Analysis

  • max time kernel
    149s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    10/06/2024, 21:38

General

  • Target

    VirusShare_313322ef85ad7c943bc930fc900f7940.dll

  • Size

    88KB

  • MD5

    313322ef85ad7c943bc930fc900f7940

  • SHA1

    8170be7ecc998cb89e155c6f1b5cf0e5e7c9600e

  • SHA256

    baed2b676b376de604b41c4bf0f66d106085d96402acecae77ddc749fff50f74

  • SHA512

    39a1e60cd5361be117b628e8b14972c74c7274ddf31a42ddc4e44d800b539605090a2b98a9b7f4c937228b0ee88d913ef14340cf7cce0a5deeb4f368913acfbd

  • SSDEEP

    1536:KMxqUyvZNNm8CR0DBe6mC5ktbg5llhZNfvoipKKa3:KMQxjCiVHCg5PhLv5kKa

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 13 IoCs
  • UPX packed file 14 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in Program Files directory 9 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer Protected Mode 1 TTPs 5 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 62 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_313322ef85ad7c943bc930fc900f7940.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2312
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_313322ef85ad7c943bc930fc900f7940.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:2792
      • C:\PROGRA~3\rundll32.exe
        C:\PROGRA~3\rundll32.exe C:\PROGRA~3\90e8.dat,FG00
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1964
        • C:\PROGRA~3\rundll32.exe
          C:\PROGRA~3\rundll32.exe C:\PROGRA~3\90e8.dat,FG01
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:2584
        • C:\PROGRA~3\rundll32.exe
          C:\PROGRA~3\rundll32.exe C:\PROGRA~3\90e8.dat,FG02
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Adds Run key to start application
          PID:2624
        • C:\PROGRA~3\rundll32.exe
          C:\PROGRA~3\rundll32.exe C:\PROGRA~3\90e8.dat,FG03
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious use of WriteProcessMemory
          PID:2668
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2476
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2476 CREDAT:275457 /prefetch:2
              6⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2368
            • C:\Windows\system32\ctfmon.exe
              ctfmon.exe
              6⤵
                PID:1052
          • C:\PROGRA~3\rundll32.exe
            C:\PROGRA~3\rundll32.exe C:\PROGRA~3\90e8.dat,FG04
            4⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:2596
          • C:\PROGRA~3\rundll32.exe
            C:\PROGRA~3\rundll32.exe C:\PROGRA~3\90e8.dat,FG06
            4⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:2564

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            213445a366d3a08f3b0c63fced1eea4f

            SHA1

            1a8f341d471d8a2beea2b7c8e74a5c101663a275

            SHA256

            6bc641839e4b45e26c486a8a9b5c43873960a8d3bad6fa5ee2d5d840267efef8

            SHA512

            85d0dcc5d4d2830d4778fa52917128f76c28033572c4096391736c575a58012576a009f96834418015a4a36dc7d3b269b154808bd9aebfdaf864fd76cd7a36fa

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            55fedff9f64c7fb887bc1a43c6d5d75e

            SHA1

            5961875f4e4fb3aa9e9be199f251c5a803cc34de

            SHA256

            cd23edb214d2ef3a7e0e5ec393ebbc4e1bba56526d08b7b685108f0ffef4a193

            SHA512

            37b21ea572223eca087ba92b9cdf95e12aeb02d37e9a7257672fce6e4d76beb12a5a1d32845241f9dd0f02ff0e986c37885c6a53aa6aa52459dfba55537aeeec

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            c0f64253c7e5fc78f2e41c74c70c814f

            SHA1

            28a142af2c8234608bb33bda2ddd2c1a6e9c47be

            SHA256

            37c207abe2b167af26420c00dc425202c2665293a1a7c1a03c6d57a139fbfea6

            SHA512

            3bb1055fbb2ba82235cf9acd5c56528348713915688ea4d2309af533f62ae92d8d642cc3b323f7902edea402cb2dfb13f2095d40e91cf23d0da4d3ca2b086c47

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            066daccf5bc02fd630ebf88d578c7127

            SHA1

            e3fa148884e560e86b53c25595b3fd4053253117

            SHA256

            c8b6ee5e2c9deee94d750bce3c3fb37eb24526f1932b30ab169ea39d43c184d8

            SHA512

            6860c15dbd1bd0381ebba680d421b8cbb3ee1aba5049d82d9d7908106f77384b198a8c69e013eeb85a0800a1e8c669da670e949b2db04dbddc22d4ebaad41344

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            4ec8298f8ef03ecaaf7dec1d8dfd5feb

            SHA1

            a9a53dce07c88c628204da9f8879ffd7e0f75d14

            SHA256

            fdffc9d4bce3507e8d775d56b89b621e24a35ef0ce57aed8ecba32b16d448d53

            SHA512

            677fb0e31b0c8db0231012e12b8793da54788c0b0d6161bd6010e43353c6eb7aeb1b53406daba587886bc8ca4bd0b52e9cd16b16cb3312ea143cf13ad0f9f3ee

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            75000d2a99bb7bbf258031f547454582

            SHA1

            445eb59291f55bd667245b79131c03b97decc820

            SHA256

            eec0b4d1d83a693d4f922262697664451a664745be7f4bc27b5d5b1f534520e3

            SHA512

            a68e5d1f923a02905621c2a00d0c648cb2f0b31da4c43d90bff83b50ebe2b00b977b4594feec8f60c8879935808d3a4821f70fac45b55e367b2367e960e5bb6d

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            c587e78dce06a66490a7bd99e3ddfb0a

            SHA1

            4aa3659c3a44976b6abf2b407cd718da531b3393

            SHA256

            d58782bd7632e646d59dcf75df0ff4f9773fcc496b1cfd84f650fac80eca5de9

            SHA512

            5487365637b360c2409ede3fa6269338669e0571c4f27af8b5b0d22416ebb78773aa29938fbc95f6dd9681e613f7395f106804cabf26b8a4e1b3e09c93cd3ed0

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            1fcaa50f4764364be9319a61ca8b19d9

            SHA1

            42a1f9937ad8bc579d073fde4d3c541191bed6c4

            SHA256

            73dd34dc8d061e5846c677cf3e2d8c90e3e16bd1345144f13fa24015adc2a8c7

            SHA512

            c9d890175c3fe1c173d9a59d8436ad9fb4cd7219db444c19f00e547ce8aeae6d1e2592a43417301d4a702ed4dd549510c259da708ec75a70bc831e486f1483f0

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            a8913b7d41687eef4d8d037d8f12ada2

            SHA1

            8c0b6ef7674cd9cc9b41ba5d344799c4a7efeda6

            SHA256

            4ff1264491992ceb4ed7c3282399778612b8f738a81724c54fe2ee7fbd5c7ba1

            SHA512

            ba2f369f61efa69d22785968d5004e767eec4300cdf43d33f212944accaaa785bb2a33f1b8d04f5548838566c2467f81240c4294dd27cba6439ee3105a8d8ef5

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            1f664da31d4d8ddac8e633196d89228e

            SHA1

            ae0fd28fe70ffd011a2b9f024fd80ded67f20563

            SHA256

            b7095456280c4b7aabf4e036b6aad0622e7271e3e107c1ac4822bf8f60a17828

            SHA512

            51e13cc5753f6501f5fa40e73ba711414a8a53672b83b4d84d159bbfa6641a2252fe178b38c5d14b921d9011fbefd2b945a3e5e6784435bf93747cb886ba2860

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            230b2d5632c7d6a0c8d9653592a082fb

            SHA1

            bf69b130f3846ebd9110c481d84e2f60f38301f3

            SHA256

            c66996eafc8cea6c133ab136b70fbf1955f84246747194f2a04af7ad2200aafa

            SHA512

            82ecdece04a3f9d697a766a6269e4cdd2c4300e3669c7e9aa22398546009bf475bc62ed09da3afd14a866aa011b5bb73ea97957d35aad0f57f4e1963a69df530

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            78c2a2dbe9bd825c2d07d3a3a17d0719

            SHA1

            15bb8105c635e71d50d03143cf258b606b9d70f1

            SHA256

            b28c7788b7a7ecf24184fe857890bdd2dc8932f8854dcf6a2c3480f3cf2ce50d

            SHA512

            7b50df05eb196e363add949e6a4b64fbdee7f8b43b747cbd4fcea4d9537e92ba9e8f508e399e60b6a569b021a0ca90453e2303886d953bd7fa6916e2fb1a4cb2

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            485dd1405c38ada15b506a529ff17cec

            SHA1

            28bbe5c6a1131e436d4df68d69083327e1ffcb02

            SHA256

            022543e8e33c5bf0eb5d10d27713f3c6fba5b42be02eb41604a265cabe274621

            SHA512

            fb79cc7997a92c51e6a6a3dacd5359d19fc1249298fc9b35c3eebd66e4973d4e9476a6714f7d6ff64f0fe47910b49c9f0e988da59be0d649d59de9d397503566

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            3769bcb833e5030927565d5f91701b41

            SHA1

            98091c5c0d3f9f748ae32d4e3faa9f940f17e905

            SHA256

            eb924bb832d44bf55c1b4b197b357fb93bd9c5880599d6bca02a0eb2fa859f6b

            SHA512

            ed06be2fb262141461c4bc8b5c0c120f46631d51a8b8bb52d31173032348e629fecac6e84151349af25224d40a442ac14a5e94c0a0fa1c5ce6467d4429f116ef

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            e8f3d58e3dd4c463936c68cae7c82671

            SHA1

            1bb2f47fac4e9494e8e94e6a2a796ab6a3b4730c

            SHA256

            2fd871a20207d4ea9fd818e5c13e4ffa4ef6a812cf632ea6a556aac019e0406e

            SHA512

            8800a7ce570eb1286fe867c569699d198ea2a1469177d35cfbcfa26b86604b9b17e160e6e04b35fef4d67fc2467dd91503803c6259052e3e058b0e5662fd3202

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            979c90f3724888b8e447d7efb5fe8bfb

            SHA1

            94e54270e01b8b63f276b02a4b3306f4b4b7f17d

            SHA256

            04bda4f0ba02722cf3ebedbec2dd22ba7767f0198f022b12b1b36e8f97787e6d

            SHA512

            163fe6c177b9aa80807cedacbbda741edbfb95b174cbe35b80f05b58ca709c6fa9f83d7a25e950dad1dbc7a1c73dec3b5331c69f26af5657cc19f032533b9c9f

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            06202b974c8ef65777ba20dd85f839e7

            SHA1

            0ceb276566392f5a020d95950f7a97528e45e6fe

            SHA256

            16940ef86f9a6623afbd1a20d29c905afc1f4bf2be34068f7a2e52477e4ceaa0

            SHA512

            0e3f0f0b9a3b09a53da522aa1478b621a40b47cb0cb1263793712803a145be2eef0faa9341b40bbcdab7873d1829ca128d948d83c8dab1395ff50a8ae89ba91f

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            d421ed362df9994ad53705802838911d

            SHA1

            8dda1085352c3a8f6084320a87383bb04f2fecec

            SHA256

            5ed973042ac7bca41bc6b8822531cb9811d15d1d8ec11b5c505e91d4fb7f7dde

            SHA512

            e7696ae33145c8f359a88f30240593a4655f8e2531140a9e33dcb573e53d83c51b6f33b3df31ed395feab20658a41a496396eeecc0fe2a66b4c3fbcda8dc3db6

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            342B

            MD5

            15d57a3a910b1c4c028e0e680aa1342f

            SHA1

            7f9c0e89a2638c4693b1e339582ece9e72e7eff6

            SHA256

            796a21ee077b4cbcd85c33349fe84609130ae8b490b8501377491dfbe3800013

            SHA512

            c5e7dadb7e1b708ffb5c45ad3c0da704b12b3eeeb301ea2edaa8867f469e17745e6f6c29547f3aaa7cb0b72d1fac07c2e20b27d37050c1ae1df48f0d77169da7

          • C:\Users\Admin\AppData\Local\Temp\Cab5544.tmp

            Filesize

            65KB

            MD5

            ac05d27423a85adc1622c714f2cb6184

            SHA1

            b0fe2b1abddb97837ea0195be70ab2ff14d43198

            SHA256

            c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

            SHA512

            6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          • C:\Users\Admin\AppData\Local\Temp\Tar5645.tmp

            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          • \PROGRA~3\90e8.dat

            Filesize

            88KB

            MD5

            313322ef85ad7c943bc930fc900f7940

            SHA1

            8170be7ecc998cb89e155c6f1b5cf0e5e7c9600e

            SHA256

            baed2b676b376de604b41c4bf0f66d106085d96402acecae77ddc749fff50f74

            SHA512

            39a1e60cd5361be117b628e8b14972c74c7274ddf31a42ddc4e44d800b539605090a2b98a9b7f4c937228b0ee88d913ef14340cf7cce0a5deeb4f368913acfbd

          • \PROGRA~3\rundll32.exe

            Filesize

            43KB

            MD5

            51138beea3e2c21ec44d0932c71762a8

            SHA1

            8939cf35447b22dd2c6e6f443446acc1bf986d58

            SHA256

            5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124

            SHA512

            794f30fe452117ff2a26dc9d7086aaf82b639c2632ac2e381a81f5239caaec7c96922ba5d2d90bfd8d74f0a6cd4f79fbda63e14c6b779e5cf6834c13e4e45e7d

          • memory/1964-530-0x0000000000130000-0x000000000015B000-memory.dmp

            Filesize

            172KB

          • memory/1964-529-0x0000000000160000-0x0000000000161000-memory.dmp

            Filesize

            4KB

          • memory/1964-17-0x0000000000130000-0x000000000015B000-memory.dmp

            Filesize

            172KB

          • memory/1964-16-0x0000000000160000-0x0000000000161000-memory.dmp

            Filesize

            4KB

          • memory/1964-42-0x0000000000130000-0x000000000015E000-memory.dmp

            Filesize

            184KB

          • memory/2564-1037-0x0000000000210000-0x000000000023E000-memory.dmp

            Filesize

            184KB

          • memory/2564-547-0x0000000000210000-0x000000000023E000-memory.dmp

            Filesize

            184KB

          • memory/2564-1047-0x0000000000210000-0x000000000023E000-memory.dmp

            Filesize

            184KB

          • memory/2564-218-0x0000000000210000-0x000000000023E000-memory.dmp

            Filesize

            184KB

          • memory/2564-1052-0x0000000000210000-0x000000000023E000-memory.dmp

            Filesize

            184KB

          • memory/2596-536-0x0000000000130000-0x000000000015E000-memory.dmp

            Filesize

            184KB

          • memory/2596-217-0x0000000000130000-0x000000000015E000-memory.dmp

            Filesize

            184KB

          • memory/2792-6-0x00000000001E0000-0x000000000020E000-memory.dmp

            Filesize

            184KB

          • memory/2792-523-0x00000000001E0000-0x000000000020B000-memory.dmp

            Filesize

            172KB

          • memory/2792-522-0x0000000000180000-0x0000000000181000-memory.dmp

            Filesize

            4KB

          • memory/2792-2-0x00000000001E0000-0x000000000020B000-memory.dmp

            Filesize

            172KB

          • memory/2792-1-0x0000000000180000-0x0000000000181000-memory.dmp

            Filesize

            4KB

          • memory/2792-41-0x0000000000240000-0x000000000026E000-memory.dmp

            Filesize

            184KB