Overview

overview

8

Static

static

1

Beni Oku -...Me.vbe

windows7-x64

1

Beni Oku -...Me.vbe

windows10-2004-x64

1

Ne ararsan...in.url

windows7-x64

1

Ne ararsan...in.url

windows10-2004-x64

1

homepage.url

windows7-x64

6

homepage.url

windows10-2004-x64

3

setup.exe

windows7-x64

8

setup.exe

windows10-2004-x64

8

setup64.exe

windows7-x64

8

setup64.exe

windows10-2004-x64

8

vac.chm

windows7-x64

1

vac.chm

windows10-2004-x64

1

x64/audiorepeater.exe

windows7-x64

1

x64/audiorepeater.exe

windows10-2004-x64

1

x64/audior...ks.exe

windows7-x64

1

x64/audior...ks.exe

windows10-2004-x64

1

x64/vcctlpan.exe

windows7-x64

1

x64/vcctlpan.exe

windows10-2004-x64

1

x64/vrtaucbl.sys

windows7-x64

1

x64/vrtaucbl.sys

windows10-2004-x64

1

x86/audiorepeater.exe

windows7-x64

1

x86/audiorepeater.exe

windows10-2004-x64

1

x86/audior...ks.exe

windows7-x64

1

x86/audior...ks.exe

windows10-2004-x64

1

x86/vcctlpan.exe

windows7-x64

1

x86/vcctlpan.exe

windows10-2004-x64

1

x86/vrtaucbl.sys

windows7-x64

1

x86/vrtaucbl.sys

windows10-2004-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    09/05/2024, 18:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    homepage.url

  • Size

    68B

  • MD5

    f6683aafffcb30ff1dfdd0888e71c828

  • SHA1

    08355528191844add18c235956a04f8baa5b1201

  • SHA256

    8963abe390e47cc5dc4a2d18fed9e8e457323e401cde87856c80d0f47e0ad5ee

  • SHA512

    682e69a3a91d2a1b6cbb2c82cf8dd79b44da92a967c2adbdfab7ab10c1484a82bd20dc613775bc976e94f0eb72f84e1ecaa0822cce6a995b3f624e4d1a38dd8e

Score
6/10
evasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\homepage.url
    1⤵
    • Checks whether UAC is enabled
    PID:1740
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2056
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2056 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2776

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f4f9b846501b03c24d0a986ccdd06531

    SHA1

    644b27ffc8a9fc9a5cb044dd15ed444da3f7da16

    SHA256

    e226ec357ef6f292d7953baaae82ddbe13d4cc72278519c33abf66fd4a6d09d7

    SHA512

    3835333c6c9bac91d1b9305b42b2a6a21550d40eef225398c01dff96cf131a4f6a6b43c185db2244a13d225527546cadf881358ae754460c8c4a11d54704ff9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a8c242129a82dd3590db4c70d5daebbd

    SHA1

    cb5bbe760617d91399f86c90fe0daa2456f51c87

    SHA256

    02c9569a111512de3c3e39969bebb1cb3afabc3caef78a8ea8f852b87e88a1a9

    SHA512

    988cc593b8607ab49614f2fcf728fc91e3286c578362fd61953113907d087e9859297602bc28a605b950bd992cfc107865c7a818b8598edd7ae61af5ca8c4b87

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    80e4e5bebb5f10994157ab8753e68ee0

    SHA1

    69d5592bdf2463f4229ad2b27a31d812da488e79

    SHA256

    2a1fc2b1710c7c2a646ca49f10f301f7edb9be42974aa02958e08a6f425f84e1

    SHA512

    5ce9089a8a5ffd3368594777c523ed899b74b7eff7458245911b575a1b57e2efbcd7426eba2f287a8b5e3aeeacfaf2392854579ce1fd784f48a87af2e78b9f0a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3d49977ec5363f985f5a840047cf5f50

    SHA1

    200e2a17612205598c7084d95f840cb3ed186fec

    SHA256

    5eba1df720addb52e8238e7b83465f1fc5aa16195fe147a4cdd10d563b8460ff

    SHA512

    a97c0e4c486b1d58c87c6c3077484cbbdc915796d0614a1d75ed584326b75f9875c3cae186ac00a56369bfbb59bc9232049e0615f90d7796c0408584fc0b57c2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4cef8e3f8bd87ac13bd4d46a3d9482bd

    SHA1

    d5f8d3ccbad4e05dbc66415db4a23a0b67f1cecd

    SHA256

    a426575ada23887b12ad1ac577e29b60a90493f6c41353cf9ad2abdeb9e99cba

    SHA512

    1f00017621072d8bcc78173668a7ca9e7151bc359d1f11c9558acb8556c88d5edca6ccac3cd2ea45897af1d49b2ed27b3b4d95b28f66987c36436429b20a519c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3a445223e36da02041f9b53f6e3c1e64

    SHA1

    0ec3bcec22ca83030fcee625bddb18a8f5373bc8

    SHA256

    371e1c50c2dd670ae4bbb348a5460092f7f2facb571656d652bc10d3577a4ccb

    SHA512

    b4c4526b2977abf746df8e510b240cb56ee2e890ac1b16a587e3afdb3744fc6e6165619f70b1d25bd69df97b2f3dacfa86958dae8f66f19eda63704b47d46dab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fb31489d2fa960c5e38264483444e76b

    SHA1

    3aae5404c52fe08cac2cf82b2420976f11c470fe

    SHA256

    c19ce04927fb10f8953ef2c29c2f0b93b75a851db952327dcae11c777a167cf1

    SHA512

    ce19c3033d9ab5ae4809f97915a202edc793d83926ba6d8394b8dfb9ea16986e0c9ae6bdeb979128238f71d7dfd5681e4e79f05b1470df2d0b22aa0cf05e810b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fcca9a7bf2831c8d28bf35bf7ec1cbfc

    SHA1

    cf86cd0d3832bb55652c63f99e61571b6c6a6423

    SHA256

    6afce9de0c651bb51e28baff192d798bea4a62cc5faf2534d8afa774bdd504a0

    SHA512

    f1070cd6f13dc4e6dcf77bc8e19d0bbf0e549c2dcd29555f8912157a03e1907a03adda648359e95f83386d4e1c2a100ee0cb1269c039609a60cd1a4eae545a2c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1baffe0914d637ad55f4456e91c7dba8

    SHA1

    7bd6ddd110ccdb5846cca05fdb46b825a8108f9f

    SHA256

    8ef0c3e7c6d628a0d6bb4328bb9518fd47e216016908a75ad4dd2733a42fefdd

    SHA512

    3a3c515defb1e2ebc6bcb71ae01876307b11e59a413e5832a1fe7130f3464bf0c3d70f6cc93152448222cd0653a5e8b62cb0226285a2c7c0ebd8b0a513449c72

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c0261e23cdd626168b2ae665447d4afe

    SHA1

    f9300176a21f9b54d8f1ca79ab57b334a9cc391d

    SHA256

    a3f62df112af58c9ade4666c2c3dda21e09920b7464a4cf7bf17f1dcb6360da0

    SHA512

    41aa8c3f1bd91a56640a13ea9403f31bc8d51a14a7b8758df538b61f26db1d6138cc8f305ddf02d53ca92ab4c85716336af46888b39860fa49d5a47734ed23d1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7704cc7535cb5f9c2e25617eb97c8743

    SHA1

    5c57bfb5f4b87f52282649d9ffe937f6ac908f65

    SHA256

    a1c5fac50999f618105b83e2a1dc5ea7767dcd8952fd240a8861fa5fd38a03ae

    SHA512

    a6526a2c68177986af504bf6c7243d5fb9e5ddac5b832aa61b359ffde378e4bbeaf9553adeb015f017aa292c3151432f6caacc5dded744325168ae528d9124eb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3749.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar37B9.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • memory/1740-0-0x0000000000150000-0x0000000000160000-memory.dmp

    Filesize

    64KB

    Download