Overview

overview

7

Static

static

3

d6bf4b0581...8b.exe

windows7-x64

3

d6bf4b0581...8b.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

3

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

7

$TEMP/remote.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$TEMP/sobar.exe

windows7-x64

3

$TEMP/sobar.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    129s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19-03-2024 17:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $APPDATA/Internat Exp1orer.lnk

  • Size

    1KB

  • MD5

    9ffaab5f197ee38cf1fe65e19d4bb217

  • SHA1

    39ee57d785cb31b75fe79879ab5dfed14eb1a28e

  • SHA256

    6a1bfc7b4d0b3c749f9a5737f7f0253c634bdd62fe812948807c6beae039ecca

  • SHA512

    eaa04c6437eac713912a81b2e11f97cfdc38d5d5bb459d7f4ae94d140b2bd4d74685cda43697f00b6803b1b58da3bef78ca3d9d6a4b9f5e4278ff2451aee512b

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\$APPDATA\Internat Exp1orer.lnk"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1652
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.113w.com/?waga
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2572
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2572 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2640

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c019e15ea2bf54e92db28117de9e86df

    SHA1

    7b53dcb627a9619dddd45b16fb4b447ba6e4f6ce

    SHA256

    95546cfc552164c57cec7ccfd3dbf5b33b4efc343617c99ac6792d284a75ab55

    SHA512

    3e9dc58cee8e6945005753e595cbcb812b49ad23245c9b550550b4c623f644c80cef8d7c6e19f2031dd770c293f2956c00350a5b5e1e3c8a60fa67127036dae1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    030797cc0e7aa2ae41d406173e2a225b

    SHA1

    9d517ee24dd1e796a68295f4ada5f13725def3c4

    SHA256

    ba3dfa09a7a4683d3f330266445a3c72585dd0a8e5e2447cc8391786a9e95571

    SHA512

    6f87f8d254f73b02dcb5a20d5fdb470d39d7fc87bbe6c65b07ff1f4331fc5a983dc13378fca494d86acdbf909f796f48c27512eabfe5455280ba1c5a97a5e46d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d471c1237a99e89856ee4d26bbaae4ee

    SHA1

    943a1e0005165bca845c40951cd9b000f4cabf32

    SHA256

    7433954998f730ee2d63e227a2065e7d389650142823742723092ebe10eae095

    SHA512

    70d81b1d47920a64886575994a8dc17c7c75c65fda565624f85120b9807bdf68d0cd96bc4c30239009108e3a9748ab85c93fe2cfe2f64fbe3e1eab74e0db0458

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fe52a8e770d1471fed6b8a603d80079a

    SHA1

    4493a1da9897952481bf29b527f81d60cdade860

    SHA256

    20bf039566f4c7182382ec1823fe9a04f0517f4938a39a5a39b633711aa3c50a

    SHA512

    ff306983b347b9e516258c7dafc5e1fd0f5dd69fe165e35526001d544430167e36d6e76e28c6cb88439a0a5c8e1d9ffb6ace21084684144c5bb10df3ff295505

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e1821933fa922ca7994c89ffe619d68d

    SHA1

    fb0e7a006e4721202dc84850cd153d26ba4f73e2

    SHA256

    3ee480573cffb53249ef7b0086c5f4e39c30e17aea47297d08ee5c2508a51083

    SHA512

    e4380a0b99931c955f6191b224e27a9b65ad8bdb7e37b867aa84517cc2f0ed0215e05f9f4c7e8f561285ee7c40b7b8ad28b947c54e8ad3e9a8f069b9885dfd38

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4138c014e2ea522b8bb96b984d0a12aa

    SHA1

    0317c0cedaaa47339d0de79fe9aa9f646f8aa7e5

    SHA256

    21f092d8ecaaca142ff5b88cb22496e59e52d82588c62bf035abf3bca4e4ea36

    SHA512

    e32a6f82fcf79d6e825ceb3231b6111ac5c67738854b79546e36f952c19db3714abb2bf48cb99b122198a388863da7137f03e83f43e9ee9793a5929bec7dc208

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7b7e6f864afed7a65e740e28388732c8

    SHA1

    2a3b74e7c1ceac0c87a413609958a0cd3b1fddac

    SHA256

    83e9eab8a15be28a669eead4efb522b26b2e3fa09d67f6551162d25c7ab2833f

    SHA512

    42950f71fcda445d9564f0cd8cd314f078c7ce65095a53459734ee8185fb1d520ba6fea110a84303636ff83640010025ea7b2e71a9be1aad504964399a0cdfe2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5BD9.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6478.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit