Overview

overview

8

Static

static

7

VirusShare...df.dll

windows7-x64

8

VirusShare...df.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    09-06-2024 12:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VirusShare_00d9d5a0319cddef48add9257d4721df.dll

  • Size

    204KB

  • MD5

    00d9d5a0319cddef48add9257d4721df

  • SHA1

    4da40bf0a2c94cfa25ccface3fd51f64bdf39b82

  • SHA256

    79c2733f6aea8cc0b2cbba6b2f450b7e4617d3666082cd7ae841d6fabe7901fd

  • SHA512

    d7b77edf2e0a3be0bf4020f010d97dd1d0016b40b17a87b11b0c450b7c65bc0b3fc5d5db6a1704bd1ea43b139845bbefa7d979466fb36f855f33ba18ccce235f

  • SSDEEP

    6144:f/FCpGUkx6ZusGqgN4KDnr59x1AZgSu7koS:gYH1N4YbPAZgSpoS

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_00d9d5a0319cddef48add9257d4721df.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2020
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_00d9d5a0319cddef48add9257d4721df.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1464
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2428
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2860
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:1580
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:3032
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2812
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2680
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2680 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2568

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0e12b5ccc3ed85917289e44a60b1c096

      SHA1

      747e6f32d0fe9468c6767efccc1e431a3a6a58dd

      SHA256

      de679fa1e212ed693c6b573ae8831e7247b7623458f226d5ade184590d6537e0

      SHA512

      f990bab6e298f0aeea030e7ac80dc0b0729cb3b0f664e90c8cf140f895758993b954fa2e406a5d27fc48fc87a23aaac44f29b6f6cf89b82418b77ff478f6c638

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d0be8ef530ea30ba740f09e2706a852d

      SHA1

      328f0aebe03f83ce8f9d3c5d36e767a7ee166d54

      SHA256

      370f87f4afae048fc4ad237d80e8849c4ed239c9d426fb0d383d51fc24ac0fa7

      SHA512

      64a23383e30b7c08083eacb77ebd1e9288bf5455cf737b6caea0cbd1fec9fc1a313fad536208b71f74ba86e5d457d9b140e40fb5fd8f29c9609b5ff2432f8e59

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ef88a72d4a435198a4fabead970a5b03

      SHA1

      127f6abb62f1809d13a9f500e14d9402fbc89e22

      SHA256

      fb0a35168160235deb8a5c35a019addfabf95ba7c324677c0c1fd68885263ef2

      SHA512

      4ef7aa929d4cb230a43080c20a03e535ada651cc400b9146cafe4d79ce53a85a7aa399cd4c7c0813b56dff10fd006f79a99dfd7de2ea1e4a9118b3cbeba6f5e8

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      93fe2ac7efe368fe4032ce58690a49c1

      SHA1

      0af5f1438ebdf0234590653faa96639ea54b5d5d

      SHA256

      65afc019bc0b9ad19d4b68f0fb908349ced44b3b2908f8573485e253367bfdd4

      SHA512

      c8d557b2524745160c2aa6bc69f9f85628405426925c710e7ed80bd0a5bfaf6f83fea04814a0626c14ca6b45566d4eb3d3e20429f1d750a645b10d8492aead63

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      eb0b5e46f886336b73c038694b4d47ea

      SHA1

      cf39da46024ce92028a9845d0d2b1d1fd95b176d

      SHA256

      a8433df3e84b404a9f1b6c4284aee5c099221e13f94f5bc701909df8b21a9ec2

      SHA512

      6ec38369427273d2108a535727765095804b4d72b4fa28606872cf9ee88a5f46577efcf77385dc3bab807b05501a80b23a86e414ddb50a1038aa2b577efc3c90

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f680eaa44068f0699dc41b4789af349d

      SHA1

      47f4250b99f83bc16e3293ab58c66f1b23974a4e

      SHA256

      a2b8d47aad6804412c875e160a5c3ecf3d72221e8b2c0d20ed827b6dbe31dffc

      SHA512

      8567f7c41e74ecb728161c93a76a70dc477a3ddaee7f8449d680573789a562bd00646125d9769feceb6f28f72816f7e061b47b192bf57a4283d8a16741d5f979

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      359b0dc0cc55cb813426ad16efd1ddc1

      SHA1

      9770a5bf3074878b0157e67fb683d880e4169f3d

      SHA256

      6c84f2b0252f46f8fa3c516525835164893eb6f3aaef9bb2b2704bbbca5fb31d

      SHA512

      baa4a27b8f9045b45bb727722ba2a45bf73f0d66b93007b92fb2b94607539935a13f2dd621eb5ded97995052808c085fb10e18e40611a24b11844df4b9adb052

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      39ef4f5c88687c1aa1438022b71ffe86

      SHA1

      f7126831dee41240350b6d91c0c3f68d25596114

      SHA256

      802ba1534c10ae90d3f3bd4cf02c3b312666999fffa16acdd49e96642605440d

      SHA512

      da10388dab0d1f3d61682bff2045742fc1d8504f65a7361e6b4e08c03b0e092b7b9a01dc8a4abe12fc8047a37a67ffcab1d16a1e04234d11575546577f64e4a5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      875b8e800daf1b4066bcbc8a48fefff5

      SHA1

      bb216738da245bd55109e1b2b31fe0da878de5a4

      SHA256

      e6871900409f4367f6f8aa1b76161233c64477c9a5a563fff366d94002ccf755

      SHA512

      044c9bd68dd1627a4c29e706dff0c6de9bf0992b71e9a37bcad19bdfc1e00be4124df54cce8f203abbed3cedf823eadb10ac84c91323430ea1099b54f0431cf5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      722e6f82d3effc6d1857d1299340334d

      SHA1

      b7668dbc580731610ca00110900e9e3814c49f9c

      SHA256

      59f033dfe873c4bc3811fe9eab97a632c3603b474699da44ce3b8a957c6e907a

      SHA512

      f1f74afca440bf096bb7ca59749cbb7b577612d398c589e59552cc408cc5856823f4052ece0956c32f59092a9d6147a9fd5a08f659e432366b55bd4e14af2f5a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      035a06f62242bdf59ea520c2f7f83aeb

      SHA1

      6ba677d97e22bd2d8afc6108f7d0dce546753a2c

      SHA256

      ed9131d43962f4825159c4d831a0d7bae231f1b43b20c4ba6857c1f71eea4224

      SHA512

      f6a8293b3c40183be4512433253c111e3825e696244db0fb2ac1284f9315ce8774e17066c53d4776e64390f5b69f9ac08c42c07ec973e57af2296c37f8afade3

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cdf591f566d180f70ffe1b94e0b2135c

      SHA1

      7b179627d1d93cdf40a1834fae7d413569d90ab9

      SHA256

      7be591b6429c33c560cd23051d5c0bfbbd7d14603627d47c3a1a81ac1aa54448

      SHA512

      4313f7853679394aaa6aaae6700e168fe1da597c451bc304ae24f32f534f8cb06542e0283fe76295a16699f63619a0a4b0a4db684b13f2400149abab83cb1946

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d4d3197ff69fc0208700eed90d92cb64

      SHA1

      5422a5885ac79299d8f6709eddb0abbb9c726c5f

      SHA256

      a9a169135594dd442ad8d5d1418caf696f59f4445040016cdbecf971df3567c5

      SHA512

      5dd26250a3ffc21dd3d40f4c213a8c1cd4b09eb10e0a560e74326d538227d0cdacc0fef7c115cb0b796d774a328592f4601f5376526244d3edf1d083feb9e79c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c4cde0aa599d0b1154836616c6be5948

      SHA1

      8a89ba70f8e9061d982c77cf47c5769a10d2e451

      SHA256

      86514556dc7dbe6302dd7ac6407b3f1dae5e9d3be3940f5f76cf51effc04c5ce

      SHA512

      b307b821daeef956e606dba6c95808a78b329ec36d97277e9bba3feec7a1825d17fd631cf8ecbbf3516cfe9d341c7874224e024164d384555151f18e8312ec45

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      57a0352626b0b1edd632ab9dfa73922f

      SHA1

      9a7b6d69186cd898ec4d1c63709716ff59b01cbb

      SHA256

      f97ada614527e5c86f149ec009a5f85daaf1658cc3a48ffd8280c5baf20ecd5f

      SHA512

      3e8b8685d5adfb4b8c6c51419f95c56dde0e6e3aac55cdbafa297437c022b6dd7b7afbccbaf8b52be0905d430fc33eb52be9a1e1f80993789b8ae8e321ed824d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      81a9b8aac955127ee073558a46259974

      SHA1

      48c12e8e148e7024ac5fd440007570e983726b1e

      SHA256

      b0cfcaebbc2f48d5e6fdbe6b768e6bb0d9d449e7ce9e6ab9a6977f7f38f845c5

      SHA512

      2b95a81e347008834b763b2a83ee54e19923e67702de754a351d704b2f8ffc76b10cbb06413a617953c45ff64b1df378c0f2f2701f5a1937a3f281dac8576f9b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bca72b5849ab38a8b155e845ebf6d474

      SHA1

      bb562954f788a1ecd045344d3cadb288b840fe2b

      SHA256

      52a4fc9a63dd1612e569b96452079a63c8ac45bf4f0a6610c1074504f68eb7c8

      SHA512

      5d116dbbfb6d3ca1ef7202c5a99e95f4db7fcb0c2014e0100840f0897665d5d4dc45696aaf5f2fa7f25ac728017ab02ef6351deafbb7e6944062f75e76d2fb36

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      426d8b0d98aad48956ca5fa46407ceb3

      SHA1

      7d03dbf09dbad115bbb3f16b1dbf62202c74c0c3

      SHA256

      b514a67966c4c4e7e7c4a5e30864b5fbb65e0c13976cc524cc59bc8c0bd5d653

      SHA512

      cc8f015674ea09ff9ebff00fb571f06fcd0be43c7d7115c48e3919d8e9c9cc92d228bc19187067cc8ad6a1cb80575dab38a2e2e03e13a18a064827f784da5706

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabE86D.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarE98E.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit
    • memory/1464-1-0x0000000000280000-0x00000000002E4000-memory.dmp
      Filesize

      400KB

      Download
    • memory/1464-3-0x0000000000280000-0x00000000002E4000-memory.dmp
      Filesize

      400KB

      Download
    • memory/1464-4-0x00000000001D0000-0x00000000001E4000-memory.dmp
      Filesize

      80KB

      Download
    • memory/1464-5-0x0000000000280000-0x00000000002E4000-memory.dmp
      Filesize

      400KB

      Download
    • memory/1464-0-0x0000000000280000-0x00000000002E4000-memory.dmp
      Filesize

      400KB

      Download
    • memory/1464-2-0x0000000000280000-0x00000000002E4000-memory.dmp
      Filesize

      400KB

      Download
    • memory/1580-16-0x0000000001EF0000-0x0000000001F54000-memory.dmp
      Filesize

      400KB

      Download
    • memory/1580-13-0x0000000001EF0000-0x0000000001F54000-memory.dmp
      Filesize

      400KB

      Download
    • memory/1580-14-0x0000000001EF0000-0x0000000001F54000-memory.dmp
      Filesize

      400KB

      Download
    • memory/2860-15-0x0000000002F60000-0x0000000002FC4000-memory.dmp
      Filesize

      400KB

      Download
    • memory/2860-8-0x0000000000150000-0x0000000000151000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2860-9-0x0000000002F60000-0x0000000002FC4000-memory.dmp
      Filesize

      400KB

      Download
    • memory/2860-10-0x0000000002F60000-0x0000000002FC4000-memory.dmp
      Filesize

      400KB

      Download
    • memory/2860-11-0x00000000001C0000-0x00000000001C2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/3032-7-0x0000000003D90000-0x0000000003DA0000-memory.dmp
      Filesize

      64KB

      Download