Overview

overview

3

Static

static

3

R3Air.2.0....IR.dll

windows7-x64

1

R3Air.2.0....IR.dll

windows10-2004-x64

1

R3Air.2.0....ry.exe

windows7-x64

1

R3Air.2.0....ry.exe

windows10-2004-x64

1

R3Air.2.0....32.dll

windows7-x64

1

R3Air.2.0....32.dll

windows10-2004-x64

3

R3Air.2.0....64.dll

windows7-x64

1

R3Air.2.0....64.dll

windows10-2004-x64

1

R3Air.2.0....it.dll

windows7-x64

1

R3Air.2.0....it.dll

windows10-2004-x64

1

R3Air.2.0....R3.exe

windows7-x64

1

R3Air.2.0....R3.exe

windows10-2004-x64

1

R3Air.2.0....ir.swf

windows7-x64

3

R3Air.2.0....ir.swf

windows10-2004-x64

3

Analysis

  • max time kernel
    143s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/04/2024, 23:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    R3Air.2.0.0.Release.64/R3Air.swf

  • Size

    12.0MB

  • MD5

    10049e4b660bb0814e2d929f17a99262

  • SHA1

    e0d4f10d6fe1c12d48ababe4b8a6ac74576b91e5

  • SHA256

    bd7ba2530b9fc1f16d2784aba9ea89ac7b1b3623ab68bd2d0009b151fcc85d85

  • SHA512

    4cde7fcfb59bac137477643c959348999657f1514a7cd94346f49b81e80dc1213778c9d4bc139763200cf8258d0ce92f809c2a982b565ea265ceb97df48ae79d

  • SSDEEP

    393216:5oHFpL0Cwpg4ydLrQ6ePC9/VhFpA0CRW6XQw48:8FFVwW4ydDIC91+0CRn48

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Modifies registry class 11 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\R3Air.2.0.0.Release.64\R3Air.swf
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2784
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\R3Air.2.0.0.Release.64\R3Air.swf
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2996
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\R3Air.2.0.0.Release.64\R3Air.swf
        3⤵
        • Modifies Internet Explorer Phishing Filter
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2720
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2720 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2440

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4dd76df4c95d8febacdcb6a502a68173

    SHA1

    f75998219f6941cc96db2c794dcf6e29fe0f245f

    SHA256

    f63cc23a321d95dd54977675e560adcf2974d56b262d88e367f03f2548b09cef

    SHA512

    c02e933c78178e3c5809c7d2ac86c07fb5656e1356e013444279a6709095249c1421d707f7d37c33dbe7202b24d6bc45135c87bf450e0ff59eb3a36f93d37ce5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7a087e01d67bc9ccedb3f5e57229643f

    SHA1

    572a10bbe1a997691a2584e60c7ea1b7d0decdff

    SHA256

    c257ee96008249f32b79e9a61d22095b02a7024880249a5eb29d86a101fb0d1c

    SHA512

    0f4ad00e3d8b352605b331998bddb27b4db5404a5d37f5660f6836c4bef23c5e06ea1ae340e11b27f680363f0762385e2a3e774cbdc74aaf7401fe2009c88ad8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0d5e3ada0fc2c8bbfe6800fdda9595dc

    SHA1

    937f7d7998407fbe3c8bfd7f56a64eb82a6fca30

    SHA256

    ffe5b3003d4177346f9bdaa097321c68e7f10b1b075b9696c9adf74ad01f02ab

    SHA512

    0903768141cfd4b2617c58f8f7798d3209f963c5e263f4e8150bbc14543ce9d1e6a0adadf1894c20eee6d7dc7979f17b5ca33603bd6e586fc817dfc58d1116d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    22e98c1098a58777abee4c4faa531712

    SHA1

    f8fca99ca5ea4f30c6cb2b105dcc45c40829b83a

    SHA256

    77092b4af465911b2b69b3e9286fa8cef70d7f39b1972ad9d9e8633277180d24

    SHA512

    58ab0ba019b03d3222b072da6ad9b672fa6ac6ef16177a7ac340debcff2b205892a376ad933f2b23b0a968ec80e1fa1ed18f5d0288d5a6c1036202419e78079f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    975dee24100fb3a3a0c8d479b6d2987c

    SHA1

    558bd9984a3ad075962bafb0c04d9392d316099d

    SHA256

    cada2e5e8ffa66274bfce3e72579e2cf36d68eac15bef4418aca83000f67abd5

    SHA512

    e01afa1b66e23d86375c0cee28a68be6a46106b26438330230637b706587b58fbd86096f7ab9dbee2f89b30845177a17ab5f4eff2dd55b79ba7dbf0447d9a9c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9f24e36f18c77375508160d40ade71a4

    SHA1

    a6ab2f8ae2d8a6149ec7d664361d93e2525df791

    SHA256

    db180787db5776945121ee03f1da705270c826e764184173ab78a40d8642a308

    SHA512

    529cb1443c1ea4219c5d5d446688bb4627fdc3db741ddd53923f77f95e8776c531b533af1d4f7af25338b7d5a98858d8836fbce858e8e570a3d58ff93e488d76

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a2806947c2effee6a464013eac3b81fb

    SHA1

    b9ecee6405191d6d404185cf77fd44d6309f9ed3

    SHA256

    20a7d15af081e7cffcd1d2d8140027610b70907ca0948c00999b52abfe7be4e7

    SHA512

    82c070313b8c44ecd25809f19da84764df09f0fd70116e2ccff7f82f7069cb9336975bda19ca368c5fad62f0070aed396eb28828b3fe50fc30d0a273d9e306e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a15f8e42f1c467c24c6865c4688a0b84

    SHA1

    267c90d3e0afe7d1d07165282d494d4df4bbdd1e

    SHA256

    44aba42e8194e0c8478bfd0009777621fe0d6eec4c15bd2399d2d211d85da070

    SHA512

    9cd18122c4bfd5bec617ac8d71200f6cf5295c3f5eaadb59e6fed63a538003af2d8449c8aa862f8e96bb5970494a995974f79da58834a71146c7e468dd7cf4ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    958f1d32b0b03970038325f052142d7c

    SHA1

    cff993af10da7518d7081f9d1def92166c9ac1a3

    SHA256

    bfb5e11fbe8756dba2b772cf9749a958d015fdf39fc612d86919c80f92760975

    SHA512

    7ddd94e483071061f6fcc5ee903c76e68b28b097c9fcacdc4b9eb118518426d6854bde36014b584f32269e60cdf569d9fab056e50677b62a47010edfd30d8281

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    110fe1aa4f90e11e17fae07584dee342

    SHA1

    cc378ba6644266f46276be7e4cc04b6b6751e126

    SHA256

    7d838d10ccce95b8b7ab63ce3543ac7392eb134a12b229345bd74533bc8a5536

    SHA512

    e6003c24ccf28f1bfef1134755345fcc8db12bb63e43ab181ec95ccfadc6aec17959b5694d87c9b3e78a67a7ade6ac2aa0f9e7757836673e92fe0b60a4b9984e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    07d0e099ec4588d097db9460e773051e

    SHA1

    7ea78c38ed5fff5a8d19a7c252a47f8e569a1fd8

    SHA256

    6976c0bcc8b0cccbfe4f8b78dc59c437b11a252e3bfa19e64feb6492b357b74c

    SHA512

    0ae158c04301ee736482cc65f0fd9b6a7c63229379149228f51e7c8e67757085cd4e1c7080a156a22a13258e8fcf6d38dbaec5ea40ce80222e6085e9e9057c2e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB867.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB957.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB979.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit