Overview

overview

7

Static

static

3

8b89f64d13...79.exe

windows7-x64

3

8b89f64d13...79.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

3

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

7

$TEMP/remote.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$TEMP/sobar.exe

windows7-x64

3

$TEMP/sobar.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    134s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    03/02/2024, 05:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $DESKTOP/ԱմƷ.lnk

  • Size

    1KB

  • MD5

    3801cf5240ef322de5fb53224f763068

  • SHA1

    e4286f9b6e5986b6a237bc70fdc03e8a36287e11

  • SHA256

    23dde6d591dc39c8b7901a49ce2edbe1591ef2b68d69700a4c81fd741f2d714e

  • SHA512

    3d26058c20050e236cb78533485dc2dd02ed6be0ab7037e8eac5916b75abe189d38f57ed45899787cbe69318ec4d6763633d1a8a96600fd0b20b83aaa9f03ef4

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$DESKTOP\ԱմƷ.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:868
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.wagabb.com/taob.html?desk
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2900
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2792

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dac7a5e35aabc5facd14e0b4be6fc786

    SHA1

    a7b7558e1a7093376f1e68327e77ccf4cdeca1c3

    SHA256

    3899532dbb2bd992c1944d0d51f3b533595950849ee97000a2e006100b3f9c83

    SHA512

    111a34965b9ee9fb75012afe6a93c301fe4c99027cdac04813f56cf05ef255c041bcdf1253013b70576b59380663a4b13d66d41903d45e46d7496e71383061ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    81de48f723fdccf811e00841866073b0

    SHA1

    820c9a8d92f716af1e3eb2aa536c4977c060168f

    SHA256

    d955498ae9257c0603685a3961baae601765e87c4da334a80920daf5aa7f7051

    SHA512

    9bb6a7350855abeb43b478ac82814978c1f28ca7956aca74a093e718fe4d5eea66343bc5505def99894dba282ba3e8a0579400cfa8830c3ca527e18884a7d0bf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    89c7c12c6a2988e6b2ac49f15e5fff97

    SHA1

    72e7a3a833134320ecaa989aaae4b985eb8a4fab

    SHA256

    d2d876993b01aeef15de1648e2f08475cc36906215f434142c85aceeef14e0ff

    SHA512

    41da7b59b744e814b410640c961682969df4cced5609acef62622fba6df6297ad98ea799cd865ebf4260b45d97e21c32afdda521d9706f02447b2ed7f06e37d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    17eb73839c929742c590225eb636c480

    SHA1

    f196a70cd67e3f33cdcd00c30ac0f88f1e5ad327

    SHA256

    3e01988bc82ad91e0f4285197d00c5ec2f5684ca45e498bc70edd7861c236a0d

    SHA512

    be46365f52c23f6ccdf969596e6cfd96864ccdba60ec1fbd056f971fe7d24dce378e3547ec9ea27bc1848421d646995a37c33ddb73dd8463011914d414d9bd90

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4e4687e6d2bdef9a8cb6c963d3b7ac7e

    SHA1

    cd03a1d7e259d8195e04105e62fb8aad9f13024f

    SHA256

    d612549284c8eaca4c9a03845ee09974aa6919797b9bbc7f41e47c26a84d232e

    SHA512

    a4c44716e6659b2ca6b2af43f64a348f829cd368620a9ed37efcabc26130a16ad2ca3e95d2bd36c4f6e7e97e39738656617d48b699cf034761ae233a1e0be582

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    31d4ca7140cba48770e42642cacdcfbe

    SHA1

    c6e8ae92c2479ca08527ea669a090246b311b1d7

    SHA256

    e5d0f26e7c26a88f9cac1f77eba9181dcfcce8115df73ff200fa8695f81f8f42

    SHA512

    fc26937d8d8802c1624c5e9be79bce13bd4791ede0b86696b0da731f80d72d6759a6b0aa63141873a379aca695eebe38c114409986399d80b4825d00043c8f37

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8fa51a1364c165dba81608ebf5de153c

    SHA1

    616eec1e1b71c9dc09d43e426da345b3d304bd7b

    SHA256

    56b065fe2c59b98752147e45385a0bea0c5a6122e13ee4251463c21573002466

    SHA512

    299e9d8a209f04fc7a36be682a2cbd2daac964c2cc7557d80a0a2867f2d2aeb78d52d5e374d95a04f084e84e78b2e95bf0ca4d0174046862c1475545d8904f00

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f12c7fae84ac592ba90084796b3cfc03

    SHA1

    6b34ea9c649961fb80b487959727f712d9710020

    SHA256

    07f3f1381580a267ad6d76cb687b935b8e2c62ee607c4050da390c50ed478ba1

    SHA512

    0422795603e25394a40354917fc5d27e903a69cdbfa01a6516935fc54515a46deab7531bcad6fdfd91e587880cf6b75329212399e1775c564abc64076c4b8aba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d33b074465b2d8cf18504c15f7c0dc78

    SHA1

    ad371eef1ad1447240dac7868eaee7da361d8ab5

    SHA256

    c93d566772e2f82c478b1d5241bd15be2716676f339fa8b37653e3e25016d3b0

    SHA512

    84fdc0b78457575c7a7ca4d439bcb17036ea56453a94a2724190bbb07bdc8f9f82c76568f650b253e7359de1e433c3fdea7a8c76f7c0b77c1a50256a946de0d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e0f349fce80b2299ccd1976481073b61

    SHA1

    0c3e90eda9f486e0f4a567b6316faf77ea50959f

    SHA256

    a6b6fc0cb59370443afef2b6384186ecd744c00a0826f3482a4c41a1060ff019

    SHA512

    ef9798dae0c526fdc707a87eb882425508ea9cd2782963e8479e2530acad1f931a0e2415d24d08ee89b6236b4d2c985f75643afb7835bf8f6a26f50778cc0d5a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3cb2385b94eb3b38cc149892e4b57574

    SHA1

    2c80ba8fdd9e7f5b06cd628dff47bdd4ea7fbd31

    SHA256

    ced8dd286751e8c816698ae3220ada3f2f790e69a4383fe9acf60257f6061b8d

    SHA512

    37c868926e983350f1c3f9f2f1b8cbb46b8c3f530690cccbdca9fdd669538d2b33a4c0401d0af71255c2b909ec16ec72dd54e6ec7f1f0cfc4859e102d368c4de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cbf014b4f31d1447e60bd4ef1cb8b360

    SHA1

    9d7ce93cec14214cdd74271a77f004aae29e827d

    SHA256

    9baa076b09ed3d3f745dfba80ec4eeb528275c1422256f6315a3446499531494

    SHA512

    fbef17370890174fdef4fc676aaf1bba06ec51647cb05b834338e696e946dc8f4948fa791fce9c30c576858c203d47b4ead289e11291136d5ee7701a58f54c49

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    24dc42224b827e4bc79101b2393a0b2d

    SHA1

    b20a304d4347af79981a8ac671d62ca47affd85f

    SHA256

    669cfea528996659ca06deefafbd3ce27e6ed4d913407eacd898f58aed2ba76c

    SHA512

    46a3eb13e20990bfe7c40fe6fa31f5fd5ac638424db82c74b50ea31c9d920be71c52a826c9f2c63e1dc5846590ca3a1c9fc7eb650074f57326485684db36e9bf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f1edf00115b19ed3639ec255ca38303b

    SHA1

    0b4c52e851026b72b3a9fa1069b379cdb5c07d1b

    SHA256

    4cfbc0d322ce474f52d78ff5d41358e5f84e4077737d3ba43946757f66c37cf4

    SHA512

    9b295f751c835ddefc31e7159d482cbeeab694b98fa215a87811e3b13e690bdc21bff85e6c4c8397851c463b49d66d908487458f3905c37e37a2703df547ba21

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d58e84717b7cb68aa14871b5495e873a

    SHA1

    afd057b39d93083c3607231bd8581d91d660d757

    SHA256

    fa25be721b8374ad0da849f61152d79eaa7c7c2f4e55dc4845b5c6ba5c8da8d6

    SHA512

    7ae0889dbe03fee40c1e37a2ab9e6c1fe3d6149af5d077f717cca69090d1b4bc565f82fd585952f2cd7194f033351234e58416d310576e25492d8829fd867fab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    be909ce0222faf83ff2a28d877f087e4

    SHA1

    2ec3baf88013d6298ff6074f0055669f0f030142

    SHA256

    93db1e11a8658e4e2ab9060d95bb6fb0dd7ad7ad0695ffa9822b152ef29c1bbe

    SHA512

    d93dd3202c682749685aef486b83d9b85f0d9f96d57b4eeafdad3a603edec403f76d759fc773d2eb178323c82632f4ade511d48ba4c2fe65535c69b19cbb907d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    39508cd85f1fc6391e609c1449dcf5b2

    SHA1

    d42e9b935643e733a8ef873fd35e6538b2c4473a

    SHA256

    7c480c6582e31cc3f06200a2871afd3b61b6f5fd4120293dde9cb030a9adc6b0

    SHA512

    c09e3047e4800f1a10cd4a516a116302589c45b9ad1ddb28ee96cff10a2ad2e8df5bc8e28cc166638a12e720c4407b3a899b978cf3a74aa462c1b66fb0df7059

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3fb056352cc312128de16d80078ee48d

    SHA1

    2f3c8ad4dd52e343d88bbf74f44f28fa587a0faf

    SHA256

    0c534cc80feaf24bfc181760bfeb32609cd6cd6c9a2b4328efdc720ce15c9add

    SHA512

    318e3f18f5b59df37e79cee4d91de14016d4417938a0d8d53c349877b62ed6bebc01a48d3b051c90b620394f25e638de292fb00d1b690f30e1c1eef4caaf235d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    934bb6821cbc32ea571d89a45d46723a

    SHA1

    8bda3c1f9900a40b0fc162c4cacf72f62df441b8

    SHA256

    1ad261bdebae369a720766b9e88535e0e01cb43744acf4d48fea1d9711b68555

    SHA512

    4cb675109d26847f6131e0fe45fba3f3c245a87e428362fbadc3ab84e70111ae7771da96af16e9ee5bc8c1bd37b4ec4b9f8a302bba66131e481332214cbdd486

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2A00.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2A90.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit