Overview

overview

7

Static

static

3

8b89f64d13...79.exe

windows7-x64

3

8b89f64d13...79.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

3

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

7

$TEMP/remote.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$TEMP/sobar.exe

windows7-x64

3

$TEMP/sobar.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    134s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    03/02/2024, 05:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $STARTMENU/Ա.lnk

  • Size

    1KB

  • MD5

    62d588bdb74e4e2e5d1689fa9272ce39

  • SHA1

    9d0db515d8f65e57353381d707060f7343a74da7

  • SHA256

    248402dd02a096f9721d61fe867fac5cacf4dc9001fa2aa6a50a59f7405606ef

  • SHA512

    cbb47f7e4227177ad39a1c914e00e0ca13209fe0839d13819299ad203572b69026c541d71c5101e4cdddbcf7786c6adf339af3e4b0aab65cb188614f646a893e

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$STARTMENU\Ա.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.mai520.com/?taobao
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2728
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d321584f50942d2727ad81ba1d375c2a

    SHA1

    214eeff5fd9675c62fbb2f87163392b1495e5d52

    SHA256

    bcff8d3f3f9f0d82ba5123ee9b4e7724834a33cf4e545fdf5ab98661020deb17

    SHA512

    158d141ccaba35f24a098a24799b12913cd791c0adece1ae80c21feb52df551ce3ef08ec0800183cf66ef73bcf413ab9d515876736519145694971fd8bdaa9da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eda99f955771d177783b8ef562ce7276

    SHA1

    b7d9a8ff85866ce7e89bdba6b7d638c494c0cbe5

    SHA256

    119ea2f9ea2d4280110c70417512e835a6f76b2325bb300927675262964057b3

    SHA512

    f96bd60fd5273f65cf4828b29633a1ae45546829a0eb6a860dc64b770d0606c07e3d5e20c6e179b7c93b90cc8bcb281e401989e5da359f88d7565af60016be92

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6a86ae8d2bbc0688ac1a749d999647c3

    SHA1

    bc4bf3661a1d40914ba2121c30fbd54f81e8d4d4

    SHA256

    c93e5cd6ba1a22962bab630a36e59fd29dccd4d83bf7b5fe0a7d4bcdc0a70052

    SHA512

    9522c0e9d2be7f1a8017a85f3fc8cca273f45b5d61703b16caa6e3287928a012ed17644b3a39ffc09bb04011e44fa0fb7325d605a21ce5267e8019986e8f9577

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5b344042d73f202ec8500a52988be184

    SHA1

    d8cf6d42067c46a4dba82f02c5bd84c4cbe8b390

    SHA256

    6d88722e28652e674438155b01b58a865087533687772ea5eb2db7e2863a7370

    SHA512

    eb106cd95b2d709a54bbe8419c6917c3329d32d2e83b233fec1a6b96f4a5bf0675e3ce9ad62dba0288a8ccfbc8aab7d8378a41a37ed6bdca759dfd0216cccfd0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8c2de0d0d78b848879aeb0c303301cf4

    SHA1

    77810bff33d052f5c07c2df9d8fe2ec26ab5d7e0

    SHA256

    620cc67ee3e716e239c9c46bd33cb6d2716d2b5e094a78495d8f0d0d1e7b7fcb

    SHA512

    cf9637bad0185a90ef76cbd713623301d0dc576135b84057bbddb1ed8cf7048f0cb743a7ad9f22533e3e58c4ca76a474a52aeacfc8bb31f5e24c05ac007ac71b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e275aa599d03b5a92b814319692fb58c

    SHA1

    bb806cc165385cc10acdde88efec39134a8b2fee

    SHA256

    1be796eedcdd2be73c54b2d6007949ae176d5600b4b893a3ccbaf852437b7461

    SHA512

    48cf20c9a01165515726162230d921803a49fe71ba02e2174ff4c5236688216d8a53936107127c4d68842a3bf960611fd42e7f4c51ef8d67fb01c79294af5d7b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7d2d21d21abf34e122e1ef4f53a3fbe2

    SHA1

    1e9eed14a0426f05ec1b6b5846a74ab0613ffec8

    SHA256

    5e18e21d5e004ce3629d0685f70e7c5be90d29c4180b4c5289bb5de723edfd49

    SHA512

    8fbd1156a16498a79bc3d46020ffc2dbf6a8e423baf5d14406066dd097646461925fd7e28946d42b97f7ba1c1094ecabb1ab638634f704935eb609150434822d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d84fedf78a561385d0b57f53202f1a00

    SHA1

    02ec227007e50d5a1f7e9769286a32212e679c5b

    SHA256

    c52491cb490bf88682862ee0ab808e93277de6e408958f013c6f7b30b6040b0b

    SHA512

    3e914b12b08711bc86fba1d229e5da1a16e34725ed36f81df6ec9ad48549bf5b78d7478fef82c088c06d07756c1f1c5fb38fa426def17719a437a0689cd64b7f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    45625669fe43d1535680aa0d57dfd072

    SHA1

    7761a35e64e588318f54e40d9f878f8d61f49034

    SHA256

    33eb208dbfe550e51a6bbd22ad0d61f9d839efcfea09a6f26ccec733dc325787

    SHA512

    d29e826c3a881f03c2faba4e34e995e870ad63e692c236e082cde3c9dc4394cd4c00c8bb716949d94243a3a36aedc29ea418a3ee5faaecba144b3c8566a599fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ff49edd258d2e2af9212737ec015d3d6

    SHA1

    1aa82ca05deec1f2859817a7d09c426a4c9720de

    SHA256

    fb70d9e0ca3a495451d67e5b4899e74ade8f25774eb1c8cadfaba400d9d03904

    SHA512

    25beb0773093c8f58e3086b252bc38d77a7566e48251c61bc7eeecdcb99844f59e51cb45df27550af8c15d2feaa530e2c6f99cb768db59bc693b446cabb0f7b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    080ffaa189eb1926278310809c6e6f8b

    SHA1

    9f0c06e3d103eeb3f8b8013fd0ce4d9ae8be2722

    SHA256

    febe819c83825bbe7b40b1e8d7b8c14b35b3b4042d953805d15f580593f0e17a

    SHA512

    3899d554e205422717260bf22afdeba2dbb6d002795fa89df7859e6766015a624afdf1bc3b46dee6ef82e9e8d6a1a173773a2579207e545bd5051b9c6c77279d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f326421c70b8c061314a26cb5e5ab0eb

    SHA1

    c2f3bbc5a3b157d5fa2975e9c358356261f88296

    SHA256

    537eefb8b459bcd423095234618bf2a1f107f162d5e6aa68cc31ea85657b2e28

    SHA512

    3b24ada2f32d18e44225ae80e08ac3231157598922d74c84db7e625d1d69b7ec87bfef9554cb0d5f9c0814d7924b397cdcba3b89d671b6f082ece0a6d1a2ba97

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0360157666749e081fc5d8e3009f4df0

    SHA1

    8565eb5f97b3e34acd4a548a5dfc954f526c9a13

    SHA256

    8aa8f8dbcabacd68d4cae5d6b5de4fc0a23fc7493bf633669eacdd07c4d6e085

    SHA512

    3931bded3a57775805737d1da0e23a24c01371de55b9061ce498d81e2d385bb5da02aafedd37dfba718d872a7535b8d7a533f597645ba55e4f09020a3877f6ff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    89eaebf469e608748e4f628fad45035e

    SHA1

    d4c9134385a1d1f91890992a03b0e93424229f8a

    SHA256

    c2a73685e5f966d3a251fda12a39568ae160285eb9cef423abf1ac7137d8581c

    SHA512

    4e5ad9efd9d85bf04105b2fecdb17a9d98873f0add4b8620d6a47bc1a9d4705cc16f7a5148c00ba229dc2cd99ea864d9e7930e2f01a9261cc369aaff3752a7c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    674d71b89f6d1963c0e75f37c7c24e3f

    SHA1

    331cbeb4da4ec021094458c649b726d495f67038

    SHA256

    7c89360db504e2112347b106cfd8214a6413a84d3fe7275abd3b6a205947c273

    SHA512

    20f4abec326b5d0acf6fd1a0b11336036c9da185f50a3dafe0c9185f9373bd540ab11e2a885bfedbbf9614f85eb39c8c1a020a817cbff6f1bd3227307200428e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    850da745856d239d7ebe2a5d77ffcdc7

    SHA1

    20c44bee86cc0ff259af397026e41b583ae66682

    SHA256

    e312fa5981a43bf161e4c2db9faf23ed9f4baa05fd5c6d8a3d6d8e3991ba6112

    SHA512

    b9fd06b35a44eae9ab8d6ff1147afaa156eec714bcb0e3caf06f979abff8333eb74882af17871517036a4a84f2b0172f38e7eda6943324f207e652bdbd2a1288

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8dbdc4d391fad38b843c481f86b338e5

    SHA1

    b30a6d335ce25c4030a4b4edd234b962063db4d9

    SHA256

    da002de90c9fb206c135d4fccdb7b29bb1bab39e960d66bb91ee13ad547b5eb2

    SHA512

    27314e1d569eabb5831382fb814285f0bd88516ff865ff99b3584639edfa9f60130f6621da4db129e00eb38821d7bd5c4356aa93b99488173c17005a6c863ae8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    abef7ebc15627052f28e20331742c3a2

    SHA1

    08e2d51e429355264104e5c759a844d9a0dffbf8

    SHA256

    481a9eb7b9b341d699de4bb5ef00e3b80fe14306e707c88844af553685342cbf

    SHA512

    6d237d44d4e946c07c2b858e3d546a6d5fffe1b464d42a3a5c2e0ba9ddd482034ec9650ed1693702688403b9874405a1b2480aba5ffd2714884d0bd69a39bc0e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5c1181d66e837b1b51bab623c379d9cf

    SHA1

    c00f0e861009e6f73af00ca71d342b0a4ea26328

    SHA256

    7ebc149c5054326fbd007e4ecbae98b3ee9086cc2e2251daa5223267a0d2aa89

    SHA512

    33bc641992c072c53f8007a8a94bb1bc36354ceda6bc1f1a9b54c2486ee9d05141a3dda7bbdb4deeb584253888e5fa621a4773db0feb36c68d8df689818cd899

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ae9167daa7aef0c26bfad8a2cf495c74

    SHA1

    b51c9232c7d63beb19c37ef53a1cef31fcf48d3a

    SHA256

    79033b51d3bf862985d2f7e5e1e37e91ec7e10cfe0198db40962f8a58059378f

    SHA512

    e4128280e6aafc878147864d4a2c8d8da0d7aeedbabdc1c0927bed363eef099d88f554468359efbf1ee80f36b1c6d612891e492569da62a27c837b9d447ae5f3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab58F.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar64E.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit