Overview

overview

8

Static

static

3

VirusShare...28.dll

windows7-x64

8

VirusShare...28.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 04:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VirusShare_1aec1d350e84138d0cc80be3b3787028.dll

  • Size

    163KB

  • MD5

    1aec1d350e84138d0cc80be3b3787028

  • SHA1

    d72eb7f257aa71ad3d0e85a2738c24dce62def66

  • SHA256

    34bc9735615d1f0aa7d698d22a656ed621717dc8c8882a3286854f40f7e50f97

  • SHA512

    82898793dc9cd90dcab6e7a47875c6eaa87dd8cc2eceebfaa06ba5030e849928ab31c98ccb8ecbe99610d21d1d5513036f8f7796df92ce77cc29f102d2914b02

  • SSDEEP

    3072:/vdCWhm6xlKCp1sUQsCO76vHkJqcmjDIevxzbe9eKzRA1+0EEGaXVON:Xc+ggIvJp8D3EGaX

Score
8/10
evasion

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_1aec1d350e84138d0cc80be3b3787028.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2056
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_1aec1d350e84138d0cc80be3b3787028.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1744
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2896
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2912
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2624
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2088
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2444
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1152
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1152 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2676

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7a7f117271e2d31c05d2e9dfed69a684

      SHA1

      8ca80c0d5118cec40e832f0c27dcc693dd8710d8

      SHA256

      96a63ddde253be0cc158ff58de6bb214df3044d7fafac267c072b61b3712627d

      SHA512

      cbc6204ff158d38fcb3596ca3e8c463b7e40c585f84c5069190f82926092b7e418fe96c49b66addcbd1312dc296a8c9f150cec8576cf992edd97f247afe1503c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f62029885e3244bf1865f413eab56572

      SHA1

      c6723c0b123b4fea96597b78b1381a8372c56b02

      SHA256

      48fa6cdaef208d40bba730ae9051ee63538dfcc41bc82e8c373568dd4530ded4

      SHA512

      b53e35894a73ad4f58098d95cf8159e8bf691eb3b90450f00da9a0231bc1aa1389cac510cee11bff8c15c12db8010d1c57e5a4398748110e166d4b646036d35c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9eaa9ec332916349ddbc4823992e4c27

      SHA1

      4d83b59b98fff4570e8edee9b726052a13e4c3c2

      SHA256

      d539f67eeefc1a15a9de71e9bd1018ab95bb563f05045a10d5997ded0d2c95ec

      SHA512

      8aaa73c41b2adaa589d5bd07e9bc84ef4a576de77c35f9f38f7dc97e37911626ef056b3c07e0f12de07145448676917e8566c40cf59bb88561914b006b9518b2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e4b0c9d9799a111dcb3878ce6eee84fb

      SHA1

      5f616db7dd06bb1ee4f6cadbfcda7444202900e5

      SHA256

      d7b5151dffb711a9f3242928715b9632524e1beef0345b2b54c2e971da7f17fe

      SHA512

      4f44820ed0e5eea1e42fdd962dec2bcf0ce013fd0d573086182b45b65a6f6e1b7d930f75687a1d2b889759acbc03f9f349769344a3eda117a2dc380cd0b3fdc8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      189752bf162ef8ffd77d3ffa33731783

      SHA1

      d153a8572225b37bde11223a18866b23ffb246e3

      SHA256

      88006fcd6cd99b4bbe4a14a2349e9f1da69166b6af0cf64570dc8381a43bbb2f

      SHA512

      c7a0bb456f816e7993557fd939b012770daa477d81bf95bb6f1904bb9330b2f8f5356d300b75b4b51f139990203f8fe280a73cce6ebb3ded11db0925c544f4e9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      11c32813a66638ca8912f52c56980b20

      SHA1

      2f54274c67609ba33331187db75d21e88dea1141

      SHA256

      010b97ca7944bd0bcd4727e3e45d0e6c515fd6db31e833f2c8d32ea0cc6ac770

      SHA512

      11f1af09b34458ef107f8ac693208a62fcb8aa594edc57707885f8ee4ec55bab74de2e74263a960f78a861fb0055d34c7f9e797b70e378b5f0f1a3ae18a599e6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4e7e61f3efd2084ede4a683834cc717b

      SHA1

      b92b3306d84d3489044faf8aec7558b4cb5251ac

      SHA256

      e6d0dc53dab3853979fec2d74d5c772a275bb13d3534532643bd8fc29f2557fd

      SHA512

      e644ac934d2819b895143e46ff5c3280d48d34a845fd5e4f13bb6500d9b62f728c0274431b707848e7f4e16ffb8028f595e6bb249b6d1d12e61efcea6bf40f89

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      16cf10e307e9ed6bc022996fc0fb2980

      SHA1

      8d2e8b96039ecb239dedab7814085c61bde50ee2

      SHA256

      1be4cc157c849b66b28b2c479741fc2edcbe443318e579bdd059d6c65bbd4efa

      SHA512

      9378248e3efc1625bfaa1adf0f7c3155234ff747f0948d01b9bde907102056ead54de1254d392776e47a9e0701864961716516e9e32cc1459df7adb18ce9f726

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      078ae46ab1089c66000f7580cb1651f2

      SHA1

      989e4bd5553b5acf254d3264f95d1fa58994c9b6

      SHA256

      a9916dbf84a4776c36dcfedbd7e3b3328b1e41aa34a1393d07b109e971325ba9

      SHA512

      2a54f38c03f7ba7408b396e0f63f2c958ea102e6346994b4ac43fb1865d70d4f5c97fcad1c7c047e48d69816b0190175f413b6ae87d192977cc7083de8785d08

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ed3570e30594ba62a3a1c6e718691427

      SHA1

      d82b5115623fc3b06bd0d8a542b999419bb51e2e

      SHA256

      c07eab30500e0cd279cb18d38bab250faa415e47bc61806a485794a7d245d235

      SHA512

      e1ccbfa12d7f3d3cd410e42d6f79953cf669dd310283154a496cf15806dc543ea8c78398e849a163889b594170df495d2ba670acca0facc4360620d783307b06

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      86121d0f6fcd07b51db84354da018fb1

      SHA1

      d484083b46ea1b7ef61c82be738e33a362831638

      SHA256

      1314f0759f89135501517e996505d8135c1386f00fd703dd01cc8524255b641c

      SHA512

      e16b7047d0fb2e156a48e20e71b3b2b895143db5332ffceb520508dbd7c232a70ffabd07517334710e949b954fd7f514eb966ddfc0266e8650a572448c425078

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      96de74e08add348635bd033bc3694478

      SHA1

      c33f1bc4ca0dd4cb8c8109fbeafc950c06761f6c

      SHA256

      af830a4f0de0330b6340f8b0c11b84a44b921ef95cf924f4413417f84f213b9d

      SHA512

      40c5dc41b92a814b65499d1f3830fed62429813fcdc60dd8c127ce6504b2d01ef50910508116b604db0b31419fc5b8c613267d49886e21697a3b529731c508ec

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      07983f8f19129e14c230a13b6c4cb927

      SHA1

      088f75ccecd3c761c9ff9ed79d98f21c0ddeb53a

      SHA256

      df38161906a0563c2114a374fb24b32ff2e70c83b21085733e3bd55d8c70d193

      SHA512

      a0942d04b9a1f2d482927c6132d2bcc0b5b22aee2b165874fffa5194c3f52d940139413fdd96173aa36f87aa1a38facb810b253d3c0c6080b20b694ba41d1e84

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      25de60de6a770d5fe3af841f33539c62

      SHA1

      b8f9222d64f3d491901cfa7e1be926046b38b66e

      SHA256

      16f038ebfb40d368530db89a3d1bb5125d268ec5ce9b7b1a48684e43ada32379

      SHA512

      6b6deb44e83cb248c70e6c9a5202393d4b224e8aefb8fe1e106448fa13e4478702d522238afdd05948f56f93dc0daca7d9133c423e738afd2e7c294550cda09d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e9f4d79a62856201eef1a1e52ccb9ce3

      SHA1

      ed5483d347452d57e5f6baf7adfb031a115bc5e9

      SHA256

      a912ac23f54312db13af4a35503e17b5bc5ec06fc830ab5cf8e3f3a514c981ab

      SHA512

      25a21fb13b4ace597ce060ea312612932ebede52ca42b154389dfa3e02be78ad6a1bd821e152e6b233078ba80bf9c7c6cc301d33e627e9f501bd948f9a549f16

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fa7af2fbbd206975812ac3bc7eb3d3e7

      SHA1

      b5160d432fe90a34978e6c4066adf81c44321500

      SHA256

      f7374ab646125d53df7b08f3accf37378c100424265e572e98c9ab6b32e18d7b

      SHA512

      24fd6db6336261d1b2f5e343a63470f3e8d9fc0aac27173a116477ff5f02e7381de29b9b541e0968c8e478d24d262b5ca15c780fb809d8dc3a1662ede14dc11b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f274d6985a4bdcfe628de209a1be3271

      SHA1

      4b8988949751f2cd60f55d119fa1674d993f2055

      SHA256

      5697f794e630be08cc8826c218374442a2d71978a4b98513ddabdb78871fe84d

      SHA512

      f17aba791ecbdc41754f77d601b4100133255931d50cd8b1349fba49a629daec9b2f1ad11f5e186dd3253ada6f6a2211c83c7662cc1c9df1e1cbf3d0e7af1839

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      be228ec21bdbad5d6dc23fa358d5e563

      SHA1

      25bc7a7df73019d8158620514c9810561f06128c

      SHA256

      00debb80e8516c5ce784c4ff117e69cdb524305bea4dd17bf2d7a1a7f037df98

      SHA512

      a735e094cdff1665cfa3852ca140ed296903a8a769a043aa4d40d7589bf3d3c8c64cb5c9f572f71b86b498a13e6e6c4726768d6add3ed59f6176f2aa6ca31607

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabED9D.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarEE30.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/1744-0-0x00000000001C0000-0x00000000001F0000-memory.dmp

      Filesize

      192KB

      Download

    • memory/2088-2-0x0000000003B10000-0x0000000003B20000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2624-6-0x0000000000200000-0x0000000000230000-memory.dmp

      Filesize

      192KB

      Download

    • memory/2624-8-0x0000000000200000-0x0000000000230000-memory.dmp

      Filesize

      192KB

      Download

    • memory/2912-3-0x0000000000140000-0x0000000000141000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2912-4-0x0000000000170000-0x0000000000172000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2912-7-0x0000000000400000-0x0000000000430000-memory.dmp

      Filesize

      192KB

      Download