Overview

overview

7

Static

static

3

fc008e3aa4...18.exe

windows7-x64

7

fc008e3aa4...18.exe

windows10-2004-x64

7

$PLUGINSDI...RL.dll

windows7-x64

3

$PLUGINSDI...RL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

ReflexiveA...de.dll

windows7-x64

1

ReflexiveA...de.dll

windows10-2004-x64

1

SDL.dll

windows7-x64

1

SDL.dll

windows10-2004-x64

1

SDL_image.dll

windows7-x64

1

SDL_image.dll

windows10-2004-x64

1

SDL_mixer.dll

windows7-x64

1

SDL_mixer.dll

windows10-2004-x64

1

SDL_ttf.dll

windows7-x64

1

SDL_ttf.dll

windows10-2004-x64

1

bbb.exe

windows7-x64

7

bbb.exe

windows10-2004-x64

7

jpeg.dll

windows7-x64

3

jpeg.dll

windows10-2004-x64

3

libpng1.dll

windows7-x64

1

libpng1.dll

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

zlib.dll

windows7-x64

3

zlib.dll

windows10-2004-x64

3

�...��.lnk

windows7-x64

3

�...��.lnk

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    20-04-2024 05:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $SMPROGRAMS/ٵơư/.lnk

  • Size

    344B

  • MD5

    4c2a7c403e0c28333f645a363f606da8

  • SHA1

    fe61f5e318e323fab9af329245e4bba6128aa5c6

  • SHA256

    c755fd0b870f2367e644f899afd720c4aee7b019b5584a14421c407e7910de14

  • SHA512

    8516481f41413d3ec958a07af39aad889840f964d7cb1f8027142f9c65abea9821e3bf2fcfdd9fb2b1c676031d3096d478bf06586deaaac05a7d451b0c2146e5

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$SMPROGRAMS\ٵơư\.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.newasp.net/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2568
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2568 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2708

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    27b153e418792e1106034ad9ca277abf

    SHA1

    0d86ca617bf96004c665e238d5e1128043ab3001

    SHA256

    0a2b03193373678c64206a358d581ec3cf1f263440dc16c68e4be3fe732ff85b

    SHA512

    6f9e14ab8fba27523b098e3d99798e5c6cecfddc4dc6293d2f562b0b613f4756859cb7c0966c6af20b402779db2266f1d8b1af8140948f7a7333e7f019c88699

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c92b7074c41d4e8c57d76bb2d770619a

    SHA1

    35ed829b956e04ec4261e6fbcbd2a0c57c6fc3b2

    SHA256

    c3c8e8cc13a515f9b76f9eb9410cbc0d2d2466e25cc31d9be4966e9441f8171b

    SHA512

    1c72e535f408aa057bb0bbd07224291cc25b90a64d03f990fc73282a058437abfbbc94c9cba2eeeaebb5401552afb232d3a53bb4b92e72a4ac91f8785fe011cb

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d21232402ad516e24861ea6e3d7fadcf

    SHA1

    c6bcb9ee92cd834c2c09d27a387255b86959c16b

    SHA256

    0f1ca88555b74f06057eb0ce7193f6562b0ac14c6c1cad042c7a5cf11e62a99d

    SHA512

    cdfda508fb9d2472254b6471f8c17800d6e8821d505d9e0caac9276587b16e17ce06ab014c99fb633df8e46e6bb9752cd239d08548307bf3963a52aa3683d294

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ac7c9c9f1661a9215e34db0750cbd8de

    SHA1

    917d78081f8ceb77213a89505d6993d861254ab2

    SHA256

    1e0a6f091052034e481974f931aa5dc5e20eb90c04bd90c159ce9dceb6b50d1f

    SHA512

    294aef4eb93b8eb398525d88fecd6abf432112b48747deb7081d52f06765a29472bb0fca9d0b5ed65fbd4c8c4fc492df62d221e4b02b9e10cba49e0fc424991d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3e2ddcbe1e1f6a9d38083a980a83a97b

    SHA1

    5c86fc5b2f97c348825298652a5e03cfb103b0f8

    SHA256

    58926088c8af2512481d2b2f3d5ab453377c1fee739d551b4c182ed247708de9

    SHA512

    097c4ab8d4a6d68db7ef6325eaa3e70e18dbf7f928781b9b42b569af16a8e2c7b3c147256faa427023d9eedafa46d73b613e33fe9058b723ee9dc525a925df6b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    49bb94377abb79f47988e1342751bae5

    SHA1

    c7647fe4fb5ed14bd99f809d79084a6a65b0ca0c

    SHA256

    5241ebd7ea048a66b4f1fc395ce8a9373f69185349fc14070be0f80c7bcf5826

    SHA512

    e8181c447b3b948e78f5e8d9b3b6a33ecf597bbc1e8e1fc4f260b0105ad8e7ba4a787d9065638a6b12cf7087deda72b1177a0d8920578ff20c25eff942f8493e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7e3a929eea671980233437e2803c2112

    SHA1

    ff73866f3f5681aef0f8412c151849d255c81d63

    SHA256

    75879d074a9109a293f79bb28a6ad67d745fcffe1ac910d8e99a473b96d7bcf1

    SHA512

    98cfe1a929d4dc2dd7dbd8df3f9e77179d6d8f07d6c7058cfc44e7292e2ee6440daacf654887b9201f537d2aea6c7a2238dcd7a90406997049d2951459db79d3

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2596dc38e9c52303b89ea0cc485df91a

    SHA1

    a6099cd43fb7c4db8f899b729b2361d9e7685b70

    SHA256

    bc18d75195b21a9a4c82f6dcb350895b8381852d3144323049097d25c8932e62

    SHA512

    038bb7f060de87c621ec469ec9218aaf26db5b1db7ed348fc61130c1d07920bed37e9fe3c82cdc31bd62c3c877a8f14c5e86b25a832d97d33dc6d9271f30e8b6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    205837763eee9eca8d63306bb97c9c33

    SHA1

    e10addb688cb6b5f65fb0470e962095c0930732e

    SHA256

    4ce779f25de9dc479b951a41bf38e4daab1ba35e6fb4230b819f1f8a87637258

    SHA512

    fca7e4e74136a83e4f1f687d86cf7f8269a299e0e853d8937f55b022c01f4f697e5ba60f67c10170e63ffde432337d80ca9f9dbef022fe448e262b9196095849

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar3DF0.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit