Overview

overview

7

Static

static

3

d618921099...a0.exe

windows7-x64

7

d618921099...a0.exe

windows10-2004-x64

7

$APPDATA/�...�!.lnk

windows7-x64

3

$APPDATA/�...�!.lnk

windows10-2004-x64

3

$APPDATA/�...�!.lnk

windows7-x64

3

$APPDATA/�...�!.lnk

windows10-2004-x64

3

$DESKTOP/�...�!.lnk

windows7-x64

3

$DESKTOP/�...�!.lnk

windows10-2004-x64

3

$FAVORITES...�!.url

windows7-x64

1

$FAVORITES...�!.url

windows10-2004-x64

1

$PLUGINSDI...RL.dll

windows7-x64

3

$PLUGINSDI...RL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$SMPROGRAM...վ.lnk

windows7-x64

3

$SMPROGRAM...վ.lnk

windows10-2004-x64

3

$SMPROGRAM...�!.lnk

windows7-x64

3

$SMPROGRAM...�!.lnk

windows10-2004-x64

3

$SMPROGRAM...�!.lnk

windows7-x64

3

$SMPROGRAM...�!.lnk

windows10-2004-x64

3

155�...վ.lnk

windows7-x64

3

155�...վ.lnk

windows10-2004-x64

3

CI4.exe

windows7-x64

1

CI4.exe

windows10-2004-x64

1

bass.dll

windows7-x64

1

bass.dll

windows10-2004-x64

1

gamedone.html

windows7-x64

1

gamedone.html

windows10-2004-x64

1

newgames.html

windows7-x64

1

newgames.html

windows10-2004-x64

1

order.html

windows7-x64

1

order.html

windows10-2004-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    19/03/2024, 12:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $SMPROGRAMS/Ա-!.lnk

  • Size

    500B

  • MD5

    6d5e090f3cf01999d9921ae2f9ed5b1b

  • SHA1

    43bd9e6cb19fdbe394f982ee64d5585c1b4b3d87

  • SHA256

    22ef9ca32e153a7093377dd10be2fa2f6eb5367113866a71fcbda6d3bb6aba1a

  • SHA512

    f6b0757fe9f7135137be9718384655562f59122413fafd486a51aacd21433de3f55dfec2465f331c802821ffeb3c61fee63cb355c2a9fd93976b930fe981b683

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$SMPROGRAMS\Ա-!.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2912
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://pindao.huoban.taobao.com/tms/channel/channelcode.htm?pid=mm_10066594_338505_8836640&eventid=101329
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1420
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1420 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    a66c18758b799b9608ffe36d4ed67a5a

    SHA1

    2c8f800d36bf3be9cd4609713990145512ad6393

    SHA256

    a04df9e18d3b162f6ef777775f1cb2586531e638e941d8099abdd977430e5466

    SHA512

    107bf45f7409a9605d87da5067a3e06e3237c3fb3bf92b1d4b7142c287a8284683dda5ae196b3e5d297731e9c95d781f62a04583a5c5637045142896c469482c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b7028bed65e0169ca3acbd874938b895

    SHA1

    e9a04887f1480f2cfb0d01b9b45e80abb6933674

    SHA256

    e1df60c0e980bebc5d03a5f87ce16c652100bc19d00ae0d5a5f6db6a66bcc9bd

    SHA512

    69cfde203834ba9464f930265c8894ab5fbf79d082f0d72c3b90f860f70f49766911653b7438acc7733bcbd12a05a4852c4bb1bd6dd744003390d65a73d56c5a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    27a67a88c29128ad6d9b6e0217c65edb

    SHA1

    ac8dc481d1dedab38acb536e0627aab9610328f6

    SHA256

    614a961384d418a3e73b95087d39e8a9485abe24a49c1b165b3b628fe61533d0

    SHA512

    d09915658229ffdefb9020c3711763607a1e022a70581192c2c496085ac9aee555a59700b10d2c544dd04f126d7c9e2e80cbc3bf28a6f20d5f218d3eda278037

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    12da15d3b8ba976edab6cf566a1b53e7

    SHA1

    2b3db9519cdffd80694231f8d8e62d97ec89a3cc

    SHA256

    6f9b623c9c520d36e9134c0b90ade6e8e2f0a8873943fd5d13778441e3d91c2c

    SHA512

    db2d776cb9cbf80b483de3cd0b490c92b5aa98b48e5db41d4ee001fad51e51c5cd75ba28f6b0d4c0d3946081626c5429d33823ca48fd4dd3d53119cb6226133a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    90ed6ba3cd0f04785200c80be3121bfa

    SHA1

    8361a8f16de4a444811b1273413b7381f758e936

    SHA256

    72c052282732146a056fd2861765c8ad863f7e5f2b49fdf910d820948485fdcd

    SHA512

    873e06a54b36313a7f35c3851a36314f1398d771d19b4a5644effcc4c9c913385ac0b8fa3081d4a0c1d1e4592f4650c7739352ce12db04393978a2eecac91450

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c6da0e472cc53e7e1884436901789c1d

    SHA1

    3b93b8e433566ce21fa5239a4c16deb36246b1fe

    SHA256

    87ceb8dbc18e81de72f447f23f4afc07f14b89cc398fc09f2574c1b2af060ce9

    SHA512

    261fd72c143274332fec8bd715379bd1a24393f630c4f6120e28154efed651ec04d42f4b4c7a15dfa55cb34fcce0564b7ea88ed549dd0c76bce5b6ffcfb7e2f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0e2509297118519c5c88ea99311062bf

    SHA1

    a6b9ddce8550beb74e8d1dac8e52e37344d87a8b

    SHA256

    6174e8729b6668e4d938a717bc0c363b68a46564fd418e8963043ed844da8838

    SHA512

    e08a5a42bc600ac01bdb3fceb868072c40fc1fe2e60523a701a3c5d4c0fbbce552559d672a5341e49a9b28a8104f1c75da6ad4015585870039fd1ec9fe5010c2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2181ae791158ec5b5cb8b21ed84a9c85

    SHA1

    f353b26c19cdec9f3a793c0c89f4bc0376ba5e97

    SHA256

    791b2962db82489b04dee7afa77de04703c871f7c7b190c6717912c881788509

    SHA512

    ad66bb86d8d84c34376dbb337abe3881f73768c56e0f773e752ac813c83565e992cbae5e181765342512057413559643c038536ac704b07ddcd76bcc264c9362

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ad3157f00d715bfde7b6c3b273b81249

    SHA1

    46d47726be1582bdaf757cd99904aea9f379a3e5

    SHA256

    86a6a0d519842a18289f02185a95f092a5bd44e993817d973094371c69f1cc35

    SHA512

    6f424e0c174fda1001b7e98f2b95e61f2605e93838de0f46346e2363f75ed16197eab6a9b9a8ac732afe0caad8d3796b9d6c5d132e37380ae0c9797d075553de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9aa0f6c069a29889b5e6f786a903506b

    SHA1

    5072eba236c47a4ed4ea6b01f2344015147cb991

    SHA256

    35c8c453f84f742aa84a59cbf2f7ad14fda014acab2cb96fd2d00fdb38a4d3cf

    SHA512

    711cb2ed8ac4762e6db90d3e458599e27eacd0d1d5ab4d171361f064caa7049ce9b25104e3932b4f254747810f92372d196ce261f632b86f142044db13b0cdaf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    31678befa1d62a23be8f777ab3f1d9f1

    SHA1

    9db4b7b5f98dc1a28550f3a4b64d240037486332

    SHA256

    861fb71d16e55184b9adc31be1f6c40c6b8b468cdddb06f0b66505b85c887880

    SHA512

    edd12c5f40524b711d96cab1a0441379c0b6f68da7483b3593154560a4ea8a0d2d00b4cfa01b3fb7f77aa2b552ee29aaa97565640e15e4ecdce17203ae28f36a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4e6cd1c92ab314e8adc5dc8e80e63ab4

    SHA1

    49809f320253d0f391a236ff3c6264b8edfb0fea

    SHA256

    6c0901e1703d6f37d712489359dab5f3e35606f2e23c7301bde6550a3dbcbc50

    SHA512

    f9484d6e1f8cd045fc41fed2437726bdeb3770c062c0d5165d0f2fd7dde2a6f7ccc4b2e16c8ad83ee289f07db6fc00841784f98958a35a2e2db25bc4c525ae9f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8b9b64ca1c77df9b12bd7840994689fb

    SHA1

    be721066845c7f3b45a9488f4d4681f4b786ce14

    SHA256

    86f5165056874c17f1b6fdcfb0380aa6c534a205da910cd7017918954edb9a90

    SHA512

    c2f0dab16521dd9b51573fb9e4bc75457638ff3a375527d8ba9090fe2b1a1bffeb02e02e774a0a61e91684d87f6b296d6effa4cf91896c7ad8c81e353d9a07ba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    74e5ccb41fa29d39136e905044a4ecf8

    SHA1

    89c3a435a40b1c19b7f87fc8fae9d2e512209413

    SHA256

    acac14a9c9b71981952bfe9e436d3435e9382bc03b8cb73b41248fc2fa8e3951

    SHA512

    ec4c2a2f955d0712fbe36bba6b638e8aa912c57829e99c584ef971e5727d5ba06673ca640de1704df78f9284289a99dbb1ef7fa1ea631bf159525858a71271f6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    782e76e791c4d41c9c560e54b5d49667

    SHA1

    8d1e289f8e6fdbca3785a15ef1b2dfe1962a19cd

    SHA256

    a502dfdea4acf0961b6937153c9511c7fb5888f7f4a94b04566289fd9ddd85ef

    SHA512

    b316ef9d6a22e7ec927bb67d2e4b49b5036fac721fa48838e25916fdc6fb131570d15816509be9adefa21908041a5d539480886b58f37629ca1783630e2950c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c3c08dcc125dc08d93ce55f306a4ac53

    SHA1

    c950270221a024d815c2250da2690ec691371f74

    SHA256

    1dcc6a5478f225abda6d5e1408e55c2511c2c3e90a65bd3faa299b4a4b335e88

    SHA512

    6c94829b40b889d10f03203e31cfef85d9be4bdac91c3a6a2208ee99ba992053573d71a5693d0155f651df55c27508489a2e80eba1da684367cc9e3aea518c58

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    e26d83be8752b4d1b3a56bd2dc400511

    SHA1

    5be4851ace526624604219942eb4a1eb43f5b271

    SHA256

    f7316e1927f4171f9c3097fc53c6668eb0b6782895007fe67c76da40326ab529

    SHA512

    bdc9f0c5a5b031fb1b885a4c98061113bdcbd45af7d47b68213d20bc7a70b378d041386d0727c098f97bcb5695c0fa61b14f4dd23301ece46b53df811617e169

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar40ED.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit