Overview

overview

8

Static

static

3

VirusShare...77.dll

windows7-x64

8

VirusShare...77.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/02/2024, 14:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VirusShare_fceb3930c2356d17b1e28b8baa64dc77.dll

  • Size

    223KB

  • MD5

    fceb3930c2356d17b1e28b8baa64dc77

  • SHA1

    88b26e0450e35a7cf1af7ec7b09127643b1322d5

  • SHA256

    b83c9092b6fc0f7c29a715341492187cd85383d34172d80c241042c80c7e1207

  • SHA512

    d80cb8c3cd27a9e174b7aa81e89486898fb259d164a3542461a0afaa27cae82ead824cb99487ad86a40b1f94e8a0d49071ce1659585fe455a3d9b3b20aedc051

  • SSDEEP

    3072:R8AfgU/efWgvPTEJY3iy2X6iQYDNXq5vOommiuO/ykNgglpOQhMdr57Dufmf0nmh:R8JxvIK392sYdyYykug45u+snLMjB

Score
8/10
evasion

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_fceb3930c2356d17b1e28b8baa64dc77.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3032
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_fceb3930c2356d17b1e28b8baa64dc77.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3056
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2260
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2300
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:572
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2068
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2792
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2860
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2576

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a1dc22c420c32283243337be5eee60f5

      SHA1

      b1b8ef7d436e69531ce6081e881508b5ad406fdc

      SHA256

      977e3fe61af5eee24c023a9ce3b1b60287c9634bc4406c2e85069795611a952f

      SHA512

      e7157be55bcff68e1f23592b214c541f05450d60a9823adc0d3f6ee2360e110298229b3e9be77113dd3d0eeb245866c01dbff79a7a4bb159a0f19c4e957a2ee7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1b5d96b3a9cbae2d32ae7f1510676c0f

      SHA1

      e137dc38d806ee9d59f3f790919b86cfb61cff9d

      SHA256

      2b75424854d218cdbe149d5310ea7fe0629268e52e2e97e647acddf20ca7620a

      SHA512

      09a13a3064a3162111e91e1f1351de4c84a1b412adca14e35479b5e287c223057eb07d9072142e0dba6900c3f1d73637f6407ff92c4e72706d6998f150b9470c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1d3e7104c093dfaccfe9d6137425ffdd

      SHA1

      7b1e45cd0dee7eb9bb5c580b6ea3299d385d552b

      SHA256

      eb3d374d13159487bda3cc9ae7e69727a65a036fc7a09fbbba2a060f4e087f49

      SHA512

      e5bb63ad9b175a7f02dec87b7c5e70380351eb151d67ae178568417436848f52fbf8a891305b542520d87526d9be43424d310f883982591c937701758767e88b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a1ba746203afae589fe0aad35f711511

      SHA1

      37219eadb73ccb181985a0ca3ebf10397aefdf9a

      SHA256

      f481bc309e8ef62952c34e3d39295026a2298f966728b929a1833ceaf8646597

      SHA512

      062751125e4ea8bd16f9cd4863613fc434995e84050fdec73265aa4c2ae330caa0d6833e4a42097a09114ffc62026182bba6a57d344b4b4ac2b8df4a77f612fc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4f419a0847f3531804cdb8653c154d62

      SHA1

      3ab7123598cbe5e49b4e83e71af8d75be424edfe

      SHA256

      28af7d38438fe7ffadb4e9023c2f7acf23356b9785659af984e973b6dd993097

      SHA512

      d8b88ea98b33f60bff9384bacae8756a5a2ed1f70efb3347aac2b39d66ac6f4394d81edbe35aa9dd98846b09cafe8e84dcebbf5bc50e9d1acb5fe51e15a998eb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      85510aade8cfbc455f244cc0dc6d6093

      SHA1

      34bb5217ed150d506a277dea3df9d868306183a4

      SHA256

      f82aa32138e6f99c7ef5372661869c624391ea92ec5515272a49bc299f20c4a1

      SHA512

      a49b45dc7c5cc35b76418403961e83700bb11c720d0f2a3b428dcedee129dd5c69520c8dfbe1d37b5ec39a79f73f3220d9aa0aab5978115e8ad163ed7b183cb5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      948bbd5f11afbefb8f3ecddd89f7eba8

      SHA1

      115c007afe1eba5a2a5cd0234a06d8d56e92d58d

      SHA256

      a2cff1cdcd9829737df4cb2251f2e28d00a5db6f144db03aeeb5487aadf803c4

      SHA512

      eb9a51189a6e966940fe255187feb81e372c5aac6cb0c6df167799560e950829ca8feff24606023c9757a4131f4429a10a7b3ad50e23029d891b2a4cbc9ba1af

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0bb4c79bd78057930221df1c26c34790

      SHA1

      261cb0b8b7f54199237d68da57e2d66a4103ef64

      SHA256

      4033bf48e671414634d18196309ea3166196343bb4ff2df91cbae18683fe686e

      SHA512

      6b9bb0587c19d157cfc7f94e79aec3e6c295243a8d0d71de0b2cd7930dd1cc72919abb06ca78a6cb96432fa4c4056899b51e08a66f806c8de57b0cf77232b99c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f4143e5224d5aea7797b472b1ae732a3

      SHA1

      82e497727b90b04da2412911dc252a8e78b7ac49

      SHA256

      ca05b5871d9713f7663801bd3cefbc93ab8e98f616914f6e284fcefd509adddc

      SHA512

      00df55b4fa63fb5eb8d4a960123761e49f6ea938f6715aab73023653865d0d7e0bbd3e7101ceaf0fbc04d5d87553916fed69fe8a8f726096314b9225b03c4424

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ced827e59482929f069a8c274ef6acf7

      SHA1

      baf68c45ad23e3df576be15352ba09e1caca6ddc

      SHA256

      6159c1da49641aab2f4d6c53d2f4bc8bf630a68f78e0b3a3b7aa7dae094d8bad

      SHA512

      890a00e2a422aacd8cbc8002345fccef46220f1bee5adc8e7f842c6dc8293ebd6d69c4a7cd63ec11712f6413332082003b2397ea1e9c827f02acc62f48079217

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      176e3a89177c4dedd695e1585b745457

      SHA1

      9ad0906b5d0160108cb1d18618fcc3bbba249a6c

      SHA256

      7651d2c4d8b6504c0ca792fd4da3d55e96fe8d71503aa22440aeddb29f375ba2

      SHA512

      fb2b4dbceeddc9f8fa5bc1cd399fe0703a1aa3078b6464ba424b655e468900a696c3c66476969163df3e0e5b912236207e0741d1bc9eddd80de30390863b352e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b2dd6a7d7a58ca63af8923d83b550a89

      SHA1

      e4e53c0067b03d210a7b3098206955fe49ed91dd

      SHA256

      8a1712e7645bb67acb8a5fcbde325bb6a47d3f7b4c94c23583d95d6a51912558

      SHA512

      c17db0c926f39338ee35903bf1dc9cda65d1898896c0b6ac35774899986da02879428e40206d520832f98074c807f49933418ba94bf4f7a167b807c578bb92c2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b11b14bdd48c3d0813e2b5c695d7d76e

      SHA1

      4360e0aeac90774b6ddeee1ecc92f429b59ca84e

      SHA256

      93103a7dc1698eadae1fc06fe22146bf3e58e63653247b9cd28187c1d11ec38a

      SHA512

      d342a4058bb88c38ddc4190afdd8d79c4edce240f7bc846ef8ba940ea42bcd412c6c16435182447b3c9cbd7287065417dd009a2146bd6cffb0885062421d385d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      46ddf700e76b329e4f65f63b28c7a788

      SHA1

      e807ddaa3882cc8856198f2d5433d2bc9f95eea9

      SHA256

      93435a7612cb9766dc18fd25f0294e65e43e43bcdd24691ca1306f451585b17f

      SHA512

      6245bf7fb56be2b31fcaa05f6c7deb4ae1e3d669ed8c80249a5a81643a0594f69278f4873594dec504dc481cc214a1a11ccc8c92ed8a7f73f9d64861c109c2e1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6e6c7f97f164dfd3614434488dd69eea

      SHA1

      7c88479abea2c0b60908648cc13beae4604f9a21

      SHA256

      aff4d1b93cec6aaececaebe28c2b898ea6b826b589b226914995cc73913a697a

      SHA512

      bce021d6e42a781913756f9999439fa4f1256a1ce31a0fb13cf0c742be6d5838c6478fa89e20f0708a1566d9e027abd9ca44e5c3035e9e6a13c3acf6b822a6c6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      17daff7a4e097b8b0d4877e4c6731b2b

      SHA1

      2d2d44f11dfc9877818efc33f1853c8e793ffb5e

      SHA256

      1b889c43d1710a207070501adfdbad0d1edbc5a27742a791b0280f3a34104c63

      SHA512

      f70d039d58a48d17f69a2d72d32c8d314873135aa36407f2840384c86ef2b084619b5d97e7dc66d0149d7006e85d02adb4b7ca33dd4661c858ec145be54bfb88

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b9ecf2eb5959569e55c32b4ab1b2fdbf

      SHA1

      9bf1e4db59cd16be6159d1e207d0b1fa1b81c724

      SHA256

      020c913d695f722f1ec919c30421bfad35afe5c9df3e7ebd742f618d4a8bd975

      SHA512

      a4e5aa6d602cfe5c9fa0037651f58d939868851ed57840acc84a836361de46fe10d3c5627159e58928888dc5fc1ac308e8efd98437ebdca7cf945e157a8d278c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      de8919414f04c4908680df47fcf58d0b

      SHA1

      86a50a759731b3426ae6a5b8aafe617a04ae9aaf

      SHA256

      cf545618a8dbb032cde26a5622012f449b1e790d3ebde2412efaa58c0b092b3b

      SHA512

      2064406332d49c28fc1c3aaf42b5af6b3b83cec08395f1cd61738c8ed1061776c62840bfe930d78f60d9895103d376f5ebb2ed771aec5e78493726d0598565a7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8332d87fe2e556bb66d6b59694855a44

      SHA1

      acea4d2ff7af0a861a5bed16974326b6b765e913

      SHA256

      9c67feb0b6d6b3a764d6c02bfb54ea48bb58dec03d2dc94389cf88db44ff4d56

      SHA512

      b0dfd7634ef1044dcea8c5163842558202dc0121fc775cccfb4edb815bcf25e591dbefa9c1e0364761c09f9dcdd014b15990b51f6052be9cdd8b6027b28397f6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabBA3E.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarBAEC.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • memory/572-26-0x0000000001E40000-0x0000000001E7D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/572-27-0x0000000002B60000-0x0000000002B91000-memory.dmp

      Filesize

      196KB

      Download

    • memory/572-25-0x0000000001E00000-0x0000000001E31000-memory.dmp

      Filesize

      196KB

      Download

    • memory/572-459-0x0000000002B60000-0x0000000002B91000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2068-457-0x00000000037B0000-0x00000000037B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2068-12-0x00000000037C0000-0x00000000037D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2068-11-0x00000000037B0000-0x00000000037B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2300-15-0x0000000000430000-0x0000000000461000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2300-21-0x0000000001E50000-0x0000000001E81000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2300-19-0x0000000001E50000-0x0000000001E81000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2300-18-0x0000000001E50000-0x0000000001E81000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2300-17-0x0000000001E50000-0x0000000001E81000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2300-20-0x0000000001D20000-0x0000000001D22000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2300-458-0x0000000001E50000-0x0000000001E81000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2300-16-0x0000000001C90000-0x0000000001CCD000-memory.dmp

      Filesize

      244KB

      Download

    • memory/2300-22-0x0000000001E50000-0x0000000001E81000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2300-13-0x00000000003E0000-0x00000000003E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3056-0-0x0000000000230000-0x0000000000261000-memory.dmp

      Filesize

      196KB

      Download

    • memory/3056-28-0x0000000000380000-0x00000000003B1000-memory.dmp

      Filesize

      196KB

      Download

    • memory/3056-9-0x0000000000380000-0x00000000003B1000-memory.dmp

      Filesize

      196KB

      Download

    • memory/3056-3-0x0000000000380000-0x00000000003B1000-memory.dmp

      Filesize

      196KB

      Download

    • memory/3056-7-0x0000000000380000-0x00000000003B1000-memory.dmp

      Filesize

      196KB

      Download

    • memory/3056-5-0x0000000000380000-0x00000000003B1000-memory.dmp

      Filesize

      196KB

      Download

    • memory/3056-2-0x0000000000380000-0x00000000003B1000-memory.dmp

      Filesize

      196KB

      Download

    • memory/3056-1-0x00000000002E0000-0x000000000031D000-memory.dmp

      Filesize

      244KB

      Download