Overview

overview

3

Static

static

1

files.rar

windows7-x64

3

files.rar

windows10-2004-x64

3

Vervolgd V...min.js

windows7-x64

3

Vervolgd V...min.js

windows10-2004-x64

3

Vervolgd V...min.js

windows7-x64

3

Vervolgd V...min.js

windows10-2004-x64

3

Vervolgd V.../js.js

windows7-x64

3

Vervolgd V.../js.js

windows10-2004-x64

3

Vervolgd V...min.js

windows7-x64

3

Vervolgd V...min.js

windows10-2004-x64

3

Vervolgd V...(1).js

windows7-x64

3

Vervolgd V...(1).js

windows10-2004-x64

3

Vervolgd V...sdk.js

windows7-x64

3

Vervolgd V...sdk.js

windows10-2004-x64

3

Vervolgd V...min.js

windows7-x64

3

Vervolgd V...min.js

windows10-2004-x64

3

Analysis

  • max time kernel
    19s
  • max time network
    25s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    15-06-2024 19:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    files.rar

  • Size

    4.5MB

  • MD5

    50800a4d8427d0c6ae6b76f5f9e9b390

  • SHA1

    c808af734d55153125f1eaef8a26d528029cb19f

  • SHA256

    ced082fb707d3d0ae36aeb3427dcc54b7ceb7b921c52774e993f6e525289242e

  • SHA512

    d236c5e0c9d491f57c9d9aa5c59980c6fcd772b00a3d38684617cd72612341021d44b23d01495445a707c1f7e5ca34165e0421e7690b251dac14303117c46144

  • SSDEEP

    98304:LwHun/wFNFTDxnu56DtRPpwvCRthv9rljbW4oz2z+gP78qpMC0Na/Ke:UT75D8yh0Cx9rJtx78qpMP8ye

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\files.rar
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2576
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\files.rar
      2⤵
      • Modifies registry class
      PID:2652
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2612
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\AssertUse.gif
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2044
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2044 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2596

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1724229506cb7d6bc624e2fc9bd039e1

      SHA1

      dab3557ae2f1495dd1bcb5638bffb1a80a1f9e64

      SHA256

      e2aee285fc5252eba0b827d01714492c4c5a9aaff6231f5ac01041e0d7c8f7a3

      SHA512

      11757ac1456a90956cfcb0be5626f51b8f61b683a1052abf08c9df973e49fb76d0fe47b9007b3ee7d29fd815c15a1b170f1cfa1a88675d28b4b7206cca3ca46d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      101dcb003230c84d7835683138f5d64f

      SHA1

      22f055fd4627a37e1db9f48308780e56203ce468

      SHA256

      2e7b062aca2a5d56e5cfce6ca0e1984874ddd383b6ecc6fccc7b78d1b9c1b3d0

      SHA512

      65098db5f12194165f1847dfd49e3f4607dafaddff08ada19d87e9cd8ca1a97b6620bdfcd90ff1446562c1d8d1a999043c0cfda05b24717361f185b8047dee67

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      772e19dcfe08ab2f37363dd2046aa916

      SHA1

      e7a09fed146ec7d58b48333a7d8bc0c89df36e14

      SHA256

      b7be28f19ab28abdfbfa58e8ca2fd789c2bfa0aec85c0925b626df4919fc2b39

      SHA512

      d76c278a830cfc333f4ad89654de1fe53bb5fa3ea1df4856feaba6dca0d3188c1b9e3eb80350d13e49e02b3d8625cabdcb7be1eb69139ba8e18f785bfb8320ca

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      570bf4386933838ca4bcfd02f86dfdef

      SHA1

      caa941527a09b05b4bcffb56cc918c15a8574d1c

      SHA256

      37b93b7f23139da1515a3b24985b1dcf16d3569a0b60922e3fa6877f9e12c2b0

      SHA512

      af68b0758a51ff84528297bb37e460ef6dc7f8c1aa0551c15fb76d4edbd58d39f0f2fd614acab5b35c7c73a84dc25adb58e6f3540d146b9044fee00e91bb250e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabBBF2.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarBC72.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit