ccd77f895a7
SHA256c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28
SHA51206a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891
-
Filesize
80KB
-
Filesize
80KB
-
Filesize
80KB
-
Filesize
4KB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
4KB
-
Filesize
3.0MB
-
Filesize
4KB
-
Filesize
752KB
-
Filesize
752KB
-
Filesize
4KB
-
Filesize
752KB