Overview

overview

7

Static

static

3

MasterModz...CK.dll

windows7-x64

1

MasterModz...CK.dll

windows10-2004-x64

1

MasterModz...dz.exe

windows7-x64

3

MasterModz...dz.exe

windows10-2004-x64

7

MasterModz...et.dll

windows7-x64

1

MasterModz...et.dll

windows10-2004-x64

1

MasterModz...n1.exe

windows7-x64

3

MasterModz...n1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    2s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/07/2024, 21:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MasterModz27/vietclan1.exe

  • Size

    999KB

  • MD5

    74875414286f38026ba797089abcc4f1

  • SHA1

    77455ecc3f3e1db1249bdc214c254196ecec0120

  • SHA256

    0ff2fecd3d8db67aba33704e7a6cbc92ccf8381ca04616dc6078427428f28d92

  • SHA512

    1b25b62423acbdc9159c4475b9bbd2528d39392dde4473a6cfc9ab59132349499aee07b7abc0cf4d9e6d61f213888799bc034987e66d212b1a5fee43fb765b3b

  • SSDEEP

    24576:1tviYFCFAbEj390uf8oC/mgkrNEaEEmcuRAo80PE:P5IACdf+jaVfJ

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 24 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MasterModz27\vietclan1.exe
    "C:\Users\Admin\AppData\Local\Temp\MasterModz27\vietclan1.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1484
    • C:\Windows\SysWOW64\RunDll32.exe
      RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 4351
      2⤵
      • Checks computer location settings
      • Modifies Internet Explorer settings
      • Modifies data under HKEY_USERS
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4388
      • C:\Program Files (x86)\Internet Explorer\iexplore.exe
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -ResetDestinationList
        3⤵
          PID:5016
        • C:\Windows\SysWOW64\rundll32.exe
          C:\Windows\system32\rundll32.exe C:\Windows\system32\inetcpl.cpl,ClearMyTracksByProcess Flags:4351 WinX:0 WinY:0 IEFrame:00000000
          3⤵
            PID:4820

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2IX84YPE\NewErrorPageTemplate[1]
        Filesize

        1KB

        MD5

        dfeabde84792228093a5a270352395b6

        SHA1

        e41258c9576721025926326f76063c2305586f76

        SHA256

        77b138ab5d0a90ff04648c26addd5e414cc178165e3b54a4cb3739da0f58e075

        SHA512

        e256f603e67335151bb709294749794e2e3085f4063c623461a0b3decbcca8e620807b707ec9bcbe36dcd7d639c55753da0495be85b4ae5fb6bfc52ab4b284fd

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2IX84YPE\httpErrorPagesScripts[1]
        Filesize

        11KB

        MD5

        9234071287e637f85d721463c488704c

        SHA1

        cca09b1e0fba38ba29d3972ed8dcecefdef8c152

        SHA256

        65cc039890c7ceb927ce40f6f199d74e49b8058c3f8a6e22e8f916ad90ea8649

        SHA512

        87d691987e7a2f69ad8605f35f94241ab7e68ad4f55ad384f1f0d40dc59ffd1432c758123661ee39443d624c881b01dcd228a67afb8700fe5e66fc794a6c0384

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\D5DFSS0T\errorPageStrings[1]
        Filesize

        4KB

        MD5

        d65ec06f21c379c87040b83cc1abac6b

        SHA1

        208d0a0bb775661758394be7e4afb18357e46c8b

        SHA256

        a1270e90cea31b46432ec44731bf4400d22b38eb2855326bf934fe8f1b169a4f

        SHA512

        8a166d26b49a5d95aea49bc649e5ea58786a2191f4d2adac6f5fbb7523940ce4482d6a2502aa870a931224f215cb2010a8c9b99a2c1820150e4d365cab28299e

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VLW1SL5J\dnserrordiagoff[1]
        Filesize

        1KB

        MD5

        7e81a79f38695e467a49ee41dd24146d

        SHA1

        035e110c36bf3072525b05394f73d1ba54d0d316

        SHA256

        a705d1e0916a79b0d6e60c41a9ce301ed95b3fc00e927f940ab27061c208a536

        SHA512

        53c5f2f2b9ad8b555f9ae6644941cf2016108e803ea6ab2c7418e31e66874dea5a2bc04be0fa9766e7206617879520e730e9e3e0de136bae886c2e786082d622

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\windows_ie_ac_001\AC\INetHistory\desktop.ini
        Filesize

        130B

        MD5

        941682911c20b2dabecb20476f91c98a

        SHA1

        0b0becf019cb15e75cdfa23bf0d4cb976f109baa

        SHA256

        3fef99e07b0455f88a5bb59e83329d0bfcebe078d907985d0abf70be26b9b89a

        SHA512

        a12f5caf5fd39cf2ae600e4378b9296d07787a83ae76bc410b89182a2f8e3202c4ca80d811d548193dff439541de9447f9fa141ebfd771e7ab7a6053cb4af2b3

        Download Submit

      • memory/1484-1-0x00000000001C0000-0x00000000001C3000-memory.dmp

        Filesize

        12KB

        Download

      • memory/1484-0-0x0000000000400000-0x0000000000AEB000-memory.dmp

        Filesize

        6.9MB

        Download

      • memory/1484-41-0x0000000000400000-0x0000000000AEB000-memory.dmp

        Filesize

        6.9MB

        Download

      • memory/1484-43-0x00000000001C0000-0x00000000001C3000-memory.dmp

        Filesize

        12KB

        Download