Overview

overview

3

Static

static

3

ATTENTION_...Y.html

windows7-x64

1

ATTENTION_...Y.html

windows10-2004-x64

1

README.html

windows7-x64

1

README.html

windows10-2004-x64

1

portable_m...ch.exe

windows7-x64

1

portable_m...ch.exe

windows10-2004-x64

1

portable_m...sh.exe

windows7-x64

1

portable_m...sh.exe

windows10-2004-x64

1

portable_m...ch.exe

windows7-x64

1

portable_m...ch.exe

windows10-2004-x64

1

portable_m...an.exe

windows7-x64

1

portable_m...an.exe

windows10-2004-x64

1

portable_m...an.exe

windows7-x64

1

portable_m...an.exe

windows10-2004-x64

1

portable_m...sh.exe

windows7-x64

1

portable_m...sh.exe

windows10-2004-x64

1

��� ...��.url

windows7-x64

��� ...��.url

windows10-2004-x64

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    13/06/2024, 13:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    portable_multilingual/3D_Roulette_russian.exe

  • Size

    784KB

  • MD5

    5017e508840854487e97d49a77b683b7

  • SHA1

    abb57b5c1172fe8387c6f4f6615ac0fa30f88058

  • SHA256

    f48376cbac81653459d6eb6bbdfced398828d9b893a898da06ad74cb869c057c

  • SHA512

    b70e5a5a101a2b02a8acf2491129265fd1221ed73e7c96c4251487e8701cd4bdb0225bc923b4f29b1ebe69b40e3fd9a366a7b8d4892bbeb791bc55caadd999b0

  • SSDEEP

    12288:ZDRV3eVEYEIn3jvTihD9soLygPJxR7fk4cJd822t4XI5smeUTffnZgoij5s:ZDeVE/InTvTiBfDJxNsRd8XbeUTf/L

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\portable_multilingual\3D_Roulette_russian.exe
    "C:\Users\Admin\AppData\Local\Temp\portable_multilingual\3D_Roulette_russian.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:1860

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads