Overview

overview

7

Static

static

3

8b89f64d13...79.exe

windows7-x64

3

8b89f64d13...79.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

3

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

7

$TEMP/remote.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$TEMP/sobar.exe

windows7-x64

3

$TEMP/sobar.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    135s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    03/02/2024, 05:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $SMPROGRAMS/Ա.lnk

  • Size

    1KB

  • MD5

    62d588bdb74e4e2e5d1689fa9272ce39

  • SHA1

    9d0db515d8f65e57353381d707060f7343a74da7

  • SHA256

    248402dd02a096f9721d61fe867fac5cacf4dc9001fa2aa6a50a59f7405606ef

  • SHA512

    cbb47f7e4227177ad39a1c914e00e0ca13209fe0839d13819299ad203572b69026c541d71c5101e4cdddbcf7786c6adf339af3e4b0aab65cb188614f646a893e

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$SMPROGRAMS\Ա.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2200
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.mai520.com/?taobao
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3060
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3060 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8b2365b2d3ea096f8af2b64371306900

    SHA1

    52a34106aabf59122e5d9e64561af40246338b08

    SHA256

    9b41b2ea1d1adee3707aa7d8446c9c6ffcbcd13aaa9be6728fdb323833d05c78

    SHA512

    a505f8e56f0ee9e28c3bd3efdeeef6f27163c981252fdef229462d41effef135418ffa72c14306e01a8c3f84ce075d269444eda07b70a1f54261fcf4683055eb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7a4a8efabaad422cacfac9fb3f9a3721

    SHA1

    86ac60e031a7caef1b5f34b1aadd8ca61d00416d

    SHA256

    7ffe9cab5d35d44e1aa212e769480420ae89333b64246884735bc4d7ce0849b2

    SHA512

    ae66b7b4bb1136481991807aff9738d137c75b2659b1e36ace4b99544d6d3935837678337057c46a8e1652714bdff903be669e5f1e044f5f295dd19875f703db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    da2b65ebb04b73409d754cb3c3cc6c9f

    SHA1

    db9d73a362cd1684a34b766745775e202348249d

    SHA256

    7799b1b091846b9384a4e58ed9350adc11ccf147c99de48a5cfee9f7b3a880b2

    SHA512

    f8ce0cb9f3a1c057e54711c261ca8ba0f339a771f28b8d23e609c8b489e1a72891d43ab98553e260279a5ec5f2eafb5a4ecb39d8c99d84fcb17126fe3f6cf105

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    21f95b77f11a6a8f20311074b48c07da

    SHA1

    0c31aa8c9081f9db72a31de572e52a4f3575d8b0

    SHA256

    d8bce8b1e6e4d0598b444bb4a8a533f06a36e2055d921e3f76796f78b39c52bc

    SHA512

    3d3ba702c00d12d843ead4a5b6c6a1e7d180268008accc57bb7a3cd997b50f5554ffcaa60aa55c62178aaaa2942765052060f15cca8fec9a34b6bf4eb0bab4da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8e1b265d4f83f81855871f25c7412825

    SHA1

    ac535080bde524f1d9f8e2ddf4079e0f68036f28

    SHA256

    750adc59453dbce307462a3030ff4a11335548dc46d727d75c015f7e1e8988f9

    SHA512

    05f9f19dd40500963bc9144430a5f49b418972af850b81830e20c263edc4fd4eb0bc94083d34f92cc5a95904ad57827bcdf09bb7de217710f9ee415fff6813d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    067f4cd004ce5bf65408241626a181af

    SHA1

    438cd8c8717ed7691b5a1eeda8d617f3f876730f

    SHA256

    dc756ed0e39d042cc02ded41e96c0f3a7bf872544e7cafe44133efdc5bd7bc39

    SHA512

    c44a8603db9f1ce58320d4204ed08bb73653c36a6b3fa896b6b28f897bfd2d65a9849a8ddfecd8ba329ff97950ff8e7b9a3f50de659dcdb33a74e356a5d1cb3f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2023d99e1252983f1d9184ff205051da

    SHA1

    fea4f37123a8018a7fc56bad277a6f6ad0dff249

    SHA256

    f5e2a484e90a2cf3d79231b5e43fd96846a249cca6f81714da5dbaf4b4aff417

    SHA512

    6f75d75f64fd42d9b7aa09908ad3cb64d4f6fd52b28a836293d338435bb940a8f54a678a776f0b71471c490bd75b7a6d74342359f163ada1617781efe2d928df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a54749a2c2ef5e4284637dd2918ad45b

    SHA1

    f74a95336b7c28a42f6a3b5a517b862225449100

    SHA256

    a6bd16ba0fad51458276984d8a867f534528e083440540a7fd08ba27685b42a2

    SHA512

    99772ba252eff33c77d451b08bf6fed9a75546dc5d45222084b9873b457f446ca47e0925d857843ebf48ce196f4a9312e7d305a100cee982c3c66595401fe5cc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    20da9a14583d6e82114358a6e0e109ac

    SHA1

    a0544e85bd70bddf616bb758a9b9ee7c0cea73f4

    SHA256

    f7eb12116c68f76c215b682806af1c86f8c5994cecedf61c630390645f8e9b65

    SHA512

    3fe1fb9883bbfa520d7e9d919351dbebb02ad9e0e18408c5fa596b481318006942aebb9160014b660b4cad41f09ef8e1ac7244218e0c1922cc5f5e3ead9c60d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d59752534057753c3973e483abee4a73

    SHA1

    bb9d7790d5def842bda6fb115d9898a912029b5f

    SHA256

    8d7eae6d4be9c2a156377fde646a1b2623f4ee8283235eaf4f2790834066c835

    SHA512

    bc4ee29f5c33e77c66b1628de73e7b5ba7bfeb000be87f1afa8960dbbccdbf110371b03f221c7bbaa4fc0288d202593fbdb8e1cd15c8299509f3ac1b163a3fec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0073d06288eae3da5f4b36cabb23a5de

    SHA1

    87a9313242d4273f2d7128ceb50babaaf3f4009a

    SHA256

    2f3fc8977de9e29500c660607677e9414d6fda67b57f908e8da34093b002ddb2

    SHA512

    5db04deb515dd62c482290b5407c49c9f0d597c4d3a647dff60b8ebaaa1dbf2e09fb145c63fec3266759686f6e5f4f73ce316c123230ae3768d5df4b963510ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e77290ef5bd50442b4a39bb3aa937916

    SHA1

    70eea2332c084dafb80b2d4fb4539d8242b888e4

    SHA256

    b971dce7af83a8761c30c929d784854fdd1a6d9cb261781a554ea334311ecae1

    SHA512

    7d3c22a0d80bb9b43d23f449fb8c960e40bbd47e71e729cce21cb01ca0c48b61548e218291ee0293a8e839b26c1ccc27c874dca218cf7b020c2137bd0ba14545

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9d922a930980cc02cf83dd98487dc77e

    SHA1

    970995591479b2b04dc2d7bdbff9fbd9aa06ee4c

    SHA256

    15ef18a3af5797dff3051784b48f860c1a7c05c0ac4e7491b1eaf70a0a808328

    SHA512

    7328d642b9d1d3845703e687fd3c78a9a8611385904f5ff58cd32efec5996d09a15e2d9ecae21e1ee467915d21492c41c2221bd244103d45b75ccd7bab926e5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4ccbc693855277507a5c049ec2365857

    SHA1

    c29596217530169a3ed9fd0202ffa4cd0db115e1

    SHA256

    dbda6293e224565897133f51395c02dc9f5975c728cd2db1032663fa4f66519a

    SHA512

    b9a768ce2240f022cdba86e347effbdf5057994edca97f31f7b88284a3acf5dc7d6830c6169bbeb2d09467f95e423516fee36a7bde35fb9aaa81d96bce55e492

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab42.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar110.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit