Overview

overview

10

Static

static

10

VirusShare...78.dll

windows7-x64

9

VirusShare...78.dll

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    07-02-2024 06:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VirusShare_c4210a26cc355b64ed5734df960b2b78.dll

  • Size

    209KB

  • MD5

    c4210a26cc355b64ed5734df960b2b78

  • SHA1

    d0716e4ee39e2caefc5844b35143a4d7e38ae4ec

  • SHA256

    838d2f9aa24bb10a81b1d750e116c443100f2be1093fc138e31621fd5911c460

  • SHA512

    f000f29368d3c77c14c901573995b05b3b252134af1a16c01e32e1bfb3d35195f1d220f380f7bf887851495c001d3b56dd86895ef608dac9e43f32f0da777f43

  • SSDEEP

    6144:T/q32rRjPhKuDkkLjp+ScgBKozpJ1XVSGuRq9M:myR9rIMHZBKI/XV2M

Score
9/10
evasionupx

Malware Config

Signatures

  • UPX dump on OEP (original entry point) 5 IoCs
  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_c4210a26cc355b64ed5734df960b2b78.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2356
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_c4210a26cc355b64ed5734df960b2b78.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2336
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:1672
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2184
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2476
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2104
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2168
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2792
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2832

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b1100fbc89a3952af66094c0cf5371a9

      SHA1

      cee24070571a72a2cee27233f8cdf6f05371d32d

      SHA256

      e2c08cd33e0ab61cc42e600c709964b6b06e25565b801578baad54e581842394

      SHA512

      a9a38e8a9ab28dbf3d3987a3bcd8b9ace5c2a78838f6b1b6e1ce10156ca4d58c74a3d70ec29f59692a0bd3a735845651c7b0b258a999d93469c27e13af3d2c68

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4c03910a5e7a72b635d4f415cb63e7fb

      SHA1

      347744dd9b727b76c3ed78b6cb2b232faca3d779

      SHA256

      40d2ab848c46cc4b830249f266a7d958833cc57bd95246664a8f5e1bfbc8ce42

      SHA512

      ba6e75023c5de946d2c987d14da91122af4ae35ae88249387256f8e626789f1a3e479ecfc81a09cf3f8a383653ce8f48df93cc6e80b484e8fd4e5fb9d8265e5c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f45a42fd91d7d2a3ce29b5909a1ac242

      SHA1

      3ced6bfc9d504a51df70f5d855d431eb4f247251

      SHA256

      f1792fa1f4cd147a4eca5b20be7c3057a17cecb189fa5b7a45cb047aabd7ae68

      SHA512

      a9a343d02937b20358e5ab15aa0e0e7e760a3f3d9aa917cde3c606a8602061bf4856537f71a224a8366f3f0276e2b0a74711abebc7dbf3b66f10881bc9ceb7fa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c09904e142afcbf689ea04ba48fa6eb0

      SHA1

      6999319e08f953ba566d6118627ab20a5f3d5988

      SHA256

      a4ec151ffd67b139c8e9ab3486723df67c5720f88b22c5e28c6e07ced39c27fb

      SHA512

      7edf22417a8188986ce7fbb28fca3d04986bacffc847c2a25e7da352a723237ce2d2a0ba22522db057515a9a98ec25dd9eeda6a32269d1e0532076dfa3af4a94

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      974a9689dfb5ad75b1d4d8ff1e2ddd26

      SHA1

      f6d8f4ff1f9f0bd812531be8af0875163f98a394

      SHA256

      ee0807feed589dfc54122b0ece1ffa987a612f565b3f4ceb503f07cf1b69a322

      SHA512

      d7c7a9126c7ae40e5dffd9e704e4cd8723e14768fd9d1cb08f92b9df1557205058246bf291a9e88fe1d54341537667683f0ab663b5ad79c4f54840b7b953f1b4

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      43eb35ad91ec6d217e51473c41e3e806

      SHA1

      d6ccaea55d4fbc0bb497aa55ba13e2f39aa73be3

      SHA256

      7bed0fa93096b16145782a7de77e3e9931dbaf4c90031d2f3f82f95b1af99e75

      SHA512

      d6f312d7a335bad6eb5fbf0d054377520c0d5b36ff65aeb5d465153c73357795a2c32dc99fbfea3d45b54da9d1bfcdfdf64699695320221e31924130021f0288

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ce8854a292654ef8e147a79d9b18bea8

      SHA1

      803babb78b020471b5db8236f848ffb6fac723a3

      SHA256

      14810a13695386c6d286fb3246efbe085800b73f4d02001ed783355dd248dbfd

      SHA512

      3c2053276b2556a3fbb2e4b043437c7d0c000f4f38ef6fd432347a31938e2f4e2f8987ae899eec728bbdf654ab9c39c131a26bfbad383d2a7fbf6d8ef37930a3

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e1d3360ac16d87d1b86d9663eef7f49b

      SHA1

      c9a1e16450346349b442b9994b66b1463c2c6aa6

      SHA256

      0b1c952a2e0fb58692d2de72bf36048acc7bbb23f312a3b7c3955176a1cadcf8

      SHA512

      a12336726fec9f5edef3f8511467d91ede678afd596e1131a6f261b06747b88525110b63babacee027c77a952877416a50d5742423cd7c56b8187b759e8223f2

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bec8776b8351d2551fef6516f8595089

      SHA1

      4d930b08b9b4618058ed34932a129f065ea5500f

      SHA256

      c9b31b1b17b94ca68ec615a7fa7b3b8d1f17520692e401fb4e0b1e7798dca1c8

      SHA512

      383a45409f34bb35c18c910c83eadd8a47d9aab771a5a40d8ccff8fbad9988c933c4946665e14d5495b20dc34b2e609d095de457defb2f4b4c6270ab2c285e1b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      605303efb3241611a4746581762ef59e

      SHA1

      13e3c0ba31bcabc937c122227ce2c7c350039df2

      SHA256

      6af2c0c0cd85e80c46a44fc720c7fb8b68d0e344e8f162ca4b0d7584c263c99a

      SHA512

      c6a6c2aa36b79e31333719d0c9381e3565ee1f3c5e56aa51376ab82cd846975fd19c6ddac879157f2ad2a4aecab728aeb493fd278849379ccffec43872ac193b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8ad745bcd399b27db3c4347761f753f0

      SHA1

      2c3583b47a55360445f6974176901e5e5c04d78e

      SHA256

      fd07e4c375a04cabd997a8759e6aec3de1203c33390bd1984ad4603c55161aa2

      SHA512

      a0d13fc1f9832b8d8ccfb83ed2a499a5135ce3af270b3c6932d8a9c17a57c96aab50479bc5da3a2d87b8cc34d4c6d5d39440518ead5d6a490998f27db51a567f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      43f367fc0457233b2f3b56a676627428

      SHA1

      0994855211263ee9b242619ac6b759d5013c3b35

      SHA256

      ffe5a14dcdc94f2c4d6acc2799efadc7b1775ecc60867ce4c4db9c0b0f63b2bd

      SHA512

      0771ede5fc0e2067a4715e4aa067e38ec9bea443966527eb8f7787966e13a24b9bb522257eba24d68cf3a9f256efb89c3ea64317e1e1fd10b913842cb96aeb36

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ba4795d10eb6692ff8f3d5412dbbe996

      SHA1

      37323da7520de330685c399cec4df2eb1fae30a5

      SHA256

      c085235039950a14ae3e9bef3b8fd83d636d3fca424c567dbabfaa04d82b40b4

      SHA512

      7c23ad07f2a91c13dfdf3292ab98ca95e87b2a9055f1dc62a6440c7bacaef75ace6c834f0e850773ff3a5d857170c8695775e9d384f6a1a6c5476bf4a7e5f43b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      72292aa1d5718421cb0ffb2c0a825228

      SHA1

      ab10a617a80aa309477cdb8b12dc8918ca37b215

      SHA256

      47077d3b72a46c27005f91d0ee49d3e4d688596d597d9ab98b3b4309a8b5be57

      SHA512

      38f23260aa177d7a91d269bf981d3c173e7999aed0c3e7750db4d884d7cf53f5f62d1f856784567ef40034c5c91cc4e2e26f7b5a31cbb7eaff0cdcc0521ed3b0

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      99ea74aa9d0e3b2f78634daeb802f3ad

      SHA1

      85cb96e0db6115da4866fda9b1f7695bae1fd52b

      SHA256

      4c40a8881d72eff40023d65008611afe1c968c15c111d2a88d1a75134aeeb999

      SHA512

      5e1739f2c8fed19532384c47b51d5ea3bf84377268ce6053dbbbb9a4b9f6b6c816731c3439d123fe7cc2cf3fd6a04cc3da729ce70176cec31bbe72ba088292be

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f2b7bac96a0b932ffa0523fb280a328b

      SHA1

      71cb9313d8b2cf1d197ab168ff958736ad76ca06

      SHA256

      d25d7f5afa8533307f66eb14e2d48c6c1896b97f2bededdd8e5cb16a24f059ba

      SHA512

      7476aa088dbc6f8f0d5ef92daa7282c39ad7e26e11a681ee15d8e2f5df676b63524187367139954a8a316905f57967862e225e1ca5d083b5f31d171f97dc1e76

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c6e5af2663e04e225bda362d882c9b94

      SHA1

      7216b5737b4c7961e1085ae17fd6548ea77fc58a

      SHA256

      7fe2c67cf851f2896aeaaeaea06db5ccc17bd1fb6ed40057d0f13410a51c25ca

      SHA512

      534989120efa0c2c07af26e3dff3e84296f11762a88c29a4d9690311cbe92d81d674ba7fe00ce431ab869ac54677defa446be9ea70d4320f0de0a30ac71517df

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6649807ca5924cab398161cad544ed27

      SHA1

      b4eccc77c2f801335301621ccc72ca4cf2162200

      SHA256

      3bf70566c7edf9244ef0fd891410c4cb2671b146aeaef49f9049c131a8fb12ec

      SHA512

      d236a5e0ebfa66655b5e042662fcaa1db6b1147cbe8f5e96bbcead8630ac7ed647ab4027d6a93af6b696f79ec8cab4f57a8d482ef92682551635ffc1a5f194e0

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      408314bf49477fb83427f77321d0c23b

      SHA1

      97f78e6b40f87314651e4ea174f4dcc8a964e7b0

      SHA256

      5600979aa271ba4cdb7ffd0cbf97b51ca0705ec1786c09abd4f6cf80126cc70e

      SHA512

      e2d5bcb9244cc3ae117dfd6f1dcfed8096aa7a758e55e6d68df2e2c422cf86ddcb583e2cf1fa3cfd2ac9081ce09f75fbdfaefdcbe9ecf228df09542c6209c8ab

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabCA35.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarCB03.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit
    • memory/2104-7-0x0000000003A40000-0x0000000003A50000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2104-6-0x0000000003A30000-0x0000000003A31000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2104-452-0x0000000003A30000-0x0000000003A31000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2184-10-0x0000000000400000-0x0000000000452000-memory.dmp
      Filesize

      328KB

      Download
    • memory/2184-12-0x0000000000460000-0x0000000000462000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2184-8-0x0000000000170000-0x0000000000171000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2184-24-0x0000000000400000-0x0000000000452000-memory.dmp
      Filesize

      328KB

      Download
    • memory/2336-4-0x0000000000400000-0x0000000000452000-memory.dmp
      Filesize

      328KB

      Download
    • memory/2336-0-0x0000000000400000-0x0000000000452000-memory.dmp
      Filesize

      328KB

      Download
    • memory/2336-1-0x0000000000400000-0x0000000000452000-memory.dmp
      Filesize

      328KB

      Download
    • memory/2336-2-0x0000000000400000-0x0000000000452000-memory.dmp
      Filesize

      328KB

      Download
    • memory/2336-3-0x0000000000160000-0x0000000000174000-memory.dmp
      Filesize

      80KB

      Download
    • memory/2476-368-0x0000000001D50000-0x0000000001DA2000-memory.dmp
      Filesize

      328KB

      Download
    • memory/2476-16-0x0000000001D50000-0x0000000001DA2000-memory.dmp
      Filesize

      328KB

      Download
    • memory/2476-15-0x0000000001D50000-0x0000000001DA2000-memory.dmp
      Filesize

      328KB

      Download