Overview

overview

7

Static

static

3

VirusShare...8c.dll

windows7-x64

7

VirusShare...8c.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/02/2024, 21:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    VirusShare_0c171a59a3dfc56f1dae15aabeec478c.dll

  • Size

    230KB

  • MD5

    0c171a59a3dfc56f1dae15aabeec478c

  • SHA1

    11ad2d2cd18443e8ba4615c2c745169f8693fa7a

  • SHA256

    7ae4acc4e32eca89deacde3130020d8b4d9d6d59c5278bfea9a959d6667d179a

  • SHA512

    a8da715a2404c7d422c4763d99e21c020b5a73e1cc1c7d6c7776727dd7e8b133dbb2a42c129350fe4e21d7c075c4185f52fbd2bb5c286b269b0ee520b27b02f6

  • SSDEEP

    3072:CPsLPg3ljGfjnUHiuc3WIJp4JI/4m/+65KXwsKf7GxnD:CUojGbiiVoI/2kKXwshD

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer Protected Mode 1 TTPs 5 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_0c171a59a3dfc56f1dae15aabeec478c.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1836
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_0c171a59a3dfc56f1dae15aabeec478c.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:2528
      • C:\PROGRA~3\lsass.exe
        C:\PROGRA~3\lsass.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_0c171a59a3dfc56f1dae15aabeec478c.dll,GOF1
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2036
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2576
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2576 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2752
          • C:\Windows\system32\ctfmon.exe
            ctfmon.exe
            5⤵
              PID:2564

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\PROGRA~3\c874ceebaa51ead1f65cfd3a95a171c0_erahSsuriV.pad
            Filesize

            79.2MB

            MD5

            0faae9a8d139d1b160ed1435133140bd

            SHA1

            671e808a6f013474f483b45e98f19222f57f38b7

            SHA256

            288f31f43415d70d7fa827c3676c6ab6529598df990ad56af26ed8339b8d7096

            SHA512

            693d6dc32b3857d3503329f20fbc763193ece13ce619a1e4d6e8571e58e5dd32ee2cec1ac297c38a82f7c3c6147ec78bf399fd7e6b7272d56f13177121f86e32

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            ddf0024237f2b120b12057c9899d7025

            SHA1

            d08387baa861cb6cbe0d9b019e808ca648173c87

            SHA256

            94dcda31b9c80399a842294450e9cac96934decfbe721f6a6cabafb0d9c4931f

            SHA512

            68334416008854e62ea0fd89582bd57db1023cf7f7739c179a5883057f08b7d9a234d626ff82aa63de733bb6bb2fbb2e4ae46fe5896d96c86bd1cf137ee50e40

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            6c6bf34d6bf0001c82529ca71dfbf806

            SHA1

            fc40a80c257d520ab218dc547f9c7b75ed550950

            SHA256

            8f4dbd7c94c2e63ea4dbec4f60b4f85eb01643ed1cae40c13788329d7407ff9c

            SHA512

            ef3b1a3522a668641e119572df33a9bc652de0db4f6a7d9e5edc1c63c1a7a80141f683065a5950d8ae97517ef7d6d51eec0f4648c30bc12a6edcdf4e5762297c

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            26ac744f23d6686c3886834ff288df97

            SHA1

            36121254dded14d49232b2f73b49b31e2c9b03b7

            SHA256

            c790fde69d8afea9b74f27fee1b35d2b6658c48f69f99e453474ee64fc3ca9fd

            SHA512

            fa0dc29590a4e5009ec7235d28cd8ad948ff8b70a1e4c6a2b7a83bf0122486e595d9217513e4d083cbbaa41d1f37eef35d1b8401e074cb501e5a07ccca709e77

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            1e4f82f2fba4ffb72fce3a941995798c

            SHA1

            73ec586cae3ab0c2ecc9782213786f82a3969f06

            SHA256

            415f7c98ff69c2d9045d3aa8787acd2660e3db012474643c2cdda87722747321

            SHA512

            7335d815b1e71f23ec21b15d1e9c030dfb801beed82042282b94fa9d3f713155b772d8458103bac7fc7dc6ed105b2f153fe7ab9b26d1fd4b6a3d3ade17621189

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            d7889f4c746f329fdd27849182da2b78

            SHA1

            a8dcc8e1e893d3855cd0d23229be985da51939de

            SHA256

            fab7739fdfa4468211cd517d0bb7892fffdf4901e40e5d6da273e5a0586d1135

            SHA512

            86d56c017d4d0b8bc9742d106bc162de07e5049b119b94ce0cec11a9cf57297db4242a4075fbad41d44e8b2943cf4b4398c7854a9bfed6ccf30b2031ff821e3f

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            87ef1e765f421638df049cc6e7d01495

            SHA1

            b1471a82b306895757fc64598b34992c86b986fc

            SHA256

            cde3e01df61812ef42da6f16ba655eba3a294ced0001b4531e337e650b2c3a7f

            SHA512

            e37bfd6018c0878cab2e3e895e02b3e7d3dede5fd529354e57475f8570c9061f05d5c4ad6619d54e3cc3f803dd5a4ab1ad7474d5eaa288c56c1619f7254ada0b

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            0e744ed28c79e57500a5581040f52afb

            SHA1

            33617c3ebd79049763f37c1eabd21e4dddc8af55

            SHA256

            768bdba95feeba263b736f54dafa4faa554afc9fc614be1de36cad89369788f4

            SHA512

            aa76f6ee9f8b6c00f33d8c6cdba84aedd2ccebc4dffe3742b3b72fd23e1113942b5b214d1502dc246ebc5a6f00a024482013341661a1942a48849477456f7b77

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            a7e94b666a31f08a836e64506b33d82a

            SHA1

            7de6399a20eb908efd60c633f0c6f8e94c2f0bd8

            SHA256

            6510026fdbc05e303659f83e979a48ccf9a05b1f3cf4d656e14474fe47a29add

            SHA512

            2126393669494eebab227721f4075e3be5bcc246aceccb037d358f4e0fa07db3bbb708dd47613aad66fe9f807979e2db309862bbd01913bad71d55cd0db94766

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            a8110deb6de89cce53b8085d072e1785

            SHA1

            94868316f1ab9715625f0f66fc4f1f3544846b1e

            SHA256

            407a0f8a097b889e1bde78f03ac53787b6d48160ad13d5da159ea6fd31c2a281

            SHA512

            ba54e43562bbb20267b8755b2af613d9230fb96a803564e0f8fd161bd0235ac9068c717ff30f093389e87c92d1b7421b4a4eccbc0b6e579a4ed93bad07386116

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            b85f4d2c6d2a0a222fda0ee0312db3d9

            SHA1

            c116d8a2f779518ea8f3c908a0fab6b3cdc71401

            SHA256

            9a65f83d6d950f910acb5c23c212bbacd436a122f4600f8cd963679f36708944

            SHA512

            fa3b2ef066fbcee21602720b146356889995ba46f4fd03b1741775e00c9b549c1960555ef4b219266d4ad60426f4ca5601d5d4eb6d444f950365556ddcbe38fc

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            9a76679c1afafd55f4aee748ca877496

            SHA1

            be256f2fc5865c81a7deead5648a7fdedc60d3ed

            SHA256

            176ba3410ec9d4d859bdb84e9e6f44400b36b629b9513fff9aea44525fb73761

            SHA512

            b748a65edc5bb4db7e797388d332ab2c382b7dc708a0d2e9a35868ee522f6d76ecbde2ef3e72ad0ec8301c509e31919a4be8c3db7e5ac513a258a485fc95ea5c

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            7d376252556d693d1e7d04b2bf7e19ee

            SHA1

            2403cf5d18e967cf02eaf9bd711eededf727cf70

            SHA256

            ea4c3f15e932525452fe9e29e6890c2aacaa8329575e770a7b9749d18aeb0e10

            SHA512

            7d754886979f074f78d3ea7b8cf0706f9ec5d5ade6525d9831acfa1cfc2ecff2db862f7b38ca2b49e87210590eb69a47e1adc053a1dcc14a218a025b45c0763b

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            83806ffbbceadd1e656ba9a4454863cb

            SHA1

            65ca6c0f1f3a3e2064e8a38c328e708c8eec9148

            SHA256

            c337e443d0180bfa357304e0b0612872171ccf885cacad36acfa048981836556

            SHA512

            9ddaf94da95f6e3825e97b8a9f811008fc67ead28e3eabc734509428a6d2c59603eee224038d400a959b2e7b4770db96e14a69706314ff8235249940e85be80c

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            fe27862e3743ea761782830c7dd2ba16

            SHA1

            9cf293359c95e5ac3258ba7b8f13f6a204f73031

            SHA256

            9ad8306f949476a6cf2d4aec5655f2686e47a611cad7a74965885b920d094f11

            SHA512

            7154961282b41816f8a879e650e6a5e2f040bb8b62a38e761b24663595fd4f984a55fae3940352c9fc2030b114f1273a07f9c4c7be680964a6ea8a13a140a163

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            46d5e6cb6f3981f3dc18c13c5b314a2c

            SHA1

            e872ac3cf2e895bc88e61d6c79eae888612582a9

            SHA256

            94f13e42ffbc98dd7523e837b249ba72abf9737eaf24361ac0535664e47f07d8

            SHA512

            5cd2bebb57cff0f9789810c25fd04613e4e43bcd574093de5534afd87c3bc1394fed241190d38b58fd6bd29b4539ed02dbd45c1b7c547a641ddb4ba7708cf39a

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            974dc18b24e4f56faabf85905eb9089d

            SHA1

            d25924e83e5400c5fc75c52a642c98f50fb18c84

            SHA256

            33157935490704eea25a07939cfbc409c9cddd62cd4966888061a27843645e9e

            SHA512

            b68e89d588bcc79c87e5fd2d46ef186ee2f3611f8855eda4bdd24c90344cacd3706adb6573e80b7dc86f523488584b9195fc93cbe8859bc4278067dad0fea20f

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            72734d1681a24aa80ead68aa941ec37f

            SHA1

            291f4429fc65177cf7f944ac75747b124db064f9

            SHA256

            818491c26f064abc97a2e3abae75d406d41424d6053e50d8620d2ed2789bed14

            SHA512

            057b34b2b520f67c7bf4931e12823a702bc9f923d8119d38e8b23aea029c506359383d2231ee946e7405defa41a570c2f06de1176349f30af500aed6aa906f40

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            6732f253dc5143cdb88265fbdefd8693

            SHA1

            0c21246836bfca1a422bd72d16a82eff81ebe4b3

            SHA256

            15dc93eb186d61e481345f4420b92a563f5613a64ff461f5573354918a7c20b0

            SHA512

            343454ba36c24821708b11f52424d1be75a427f4ccdb60d7124eb3c69e35007357bbd0aff45e56f979bfc5f261fc64bc0eb803229a6667aa19a3983bf156eebd

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Cab7D4E.tmp
            Filesize

            65KB

            MD5

            ac05d27423a85adc1622c714f2cb6184

            SHA1

            b0fe2b1abddb97837ea0195be70ab2ff14d43198

            SHA256

            c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

            SHA512

            6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Tar7E2B.tmp
            Filesize

            171KB

            MD5

            9c0c641c06238516f27941aa1166d427

            SHA1

            64cd549fb8cf014fcd9312aa7a5b023847b6c977

            SHA256

            4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

            SHA512

            936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

            Download Submit

          • \PROGRA~3\lsass.exe
            Filesize

            43KB

            MD5

            51138beea3e2c21ec44d0932c71762a8

            SHA1

            8939cf35447b22dd2c6e6f443446acc1bf986d58

            SHA256

            5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124

            SHA512

            794f30fe452117ff2a26dc9d7086aaf82b639c2632ac2e381a81f5239caaec7c96922ba5d2d90bfd8d74f0a6cd4f79fbda63e14c6b779e5cf6834c13e4e45e7d

            Download Submit

          • memory/2036-15-0x0000000000240000-0x0000000000262000-memory.dmp

            Filesize

            136KB

            Download

          • memory/2036-26-0x0000000000240000-0x0000000000262000-memory.dmp

            Filesize

            136KB

            Download

          • memory/2036-27-0x0000000000240000-0x0000000000262000-memory.dmp

            Filesize

            136KB

            Download

          • memory/2036-490-0x0000000000240000-0x0000000000262000-memory.dmp

            Filesize

            136KB

            Download

          • memory/2036-14-0x00000000001C0000-0x00000000001E2000-memory.dmp

            Filesize

            136KB

            Download

          • memory/2036-12-0x0000000010000000-0x000000001003D000-memory.dmp

            Filesize

            244KB

            Download

          • memory/2528-18-0x0000000000710000-0x0000000000732000-memory.dmp

            Filesize

            136KB

            Download

          • memory/2528-9-0x0000000000710000-0x0000000000732000-memory.dmp

            Filesize

            136KB

            Download

          • memory/2528-20-0x0000000000710000-0x0000000000732000-memory.dmp

            Filesize

            136KB

            Download

          • memory/2528-7-0x0000000000670000-0x0000000000692000-memory.dmp

            Filesize

            136KB

            Download

          • memory/2528-16-0x0000000000710000-0x0000000000732000-memory.dmp

            Filesize

            136KB

            Download

          • memory/2528-0-0x0000000010000000-0x000000001003D000-memory.dmp

            Filesize

            244KB

            Download

          • memory/2528-4-0x0000000000710000-0x0000000000732000-memory.dmp

            Filesize

            136KB

            Download

          • memory/2528-21-0x0000000000710000-0x0000000000732000-memory.dmp

            Filesize

            136KB

            Download

          • memory/2528-3-0x0000000010000000-0x000000001003D000-memory.dmp

            Filesize

            244KB

            Download

          • memory/2528-1-0x0000000010000000-0x000000001003D000-memory.dmp

            Filesize

            244KB

            Download