Overview

overview

7

Static

static

3

d618921099...a0.exe

windows7-x64

7

d618921099...a0.exe

windows10-2004-x64

7

$APPDATA/�...�!.lnk

windows7-x64

3

$APPDATA/�...�!.lnk

windows10-2004-x64

3

$APPDATA/�...�!.lnk

windows7-x64

3

$APPDATA/�...�!.lnk

windows10-2004-x64

3

$DESKTOP/�...�!.lnk

windows7-x64

3

$DESKTOP/�...�!.lnk

windows10-2004-x64

3

$FAVORITES...�!.url

windows7-x64

1

$FAVORITES...�!.url

windows10-2004-x64

1

$PLUGINSDI...RL.dll

windows7-x64

3

$PLUGINSDI...RL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$SMPROGRAM...վ.lnk

windows7-x64

3

$SMPROGRAM...վ.lnk

windows10-2004-x64

3

$SMPROGRAM...�!.lnk

windows7-x64

3

$SMPROGRAM...�!.lnk

windows10-2004-x64

3

$SMPROGRAM...�!.lnk

windows7-x64

3

$SMPROGRAM...�!.lnk

windows10-2004-x64

3

155�...վ.lnk

windows7-x64

3

155�...վ.lnk

windows10-2004-x64

3

CI4.exe

windows7-x64

1

CI4.exe

windows10-2004-x64

1

bass.dll

windows7-x64

1

bass.dll

windows10-2004-x64

1

gamedone.html

windows7-x64

1

gamedone.html

windows10-2004-x64

1

newgames.html

windows7-x64

1

newgames.html

windows10-2004-x64

1

order.html

windows7-x64

1

order.html

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    19/03/2024, 12:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $SMPROGRAMS/ȫַ!.lnk

  • Size

    362B

  • MD5

    9656c04d91ae3066cc07235e06fa0b32

  • SHA1

    b2fcbbaaee9cdfe744909a5b6b20f88fd26ae118

  • SHA256

    b5ed69a6cd004197ebef1742aa3c27d5d7d78cdb15b3129957ec89fe65666f0a

  • SHA512

    93a28b9d2f0b99bc56001837183f69f7ceebe372b44ed1640c5fe35ba6b3c5616aea04326e865ae206868f0c12e04b42c1b183b19d90f0d6d65fb841340dcf63

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$SMPROGRAMS\ȫַ!.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2256
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.1122i.com/?ie
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2488
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2488 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2500

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    861c2f4a1b33662c0cc49c0400bb42c9

    SHA1

    7185f47b70cc12348c5a79323e02985ae6bf72ee

    SHA256

    b0939668dc06d9c762b054ca95f44eafee45751124fd463245375177d4b215de

    SHA512

    591b1f915bdfddbb6731aa21ae10ed825590f97a66db7adf59a0618cb77bf139be5c72a4519e7f75c4672431367367c6cc72b9cf091fa58fe66e4a7f053fdfb2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3de4eec58e7d5a128e340dc69088b090

    SHA1

    776f4cc4bc4ddfba22d84560587e6045fc02ac48

    SHA256

    4d84d329525781d5e5e387784543234d038f42b559ddd5bf2b7a926f85a6dd54

    SHA512

    f835028da0751a080f440bd171c50a274fa72994eab25036596149b83062d24abf9b0d83dca4c6938e0e03fd1e6a2cef64bb99ad41b6787d0e0f5f91f120c437

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6559afa344c933355059257058ef6f07

    SHA1

    10947ee87bafde6a5436c654b4c1b76e430b0186

    SHA256

    85f2bda2bfc18bb51aae2ed68f4b4dc396d66893913de8bfbc371c0ec61b096e

    SHA512

    3b32c4e62a4c2158b9a2d236d1af1454251021462caa3fa71705eeabdbc1b9e8b54a6ad1548ff23d07992a5e6a19d808853cb6bfd4059c3737ba7d047db648d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5214f115de1e2e0a150d85f806486790

    SHA1

    4cc76de0ca0af0daca0692a8e5de0c9dbd7acef9

    SHA256

    217f0788077c2eca2cac33e02f1983e012e12fafcaea73c721afe84fcfb9effe

    SHA512

    abadad22771a75e8df20220ef15de86a81873d6318675858de3dd6f0c238917343ce3ed3ebb2a17b892a372027c92c8b0f249694e840fba0a9418269313d4d3c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    91b676048b86825b98ae207f0e9fa069

    SHA1

    45d3c314eb107a2c57be1979e734e45465325f3b

    SHA256

    f772af24cf5a2d5c99273cba42368fd3db3f744607969f7b01f6506ff1d2eaa8

    SHA512

    0f97b0f53e4c17cafb483b698ffa91727e32b84b7210642258b10b81357203ee812f4696e9623fdbfd35ee71e6002824b2a9f84d37b257957359f77a51f54e3f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7bad65b6d36713fad130f2cdca4270f3

    SHA1

    4a29553d13286fd668da2bd67aa5ab38c3fb58b5

    SHA256

    d58a75c0591c284b8b69f3a76101e3f971dae75de0e288659ecf4741e10b2f1f

    SHA512

    b4ef6b4551b2a87f3e51221a1bb5ec35214f5434b7660385d5a291f1293ef7a725a9b0e7dd922feaa537be921b0d3eb96a49538b04a553a638025807aadad5fb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1f6fb87d9b4e1829a2a5a34b771d4ea2

    SHA1

    510874a7bb128490336e37c3f700f585ec41efcf

    SHA256

    05d45bcd4e22cba930a425993d025d70d955e3f2c7ab3031589723a66fac053e

    SHA512

    f5369d478537ffe4ccabedadd90eb7880c55b7e1b7aa5f682b080d98ce332359d1812e984d31fb87bd5f9a4d16345f53e1e0ca94704cef200d9bef259fe88c3f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    64677c309bd1010402857f6306c87269

    SHA1

    3fa940df6f29c7f19b130c15839061b15d269b1f

    SHA256

    b1198f33c705f78959479bb4724cf44d4ceac0972278646f9ce4afa925160458

    SHA512

    5c7d932068691bb72bf2a806cd7ea52b3164e5e61ff546de2ae4b9e35ead1b321a55de43970b2e91cf52e8de4d47f6280a7f7387f4978f53a27fb723e0e9a7c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9e94cb75a395351a6b7dcc111cb3c992

    SHA1

    bd524b70691fc57ceca34d3fa47221edce3c0507

    SHA256

    423a7380eeeee05625625c586171036f4a932b72227990b572febc9c4973c8e4

    SHA512

    d6018065fda7e9d26e80aefb03eded7d5ac361f19337020a3f290d638b1a9999da2293c22a86a475dc8370dfa36c1868b7c83522fb5f347f540be9dd9c1e2624

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fb5bcf0486e2a1054627516993c1d475

    SHA1

    0fe8e71f5e113eacd5c60e3e450fa96ad9702f94

    SHA256

    43de4336c33de61d9e181db65df08fa38ddb7005995fb95e80c90850204f7890

    SHA512

    7e904cd7b7a8c6fe2c98333c7ff5570e76c11b299a5a60eb4e6edefe63ee038bc2e7ef75d4982b692141cf6694c02982d81d9e7a429c6bc77019389350677538

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d4ae0e51e227af6aa33e9baac766856b

    SHA1

    824e9383017075f9c1f2f7fbbe01560594892eb4

    SHA256

    63cd971a52a04810de53cbd0ca676add76ee317418d588969d3751b4193054b1

    SHA512

    a662317c8170eb71b75c86eb2d91f7d0b2d99e9f31481c15e306a938e376dd7a40330251788cede8576acc7723d8cd00daffac9033cf045954e962b23151aa35

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f1ba32370b4115ae30aac28495dffc5e

    SHA1

    1d817a7232851e2d94af78755622e18efbfd7da3

    SHA256

    91fe301ee00a0c7831ef0480c9f6af74a929e3faf79f28579396fd26cc6029df

    SHA512

    18c0e0c886cda93f31884631e5e7dbbf5a40e564566a2397832049b309f75e466902a224d3229eaaeb8bbca1b12c9a7ad967e7729822b617884137534e919b55

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    de5aed0b9e29628cf229226c49ab89b6

    SHA1

    0f318547330a13fe843b342c08a90e2bcc5af729

    SHA256

    6284ea13dcb161853c1fd03efaf973639da017dc53eda06a5ff62b36a9ec99c6

    SHA512

    9504192cc32ce8e76cc4fe1dc8f6333df3fff6b467ea19832b76142cb2c3bcc1ea255aeddb54e62bf7bf139df7606f3c0d45cc3da5694e00fb82337be851b974

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f51fe37c921a8af91c9f69ac81c4bc0c

    SHA1

    2385d9b944f02c785a3b77c967b389dda6a90400

    SHA256

    a3f858af2c81e528a019c9ee85c17d7c4cd79ba4c4865dc2ac6b3e826a284478

    SHA512

    29f709b2a88a8a0754655fce48681cdde02bdc38a29e970b1d6373fb9aece1cb557af46ab9b01cdc1a2db462d14c562d9ed59384db2a6c77a035a451054df649

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    decb706910cb802104101ca091a74623

    SHA1

    5ed51b7c02ecda5e774e70df4647fabb9a579779

    SHA256

    72f6dfbb5ec1c1ba66afedadb1c6dfafee693c398e97d8060295554d5c743df8

    SHA512

    716bda23b301a332d41eb9faf0b02cb534ad14e0fb2107a0b0a614180097c43841a772517cf43efd14b3f8eb116a6eadb0a8396bfe7e9f5657a67595cdec6ee8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    afa431b6985b85a93186420c6de8d8ba

    SHA1

    b70d153c3eef913fa0368e9308b24ad11284c2ad

    SHA256

    baa85dfebefe51f770dc5e95124993e1dbad6b652ceab3868da972a105c516e9

    SHA512

    0441bd85070ae934be15676d30543f69d50db93ca72a6b257f11bbd79778109297f94c9223ac69f2c240dcf3c574b4e1ecf394c6dfbfddb5b79a60a75197d0d5

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFGNZ1XG\favicon[1].htm
    Filesize

    1KB

    MD5

    336c73331d7ce8dd6af669978b2e140a

    SHA1

    b845f68f01af90010c16043f13613416f19d5990

    SHA256

    c0f1cd48873a28d41882b56146f2f30bca51e50d7ddcde74873c82c4b44c5854

    SHA512

    9f109bfccdd5350df6a2a37960a8efea9dd66c414e2931081ce812dab2f785fa101f0951f55cfefb4629bc12e80db1b306d3654d4bfc7dfd1a2d2a190a9ede03

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2D59.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3184.tmp
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2F01.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar31F6.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit