Overview

overview

7

Static

static

3

c6127c470d...51.exe

windows7-x64

3

c6127c470d...51.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

3

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

7

$TEMP/remote.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$TEMP/sobar.exe

windows7-x64

3

$TEMP/sobar.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    13/03/2024, 14:07

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    $APPDATA/Internat Exp1orer.lnk

  • Size

    1KB

  • MD5

    9ffaab5f197ee38cf1fe65e19d4bb217

  • SHA1

    39ee57d785cb31b75fe79879ab5dfed14eb1a28e

  • SHA256

    6a1bfc7b4d0b3c749f9a5737f7f0253c634bdd62fe812948807c6beae039ecca

  • SHA512

    eaa04c6437eac713912a81b2e11f97cfdc38d5d5bb459d7f4ae94d140b2bd4d74685cda43697f00b6803b1b58da3bef78ca3d9d6a4b9f5e4278ff2451aee512b

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\$APPDATA\Internat Exp1orer.lnk"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2552
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.113w.com/?waga
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2808
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2808 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2384

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          67KB

          MD5

          753df6889fd7410a2e9fe333da83a429

          SHA1

          3c425f16e8267186061dd48ac1c77c122962456e

          SHA256

          b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

          SHA512

          9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          b573b5b59e73de0ab396a1e25854fab5

          SHA1

          83e9f39863b0eb466d1c38629ce14307a419e897

          SHA256

          b8f6cd520ea1bca63518524138d98ff3e12f8e5dbf807786b5b9c4fe2716c5cd

          SHA512

          ea2dd544fbb8eccb65743deb5eb68634eb1ba714f831103a8ec3f408f0841ff68f3e8f6958827e883063ac8a3fa76c714418f1f7f64fb1967330f69ad322efd5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          a4ebf007a2ec47af718aeafe0864d6d4

          SHA1

          0bf727c26e5bdba637bc5513d3a4a3c4580edc77

          SHA256

          d1c5b5e4d7e792bc9b197a078662997d385e6a75889b1387054166f10a0467e5

          SHA512

          26963a04bd73db8289971d49d98bdcd161129a13c1ccc62fb404c1f66f9d3ec9e4fc917638cb5169b8502658eaaa53aaa16e4bbf2078ae7e6887386f26109d40

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          6cd74e386e5d1a06812b06ace4a6c12d

          SHA1

          45b4ccfc33fd27fe10cdd37e35c5d63da1788ec5

          SHA256

          e928eefb91516a31f455599742567ea9a465d029c245265a444b3c4112111ee1

          SHA512

          782e7ebec487a93bb187759a1206c64166cd541684b7416d62f551f775557a813f1613710c3dbe7566a3fd778053315fda6bf98d5b4cac42624126bb9b9c2160

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          bc232f9f99ae4f2fe9627fd43d05a615

          SHA1

          51bae79631af4840be507b84bcdb1ad864ccc552

          SHA256

          b7fbc9afeccd1d7924f8ed1d672be1cf0c710ee505702b4b2001e31a9a810805

          SHA512

          c8c2189b1cdc6558d0fae242eb2a4a0412fe45837ad2a0c5b56ef2106e18a295ca53e5ca1876924c816094ed69db0a0d1b0cf74ee401285162a6da870305c954

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          e254a514c88dd34011de871112c2ad76

          SHA1

          6ac432d8e5988e5e4b9870ebd07fc3bfa56570c6

          SHA256

          2bf7faf55dba79e7eb21cde89e926c3bb18c1b956281a63c1753a42302991211

          SHA512

          23afd84265011d4afdac38741d0d5ada6f0faf734960430266b972fb45769c6d974972b211ab73619a82a988f98ab3e4d3e944875a7f815c4623e85a6a866e9f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          58875970143d7cdcfab8a2dbd55a1c38

          SHA1

          e8471adf72e3df8fb5a61f933033d5b8536c55dd

          SHA256

          4820b2f7c8164febad89f4e9cf3108e0b78fa3a3d27a10e3c540bae9acddd616

          SHA512

          82a39953ed805a55e1964cd18beca7da7cb14514434d1bcc5813dab7d104a9ab4d0c2c46af34b2d3bec428ecec7e7f4ca33033ab6e42866197a418789dbbe870

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          547eb7fa6045e6ea54e134e90a8c5dfc

          SHA1

          3c4305cf9fc123a5e658eee3b27073048cb8caf6

          SHA256

          abf45fdcdf2843f8e241207aa0bd89596cdf0aa92a5f0b1afd601a9f48cc5135

          SHA512

          a77d211e31156bf65ce05c40109ceedf74bad21ef7079d337a84af26999302bc2fc890e5dbfb42fef55fa41e3b8a0afdeea05804275c264c636fefc8905612bb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          5d4f9e5030766a94c467f8e8a4858003

          SHA1

          a7789f152c0295781278347d05aa5fbff5784c4b

          SHA256

          f2bc0ecad449f4787d45cb2979d52854a2580af220f7921be7a63b3c7e97ef27

          SHA512

          2eaad2b97073b45a7ba9b8cbbc40df890a77be958e0a1b0207e405ce759009f93a4addc735d897bc1b9ba460b2755e50734b2b2fbbd1276ad355b03b682d3646

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          493f8822323c624ac6a9903a79ba1186

          SHA1

          f7ae6e09a7b618f6aedb7ed2336fd6666f4e6145

          SHA256

          c1761e679c65a0f40990748f39a73a87914abb9735cf44d57cba0bf8252398aa

          SHA512

          fdec48e8d26fa49f2d858bd49b59ed90e6ed8a0b089bfffac3d5ac2357e5d91af29857a80e2b34f62d2fd1fea14203d2516a3b3be6f81a7063eb41efbc81e619

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          fa3e2037849e9a8137632ec8fd4acac3

          SHA1

          6b51be48b417a31231382603758f7bac9e25ba82

          SHA256

          db1e1e75e5dbec45ba4aa86775a98766e25597156c15c7d2d6fac9cdcc2fa565

          SHA512

          7c093c36c0046ed3f9eafa30c95b471d00c34ac6b9336abaa9d3ee832d00352e98272bf9407a383ecb6ad670e9dfdecc6fb7bf83da1e3df0f7dfdc131c9c7c90

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          13d6dc473b953814b5c97bd63d27f274

          SHA1

          a9d21388c12b11c38f663744fc3a2310ecfa3957

          SHA256

          c08e0dfa00ef13910a8af11b4fd1c1174b496cdf701f24ea4f7f696a44f79221

          SHA512

          9e066fa567f09de8d737f2da977cc4efdb7d680f09b1f310208d57376d484778e75ab5444db120893050bc9d006f2f2db404a3eacfa003ae237ef6f32a2d764e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          5314ee4279032c88c1d63c9b3d54c103

          SHA1

          6cef4193e86a61d7f68bc2bf2e90cc5f30fa2422

          SHA256

          92677823e6548c6bf69420dd3e6663a36f6de851f11b66101303841201ce6204

          SHA512

          71ddde59642504d2ad25058985a22d22e21cff0038e0d5145ee47637384e74dd4739e7ad3e49510e26152116abda1be27625efd9f574a73c0da934ab21927c7b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab3EA9.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar4074.tmp
          Filesize

          175KB

          MD5

          dd73cead4b93366cf3465c8cd32e2796

          SHA1

          74546226dfe9ceb8184651e920d1dbfb432b314e

          SHA256

          a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

          SHA512

          ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

          Download Submit