Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19-03-2024 12:19

General

  • Target

    155ɫվ.lnk

  • Size

    350B

  • MD5

    2eefc9c46f6597c7b8e425f8c2130e64

  • SHA1

    4dbcb7c15a8624c9054debd1261963a35ccf8d74

  • SHA256

    7756423e3de11499438968c53aeb575285995045b33832d601612512dc9e2424

  • SHA512

    2226a924ccebfa75d3e6927d64c58917e27b57ae2af3fc658126902f511c3ea3c4f362306a7eeb6073445d3de48b125453756121d1ed3e694b5e44a5fdc23efc

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\155ɫվ.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2460
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.soft155.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2552
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2552 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2544

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e679277eae8ac7fc70b7bd7cf0a31ca4

    SHA1

    df710f68db9852f17657b451076e94917df3cdfd

    SHA256

    8a9da3f1ba46da3806ba969a6a331619fc1c6776f034fd9fc17ba8e1793ed1af

    SHA512

    c586a8482ad8507ff62be9cbf04fc5055dd56497668a6397a3364b0b63dd2072aec5b63ae52425680a05b878bffb409fdcc04aa76cd4dd539e6dc014b078fb4a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    10afa48f63d64f162ed80af48f3baa58

    SHA1

    3c2c6a156393f2509277130ab933338ec77a1ad2

    SHA256

    65fc68a98186947cd2682460e1d7dfa7ec1b5d11b1e659da3f0aee415c79b9e2

    SHA512

    50ca8b1f07561318acc70a71747f73eb51b13afcf387a7b8f6faedac642a78585e4f5c0b16803e10ae16dd7c6323e73551bdacdfffb60c3ae8eb466a14210239

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a134616198f9e795ded96fa549eed861

    SHA1

    3b528aa8287d6c2250f52468fece2cf87e0e315b

    SHA256

    f6ce338db15967ea40ec531e094fd8b34714789f13c89c2dde8eb3457e3d81bc

    SHA512

    a5ec0b95810913de44bda44d74be2fb38ef08f3ce15062285666665fdb7bd255f6096a5b334962d72536a0cde8596b9c9cdc489316d066ae72d6079f1df1076f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c96ba2b23a1ad7929c66221153fa95bb

    SHA1

    882ae21ac48abc449f5d3f28054c42300d6bfc01

    SHA256

    c59780e5c89278b176071473ed9db48338910522cc88504bf6e84960e17fbb1e

    SHA512

    497da80e7b0560c30067e6a4083036c79ddfde2977c79aa8a07b3853719b201057e729864cb15fb160dd08ce56ec8a8d1a1d73adcc0434077c299651dac5f8bd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    581992dfee4435ed1064604bea15f673

    SHA1

    71cff60aca80d3c44f470c8ad2cfab11ae82cd2a

    SHA256

    780bb074c0ef7659124b53efc5f10b0102804636c198c7c131fec61d7a79a447

    SHA512

    2fc99c845d8d8bf85a706a28d16fb2638c31c7685982681deeff05c562fb9021d2d65d6c1ad3d42c2bb105c13d39d5e16097cf1d7b6d25f4239f2b0835778203

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    bd5eed1ba133f82175c018a0bf4ecbec

    SHA1

    6cdccbddca6ab7fc7f71a5a4eaa5060a558d9981

    SHA256

    750745dda324fa9588e43f84514d494f5c088c560ed8c6c87bdccd15dd1e6f37

    SHA512

    b62436b3e963c057138f80ddfebbfe88a66427a982ad76fb3c95669c5cd5fc152afae90033bac61fe95c310e9cb72b54d4ec46a10249c4c8d2c05a758fca5fa9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    95a2077d997702bbccdad4cdba68efd1

    SHA1

    765a83237a652f096222b009255354b01163f0ad

    SHA256

    e1c482e26c62c18ba2846e371b175103ead2dc364e6de0be6d84546877de40dd

    SHA512

    924bd3a2796f4da6b7fd2b454dfe689bd142fa3c259647267d6ccc36e1128261e5dc569afcb7d68b0f2f2a3511dba3ea56ffaed75952157ba0871d5a3394db88

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    407f2224612f9c94476b03a7daa3e467

    SHA1

    c2b88667c698ab79e84cbcb0acea6b52557519b1

    SHA256

    4ceb9c6dd927c810da62c8c4752454d81625723f4ef98c818b08ebacddc7085c

    SHA512

    0fcffbd887805e8aeb282c05a0e434391214f84940708caaa44037eb0dd9a81c2b760aaeb38a8fa98a778cbb0b2bb12340626f27eec99c018fbcd391931063d5

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q905y6j\imagestore.dat

    Filesize

    8KB

    MD5

    5f30748a4d513f6a64dc7224601131f1

    SHA1

    e96a0744c8276890a2186ea32389ceabb1584c27

    SHA256

    3d821b22fa67c758597d70614f25282a7b6ac8a98d299709f7f510af459a7e2f

    SHA512

    c68768f9f3f61d69db6daf98fd70543e0dfce0643514c35c8ab9326867356e54d4613c49b8be293a70f27a92f2f6829f67fe424d66e4aaa20e6a3dcd1a6b1eec

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\favicon[1].ico

    Filesize

    7KB

    MD5

    08fb0139e6adf41c8daa4d5781bd3bf9

    SHA1

    c3402e3631daa7ffe5cc8fb70758ca16397d249e

    SHA256

    d383f96417f493626b0414711d0b2b19430d87fb1c936a99fc76216e112b38fc

    SHA512

    9902d967caaea37a2d40cfb800530cb778132db455d0fe2fd62c9e3e2636bff8ae66a33126d8246f962e006f6b3a968bd461f1b8077c504a79769130408c52dd

  • C:\Users\Admin\AppData\Local\Temp\CabE449.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\TarE44A.tmp

    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

  • C:\Users\Admin\AppData\Local\Temp\TarE75D.tmp

    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63