Overview

overview

7

Static

static

3

6790683810...4d.exe

windows7-x64

3

6790683810...4d.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

3

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

7

$TEMP/remote.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$TEMP/sobar.exe

windows7-x64

3

$TEMP/sobar.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/01/2024, 11:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $FAVORITES/Ա.lnk

  • Size

    1KB

  • MD5

    62d588bdb74e4e2e5d1689fa9272ce39

  • SHA1

    9d0db515d8f65e57353381d707060f7343a74da7

  • SHA256

    248402dd02a096f9721d61fe867fac5cacf4dc9001fa2aa6a50a59f7405606ef

  • SHA512

    cbb47f7e4227177ad39a1c914e00e0ca13209fe0839d13819299ad203572b69026c541d71c5101e4cdddbcf7786c6adf339af3e4b0aab65cb188614f646a893e

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$FAVORITES\Ա.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3052
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.mai520.com/?taobao
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2708
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2708 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2384

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9276f7183ac92a9c7326f71b3477b0e9

    SHA1

    aad95d28cffcbbbaa6c86c1f10428bd8f2e2d6f4

    SHA256

    cf3c7fe4dca0e44d679030fe022a905657c4c93e5a08b0d792a0541834e0bc80

    SHA512

    ffe9e9ab4f1e7de4da7461628c888a0b2c314b1cb406e0c3467880578783a9e387869f70bac2e98fe296f38b66283a0e530b8fa5d0833c95c0ffea08f8793b84

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    88f0543063d6435b846ff84132363737

    SHA1

    3f4296df2cfc2b9e136ab8f3fece848d8de12ae4

    SHA256

    33ba92360923f24797209f9911317f1955f3ad804ec9a069492d443e36fba855

    SHA512

    d1a7f02ea6cd3abe4362b5de6f28d1236998b0b49231921e528e5de3f3a162b56b6afdc4129483261fcc7b1ada39e6d790cea36df04d313b2c454d21f23eb3c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cfad55a7541671eebbb133287329e66f

    SHA1

    38fe365f5eed76384e71cd6de031c9e4e7198f84

    SHA256

    9ea97f10bd9cb7f992cfba9b85846daa07e5494463ce158f002254d9467abb30

    SHA512

    605357897699385ecdab7335f0107ef5c6123def2d8e41814595990cf1429a6dc4605f14d4edf82fd83df5536f18ea698e9e14b9ca19fcf0805933b0853b03a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8490762e96916e17d03aecb21f9bcf00

    SHA1

    d41894065358e8427aeaf7654ed709fda9b35ad4

    SHA256

    cf6702d7096bcd91c67370a1f7d672562cb2d32b252d5b707726b0e64369682c

    SHA512

    b5ed4ae490ef838020872b9d4deefaff413be1e2d2d3adf2d85aa799c1ab33a042f317d1999cd2f36f7d92069a0c7ace06bf264a5d28ec4c8941f58687b4dad6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3dcb521c8d08695c70fcdb843eed4fc9

    SHA1

    2f4a99329ebf04c806a824239d33c969691d3e9f

    SHA256

    f9c2ea2ea9722b303c6ff614851a4bc57fb877e8ca6f259552352810c8aee1b0

    SHA512

    138de694705bc44649ab204329f82343b9a9ddae158b6fd2a6ec6e9bd86bbb6f88370dbb283a0f027ab9224f9f547faa224d4ced437f5d5a3f00463a7fd62f56

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    de07ecbbf54c1f7ebe782275a247a90b

    SHA1

    ba153359eee50c8efe1aa4fc8b82956afb945531

    SHA256

    fec07a18c0739fb979a9695d6ccd2a04c8b704e6cae51c1742af7573974616a3

    SHA512

    9c109b751a2ba5f71864e18462c4c2ccad8803c1d84c347cd544aa2748525263f56170ce4e04e3f350e3dc2576badd599496b096e0fdb70fb2309241bda3129f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6daeb8856e461bd351def19dd16994c0

    SHA1

    979e614de1caa7e2e49450030ec14e5f47d36b02

    SHA256

    45b48cf3f9a74fee8f9ea8d20d97c1dd1c1f221c9e988565745e93f09feb70b8

    SHA512

    d50cb0c46163e6ff199345b85244da06ae3e51db49dec3a76d6ea095121aa6e36ea75cbe19aa541760132d12c7ecb3d65cfaec481eccfbba22e4adcbeb6a8036

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    964184353fc7576e623c36cb50e23209

    SHA1

    e31721994ab94e592d0ae758468b096231c8aced

    SHA256

    f005844e6b57af13f68007be024552f7ac084499a358688ce0c4ac0cfc6837d2

    SHA512

    a5906b749b03834a0961fb21862fbabb426a84f8765a1b5f212b4088a911eaf0f63adf7dbe630ca29cf81a65263cde4481be87f35e18c266fd117295954d698b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    97bd5afdba8865504f5e9a903c9d8058

    SHA1

    9c8c154fdf1e8d795edc1884e5f74d0e5c425827

    SHA256

    97c4ab424a7a1040aebc96cb7701eb1b79af05f3e32c8b6cb81cd1f6f9659454

    SHA512

    6842b3e5f9f103b2a2afab9e0d1c396e89afaeb02e5e3fb2d095a05fe188f133380c05e039bccbf29a85f49d6cd325dea9899d6347b54e5ef6fe969d2503c019

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    54b2eef419b8f8ee7a3648af75e95c8d

    SHA1

    2d304fb3f06e56e661fc77f2f3d937a9b8ea11bf

    SHA256

    bd0abbb61dd094609eb519bc8f51b091d1ff66d66c93df1a672d1b048781afec

    SHA512

    757cf945195966fc60bf4926c6bd1a78c9cbd05847a28f2875ab3201c03e8922c80623b39ed8f9ef1089c7fa978dd6866a2c2ce72220fe123896c91550fb8745

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8516e20cb9996fec5df918c221356f73

    SHA1

    da73f9b565369976f8c6ca16b01de278af2755f4

    SHA256

    7a0eaf381b2780cace6d8b89956460f2aaf48c759f5d89a28148c6a16888c9d0

    SHA512

    1fc8c34065b39a42a6c7ff59e29423cb98f9e655138bf9a454f260c53ac808deb5b4f2c79819326ece3f47408b5199a90ec3b5be444321ad59c339d7a0b61e27

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    38667afda33aecdeed8934ffeec06dc8

    SHA1

    91829600ee7b6da21e02fd74bdb11e2572077e71

    SHA256

    b78153072c8994b59347a4c6e3aa4294e84eefd18f0aca1ea88c25032b29c348

    SHA512

    b4ed3f56e442f26dbdbab60170e5cec58bd0687c03595c120373626fb71734cc81db9d885c9b32d03a2272fe5a658e0d995384058e76e4643d2f9a473148233d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3818ce81fadc81dde98ad572065635a4

    SHA1

    28b296777a6a4037a02deb2aba8456eb2c199917

    SHA256

    e180ac7f2762c4af73696cac40370641f531ca5c7370aaae2430e7e1f7029673

    SHA512

    ccf8167ecfcab43ffe1b469f2637f303e025decb447a02178e833704a82834eb94d562e3ac092cafbdf7692d316860de970035f1624c52d10b5452b51e4ba80e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5f857082e882b951fc4dc0a7b015bdbd

    SHA1

    5c1f2e68ef26797b7758ac8fe022139b889049be

    SHA256

    303f6c82e4b52f46a5f47955ff9d7c05d3639c8e666815eb64fd4f8befdac009

    SHA512

    2577e62b4c936dbd85ca6b32347ebf43fef0f81f130278391e116fda3950fe4d4dde3cd1a41bd34e2e0d3c61525bd92784756f384c1673aa4e9f20af37377846

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bb6f9abcd5cf295278edffa1048b5be3

    SHA1

    0e72e2fb724824036bfe8104ec0b1049515f4418

    SHA256

    a43df04f7bf643f36b88f059e8ab6fb82b7460387a7cfbb3b718fb0eef3ef0b6

    SHA512

    73019070b668a24ab3959a4bf398927c009ad7a704d64bb75cba359f08259d4fd4d7d78ec4a398e1ceb498d31bb440e148a2ce5343bd364283fdf06bf559149c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5f6d09f9752032538268ac69c7fb84eb

    SHA1

    0d902b9207b50b3464a265ae4bddd0e67b0d54b2

    SHA256

    ed6e6cdb6b577d67fcfd6eada33055aaee80c274d72718f3c3818145647c15e7

    SHA512

    da35793ee985c6dbb220689cba5010fb7c1b93215970b27f36fe7a89ecb7ea387be84aed6ac7afe88678ca86133a1f3e71ebd1f885694b2bbfe1948c7924fcf8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab26B5.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2726.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit