Overview

overview

7

Static

static

3

ADR_Instal...18.exe

windows7-x64

7

ADR_Instal...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

ADR.exe

windows7-x64

6

ADR.exe

windows10-2004-x64

1

ADR_Servic...er.exe

windows7-x64

1

ADR_Servic...er.exe

windows10-2004-x64

1

Help/ADRHelp.dll

windows7-x64

1

Help/ADRHelp.dll

windows10-2004-x64

1

Homepage_R.url

windows7-x64

6

Homepage_R.url

windows10-2004-x64

3

homepage.url

windows7-x64

6

homepage.url

windows10-2004-x64

3

Homepage_R.url

windows7-x64

6

Homepage_R.url

windows10-2004-x64

3

homepage.url

windows7-x64

6

homepage.url

windows10-2004-x64

3

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    144s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15/03/2024, 13:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    homepage.url

  • Size

    98B

  • MD5

    cdc78c48a2c7c0be23b53b4a573551c0

  • SHA1

    d6fe0c4e27726cec8b1543da5e8de9d5da7c8186

  • SHA256

    68b749a20c53ecfb067a38db0b9f658c6cf38facd100641c9bbc70ec7aecb96f

  • SHA512

    4b2a69002d2e8217d5758f1efe101147f23b30d188f893a42a0f06367a3d2a2d7c359b6fda085713932d387f4879758bd004c3c7df36f3ad8eb2c3b8dcbd2753

Score
6/10
evasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Modifies Internet Explorer settings 1 TTPs 43 IoCs
    adwarespyware
  • NTFS ADS 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\homepage.url
    1⤵
    • Checks whether UAC is enabled
    PID:2204
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • NTFS ADS
      • Suspicious use of SetWindowsHookEx
      PID:3064

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    30cd51ad7c63eb7a799a18d0ea23376f

    SHA1

    bc1c837d55ff8d6204ac6521a0fd3b1776438569

    SHA256

    5ceacea1dbebaa2b3cd8b9c4f1341562e991e3ee023fe25c8b32ecf04f678790

    SHA512

    4e795ad594e66ce94460c648a23b82ba0a77544e067bf3ec5b0ff6aca797abf7800cde48c534c83a612022cc6eb83ea0d3987b5ea8d3a9bf3a954ae9ad22fe95

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c66a42ef350d40f977993e98d48424eb

    SHA1

    89880f16b26c8bb4a320402f1d21773486835f01

    SHA256

    219ca51c540446c332e86e0c8114fac2fe7dc7195de4a294dbabb9118a9800ed

    SHA512

    f1ca2309cca7342915298df30335204370a01cb8218080a8d634641401b1bd7e02d860485d76c6a7ed2454c3447f4943c0f1bc5a6d1589ca303919e34eba00fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    825ba3a793d61298c6922fb9bf5dc87c

    SHA1

    b1f6bddc2fb91d5f464a9b118d7e972e2511e237

    SHA256

    2c586377fe75b4d2a77811cd5a626906d7ee95e4e8942eba2ad5b11d4645a309

    SHA512

    cea1e83038224d9c8d7381cbc2acf4dcd89899759c62c8fbc543ab7fa2590aa7cb113bc70b617972fa5faf37808256682d380835d4ddefe4de256d35839c6b98

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    335585c9c5729b25c2918bfd3533defe

    SHA1

    3f69b9f92a5035d13f0d04ac086f23d58d4ad6f6

    SHA256

    2e86feb4c804ff4ec19b9e42188f28d03a0cede075e13815665567e05a920511

    SHA512

    82a10b3fd2eaac1d5b417f6794e3e2f1a5029648e7310bc945b4fc774e2a7ce048c3178ec77f8552918ac8fbeb5a4a21018facf27c3b7c70e781680cf4fdf394

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6ce53e03073af8d88c19ae3e10537453

    SHA1

    6e759c937542e63994597f26f84919df05fa934d

    SHA256

    3349aa0e09c3a68dc3d0ff7a1846561c063973a26aaafd0f425b68cbe22ef23f

    SHA512

    a4d1b5b1c688928ae62667f1b4b19dcb064de82cd6fa4988a558f4b45e241e5f398fe08c6738091e580cfebd1e38ca52cd23c36bf3c00c29b0774c07210bd262

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9bb432a7412b0176bec7972378541898

    SHA1

    b51bc94fff7f01dfdd34f7eba273dab5bdfeeacc

    SHA256

    6d2cb03134a1757997c209f669444cf722f620c8a92783f37865948cf49eb2de

    SHA512

    b3980aaadc4ab1e7ea37b8c51a45b510d7456611c8341daa8d8592683bd0ee134c3734f61819c7ac6c788e6efcdc2b7f2204885614ff455dcc3e2e16206a625a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    800e3a3a11165126fb33e24d9bdf24a4

    SHA1

    2fb63ed5b2a31605fbb0cc8c358668386ae9d9b0

    SHA256

    6b7cf942aa3e24e06dab5e1f072f977e86d3b72ce96f1a1ed8b02e12a1aaf44d

    SHA512

    46301567055fa6c2250855a3f6b280bebc4801ce7c93e5c9f3a3ff0b3783405a47858e428e3bb3d555d6a20b92a66b3ff21a25e2e013c50cd16fced9bf1c2abe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3e45bb30e9fe77f504a721014358b029

    SHA1

    466cf1723aead9210e6f2a9a7725f5eca5292ecc

    SHA256

    ef35106fffc114cd5a9470882bbbf3392036610793d542451b8defa96ce09d2a

    SHA512

    965d278b6b202abda619501481fafee9f0a2c584f5918cb25d0545c988e000bb0339d90e96004f0bc6ac9c9214d1b0566d43601d95fb32410c0dff30b0410fd1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    71bff67427ef89970415be797550ffb5

    SHA1

    a66d3c8ebfb676c7614617644aa97ef650a699f4

    SHA256

    58830d723ba53dd900dea27e3abed8f0adb8b446718746f1aa2ba1809940bcec

    SHA512

    45a04224a8a0de9c1af9ea640dd06382dad82a4ba212807fad5cc8be77b72b5c91c6b0c7cc9f3be016cbc7bb14ac9a8702de9c267c91413bee63c7a996121114

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    02b45ef48d41d4942e6886b53da545b9

    SHA1

    5bc3eb8f6fad46f1b7141b0fb0bcedb36387bc28

    SHA256

    0d83f0dbefb805e10d2109ce67649875dc6a7269c425a56f72a9721ae0a92cf6

    SHA512

    3651ed6af121bbf9087598d71ba33b08a22fc7868cd7d4de66aefcd365a9950160da7da5ae986adce1bc4db1556c8169c9310acdc0016e4511394731b6fc7d60

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2ca7409c50a98e2e36f5769fba0952d2

    SHA1

    cac3938dc162021fcf4b9cf7f1d6fd73543f022f

    SHA256

    d3f17f75d945d296f63b8eb2740cb44c85a80975c6f158b8f8fa4a558b0fc1ae

    SHA512

    8a33f9359216c01fa8b0b8b48bb0f92e96d77d595778cd95d5f452268e62b4b7dbc833133344fee7f5288dfc288477245782eb6800c79fb2a3dd18c52ad7e3cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a4bcc8a6e0a84143c733344ae18c58fe

    SHA1

    77873bbfaaa710a079e46f7c31cf852d6a776630

    SHA256

    0ced09cee70bc1233141d31937154cc9d702d92543656178028b7818002dade0

    SHA512

    d8f688b7609daecdda24739a2b609e62071b83734a0215dc51f9b054a2ace903dfbb0c7dbfafa1d86add7b978feb484808676b55c91ea0c3826fa21e3482db63

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6e42524c83c68068defbcb6acf672fc5

    SHA1

    458a8974a6a5b5ddda8d8814b331762eb689e70a

    SHA256

    95a06a397c4d797001bc507f101ab01d65ea29e55ca9a807cfab1ba86866e426

    SHA512

    e0715b030dcab509d52edb3c5274b56d80341c2fbe0df8d22474d1c0a1b220aaa43e0e6cef8983411c8905bacca92f843f724ee221c4dd31b30e16935f8feae7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9dd805c785cb7485db9721fa66a3b037

    SHA1

    6d2e4871aff8bed7d9415de912427829b06806ac

    SHA256

    0c54e02eb581387378a7be47c90ffce3f68d558e59f7c4b1afaa0c59ff1593c1

    SHA512

    74e15f014061537d179f096e92aeedf7de7eb62d9ab3f6ab68c93f336e6235002b30822df311d4c7bf24f9513f1eda0f409b2439c37a3d7b246fc6657a8b458c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    80710628628c1d538e07692e7ff53f89

    SHA1

    daf87416d5f81f9261af580ff10523c7f35c2040

    SHA256

    4f194662e52f95bd75be51dae3e20ee3cd35dd1d0c707c6d6c3c8ebc2d180e9a

    SHA512

    86acb3340510476141033a46eb24c272fa6ac113bb32791071a6e2c60dbd9f3f06524e54098d3f0aff28353ad375883f3995d9be4996ac1ed0a97eecf7d0f3ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fa1667d6cb0ae114df2e7dd37158c461

    SHA1

    1367325ec96843af30d08d5e1de653b41028620e

    SHA256

    cf91b4a731941a945ddc343973ef1c6e056a13abd7069f484bc7a8ae0d080289

    SHA512

    0134d88dc34a13b9f8d14bde3450a43f120e0ea97012c219e4e39d1a3ac023947eafe9b555f6e316bb69fa1fbe25489fca49eec7900aca4382ed956de94f7b2c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\3pl5scb\imagestore.dat
    Filesize

    15KB

    MD5

    af04807ee38a6a40096869674be989fd

    SHA1

    e3ca86e28c67a259b58668a9f2fd182c96708cf0

    SHA256

    daeb32b46ba88f972e0f1a37d91ed52e802de7d19984c42eec69ce22b052d14a

    SHA512

    8dc00801e1078d72af6ae6636f926c85c2a5fa73c9d0702a8313038fd4dd8ff4dba95b0efb33a040fed0d02c185b98b43da79c8fdf0a217606239592a665468c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\HTALCmppX064JiFpenTThYNA4OLhPcUpsKA9Yr_6NKo[1].js
    Filesize

    24KB

    MD5

    734732650cba19d6b1baa0b33364c56c

    SHA1

    fc5b12b14a81bd0d8b838945553c016e224780b7

    SHA256

    1d300b0a6a695f4eb82621697a74d3858340e0e2e13dc529b0a03d62bffa34aa

    SHA512

    6247a310e29b2304d55b8823d41be1cd21e1ad8b129c94047641333aebea433f5940aefea78b2cf914533dedcbe18e65a363fc0c8a50bcc22852c104563a49dc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\sedo_logo[1].png
    Filesize

    14KB

    MD5

    def00c11b1596db4efee6a9fbe64fc27

    SHA1

    bd298981e6d8d7e4ffa18abcf687041f4246672d

    SHA256

    95c427fa3143b1896faf42a6406686ce7602cb39052081bb32d12b51c9e047e4

    SHA512

    c056e95dbfa1aab3a50dff18c6d577dbffea72c93316ffc53b6b7aa41dcc7707a810d563894589a7305de0b76610f88150b2034670de368773b2b356f14ad30f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\styles__ltr[1].css
    Filesize

    55KB

    MD5

    eb4bc511f79f7a1573b45f5775b3a99b

    SHA1

    d910fb51ad7316aa54f055079374574698e74b35

    SHA256

    7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

    SHA512

    ec9bdf1c91b6262b183fd23f640eac22016d1f42db631380676ed34b962e01badda91f9cbdfa189b42fe3182a992f1b95a7353af41e41b2d6e1dab17e87637a0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\recaptcha__en[1].js
    Filesize

    501KB

    MD5

    5a8547555d71e5846135a48dcc7ec3dc

    SHA1

    bdf99d0037d631ca1d24efa343781f55a11afb05

    SHA256

    7a01932abc324cbdf143534bd8dc0e665e045a2ae8a0d234d24f2d3ad9ebc619

    SHA512

    863d425b41d6b439618ccd38d5ea46d5ad6cf3c145a476e0a8596903cfaac4a2d04d40f5cd4f92ac74bdd73dfaaec9f4661c6a71116dfc78b6a41f7d3bd801e6

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\api[1].js
    Filesize

    850B

    MD5

    8cedb573dddf05d2f9cec38a0e268c33

    SHA1

    c749bea9aa521f3bc1910552a6229bb4e717ebca

    SHA256

    37ca9816aa916b457dbcc35f7cee5f94a34aa92a431807cd1ed8838be4cdee0a

    SHA512

    64fd7e6574199f7602a33a8d99cd4ce3c170c1fca1d870feed022cb5ab9d3eace30a3ca5e0dd30f650c4ed0495965c4c26d8fca4a331232b7264f6088a85651d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\webworker[1].js
    Filesize

    102B

    MD5

    e43ed69c73d3d702c3e4533a337d5a1a

    SHA1

    88baa0d1308fb899f418628f69394b9583be9b34

    SHA256

    54d175fbb376b467b47a444346899169d7f8fff30cc0dd3895c98cb647329afd

    SHA512

    b38690f1a677251738641c4e3f3de4184ccfa516ea900707e9b462d1d69839431d177dec833ccd8a967587d9c0adf333f1d9a519e3c2658022cfbaa1ffae8884

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6395.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6397.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar64D5.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit

  • memory/2204-0-0x00000000001D0000-0x00000000001E0000-memory.dmp

    Filesize

    64KB

    Download