Overview

overview

7

Static

static

3

6790683810...4d.exe

windows7-x64

3

6790683810...4d.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

3

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

7

$TEMP/remote.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$TEMP/sobar.exe

windows7-x64

3

$TEMP/sobar.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    136s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/01/2024, 11:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $DESKTOP/ԱմƷ.lnk

  • Size

    1KB

  • MD5

    3801cf5240ef322de5fb53224f763068

  • SHA1

    e4286f9b6e5986b6a237bc70fdc03e8a36287e11

  • SHA256

    23dde6d591dc39c8b7901a49ce2edbe1591ef2b68d69700a4c81fd741f2d714e

  • SHA512

    3d26058c20050e236cb78533485dc2dd02ed6be0ab7037e8eac5916b75abe189d38f57ed45899787cbe69318ec4d6763633d1a8a96600fd0b20b83aaa9f03ef4

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$DESKTOP\ԱմƷ.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1692
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.wagabb.com/taob.html?desk
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2848
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2848 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2876

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bddab0480dd6aa45a2dd05f87bcdd7dc

    SHA1

    43e92dd9d28113236bfd0f0c0f3408028c73a774

    SHA256

    4d4ba3fe44d081191749b97385038948c3c134edfcdfb9f37b7270eb8e74cfd6

    SHA512

    e393f00d2e800ffde4bd04afdc621d3a77667ea3d03b4b607429cd3487806a7c6d4fe4de4a7ecec62ffde38697f63ea47a200fcf78f557cdcabb44700fd9181c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7ca74e41df77eb399d433535c8ef80da

    SHA1

    97773ba020951f8b368bdf3566d47e972f646d43

    SHA256

    edb5986d092b5cb9d2ce9a4c3f6703e2c0ff63fdc4bf9d7e78015103347532f4

    SHA512

    b44b9885ab3ff9ffa955faac25441844c9aea7c5b138739c0d1dfc8b5e93184185c938f7915d9d72fa5f5e2db877e07bc08d1e85a608c0f62d12eeae9eac950f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7ed49520b9af704dbebe7565be9a8c17

    SHA1

    d7a7f07c7e2c102ba6f402a2017d2571bd47697f

    SHA256

    6403cbe0e1a9b412cf9fe78819c0d043d5f4d4c91fd7e802c68385161d85775d

    SHA512

    3427dfb01e266b0f22886c73a2020c009c77f855576eb02cfdb47009a35091e581a86504f7cf0db2ffe5aa6b3b0dc7c098bc6f83119407ef8f90258a6d77d47d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eb62770e3647c262b6af54cc91ba64a8

    SHA1

    f67c964af5d7554394a9e939c31168f33f74866b

    SHA256

    eedf390fb15cac4d86279ef38d049eec752e17e7d4d3825a15991eb0ed7a193c

    SHA512

    f46692bd3ef67a87322e09b6bd21d4876556579d08ed514ff3f7658a5fb57070929a60c6a362915cfa54ccbec2f2167b66e7f37e88d23cc88c3c6738b96a712b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8ff5e0ad6a5f03a375e578d7e4b48f36

    SHA1

    9214dd03fb298f1e81e8479dbde48ef309d91f65

    SHA256

    f9bed218ddace6afcf9741e3db7d406db8a9e28c7284497b2e4dac36dda6d61c

    SHA512

    84e8793c507f77a34073e17fef31215c8a0f6f1353ee4340d5a4ccbc807309d0fc00e956f65fd1a61d71036f307dc2d2e696c2264e11d1f1986f3c5130b44ea4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4e459d2895ade1c66c0897c60f23368a

    SHA1

    5af1a6ac71367d245ab6cf020f4593789dc2addb

    SHA256

    7672eecfc1c3e0b6b0ceca087a302e49b77abb86b235405dead97ea8ba6eea99

    SHA512

    9b145f73fde41c3dd028348b5da693f38236d62b0dcc10b08f74a4b089504aeb7e8f99f8f3dce6e0f7bda35cb54a45b68fc602584f9b622304a60acf5ec03c2d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e6a1b6b1d42a46b3c16724ae85470b59

    SHA1

    c236fd679fc2df236731a9e329897b473630138e

    SHA256

    ab74f4eec8953fc73b45c5bfbe65304449cbd659e7d980cc740e671671533409

    SHA512

    38ea8d27454a69d342e25de0ff9f3316757ca5129523e5632465d00d78d898f0df906cbc9cd3ae2fcd4c496934cbabb1d013597ad4fe0c5753599a874b84fe00

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    17324a339297d6f154c4e4178b48e730

    SHA1

    99b169f69334930bbefcec05229b81359cc096f1

    SHA256

    325154a65b671f523d0d6d159ff2a1b16933a1faeddd668b54e075b315dba5bb

    SHA512

    80b340bcb147d3c345e07ad66f74001d242b7386019118d3b33fc1caac56b7fab57f9c79234f7c5826932de490b06773fcbef9be445f1933ee50b1a8ae01fb0e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    da3f340f23148d2ea89ecef659da8e3f

    SHA1

    2fa06369631c633dc6229795fb257c43a3d99687

    SHA256

    4a29d4f786608daf64fd4e3255045b19b187be9685e6f118670dac62ad5e333d

    SHA512

    5c71a455560a8844bbe37a24faaf439186e418961484fe3ca070d9ae0d5dd2764db256cb53261358f70fea28c185e21220fb89eb2d498846504c5b936e500c08

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fc51c7e07ff67a1a0f2b889bea2f63c1

    SHA1

    06e0298f98079cb6c5a8bf67d76e90fbb2e4b38e

    SHA256

    6cd18087585937d832d2f1e0ac1fc50f14f55292ecf33dca8a3ecb647edd44a2

    SHA512

    f6616e8597b63344029422be0da878cdfc22c8ad1616c48e143962827fa71acf2d4f2527b900478aaeaf630558e5c9c995d09611c2e9cfef1a41d724243e9324

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f7b85fbab89dbdf39b58a73c92e49c2b

    SHA1

    c002b16fec5627e18127832f118f1b1f9904fcc0

    SHA256

    5218b4e672d9fbdfba06106dbb8297fedc9949d29eb70d5121b2dc218e765f38

    SHA512

    f1505b8e9b4f35759478c1309ec2a64c59966c6d03cf25c0ebfc05303d10bc93082d889f228e9bb799502fcf321d3c0b65ecd015e28f714b1023d5dd8e5ac50e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    418f1e57cb5885be9a4a3f71e1c6e0fc

    SHA1

    f8b28042ab3a705e656fd2a1cb01a905dbfa63e4

    SHA256

    bbdaffe8645fe3036f4c8ab09ec2cbed80a389066caef9ca070cdab3df02bda8

    SHA512

    31653f15baafe6b2ced945ba4a57f5949c66c85151f928f25ac20aca65cb25d6756790b302d183c5cc265ae8ba1829b3b558ac849d2db31d8d8bd3c1bf682a86

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c062b21a00781ed8c71271e847323e13

    SHA1

    a68a4c6b97dd0b890092ad5200f9b7c1b0aa5f22

    SHA256

    1fc97e8fe965f95f96a35aac7d114cd99fc176b55f18ad29674c05e6589f9463

    SHA512

    70739d72e9736c79d01e4a0087e6ba2242b80212183a6d1160ce250063c1d27fe34c0d6b84c3bbf65a15af4bfb4f4681a9f853c9e6e86ea5fa1b60c74c35ed8e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    31b2147f996b13fd05ec68e6385ac2e3

    SHA1

    adcf09db613acd5e6775b3e4af12f8aefa62f4fb

    SHA256

    78b40abc0b34105b3b1c58bb6fc437f4ee9292c1d0ed016dda66030db6aed6ec

    SHA512

    e2ddb856cab21549c9489297bf75207db4521b48160be95adfed50277f9fddfc5d0ee0c093506f1636b58bd19795530c1c4b496914d243399a6dd9ad117181da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6a213c760731310a2e6808d43e31290a

    SHA1

    61af16105e7d04df674abe6b0332a4f200f58772

    SHA256

    5fee501494424f28fe4e62be075a1bcc808fa9d8ed2fd239920dc096c5440da1

    SHA512

    3a6e79117a1a723c067973cc34cbed04f5deb8126180c8373f566aff6938865ba4e085bf7e88fc997f37e83d111dde651d1517950411704049400899444fc98e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab54F6.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar55B4.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit