Analysis

  • max time kernel
    136s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19-01-2024 11:57

General

  • Target

    $STARTMENU/Internat Exp1orer.lnk

  • Size

    1KB

  • MD5

    9ffaab5f197ee38cf1fe65e19d4bb217

  • SHA1

    39ee57d785cb31b75fe79879ab5dfed14eb1a28e

  • SHA256

    6a1bfc7b4d0b3c749f9a5737f7f0253c634bdd62fe812948807c6beae039ecca

  • SHA512

    eaa04c6437eac713912a81b2e11f97cfdc38d5d5bb459d7f4ae94d140b2bd4d74685cda43697f00b6803b1b58da3bef78ca3d9d6a4b9f5e4278ff2451aee512b

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\$STARTMENU\Internat Exp1orer.lnk"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1720
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.113w.com/?waga
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2800
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2800 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2584

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    70ddcb60f2eaeb291903253b8d9d6fac

    SHA1

    2ade3033f76315b8abf7a8e322de184fb04db442

    SHA256

    e23f1b29afb046d155769ac65101128441e4ccfa98c3dbe275eaf4e12be60ea1

    SHA512

    707dd17c1e9796459d41320c92887fe355a96e17d7e67500df02ea41361df5f7e8ac72a7fd2fda5a5bfee44df1e3df0b0b04ccab331524daf771440522439af5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2c4963973313d7596f572ae1e913f4d2

    SHA1

    f1ecc810b841c5641ac72f03a3dd6cf6f5555065

    SHA256

    0efaa1749fe78ad574a5ff33c0fbbbd158d9ad5dc16449d68501d49d96082f7b

    SHA512

    f962e257ddaf4595f1442e18f5fe911db99fca84dffcfe67df4d79ccc599a01983cbc673137bfe5580d0fdb67bc3888eb7c2ff067f9746738787cd464da359fe

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    44b6b265fa4df69c3e63f9bdd09ff77b

    SHA1

    f8fa7cc496d140bd5a40733907d73d660ba9117e

    SHA256

    8ee8dd308db7c2301c3f67819694cf8b4074c58366913a585f2e937347ae303d

    SHA512

    76925176286bb3636cd825e69a561713ad24bbe8610508efee6bcd3d30b5da8b10da754071f894d40c63718b1a44a89b484d71c714839434ee72812d7c9f47c5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4b826d4f483ffaf509fb717c5a02319f

    SHA1

    01fd98898b44030e3a049c51b504bc652625521d

    SHA256

    d77d3c532764f5711bbe77fb55bed80753ab8151e73ca00878868e4badf87107

    SHA512

    45b2cc435658c069b643702d1eadb32ae9745fcce487e7c1ae5e2f73fe436e6d9047847c73380d25d5483aaf5572abc229d68e2d6f9d90501915166a212adc76

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6c916d7934876e523f1760b6a414a026

    SHA1

    aacef52a1b1863e745ecfcdab22def5aa22e4421

    SHA256

    7abe71438502499e2ef36ddecdccb77492867f3456b9c5ffeaa582cd70e534a4

    SHA512

    c7b80714984cd3ea5a25a40bb435d142cb05f8300d0923f7741504685456648005228658976ccb801eb4220d5de9c939bb34455cfbb4f0b68f06ebda0d8c1ab0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    23da3736902d7fc5e78345b4e081fe11

    SHA1

    1f1433d5579ccc0e417957a0078379be573bcbe1

    SHA256

    e15812cfcae1ad8e68052f137acb131129e68c27f466536368de68ad3b14ec55

    SHA512

    1f4ffa7903d4dd83ad05e9f4220599925ade40b5060978cf857d7ce1e3518d773a585925ca64a71175bb077ec8a0e68e94438ed13f1a13ddf673d1e53daea8c8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2e9c24976837add64b682c779a506b7f

    SHA1

    08952527039708c88caabda393f1772aa458a76c

    SHA256

    beb6107cb56c1f66177706f08dd93a25737c8c5dd08f796bbe16af8cd159241c

    SHA512

    ed003abdf66fdf8baf61b0f86f34e29d369a6d6cef3f3173f315fce17158b391fcf8e8eb766a2c892e0c7e8ea2cf00ae1e698dd56562ff79342de85f98ebb04e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0c1b25de79179673124058dee0e3f352

    SHA1

    4bd4db4c58b1498c4fc096d1f2da8f9691465daa

    SHA256

    82c6c58385cd71d5e64616014cc12c7ff5a801c62dc5bac9ec46073521ea97b1

    SHA512

    9e1d535bde6dd33a5f6e4637baa08fe156d2c29a56b4db6e8ca36fb2805f4acfa46a898ae3bf8321169ded39ee8af8d4409790e4ef4eec99011713e3cb9ce7b1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    eeba1173a94d297f058269806cf17293

    SHA1

    117ebb30598c88755e455ed525d08e79e88d3800

    SHA256

    86ce24b523dde60dee61272204ae1806338023e2947214c1699ea6ed78249bda

    SHA512

    633af6014dd4129e3ce532e60eca649a4e032e14643c65287d3c6dbd07690a1c2603084d2c81d11325ca8df4211a1df5f87df01d89081ba532b9b90a08d60fd4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    16b1279f3be6cb4ec3d8fbaf4c7897a6

    SHA1

    aec8d2ab351d0161067ca8b2eebf17f59d2e27fa

    SHA256

    51334b49fd1631569c07addde459bccd067521bc4bbdfbc8dd53436b321c6abc

    SHA512

    4b11c347f8c9387d263d67c41fbd0ae4978066461d28d22e9aada5c09e45bd0fe88b2b0ab19deb27b57c234dbf7c76161f824ae7b32d73ee75a85fc067126aa3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a5f7f543942d9b48c5731937daaf2c18

    SHA1

    709c800631b0888013ee2070b7cab88bc445d571

    SHA256

    f380fb85ecd80cfeea246b6df2ff981a5201823671ef574c4f4b63dce4a99e55

    SHA512

    1247695e4027b5d560c962968bc52a22897e151c66d718fc72feca029ab0cee9024c8f8e0e70efaf403b90233cab8e2e97bbb69b2f772f6fab33dced3d7b8f75

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1ce4846f2365b5769b09b9bfdd27bc7b

    SHA1

    871eabad077331b2988717ed88a4dde55ae41f5e

    SHA256

    9d93f72095ab6deb0fd3776c3a0e06ff8181e9328e5a00ff278b3b9931dadf4e

    SHA512

    78131f4a559866d1b94111154221b2e4af69ae4b55e878133478b70e1e94e992d898860070238749e6aaf64c0ba21961a8c4bacfde4db3005a8cb769847109cb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e8b613f45b8cac6f50deef8e063e0c31

    SHA1

    5fc822feb26478f86a5120c6a24e2914cea80131

    SHA256

    dd2d0e6b61b1ee7cfcf8793f0379cce1637cc3498434c2d88b5cd3f355730dfb

    SHA512

    43d03d7aa0fe6674a9b4bf93b0707d53f7ee7dbaad142974afc103772a08a124fc49c33be6b02a5fc9f8a3729386e3d4f935684548a527b22c610e0efc3f7761

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    30557a9eb3b83a2a47b38fb17377a68e

    SHA1

    93eefd23f254ad64f2175fef4795e2a1793622c0

    SHA256

    c8e5cc81c8235cdcc660374956b32ce5fecc0d9b6d2e389125edca53a8037ee8

    SHA512

    3690c220195fd8f25fb2fa4398aee7267a7c7deae01bfc94215159297369de280f3e1b251bb681ece4a0316af1e9099b283c7aaa5beefe13a4b3d8861d25d461

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b315c87ce86882f16ae492b5bd92677e

    SHA1

    4b8a0bcf14e5e1916edf753766a4d22a009dfefe

    SHA256

    86a9bf1b8b3478525ad014006b8de10ac32ed517508fa58e8b55eed77d9da2ae

    SHA512

    35e2f3f171adbb56f995635f6a42e36b5cc0169903fa9f28f47280ee9f22b1d2cef82bcdf32d69e8cda8cf742c6363d142bbae447138557ab46930b27208d213

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3f34062d40d34617ea425761c032c469

    SHA1

    4e558251501a00e616c40044726ddd7b268a58c9

    SHA256

    5081becb2598e6b96e878f269016b14492adc0508df6f51424826ce238830e8e

    SHA512

    cf5c81d4e7ba79ce676d084d6385edb97ebd49ff65144edf51e1b04083a5b2048ad5ac4ce980c5cc23aeab0856c7bca56e85147540394f4edb7a57316f626785

  • C:\Users\Admin\AppData\Local\Temp\CabD1D2.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\TarD2C0.tmp

    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06