a661b5a73ce07f4a0383d639de64c455b99fab270032f52802c952888fc0090c

Analysis

max time kernel
149s
max time network
142s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/06/2024, 13:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

VirusShare_bfb314e32e4f6063de39d9aa34ccd540.dll
Size

120KB
MD5

bfb314e32e4f6063de39d9aa34ccd540
SHA1

8be68d7368d01e72e0c22138c2b6b34fb8fe1835
SHA256

a661b5a73ce07f4a0383d639de64c455b99fab270032f52802c952888fc0090c
SHA512

3a195991815e298cf2b73d1ba9b93c923a7acd3c4d2ed2decc538aae3e2043a71081ed8a6d30f02204d5fa2507683083a83308cbd57e8680611dbf5265293dd4
SSDEEP

1536:YJ0Mk2f8gVEqxBWJ2yzJQFr8mGe99ZTYjfNSukVRxOWDHWRcd:YyMk2LVEsWJ2CeqmG6JmNSukrCRcd

Score

7^/10

persistence upx

Malware Config

Signatures

Executes dropped EXE 6 IoCs

pid	Process
2504	rundll32.exe
2500	rundll32.exe
2628	rundll32.exe
2396	rundll32.exe
2368	rundll32.exe
2436	rundll32.exe

Loads dropped DLL 13 IoCs

pid	Process
1516	rundll32.exe
1516	rundll32.exe
2504	rundll32.exe
2504	rundll32.exe
2504	rundll32.exe
2504	rundll32.exe
2500	rundll32.exe
2628	rundll32.exe
2504	rundll32.exe
2504	rundll32.exe
2368	rundll32.exe
2396	rundll32.exe
2436	rundll32.exe

UPX packed file 15 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1516-2-0x000000007AB00000-0x000000007AB2B000-memory.dmp	upx
behavioral1/memory/1516-6-0x000000007AB00000-0x000000007AB33000-memory.dmp	upx
behavioral1/memory/1516-17-0x0000000000240000-0x0000000000273000-memory.dmp	upx
behavioral1/memory/2504-18-0x000000007AB00000-0x000000007AB33000-memory.dmp	upx
behavioral1/memory/2396-44-0x000000007AB00000-0x000000007AB33000-memory.dmp	upx
behavioral1/memory/2368-43-0x000000007AB00000-0x000000007AB33000-memory.dmp	upx
behavioral1/memory/2504-42-0x000000007AB00000-0x000000007AB33000-memory.dmp	upx
behavioral1/memory/2368-49-0x000000007AB00000-0x000000007AB33000-memory.dmp	upx
behavioral1/memory/1516-53-0x000000007AB00000-0x000000007AB2B000-memory.dmp	upx
behavioral1/memory/2436-51-0x000000007AB00000-0x000000007AB33000-memory.dmp	upx
behavioral1/memory/2396-541-0x000000007AB00000-0x000000007AB33000-memory.dmp	upx
behavioral1/memory/2436-552-0x000000007AB00000-0x000000007AB33000-memory.dmp	upx
behavioral1/memory/2436-1042-0x000000007AB00000-0x000000007AB33000-memory.dmp	upx
behavioral1/memory/2436-1052-0x000000007AB00000-0x000000007AB33000-memory.dmp	upx
behavioral1/memory/2436-1057-0x000000007AB00000-0x000000007AB33000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe = "C:\\PROGRA~3\\rundll32.exe C:\\PROGRA~3\\3blv.dat,FG00"	rundll32.exe

Drops file in Program Files directory 9 IoCs

description	ioc	Process
File created	C:\PROGRA~3\as98213.txt	rundll32.exe
File opened for modification	C:\PROGRA~3\vlb3.pad	rundll32.exe
File created	C:\PROGRA~3\vlb3.bat	rundll32.exe
File created	C:\PROGRA~3\rundll32.exe	rundll32.exe
File created	C:\PROGRA~3\3blv.dat	rundll32.exe
File created	C:\PROGRA~3\vlb3.pad	rundll32.exe
File opened for modification	C:\PROGRA~3\vlb3.pad	rundll32.exe
File created	C:\PROGRA~3\vlb3.js	rundll32.exe
File created	C:\PROGRA~3\vlb3.reg	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer Protected Mode 1 TTPs 5 IoCs

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2500 = "3"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500 = "3"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\2500 = "3"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500 = "3"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500 = "3"	rundll32.exe

Modifies Internet Explorer Protected Mode Banner 1 TTPs 1 IoCs

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\NoProtectedModeBanner = "1"	rundll32.exe

Modifies Internet Explorer settings 1 TTPs 29 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DA1578E1-272B-11EF-B2DC-EA263619F6CB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424187346"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
1384	iexplore.exe
1384	iexplore.exe
1384	iexplore.exe
1384	iexplore.exe
1384	iexplore.exe
1384	iexplore.exe
1384	iexplore.exe
1384	iexplore.exe
1384	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1384	iexplore.exe
1384	iexplore.exe
2752	IEXPLORE.EXE
2752	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 62 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 1516	2896	rundll32.exe	28
PID 2896 wrote to memory of 1516	2896	rundll32.exe	28
PID 2896 wrote to memory of 1516	2896	rundll32.exe	28
PID 2896 wrote to memory of 1516	2896	rundll32.exe	28
PID 2896 wrote to memory of 1516	2896	rundll32.exe	28
PID 2896 wrote to memory of 1516	2896	rundll32.exe	28
PID 2896 wrote to memory of 1516	2896	rundll32.exe	28
PID 1516 wrote to memory of 2504	1516	rundll32.exe	29
PID 1516 wrote to memory of 2504	1516	rundll32.exe	29
PID 1516 wrote to memory of 2504	1516	rundll32.exe	29
PID 1516 wrote to memory of 2504	1516	rundll32.exe	29
PID 1516 wrote to memory of 2504	1516	rundll32.exe	29
PID 1516 wrote to memory of 2504	1516	rundll32.exe	29
PID 1516 wrote to memory of 2504	1516	rundll32.exe	29
PID 2504 wrote to memory of 2500	2504	rundll32.exe	32
PID 2504 wrote to memory of 2500	2504	rundll32.exe	32
PID 2504 wrote to memory of 2500	2504	rundll32.exe	32
PID 2504 wrote to memory of 2500	2504	rundll32.exe	32
PID 2504 wrote to memory of 2500	2504	rundll32.exe	32
PID 2504 wrote to memory of 2500	2504	rundll32.exe	32
PID 2504 wrote to memory of 2500	2504	rundll32.exe	32
PID 2504 wrote to memory of 2628	2504	rundll32.exe	33
PID 2504 wrote to memory of 2628	2504	rundll32.exe	33
PID 2504 wrote to memory of 2628	2504	rundll32.exe	33
PID 2504 wrote to memory of 2628	2504	rundll32.exe	33
PID 2504 wrote to memory of 2628	2504	rundll32.exe	33
PID 2504 wrote to memory of 2628	2504	rundll32.exe	33
PID 2504 wrote to memory of 2628	2504	rundll32.exe	33
PID 2504 wrote to memory of 2368	2504	rundll32.exe	34
PID 2504 wrote to memory of 2368	2504	rundll32.exe	34
PID 2504 wrote to memory of 2368	2504	rundll32.exe	34
PID 2504 wrote to memory of 2368	2504	rundll32.exe	34
PID 2504 wrote to memory of 2368	2504	rundll32.exe	34
PID 2504 wrote to memory of 2368	2504	rundll32.exe	34
PID 2504 wrote to memory of 2368	2504	rundll32.exe	34
PID 2504 wrote to memory of 2396	2504	rundll32.exe	35
PID 2504 wrote to memory of 2396	2504	rundll32.exe	35
PID 2504 wrote to memory of 2396	2504	rundll32.exe	35
PID 2504 wrote to memory of 2396	2504	rundll32.exe	35
PID 2504 wrote to memory of 2396	2504	rundll32.exe	35
PID 2504 wrote to memory of 2396	2504	rundll32.exe	35
PID 2504 wrote to memory of 2396	2504	rundll32.exe	35
PID 2504 wrote to memory of 2436	2504	rundll32.exe	36
PID 2504 wrote to memory of 2436	2504	rundll32.exe	36
PID 2504 wrote to memory of 2436	2504	rundll32.exe	36
PID 2504 wrote to memory of 2436	2504	rundll32.exe	36
PID 2504 wrote to memory of 2436	2504	rundll32.exe	36
PID 2504 wrote to memory of 2436	2504	rundll32.exe	36
PID 2504 wrote to memory of 2436	2504	rundll32.exe	36
PID 2368 wrote to memory of 1384	2368	rundll32.exe	37
PID 2368 wrote to memory of 1384	2368	rundll32.exe	37
PID 2368 wrote to memory of 1384	2368	rundll32.exe	37
PID 2368 wrote to memory of 1384	2368	rundll32.exe	37
PID 2368 wrote to memory of 1384	2368	rundll32.exe	37
PID 1384 wrote to memory of 2752	1384	iexplore.exe	39
PID 1384 wrote to memory of 2752	1384	iexplore.exe	39
PID 1384 wrote to memory of 2752	1384	iexplore.exe	39
PID 1384 wrote to memory of 2752	1384	iexplore.exe	39
PID 1384 wrote to memory of 1664	1384	iexplore.exe	40
PID 1384 wrote to memory of 1664	1384	iexplore.exe	40
PID 1384 wrote to memory of 1664	1384	iexplore.exe	40
PID 2368 wrote to memory of 1384	2368	rundll32.exe	37

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_bfb314e32e4f6063de39d9aa34ccd540.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_bfb314e32e4f6063de39d9aa34ccd540.dll,#1
  2⤵
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious use of WriteProcessMemory
  PID:1516
- - C:\PROGRA~3\rundll32.exe
    C:\PROGRA~3\rundll32.exe C:\PROGRA~3\3blv.dat,FG00
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious use of WriteProcessMemory
    PID:2504
  - - C:\PROGRA~3\rundll32.exe
      C:\PROGRA~3\rundll32.exe C:\PROGRA~3\3blv.dat,FG01
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2500
  - - C:\PROGRA~3\rundll32.exe
      C:\PROGRA~3\rundll32.exe C:\PROGRA~3\3blv.dat,FG02
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      PID:2628
  - - C:\PROGRA~3\rundll32.exe
      C:\PROGRA~3\rundll32.exe C:\PROGRA~3\3blv.dat,FG03
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies Internet Explorer Protected Mode
      Modifies Internet Explorer Protected Mode Banner
      Modifies Internet Explorer settings
      Suspicious use of WriteProcessMemory
      PID:2368
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        Modifies Internet Explorer settings
        Suspicious use of FindShellTrayWindow
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1384
      - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1384 CREDAT:275457 /prefetch:2
        6⤵
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:2752
      - C:\Windows\system32\ctfmon.exe
        
        ctfmon.exe
        6⤵
        
        PID:1664
  - - C:\PROGRA~3\rundll32.exe
      C:\PROGRA~3\rundll32.exe C:\PROGRA~3\3blv.dat,FG04
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2396
  - - C:\PROGRA~3\rundll32.exe
      C:\PROGRA~3\rundll32.exe C:\PROGRA~3\3blv.dat,FG06
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81b5eb76ee802262f0f84958da215309

SHA1
dc232e17f8fef00cbaa7500b5b9f0835aa5f7dd4

SHA256
f24418bb2abcd5c6de7380e2d3f1aa7bc3e878830081d84b2c4519d6f62de3d6

SHA512
1608f1363f9ffa4c8a5a00ef76c7f87b8fad3b436b9d4f1b5b331dda8303b1113a921ecb34fd5e05a28f51eb42e0e350f9af2d865fcd1873c2b5d440b925bea0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96cf8ea65aadc4d7d02b8b868088652a

SHA1
742ea111acb619055da457298cbd2ae031ee1d8b

SHA256
8df5251c4a7dab7f4839fa8ba298e2ff4a1a7bbe7dd755da2c456ee957b1af6a

SHA512
2b9501d9382c37da91f3a43ead53660231116584971123e7252cbae2a0231a274fbb6b76943f85fcc96c9162a92d32febb7e06337793aac4f983448de8b111eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15e0cb623d04801932d0bc8f4c668e33

SHA1
fd77e73ad138aaec58f30ff07525d47e0434f1d2

SHA256
cbd1e91081106af48fa55483d468b01764307b12ab88f4ee4101144339a974de

SHA512
e531ef7d0bda278d6025329b355f91a662c6760485be1e39eb331d02a4d3cb9689045194e5e477b98ec6cfe8be2ff539e5a66a3fd1b35939b7143154e6c36c35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa2fccc2ede84d9a48706d60858035f0

SHA1
db4bd886fb0defd4f35dd23c47463795714a32a4

SHA256
22c690ec8962d1b6318f34f7017c65bfbe4369e6633370c4b836cce62c058180

SHA512
3d042ae0bdd7797562b555c46ad27c0b0e17697dd01fef02066be9f0e0b74af314f74843b99a7f80406e7e274f11b37c54cfe83a6920011cd231bbf47af4a44f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad0b6f1c391ed5c27afe8b0c7e90faa6

SHA1
1ed7d8a3e4f393329c908e42fd28decf6a44940d

SHA256
57b350e46c46946544bd85c6f5382704fb685e3008ae21c53f9347592448521a

SHA512
ebb40287941e672bf048c71a179ad983fc2104a67745ed9427c52c437204262aff1402d32a073788ae6063653a615b7c8e0fe57d8e30fc3e9564fafb51d9a5a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b464ccb4f5a56f5530f42bfdcbd46b40

SHA1
77c79e86f61e521e73a923664803a214192b26e2

SHA256
ac6f603f51aaea5155fb324ba1e90eb3e3cdbab13f369a9d4416376dba5c1b8f

SHA512
0b78e0ffc055cfac844bebeba330b2424533b7ac4d732b236c5d5482933923faad133c1e60767041fa44d59c9563b17bd5dadfc672a180cfae4c179f1a7bfed7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9ef4787bf52a8500d9960156b6e5fdf

SHA1
9973af9b9e58222887defff0e0ebb3d96644f165

SHA256
9604bb4a945d11a1f0d4dfdc28b6dfda2b25fb13bf08f866076b85d064f26e81

SHA512
e1023d47b2314313337761b182c90fb348f19ba9a841e9e862df9359205b665737b87b84173780aede09729b55b201f395ec2a9d3deb4bee97456c6616e869bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb8b07ceb0e4e7d18a806e39e7109513

SHA1
bbd91e2bc3c5337c5fdf7337ca121e7bba7b178b

SHA256
c3c6879696f05b35a7dee99f9554ac07e99f70ed95624352974da1ed88300013

SHA512
11a80ebf3b27f9cf2b23f48a33f21ecca393bd2cce432f4625b03a5cd4b31ed130bf9802fa3ca5d91c6d275ab1762508c8877592b0203919ba701fb7897e0ef8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70c3038bb45953efb35089c972a9fdd4

SHA1
8746e982c95055b41008865c968fde5da7893d55

SHA256
22660e7721db21fcacb9b408727b9ff92e674d928cd165baf30c1b502a789755

SHA512
10b2d56e4c85a120cf7dade6f21eb8bec2f80a5b2e4077d446a44b746c553f09782211fc02a7a67a04d700a8132eb1db74c6e34778b910a91ff2c856068e0390

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe5064315e51fec4a1beb4bbe4471050

SHA1
02be6d59659787424878ddd7a4adc456bb640a20

SHA256
ffce62f899497206870e4de750fb81deb54fa780de286b5b85f6e9e677b59b6e

SHA512
bb3073382872d536f9d644ac1d5da4bbeb2a4c490a4ec7f81ee0979dc81707b2903b945e75cbba70fc702274332079aa59a02196f9c79a267dc412823fb74578

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab35168f24079e909aca6fd11958b3b5

SHA1
46350ead9db6a6940b7725531c46e20212aa83dd

SHA256
48d291b306645372690a591ac0ded5681fd059e44372ac9e083d99a24948f4a4

SHA512
a0404e657be744d70fda98a155f6d983053523764b9ddd4cd3abc1b7aebe1526e4a145e4a6fa7099d8c0eb4229882c6a592abcc729f9bfb06284f3a9cb423f6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5226c0e4361737872912c4b2837130ff

SHA1
9e954dd72a0fdb444febd8e2a4896e10bb3f72a5

SHA256
9eca513e060fe2c8cb06bc2760c4a733585d6483041cd8d169a9b93309cc51d5

SHA512
7e9085673c23c7805387e8307662cb4dffdd0d840c9bb3427629c5393a3d1ff6d4697584568928298e250e3497bd1162853a65946a1c61f3ff0b52714db3f655

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a70b5e66f661194fe4f57466f39267b

SHA1
b72ef5d220daa07dec75f9efab1d1b115e1f7fdc

SHA256
9c22499049f5a64aade50f6687da99dee567c0335a7368ab8e02e58058c88d73

SHA512
32529203de8cd5008be23f1e620f7120c95ce8d857114178ad377416a25e9c15693857584d9a53e69c18686c05b0f8589b084c763541440dff5e8d9c3e2e76fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8c04f404d4b319a3b8784dae88f9fe6

SHA1
11b6452b54357cc2643315907ba34179baa4caad

SHA256
6badb36f1021aae58031be1dfd3ff0098276c9438eff56948b3275c8dcbcbe20

SHA512
5285b36120c7ec8605d8e56d7250fe55f9a75e671ac116d1d7f0795ff5d408af3cf3131a793a514357c45e9c1c36f49be2c9cd25471899736b70a341885f131d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a8dc385738feb56c75a943eb289988f

SHA1
c2e3f1a46ac3ba28c1d301e7c6e0c5284ce2b43c

SHA256
e937656e1c89e0a6416865d577048ea740a46b2e86a074eea757d49a8bad4420

SHA512
6fecd374de1ac8be2c62b26db03f4bb43c553f01618191ce6bba0ab31c81f4f30ec4431612ec5a64ea56e462026f123b758da4d2f64afb5540294d2e31e30e84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d0f71bcde7abff15e82222c3233f8dc

SHA1
3a8476194151c27e6dad25e2a7e8825fceacd265

SHA256
cdb62e64157f434a6ac8a8efa055e2d08e23d13a1a94e8e764c23077e3cd110c

SHA512
a423cb7d9dc6fb77753a5f443ea790e4ad7deebfee31a948a7430c641b84fa569c0ff469d7751f90c00f9a452531e7b28594ac2d2e02ae1ef3ed552d5c178aac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
00dcc30480a60dce95c3992bde7e1b5d

SHA1
704dea90a7b713e80cec6b77159774e374385aa4

SHA256
19eda0064f13152d2e0c660de3af83848d91b15017324e5b478b632740be62a4

SHA512
2c041a2ba7b10d672073685465d87f6ab9dca046392ec190dd606e1cba35bfd119e28459e97c06f67debdcf3b986b231c757984602e4e17731e3d540eafd3d0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87b52f33bf9c24e6635dcf1cd1db752b

SHA1
ea3e3efcfe79edbef4a1a0e1789353340adf72da

SHA256
513c877ed925f3a09c54da616ff1964a4ad909eb75bcb93acfaf6f9eef7b5ba8

SHA512
c87694ec1e4d000ee78d22ee13d78f97b787a460098c7bbb673fef3e1ba40fab6a1db988e83d97b87345f7aba94563758da1738166b94a57f9c40c7170741adc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc8ff4b395a7139a63396a2e04183360

SHA1
b1fad9f150e79e476245a3be78d0a3b3f248078e

SHA256
3277a3137a25a0817dded2fb2154d34fd89c806de5dc8ec1958fe5e49d04063c

SHA512
530868f4e24ee9c24b955b96588f86e7e9f9b0522c9685ec99f80b5c9218bda93322c2c983e5c8b06c9536f4a124322225c0014e0040cba43f0bef6c36996df0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b096ae3894acb72e9b1ba9103700f54a

SHA1
817d40363863113461e60a9884406eb038ccea6d

SHA256
74afa00b21265053d55d154d0619021b3e106f03b7831a428ae935f274f39582

SHA512
41c0a7e119dd23e8f6b30c5c81e094ca181345009fb49697c25463a5749659c040267d122b113ab5118a36371b5b83eb7356afb5aed74aabd4122768d512b6b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4E8E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4F7C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4FA0.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\PROGRA~3\3blv.dat

Filesize
120KB

MD5
bfb314e32e4f6063de39d9aa34ccd540

SHA1
8be68d7368d01e72e0c22138c2b6b34fb8fe1835

SHA256
a661b5a73ce07f4a0383d639de64c455b99fab270032f52802c952888fc0090c

SHA512
3a195991815e298cf2b73d1ba9b93c923a7acd3c4d2ed2decc538aae3e2043a71081ed8a6d30f02204d5fa2507683083a83308cbd57e8680611dbf5265293dd4

Download Submit
\PROGRA~3\rundll32.exe

Filesize
43KB

MD5
51138beea3e2c21ec44d0932c71762a8

SHA1
8939cf35447b22dd2c6e6f443446acc1bf986d58

SHA256
5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124

SHA512
794f30fe452117ff2a26dc9d7086aaf82b639c2632ac2e381a81f5239caaec7c96922ba5d2d90bfd8d74f0a6cd4f79fbda63e14c6b779e5cf6834c13e4e45e7d

Download Submit
memory/1516-6-0x000000007AB00000-0x000000007AB33000-memory.dmp

Filesize
204KB

Download
memory/1516-53-0x000000007AB00000-0x000000007AB2B000-memory.dmp

Filesize
172KB

Download
memory/1516-52-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/1516-17-0x0000000000240000-0x0000000000273000-memory.dmp

Filesize
204KB

Download
memory/1516-2-0x000000007AB00000-0x000000007AB2B000-memory.dmp

Filesize
172KB

Download
memory/1516-1-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/2368-43-0x000000007AB00000-0x000000007AB33000-memory.dmp

Filesize
204KB

Download
memory/2368-49-0x000000007AB00000-0x000000007AB33000-memory.dmp

Filesize
204KB

Download
memory/2396-541-0x000000007AB00000-0x000000007AB33000-memory.dmp

Filesize
204KB

Download
memory/2396-44-0x000000007AB00000-0x000000007AB33000-memory.dmp

Filesize
204KB

Download
memory/2436-552-0x000000007AB00000-0x000000007AB33000-memory.dmp

Filesize
204KB

Download
memory/2436-51-0x000000007AB00000-0x000000007AB33000-memory.dmp

Filesize
204KB

Download
memory/2436-1042-0x000000007AB00000-0x000000007AB33000-memory.dmp

Filesize
204KB

Download
memory/2436-1052-0x000000007AB00000-0x000000007AB33000-memory.dmp

Filesize
204KB

Download
memory/2436-1057-0x000000007AB00000-0x000000007AB33000-memory.dmp

Filesize
204KB

Download
memory/2504-18-0x000000007AB00000-0x000000007AB33000-memory.dmp

Filesize
204KB

Download
memory/2504-42-0x000000007AB00000-0x000000007AB33000-memory.dmp

Filesize
204KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads