Overview

overview

7

Static

static

3

8b89f64d13...79.exe

windows7-x64

3

8b89f64d13...79.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

3

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

7

$TEMP/remote.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$TEMP/sobar.exe

windows7-x64

3

$TEMP/sobar.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    136s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    03-02-2024 05:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $DESKTOP/Internat Exp1orer.lnk

  • Size

    1KB

  • MD5

    9ffaab5f197ee38cf1fe65e19d4bb217

  • SHA1

    39ee57d785cb31b75fe79879ab5dfed14eb1a28e

  • SHA256

    6a1bfc7b4d0b3c749f9a5737f7f0253c634bdd62fe812948807c6beae039ecca

  • SHA512

    eaa04c6437eac713912a81b2e11f97cfdc38d5d5bb459d7f4ae94d140b2bd4d74685cda43697f00b6803b1b58da3bef78ca3d9d6a4b9f5e4278ff2451aee512b

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\$DESKTOP\Internat Exp1orer.lnk"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3068
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.113w.com/?waga
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3044
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3044 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1644

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e6ee22a7bd86e04eff9ccd1584ff0408

    SHA1

    83db46658d2acda253cd65d28046d6bfa6ee4905

    SHA256

    a78b25a49aefd6e90c8677f120b45529efc3daab845e34e29c22636ae82e6eb0

    SHA512

    d7f1bdb0bde35c66b4e318c16403bcadf0216cad057dd2a1f9ebc171416f8b02199aeddfa75b28384f20ced636dda26db327f31a1633d0afb716aa8104bb8fac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ed57e29b7b7a37b4ff7794924c3b8eb7

    SHA1

    2cdbd48a4af9c008a5c482e8af01ed387c59bea6

    SHA256

    dbb9d88416ee0e205451f33a5833556516773137779645ad76470eddb6144fb2

    SHA512

    eb8d68b95ab3eebc3427ba59c1827a19e4b7a4bb0c81f464690ee814348b4b78d4b6857a9ee941242f2c030164d54b999cc555fffccfaf1264c5e84bdb00ab88

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6f34e3d926bc7b6bbdc6bc344215b740

    SHA1

    4f1a376237cbcb27f87ccfbbe80e2a305bf470e9

    SHA256

    f157a6ea7e206e5427dcb6c305abe7f3dc2c1e803b73b8f38f188421a4ead256

    SHA512

    7d3f45892dfa3349f9b64a07aa071f5516b5e17237a3b2b04deeb41937c86b452cb6c64ed0918d80a5a43c6f42257b135ecd3273a747075e39ae1a719b3da1b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e88141da64474fe141101032364123d3

    SHA1

    fe65163b590c4149a9f266316ca367310a704b89

    SHA256

    131f89724ff2bdd6b9249e6ff88024f48a4cca03a9890735d755f1a7b89709e2

    SHA512

    dbd83c56b0d36399ae20737af50bf7e49c0c49efff4ee2069f7f9b39db13f1e29ac764b4464f6b5c72a3d073832964169091fff0cfeb93bfbf5e6a25fe6f77b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2ae6479a438be49f889d09b2296447e4

    SHA1

    24712b9a4b81b19c22a66e0b13f00bd3cc25346b

    SHA256

    8d1939dc4a5edf517db31a6c9d499754bdc44744cb3bfbdc651320ea6d70119a

    SHA512

    c71232d363e62a59dfce37b3ecc605443ca5d0636d7e8541b90a1a60bcc6cb19af2d0f7ca1cb318990291648cda8cc7253aab5400baaa403e18ca359ba7c6017

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eb3f9a25a17549e2f86363fbb08531e3

    SHA1

    280df3bf82a7a89561b7e8d1aad93f0eef5ee9c8

    SHA256

    ba586c51742ec67e06ceb6d9919b305d0b2b49358cfa0b708eae4f9490e2844f

    SHA512

    7df2817a5c83c4825cbb7f597d3506ec0ed0cef3c947571afa2cf56243a392c0a290feda542052fa0f146f0375f622d71384f26b7def4842c780612154771853

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    02bcf6f464d96ecdce86e542bcc29f21

    SHA1

    f488c48f9d04fd5deeac87d2c7cc68fd2718e3a3

    SHA256

    dc4a302d7d9fe29d37ce813fd51a167ee3cdd5955b406d2135f52d1a198dfe02

    SHA512

    32c3ed517eb008f6fc0bc3aadc2efb51992d1dac3e951e0fef431c09a21cde27d920cecbf94a2d5a77c80c9842f67b45842298e795cbca34f3c665ea17135bdd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4b683560929755d28f33ac11fd7c748d

    SHA1

    9e3b4a4764ec030344fe48c9f99ae2dd6e16de8b

    SHA256

    7d6ef57c9185362eed0684fb5bb951acf64e05af9a7a2cbc547057a92e59f035

    SHA512

    9468ae9d092f7f7ffd9c995586d6cacce95b5dfe6b26bb5321976531df64da4077095f20a9531e39af5c3016381888e06fe9ae0b722a24aaac3a150d7293c990

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2f465392b01b493c9d93f1b92840cd1f

    SHA1

    c864d5e561bbd4eacca9b9e56f19814db8a0239e

    SHA256

    093fedc612b24f1c4ebedd4610536097764aba3a50bb9352fa6bd2b301a9407c

    SHA512

    d363e24c1215ad5cd262ea6287f6e99d34db960f978f4e75a9249f8cc7b57ec595c4826987e01e34ad4c7f37230c51c03f4a02d0e5336e27823868a8db5b4134

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b6317cade8f84b092c5a1daa23197182

    SHA1

    c9d1996f2fefb50869912d4c9987a62ba5c935b4

    SHA256

    2bc3a701a42cebd7fc772bf41d1e2d83df5a8d97ba60f0607169f5895206b903

    SHA512

    9f898407436010101c876724dfa89ccd4d36800d7092760186a47c43f0aeea4c0687c1db39f5b77fb160685902935b4909dc3d1d4676114de81db2d0bb0817a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bfbe64fff29f75f2237cb4654b28ad2d

    SHA1

    d1c922eca7ec9cc8585dce674072b3c0571e733b

    SHA256

    8f93cebf46cf16987ca94beb12000ac23f5d0f3687f4caaeaec412a07f714f65

    SHA512

    9fa58e989a857905166f4042219aeeee5976d744f2b1ceda32cc137c9eb175d77dadd741bbe6b753a784e821c4cfb79b74756d887f2122fced1bf1b415ece019

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    45ed163d50a5db5e91977b4fcad5fc47

    SHA1

    e0a45d5d41c1c8d1bc94c7ea9618ae24e207fc51

    SHA256

    91afa027e171a77568cde3faf67e8759d602be5491dc99e92bb89250c1bb7729

    SHA512

    555a7b361c64daef2914403c3b724ba0b6a7337d8b0e571597655080604a6a152f578fa199f0f86724fe483cd213c8a49fa6b9999be8964e972a28ef269ac619

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f0b89473fcf17ec72da2387e742eb092

    SHA1

    26ea9b4f8f638d5405b1a0394a0825867bfad1f6

    SHA256

    e2a4bfa4a97b7be1f6e0ac80d4bc199a7c036850562d3a7b4d5934f348fc542e

    SHA512

    7800660adf6dda7c0ea3924caeb4473c76ffc57d579d8f9204be3e04d34e8a092f44af8735efcfbf0e76e75a45d67dc664ada337fd17f884b9b2a9257a967986

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e81011c9aec24ee4cf890a7b6c5a1f45

    SHA1

    8636a08743dcb7289bcbdb0f04c703338f4432fb

    SHA256

    b3851363c7d3ae2ccec502676bd77dfd97e06f829929b06305bc89d4b5a259b1

    SHA512

    26c5618c52d36df2aacc6b1f29bd39e11908502c110d36b45ecd9c1bb8017cec0bd417d965696b2f1ddd86f85573febce5c3db94c9dbd4eb105384fbcf09e903

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    22e02c91a6529c136ce0cfb8ac6b22db

    SHA1

    4071a22b6091f679976f8374fdfd72d66ed0abe1

    SHA256

    1ed64f593d3887eb208cc794a9868fd3f0eb66a49c7c09d59f180f091a88da6a

    SHA512

    1e6468cf63cff4fbf7e93e90c7da102cc51e2a79183deaaa70e9f875bd7df38baf240d39a63c744c99ea1a512c24207f9a6c885a3402b91a8a0ffbe2ab0978f1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3e19226f04844868048f854e02219ea2

    SHA1

    2dfeeae1c8f21071411eac787f9a8567faf96a63

    SHA256

    471c633f30766dd5ab0b632d0305e40975dc80061c019bf1df4c210d2c905dc7

    SHA512

    880c819f485bf8dcd0735403d12507db4db3cd5ddcd2fdb7a917b33818dba40178f0054e9724fb8a7a16617e5c147654ef6c574afe428a632b4dcae935c8fdc3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e9d2954fa7fc97acff7c294ec12add49

    SHA1

    2a9a8a2490ba6f3faaa277adbb5523984d250cfc

    SHA256

    f05954a48b717b1c99522839b961733466d3549ca8ec81a49ae12f5a6ef40837

    SHA512

    b488f35c7d5ee21ff46a74df3c11e9eb9adf1065f5442bf03117325d8d1bd4d30859c39a8c728949087b1e0d379cdde00399348e8f2ba44459714f016b6b9c8f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3023b2edaf62c3fa6fd5b3f2678ef3fd

    SHA1

    61b1f1080ca5ee7b1c4d78227714356c8e97d29b

    SHA256

    e9c06630e63cc0c81cbe2dd88d399084efc0217aa3439daf6f023862520480f5

    SHA512

    100fef3b600994fb6913fb4d115222f72d06a0ea14d29e2ff185c799896c8b0d5468f20cb0e1cf5e031944d7d7c7f21a9610e1cbeb1bc81aef007860bb9458ba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ca98c58fdf8fcf2026670104d003dd5a

    SHA1

    df090e602f04ffbca0fbb93c8264be5124e99dc6

    SHA256

    187a7153431e8ab3db2a00092c95db5487ebbb7f8fa3f706e88de536580daaa5

    SHA512

    d376b634febd05df9bd396dfe505a50449750532efd213aff4f9392eb1eba0d1f620fc43567320af3b05995863d7535c0ad8c3b8408318dcb67fee440466b6cc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e14bb2777788493ffb01d61bbf39169d

    SHA1

    184da01bebbc09ac5fda1b0e2fa144039b27256c

    SHA256

    00818cf0c6b7033c7a1a86e175fc054e9ddfc76b9bc0f4b36e88744c16324e14

    SHA512

    9ca07a6a028a9ae9c088011916497626b37c23b9b3452092af40e7613dbf6ed7ca7cb1d20df2d4009cc6c6c6fdf45cb8160a1b9b0a1a032c147be22f85e72316

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6D18.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6DB7.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit