Overview

overview

7

Static

static

3

8b89f64d13...79.exe

windows7-x64

3

8b89f64d13...79.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

3

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

7

$TEMP/remote.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$TEMP/sobar.exe

windows7-x64

3

$TEMP/sobar.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    03/02/2024, 05:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $FAVORITES/Ա.lnk

  • Size

    1KB

  • MD5

    62d588bdb74e4e2e5d1689fa9272ce39

  • SHA1

    9d0db515d8f65e57353381d707060f7343a74da7

  • SHA256

    248402dd02a096f9721d61fe867fac5cacf4dc9001fa2aa6a50a59f7405606ef

  • SHA512

    cbb47f7e4227177ad39a1c914e00e0ca13209fe0839d13819299ad203572b69026c541d71c5101e4cdddbcf7786c6adf339af3e4b0aab65cb188614f646a893e

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$FAVORITES\Ա.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1384
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.mai520.com/?taobao
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1872
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1872 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    14febf8b931558b9a8eeb1e3061fe575

    SHA1

    9f3838a5c2a6ba17620bf40dcb3d1fd3b43e1e40

    SHA256

    cb6cec95d0dfad9d6045d3efbbe71078f5ffcbaa28a1cac88c178f34b45fa30e

    SHA512

    555b41865d6de42ef993c6b112dcf696aa9b1ef32aaa17ae8c67f53a8ecd04be23a95aa8793ad5de87abcd8475c1e315c51d4d27b45cbde313d6a639964d7ddd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e95797623a9e9e6eb3b3be085a607de8

    SHA1

    14a1f5116a8fca562956b3d61382e0e62e07e5f1

    SHA256

    297af953412847e2f90e743e845017416f30c5d245afed26730399419c86abd9

    SHA512

    6e7d52a32c9873989144982215844ae8e6774d4f583bc71d6ea829d14748ad977f342842826f89f686222d26a70c5ac1de9057bbef0e15663cc53ddc865fa7e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    036c9d5260fd7174116d88cbb93fc2ad

    SHA1

    12b7c08d7388658f3c69b92bd0d44ea970a46f8e

    SHA256

    3efa074715bbe3810abd43b955080f34213e65169bd66bfedfcfe6ab97c7b94f

    SHA512

    b781e67ecb835199b3b80c9b38fc246e7cb0b20e2e5f408a41876a78c1d43e854b8cdabbd2818eec4cac04d6f7e2e169721f4491d59de56273e1a6238bd442de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a693395c55438d8bd269a18eba1214ef

    SHA1

    2073b139e10f43285c6602e45d34657fa4945f21

    SHA256

    c2204f0f4d41e5809ae5b5f6b2a40f7c9b7bc4e024d4bceac61647a3c985e724

    SHA512

    1c99316b0d80700392a036c2491068132e1bb414f144c94ac475a3a1c02803ee79082d7040f8f2ff15417d1ed21e1d4298826373e3eac7f7999b9956242890f1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    53f444f46b0b3a64920907f3a3edde1e

    SHA1

    0b76c5536248431807aa9a419314701f5513063e

    SHA256

    45431aa4df26053783945c16eb47a575347dfcef802cd37e9f5d56ff6eee854e

    SHA512

    dfcbecdbbef16334a737e2e550f54ce486d9d5df43678eeb061237203530bf65f61c1b12be0cf3e32f7993865de72531c5c860e33826aa384736bd84ceda34b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    09027dca0c0c188bbaa6d05861209e37

    SHA1

    ee5fd1b26ad046c7eb5e877f214386b1dc7fe8ad

    SHA256

    4d772b264bdf96ccbddff8279d482fbaf340ef8604da3ffe6bbb82ad68548322

    SHA512

    58d4d3ee10fe850faa5e87c9fd8f611184cdb34228ae75f37ea261301f2e6388934e9e85bd2065e5805374485172d38ba4a9310d19901d42f88c2414182c3524

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aaf85191e7b5f9338453bac406ca97c8

    SHA1

    9035b93054142dbb1ee38c205c214f83b92ae9d0

    SHA256

    bbea172d9aecd353449ecffc66aaaafc66e97e9dfcc23996d2cd86f39f88e5dd

    SHA512

    3e0709213adc34911c70c8b0f3907429b2344fc313716b549b0bb6b077989e6b233c28f23a342277d90645ccff907b48285da1cd55d4434ea9b13b243f5abe78

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ddfed6afedad54a6fd49974674db8093

    SHA1

    142c1eaf200e450eb81b78ef1e15261b2d2a8189

    SHA256

    d6886f5b31ce149a4860511980375f7d3a467a90bdb8125d6a1122c503565b95

    SHA512

    31fec7b432dde385690d7fa1854425fdb1d6bc38f2c3e0890be2943d140d4152c033a44943bef43393699da7a3a3942da2c8aa898076baedea6a65cc856e8a0c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9f1f538f36fdbbfb0a98bac336986988

    SHA1

    2685b7a5f2833c2588d421a7c2183eb713d26785

    SHA256

    f206bbfd77615376b781b7a28ada2c53be18d4123a6a60c8a3d7609d238b2d9c

    SHA512

    f0f54ce211fda6c8b7b2c5da8229116b024a16008042e2321f88cd50ea09b58935dacb5c450aa10be726484a50e6aa98128da0fd07bcab5a74de2950fcb7a504

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cfdcbf9bc0edc9822561b98547b6de87

    SHA1

    5cd0a5c057a1b0963355f4b7debe13db4f7b53be

    SHA256

    5a8a73099554b27699eb8cfb2cca4f54959bc37e6c69fd0a8efddef56e40f1f1

    SHA512

    16b95345cd318e860a40b1e9d9b49b227af82e6caff5ba043cc5a4d3a9c846722a172825aa38f0ccebb54e44447edd2b6a8f50e32c1e1cdf12db9a3bde0bd889

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a4fcce035900f4ce92c57a4ee886c68c

    SHA1

    719f1c60552d58c11ad1a5bfeaca6bc2673a48e9

    SHA256

    98bbf922a13b5226327b87bc0ba8c5735540ec65b4e29c78b7e616fd9a8d4348

    SHA512

    9f0b9503744e162b1c90bf85bc1f791ea9e28e4efb586d6d753ed1bca1d366c5e2d2dfc37e2fbf9a8b1b50e567bcb2cc484c09e2a22724e53e8b7442362e5111

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    16895e43f4bac128d52a05f03af71cc6

    SHA1

    e571c53167b0ff3d51ee9c207c4c10929508ff41

    SHA256

    82268edc6d7f7605351d7a78528204f54c9d9e87b99ed2c9c8dda569af9a90ec

    SHA512

    8fdb37b0e8020d9c73c6da20c1f5aab3e0f45ac81c3e9fad7943b631431716d68538bee4fee33ec97013849af205c134289aed66c40762ef0f00a6281b279aa9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    93fe1ae23e160fce0f50aed36784d133

    SHA1

    2c37d3bf7646ecc9d593c23b7a902216e1acacd2

    SHA256

    4253c428f111887af1a35a962670c2c9e8e964cbde80d51b8a0521b57019ccb3

    SHA512

    396165073db3b07401593dc5d53be636555d6868cebd2a807e650d9d5cea153a51bdd75b8f99463c173606d1a08cded31e26d34cc76b5de4df98e5d2060786d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b651bc334cfbb223e3be502830be154b

    SHA1

    0653f35cf5db6e51a41dd9627838e600228dc20e

    SHA256

    598757d5d4263d52f52c8757c4c8955561fc49427c8d46ad6218eece01fbd1aa

    SHA512

    1741dd2ac921e68fb4a9cd789ec812fd96f52dc1587fca22a47bf0e7b8a254d71ab00ceb260d5276855c3f1a1e34be71eb49957c57e2fbcf83f24fe1027d5f6b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    77c69d95d545b3091d761cbd0b1388d8

    SHA1

    959d8d9aa22f8a82554e1d633b4274b964fa6fd8

    SHA256

    7b51c25a9aafcc002b69783afb515bbe8e47f23cff92423e252d052a4ec672d3

    SHA512

    597fa2ee8f7a55a3930b8f89ae76f9cbe34dcf27ca235ea5c93c855b97c20b2b854e3b4a8a0ecd898160a61591851191d4c66b0e03b5f866fb84b2f01bf78795

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ad9be9a12079449f14d45297ed9e3035

    SHA1

    8299f8b4871c88b92b31f9f3777b702afc567727

    SHA256

    bf18f17ccfde98f700084297b37f2059a72f8f160434cc1783852b89b6280b70

    SHA512

    0782ab25440c368bdc188db2377cba7b6e06c147f17ac2e747237ada039e451added819d13fbec8ef5a6177335b09e016b605a4b9e98f5d5b0730320507b43cc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    29f70a0be4767a87d40263cdf48305f5

    SHA1

    b132cb857f2c4444b4b76c81796712c428ede65a

    SHA256

    d9a82eaa60f5f4e794aa7558aae8dd86c032e03f52f76df0cab1c31ecbee139c

    SHA512

    c0699e41e1539d0fd7aef016df06fb09a0f097af80d401101a5302a87ed044980d39a6e1f857df99767ae4ede537d411b2b7c581a88be29323e3f8650b644236

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7972a628990fb6822cceab770a655ed7

    SHA1

    75d889003e73ec104cbc5bc963e5ec69e7f50d30

    SHA256

    a76641cf1519d846f0d31458dc48ecd990f220e48c4159282adc9f3215af979b

    SHA512

    263ca86ce48e04823e8e15765da9ca257d91a48a81e85434c416e487d6bd5bff4a5869e8ba240436c9628c51435521aecf80dcdb328ee326eab83c1b7f592ab5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5B6C.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5BFB.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit