Analysis
-
max time kernel
147s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
03-03-2024 01:15
General
-
Target
Spyware/butterflyondesktop.exe
-
Size
2.8MB
-
MD5
1535aa21451192109b86be9bcc7c4345
-
SHA1
1af211c686c4d4bf0239ed6620358a19691cf88c
-
SHA256
4641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6
-
SHA512
1762b29f7b26911a7e6d244454eac7268235e2e0c27cd2ca639b8acdde2528c9ddf202ed59ca3155ee1d6ad3deba559a6eaf4ed74624c68688761e3e404e54da
-
SSDEEP
49152:5aA7f7tlVmdqK23H2bpHI4Qs5ABV9WRHZRsgI82lcHGAaKLinXBgJ:Q+VMkX224QsWBq5SfARGRgJ
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 7 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 6 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer settings 1 TTPs 64 IoCs
-
Suspicious use of FindShellTrayWindow 3 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 19 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Spyware\butterflyondesktop.exe"C:\Users\Admin\AppData\Local\Temp\Spyware\butterflyondesktop.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-EPA6F.tmp\butterflyondesktop.tmp"C:\Users\Admin\AppData\Local\Temp\is-EPA6F.tmp\butterflyondesktop.tmp" /SL5="$4010A,2719719,54272,C:\Users\Admin\AppData\Local\Temp\Spyware\butterflyondesktop.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"3⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://freedesktopsoft.com/butterflyondesktoplike.html3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.0MB
MD581aab57e0ef37ddff02d0106ced6b91e
SHA16e3895b350ef1545902bd23e7162dfce4c64e029
SHA256a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287
SHA512a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717
-
Filesize
67KB
MD5753df6889fd7410a2e9fe333da83a429
SHA13c425f16e8267186061dd48ac1c77c122962456e
SHA256b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA5129d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444
-
Filesize
344B
MD5c1e15f565c453fc30e13f693e8f4755c
SHA112278aedc7bed0697a4fd88b71e1e945401b2f3a
SHA256391ad4b8122912b2c44465b5f3400b22fd23e5f3ea3cce4929aaba2732229396
SHA5122cbe2e2c1029a3364ac1fb97e2baedda2dc7be5b6df9e7ab590451a7ad5544474c21107687203471a9765a1661619e0bef57f7455a66ebdd360ba51347a14a9b
-
Filesize
344B
MD518bd6674c3769cff6364d815b92e227e
SHA1cfc9be005715bf093f506f0cfb0b9411b177d286
SHA256076b84b371819e1e47481dadd294771a05251bfd9a2d77ba8a23b8a9fdba0a2d
SHA512265936dce7e41b1b565f6994f6443cc0a723d14a4eaca318294f0e03b7dfa40b5fbd9e18700a787be6f5a8639535855d3065b3ccf9c0b2843933adb1a7cc696c
-
Filesize
344B
MD558b81f613ef5c6f82079e9437502e833
SHA127bfe8fc3c548fa6e257cd92b13b6ea7b14ba860
SHA256fa401e3a618b48d2acccf556c49048124daa164693656e753297eebbacc11fee
SHA512360d9d21d189c58319f2c4e525898d887e91845b717029679b75073b353483385ac5df0c987fa38a2908559c2ff0b22af8bf682f3731cc3aceecfc3d712e66c9
-
Filesize
344B
MD51c59790b8b62b8f0c78edba4d4f034d5
SHA1b5dccfc8395a18fea4cc2dce6708c2ad04e54034
SHA256ff512c5a6bcda99a2ed57e9dcfd781039d819b0e44b258853c8a80b06f3c4391
SHA512c599a4729510841920db636f2a90cd64acdbf725d05dfe84bd153387c6167a2b5aa8870bc87639b3883d238ce3f1203cdc63395479e097120bfebb9a24f9a3ef
-
Filesize
344B
MD559406f13708361a1fa429780554c636d
SHA163fdf40dbec958e8b0bd9401fc0addb0ce02a7e7
SHA25657097f5e89aa0b11c6a568afc9e59bf15e50c2cf54c39702362f68a2468f0127
SHA512056b5b8975850bc77b82e2849fe17570aaf04e9fddf34337306bd95e8a9705a5f14c3bb3dd6bdf405b7e23b07a66ee1c0eeb923a504f6a6de035d0ac34c804e5
-
Filesize
344B
MD5568ea5fb5e0754ef1fd2672863f75381
SHA1a5eab88897aaf42615bd2e739297eeeca27a6c0d
SHA256081a3f8239d6071707628079ca994306d089e734c4f259c64d184b4caadcb284
SHA51213fc4f260924af5d2a78905d776bc21ff23dcdcb2401525afe87d411c726d8d5164916818fd8333c5684889ac1cd073273d067cd1a904b0a2b4619a0275772af
-
Filesize
344B
MD5faf276c510b006228da17e722347a798
SHA1b3b82e9952c61cbce483e702623e0320ffb3d81b
SHA2568f7c2394ab8aac359b9b7689ca0a6eb674400134821119bad8fc0fefb7a162e2
SHA512852cb37b59eb888389ba285d4e035e9256f30a85233d18de2325b2e67328e2b69e6338f7e410044b02be4fde3247744a42acdbf020ea386b652af1a0f046572e
-
Filesize
344B
MD5540146b862780acbd869c40da2495083
SHA1b3ea0431df76e8313fa7c161603c9b00876c8b58
SHA256ad8a871060a1ab972cfa96983dd078a7371e7a3cb31068cac8b9e5ebf446314a
SHA512033bd43e02f415550bfde105c7366b904cb3d9c2a8cd671e74c1621721623f3820e75ceb1169716129b9d69fe9796e82042fe81d425df2e1d0a37143ce5647c4
-
Filesize
344B
MD591833aa6d18dd64f9579904b3fd886b8
SHA180d3bee1860cc0f7489202dd62ea0de88813ee59
SHA2568bc515a74d8b1278c414c7d1c5eae8435518e28a67f95e5bd2bfdef823dc3e17
SHA5129f9525eb26ed595f70994c7249552725df90ec0b3f963ff6a620050c224484811a54d174a44761d8e72b6949c8ce94f80abb5136571df64948814cb3cbd7dbfb
-
Filesize
344B
MD5e43fc77658f195f31d2b85a7486e1386
SHA107d56f7c79315f795e2266cddf6c876769b44eed
SHA2568e4c5b07a7ac0d3e806cb1765010a2d784e415060b68710e54af8f3e51127877
SHA512396ccaddbebd3c84652f1f4650beae3917d154fac8f9d7a9b7e7740057af1d12e2beb42a6e8b7aed515a5b7a92fb592a6422e6ab7293afa55d1cf7ad890ce292
-
Filesize
344B
MD5ac9c4657e1e6be01163cc73c5556b9bb
SHA1071a4d24773febcd42801db42b1d0d1220a4a4a5
SHA256787150ec90bf534ef3d397bf76dc42d875b2484e448599c453ff518a437fc28c
SHA512c294877a20c5b472c5a66848156025857fabbabc77fd4d855a20113b845ad0e03b7baa60b4fdf814cfa14eca70789c59183ccdda5969685e0f9f5735a14d29db
-
Filesize
344B
MD5dad03b02a61f53866c9bd93d8563c501
SHA1169607c330de7926d86f24c97eaa0b5fae6093be
SHA256c2368b8f05659bf50011eac4be40fde8dc5b63bcca6909ace4227c22ce9663c3
SHA512d2ba1b624115429eb9b76a96a70c4982f5a51bafa57aaf5d7ac16b4add399ebf29ef3f9795d2234b7d4a36730efadbdfbc0a219a67973c9e9326a565990e6d9e
-
Filesize
344B
MD582920b8e3f694a8f64ff53f520102548
SHA1f848876f951d8560a7020f13d86606a23b1225fe
SHA2561d25f0075244ec04f2a6cc7d5653f2d9a0827054aee31a2dd75b6cc6ed50169c
SHA512a2cb02e4bb951f88dada4aec656522f400817ee0d784edcf58093d56ee7dc1447e0c8e7b0fc25f33c7fefe9a7fd32a82f4455c61a553636d6076aae10e95b5c7
-
Filesize
344B
MD56a8e4618618f3e1a592de15035200312
SHA11a3b89f0a9ed5a1c31a4c6544dbdd1a2612d2895
SHA256875d24d85d0e08d3db22456325cdbbe2fbe95ae296d4b9ae2e99cd4bf57c35d0
SHA5120b99d4b85d68cb8022dd1783a441645ee2f09a689cae0f6cc6a931d220ad7a55343f4ad9548ab8726b02faf53dbb1d56fa8d7acbee074fd69cb01bbe2475cbd8
-
Filesize
344B
MD5893ccac1c982178a343a9148743e3529
SHA1c55b8dd88f22293f650df79f714f693ffc10b66b
SHA256de40ebccd76d0dd50b52ff26ba76126fc4a7879e33895d4f8f3ea8b53c5722e9
SHA5124b33b91706c391c26994805f11cf94021ebe54708d641219ba8fc729402437541cb59adbd50294f5240c0b3a05ea68a6e11f34358415d3957964ffade9723c64
-
Filesize
344B
MD5dc51bfb8ccedf67a46e6e042bfd06c9d
SHA126ca37974309500273524f67a0236acebbb80bb0
SHA2563ce9e312a2dc567a2609080c56ee153ce27f46b107edf5d356923f7ebbc7d96c
SHA51244e710018d18bb7701bbc3b4678ea3f2349884545cde6cb719dfe617c6a069142524ee993df5ff2aa7cde9ab3c6994abe3aee439bf18a4f3881096b24bfb21b0
-
Filesize
344B
MD5ecc9301d91fb93c48fc6dba817fc815b
SHA1e70f3a76f610dd1bea077d99ce3a331ec1fa99eb
SHA2565bd309a9b835f75ff991309b79f019655ffdc2d8b29ccefc46c6161037b431e3
SHA51212f7257bcc38511dedb58388191d41362df5eb3143d9db4ac992c8122870cb6cb93fcf1a49ddbf52ddecc9f931d9220839da767ae2e98f17825f71714a14732c
-
Filesize
344B
MD5eab35055cd8792d69e6d597e92074fad
SHA1bf6e7fd3e2ee4f3649d52d4f555afb05d875519f
SHA25666559a4f07b5ca191b78c64fd82affd5ae739c580314dfd269aa9089271f2f8d
SHA512a65aa1a132e2e1806841425e1e1f1ea8340862055501a97adf68027f236c82b6374db6b103f0f5acf439966c7ca4b2bc386a4e87997a58dc774d7ca3fada4f7b
-
Filesize
344B
MD5d7f43db2e9683992d43b6da678f1e50a
SHA1fbee8d950ab2597ec9ceced1819e5b659445fcb4
SHA256d65f34de7c1d1973d775a53950619837bf75c17c8e9121db4ee66cfe53c9f1df
SHA5122cf0c0cbf015b6283ae2a6438c0ebd6101950542f91e2686a4a5a0aeaaa19d319b72a34dd358d1b2ca1c42bb1bf609101177bd3a8ff838f5677cac8068ed9973
-
Filesize
344B
MD5eb4a31610588933c2e0e68bd0885c30d
SHA1bcdcbbfa3d3915d9f1cb8a1965eb3fdac30052b4
SHA25647095fc3e6c00d98a3de2e72e38d403232330d82ef80b0350b6b6ba6a80e2d81
SHA512f772c595c24ae0d0c211f00d4b51326bd9c130097d4ced09ee8ff9a54202a6521e41930c3fe249b0586d50b26d05d5a7ac8713d13cb687a0cf5e448e1bc2385d
-
Filesize
13B
MD5c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA135e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA5126be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed
-
Filesize
5KB
MD553c8770652ea46132678534a6c9b14a0
SHA151ca9fb4b1c85c4004d41a9a5d8af9ff0a1b75bb
SHA256381d9f7e4b07ff3cfbb60031a41a5f2782245c5a18e84ce9c56976d20077f199
SHA512b025a2576d3281791bf9ed164e5c5554b8cf266700d64adc07b7af9c4e8cf36e15b97d8715eed53598cc4a09df54bd93a675299537083f987a126ca55708191d
-
Filesize
92B
MD578a2e81319879ddd44590662537645fd
SHA189af7fa26a42e357cd87c3c107125dd6a8bff7cc
SHA2568747f5e0c178423e7dda7d97048a841ce191debded08aa1d19caed01ff6d7e3b
SHA512b013bfdf28d3b87340882ff4b3ce54bd19f9f1597499d5cb6c8da99913b5877a5ba109463679fab2aced9eb4102362f1351a4d9ac96f9f400974ccec35f2d395
-
Filesize
1KB
MD5f1dbda9571337cdbfbcb3e59cc7765b5
SHA1c6f74e8cdc099ff28164f8905906b53686329233
SHA25621945b7582422f4f34c3bf643aee570e8d9a0463c05ad42c185f415494b6b6a8
SHA51205769cac0584303a15aeed44b09067c5ac471f37c4a368f804df88b1d8d1f78625651ffdbcda4f259e43d0b5eb807b75e45258b346cd1214ca6d93616591d719
-
Filesize
1KB
MD5972196f80fc453debb271c6bfdf1d1be
SHA101965ba3f3c61a9a23d261bc69f7ef5abe0b2dc3
SHA256769684bc8078079c7c13898e1cccce6bc8ddec801bafde8a6aec2331c532f778
SHA512cb74de07067d43477bd62ab7875e83da00fad5ac1f9f08b8b30f5ebb14b1da720e0af5867b6e4ab2a02acd93f4134e26d9f1a56c896da071fc23a4241dc767f1
-
Filesize
52KB
MD59903ed9036b945330075bc960d5208ce
SHA19453578133fd06f30287f93f9eeaaccc45c173dc
SHA256624ee45f0df198d204430579687058c2266a2d147d3e1cbebc1ff7f0abff8db8
SHA5129fa3c30efec3a01acf4cee5a26bfaeb56d8fe0752e0778ef3b22c10fad604087f37a3363a576b542322455a026bce38f2284138eaaddf8e1dfa80945cd8d48de
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
175KB
MD5dd73cead4b93366cf3465c8cd32e2796
SHA174546226dfe9ceb8184651e920d1dbfb432b314e
SHA256a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63
-
Filesize
698KB
MD51fee4db19d9f5af7834ec556311e69dd
SHA1ff779b9a3515b5a85ab27198939c58c0ad08da70
SHA2563d550c908d5a8de143c5cd5f4fe431528cd5fa20b77f4605a9b8ca063e83fc36
SHA512306652c0c4739fce284e9740397e4c8924cd31b6e294c18dd42536d6e00ad8d4c93d9642fe2408f54273d046f04f154f25948936930dd9c81255f3726f31ee65
-
Filesize
22KB
MD592dc6ef532fbb4a5c3201469a5b5eb63
SHA13e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA2569884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA5129908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3
-
Filesize
688KB
MD5c765336f0dcf4efdcc2101eed67cd30c
SHA1fa0279f59738c5aa3b6b20106e109ccd77f895a7
SHA256c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28
SHA51206a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891
-
Filesize
80KB
-
Filesize
80KB
-
Filesize
80KB
-
Filesize
4KB
-
Filesize
752KB
-
Filesize
752KB
-
Filesize
4KB
-
Filesize
752KB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB