Overview

overview

7

Static

static

3

d618921099...a0.exe

windows7-x64

7

d618921099...a0.exe

windows10-2004-x64

7

$APPDATA/�...�!.lnk

windows7-x64

3

$APPDATA/�...�!.lnk

windows10-2004-x64

3

$APPDATA/�...�!.lnk

windows7-x64

3

$APPDATA/�...�!.lnk

windows10-2004-x64

3

$DESKTOP/�...�!.lnk

windows7-x64

3

$DESKTOP/�...�!.lnk

windows10-2004-x64

3

$FAVORITES...�!.url

windows7-x64

1

$FAVORITES...�!.url

windows10-2004-x64

1

$PLUGINSDI...RL.dll

windows7-x64

3

$PLUGINSDI...RL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$SMPROGRAM...վ.lnk

windows7-x64

3

$SMPROGRAM...վ.lnk

windows10-2004-x64

3

$SMPROGRAM...�!.lnk

windows7-x64

3

$SMPROGRAM...�!.lnk

windows10-2004-x64

3

$SMPROGRAM...�!.lnk

windows7-x64

3

$SMPROGRAM...�!.lnk

windows10-2004-x64

3

155�...վ.lnk

windows7-x64

3

155�...վ.lnk

windows10-2004-x64

3

CI4.exe

windows7-x64

1

CI4.exe

windows10-2004-x64

1

bass.dll

windows7-x64

1

bass.dll

windows10-2004-x64

1

gamedone.html

windows7-x64

1

gamedone.html

windows10-2004-x64

1

newgames.html

windows7-x64

1

newgames.html

windows10-2004-x64

1

order.html

windows7-x64

1

order.html

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19/03/2024, 12:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $APPDATA/Ա-!.lnk

  • Size

    500B

  • MD5

    6d5e090f3cf01999d9921ae2f9ed5b1b

  • SHA1

    43bd9e6cb19fdbe394f982ee64d5585c1b4b3d87

  • SHA256

    22ef9ca32e153a7093377dd10be2fa2f6eb5367113866a71fcbda6d3bb6aba1a

  • SHA512

    f6b0757fe9f7135137be9718384655562f59122413fafd486a51aacd21433de3f55dfec2465f331c802821ffeb3c61fee63cb355c2a9fd93976b930fe981b683

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$APPDATA\Ա-!.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://pindao.huoban.taobao.com/tms/channel/channelcode.htm?pid=mm_10066594_338505_8836640&eventid=101329
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2848
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2848 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c1cbe41c0e210725fc253e34b2dbbb9b

    SHA1

    5567b78770e60880224e7173f14b9307fb62dadf

    SHA256

    2d6331590d35ae55a892ef1dafdab5c39949d6d110160e6d27cd6f549f3c7c83

    SHA512

    5978b905850a1ad1cb161df5e0e58563abdfc0980afe071872133452289834ec3478e99433640099034490021b39119f38dd6c8d1e7dbf97a9d4185fe88985a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    67b6967c187accfc3c0b3771fda91e4c

    SHA1

    082b18df578441601e899a70350e5e23ae7236b8

    SHA256

    0e6e1e87a6cc6b935b662b9c6035dd4090d28d173f96e98a7f1b53ede73b3d17

    SHA512

    4c6d51b49fbe76fe3df278131999c6da28ec09fbfd4c3e302a089fc50c2e24afa64bb552a747fce4c99cda25b4bbcc65931117034c0c1477f98409dbb47ac803

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3ec9935a471dfb7f23e02a3bc9d60f11

    SHA1

    334af87b60e7f94d4f9d8c7f6008d300250d119e

    SHA256

    e7d61a0f16c47e1fe0f199d3edec64c2c6427d65344d60b43019e9df5420c88e

    SHA512

    8e1b08a79402d45d5466498c9fa6d334ada38d0f4e716a1b266146f71feda7e6e2945601ec24b07c11a0c6a898fe1b7c67dfd15251d1bd2176f1d3e1bb1fca24

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b63be18fa4f727b59a89552743b111f9

    SHA1

    d8eb0cb52d24ec1c19fde8fa9e4a34a029251f85

    SHA256

    aa2880eb656ca085cdb1f4e282d62870b7f3540d38593b19237d0ceab09bd267

    SHA512

    a2bde3ee95bc3ba51bb20bcb0eadd1cb32cf8e67572aea72a32d4de1eea6b23f3ea617637f5a49efafd34e28ffbd3c1306d14f99d6c014c50676476b84bab5ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2d2aa9426fb2b4fc97871c8571810edf

    SHA1

    10a0dcfac78981c8443d3ca53863a72b6cead6e1

    SHA256

    df235f0c9902e6840a458d93c07a706606ff19fad99009de5aa343d412caf068

    SHA512

    046de7620c3b6de57a29690202092e9caa7735488ac8f31bf95c6d49c2d2596e05963fbd95d8665672d982494848a56b9de79e88c690eca25ccec768d0126ba3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6dd3366eb3e88cdd9a26523792ac1cd6

    SHA1

    a105d0f6ad321bf9eff98917fa41f2112fb20e74

    SHA256

    4d7be834677b68265619d1db7ca27526becf8d51a6a9d8f25468d149551efeb9

    SHA512

    0487bb0ef332e827c7a64b6391c99254a475d6e95ec897d404d9b03ac7648924bb147789734e7cfe343243c40a3c3605a15ec0cc6a2049f926db009033ab79e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    91f0005a2a41dda86793cfcc115fb683

    SHA1

    a3dc3de46c67ef99e7a6f339e8dda7fe82ebb9d3

    SHA256

    0174963d3d5b4905629a62f8dfd2812a182f7e021507c1e27682095421568954

    SHA512

    c9b90422d585b5743bc2841a404728dc69699a17eea3a346453cfe6ca6d09ade0d22880b8a49177f40340b70e48eed34d0c8f70a55a5da32c72431996f698c62

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7df63dad53d6eba13a8a199d0754f00e

    SHA1

    c52f24871f2b7ec74fe60bd75ca4c40c3d703fdc

    SHA256

    5cc8117d09da89d51e39c1a1ed2136e4fc6de5ca855dfe69736907821f5a2cbd

    SHA512

    2ed7bb6b06c9661ff401b21be936a0fb37ca7d9e1ae6c344d739f8e7b6a01ccca029ca0d999727ad258124cf4f29f1d1327318efcb3d78ae519d7dfdfd403b13

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a7abe6ca72e4c9acee67e39d0ba25fed

    SHA1

    ca2b692c699103f0a52e14bbae45b1ef5da5233a

    SHA256

    13ad89d4a923740c0a143ece495efa905bb82cf9b995316b01f9ad6186b5c25c

    SHA512

    dbf787c9fd18726af0953b0a2934ed38ac277b9a424cf7addf62c24ae7b007c36f922faa6eb466691b4d1c0e28707c4ef9e098848f28c909829b238d09b94b67

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e9e782c2ed0214c30429fb60777ef0ea

    SHA1

    06b8af5348d1bf523ad34b3dccf64fb8d7850893

    SHA256

    3c415a86a52238b67029390621661a9d6d004e1d11e842e7362b419af58a2706

    SHA512

    3f842704f5a3506acc5be21147d1e8afbca8eb1815f65b157be94dbfb6d61a31701a50762cc79d833fb8024f66950fabca693a8c4ac1c0ca1c8e16695221a520

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e19e9c8758f121df7da036c4e8b67879

    SHA1

    9213c43753bdaa6f6ee4abaaccb3563c0b86f574

    SHA256

    acbcdf54809545fab70437262d6205b35389c1084917eb9768bdc5acdb70e5be

    SHA512

    a4bdf739321342e774facfaf4ee129119477b04cd813506e16df1793aaa21105d1ca2a7ebcd15d34f50e148a7072375bbdf36abfc6e0d73da155fe386f906a42

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7dd8677ce16c85d54c28c3ca52f0a9bc

    SHA1

    3663a5f01ddd051f693fbf90cfe9b555268c376a

    SHA256

    2ce7e93ef93f47ca64c9561a592fa664d41ea3a68a2f68ca6f4b7f70e8d000b2

    SHA512

    aeeb4ccaac3402a89f17f1d1589239abda3e415191a97485f95fcd039a0ec5f97638bb436a205fb7e71daf574fe8460d609425f2658db2ea4e1b50c8882484fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c79dd37199aea1fd2e31e4f4b3f1738a

    SHA1

    a7bc353a4a76d67f701c92e44aa8d648a5f105f7

    SHA256

    d0e3b4917d5bb29b2fc57fa366dd10adb9038ef1d0cb8c0f9fec73ea81816448

    SHA512

    2fc9fe8c30de9dc8ff42d794fa5a845c86d208efd2d766393a1573310d4ce81717736803e8099f3e86bca1ba1c7630bda765aca957dc981c6a2ee14f25c5065d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    23af2d5a81120391ab7f58ef68a6fdaa

    SHA1

    6d34cb4b4ef07e12d51d179928cf87a3f9a60a81

    SHA256

    e8ebdf2e6a391893854f7475622d909addc0e95bad8fc604c95b3a809d53e5b0

    SHA512

    0e236756a8a885636672010d2c860430238cfed00cafa33fcc158c3a7d0687e5495de987988af9ead7abb914e8f76a1e4179ed8606c9da80dd7ba856b53a60c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ebf94af0e85b074a3b8b48944a859397

    SHA1

    9c874cb70eebd4a28891ad5d99ca2cda4c6164d2

    SHA256

    adae7af7099122b23677be0239e940e35ecb83309d6d7f2f8698b4d489daa8bc

    SHA512

    7c8c83c04ad55a1c787673226f579502d65b973896e71b11fa0aaf8f845bec5bddd47802812f9b76c01b532763f7fa428d7a542aae2904bec743dd3d9d6e1780

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8d9c99cb6cec172f3d0e5f1e9ea64ff9

    SHA1

    aa0c3aa158085a554cd6d35a32f50b9164737ce1

    SHA256

    0344ebb190eadef9c1eaaaada8cb88265da1c45577dd3326c61bfda05509fb7d

    SHA512

    f996019c88f6c64ba82ca22711a009b9bafb4c0f0372575c54b8eec6ec532e8e503b468231cb8d390ba6b6a6fe5f8e53dc3d52d179cb71ce0d936d5c1d675ec2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    708303bdacfb6c114d5c1a4b29afa2ce

    SHA1

    1bb5855276d682adf67bf9953f53c4174c5ea876

    SHA256

    64dbc32d25127622d51a68bbb3ec2fec1490f78d71c73740215e9f305fcb5f44

    SHA512

    091ef7aee5680a1719fa108ff60d370655018e2db3524cb8beaff69f3ec924ab79befd303ace47c7e669628abdff2903e5dea2272cd3f8f98366b40cb97b2dc8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    78c92c575af3521e18fbddb9aec499e5

    SHA1

    f8c994ea44e9923e5850a7d957a25df5d807295d

    SHA256

    c085b3378eb33a7d123f2e4a2f2b3279ffdca20cffff77e5c9498f1859b4d852

    SHA512

    94867d820b9469fb45f4225cf8a34e037bcbf00900f5f6bb710023bd4a9d8ff83b380bfd4e352bd63d971c68afc0a7b5dde790f99cc0307b8bc796cb1e824032

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    76567275b20b099ac548b1399c01ff26

    SHA1

    5a776b3862f879b23ed26bfec25d7c281ed65fef

    SHA256

    1613b908da1f1db9917119d0d9b8c85b1ecd5aec17817048be2c3067c0b7da60

    SHA512

    0ee7930294eb85c7950135b0b27bd0caa90e183b4ba21625dcd2ddd769a6ea40c230efa590df1b83d182652bd663442b1bdc6740423c6f50a3112b3ab47e9dfb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3EC8.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4093.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit