Overview

overview

7

Static

static

3

1c18452b19...18.exe

windows7-x64

7

1c18452b19...18.exe

windows10-2004-x64

7

$PLUGINSDI...RL.dll

windows7-x64

3

$PLUGINSDI...RL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$SMPROGRAM...Ø.lnk

windows7-x64

3

$SMPROGRAM...Ø.lnk

windows10-2004-x64

3

IFC22.dll

windows7-x64

3

IFC22.dll

windows10-2004-x64

3

ReflexiveA...de.dll

windows7-x64

1

ReflexiveA...de.dll

windows10-2004-x64

1

Ricochet.exe

windows7-x64

7

Ricochet.exe

windows10-2004-x64

7

readme.htm

windows7-x64

1

readme.htm

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

ÐÂÔÆÈ...Ø.lnk

windows7-x64

1

ÐÂÔÆÈ...Ø.lnk

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    01/07/2024, 18:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $SMPROGRAMS/ÎÞÏÞµ¯ÌøÇò/ÐÂÔÆÈí¼þÏÂÔØ.lnk

  • Size

    344B

  • MD5

    4c2a7c403e0c28333f645a363f606da8

  • SHA1

    fe61f5e318e323fab9af329245e4bba6128aa5c6

  • SHA256

    c755fd0b870f2367e644f899afd720c4aee7b019b5584a14421c407e7910de14

  • SHA512

    8516481f41413d3ec958a07af39aad889840f964d7cb1f8027142f9c65abea9821e3bf2fcfdd9fb2b1c676031d3096d478bf06586deaaac05a7d451b0c2146e5

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$SMPROGRAMS\ÎÞÏÞµ¯ÌøÇò\ÐÂÔÆÈí¼þÏÂÔØ.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2432
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.newasp.net/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2700
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2924

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    04b44faf68e9cf2c72574fd777b3827c

    SHA1

    7829f0292bf138d532a1ddc3a2148cf4952ee664

    SHA256

    da4cbca62b09088f312ce497fbcf2845b3aff53eb999b2dc4663b0949bb78a1b

    SHA512

    b4fe36de79db0dd9335a14cdfb0c4d135554caae5298a2806a3c37c49db6e2990287c97140a6e855742b4e1a8916a26a15389d18ffcb7c19fe0a725593f41ec8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df99519589b5fb30ae3c954b9263d92f

    SHA1

    2f016e52a868928f3587691365ce66fc27c69dd8

    SHA256

    28790ffe1bb2e5a2813e9688358a3d14525c4b1cde20e910a89f24060a0bea23

    SHA512

    4b943b3e234e95ecd68337ccba6d222bc0b8881249bceae141fbe0d2338d699af28d0db8eceadac33b74ce976997fb4db3b158bbcfb9c1c7feb4d6b4e095d580

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f78f007cb86523f9b9ec3d65a082a4ef

    SHA1

    cdab978f50c6d266f1154feb77423f7408308c1d

    SHA256

    59c458c367d2613414b417247f3fb08acb686143b00df7cbda0f0c877357966d

    SHA512

    4bb8340fcc91bc1c20f290e6a41b89cac3f7e2b4bca1bba29b58bef5845bde1d216cd1cbc4f03fafe42e9c4bca25169cdabfe842862f42d054132326656bb515

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e9d6a1b5cab0967f62ba1815169f4092

    SHA1

    dc1a1f879ad55528c5e3db9c0e01cbeeab7b9b07

    SHA256

    143114059e08e0a94d0462ccbd77085520a0ebce8d3a72350a9f6ffb5f4831a8

    SHA512

    96e538567076be032f7b4890ccba0b044b5248d7c9dca9ea55244aca0e7d93a3e5c9cd934a78313e6af76f27c64db7376bdb29d429ff8bb58ff1c667bbff5a45

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    593a20c45b32cb3a682933d8268137e9

    SHA1

    f374116466c48d89d97de653123c5d0848a2b9f2

    SHA256

    6307f787061ab72caa28fb220264d91ea0bedce1f99a524d59ff42f2c6b8e4e1

    SHA512

    bef4cd2db22313c654db91fc7e901c0b35965cfd2042d97ce665003233f81f49f04a00c737409b68b3205147f7a5371c1323ad724b66d7f33edb5335262448b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    94d23062701c0f72dd532b59bbd285fa

    SHA1

    bce0732d25acaab92c254b4663fc6cb770f35be5

    SHA256

    a7f60654a6a4dcab570512ba1eb13e6792d738a8b610606c7fb794414ae5bbce

    SHA512

    9fbf0ad3f42f3909befd42fd55e1210979f5de60f9cc6f559b3b953352e92c265fd451aba57d2af301b5629f2ad28c84c6aa2a719e3f4bedc7cd10950e77e941

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0bce890efa6d4238d869557836a72a64

    SHA1

    0c894ee6d0f878e5a10d12185916750dd8435401

    SHA256

    3e2c0912e507c27fe225522c4d250734fbc79f8bfbedfdbaa59b3660c575dc03

    SHA512

    755635a0f6ae417294a721ea54f4ee335e191aeba6772ff3a05855d9e1c7f9673dd0e2c681a196f35106f35bbed149609ac8f653f5916a54e351a790a16c6585

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    029cb4768fb12ac6133a2af3e1beaa84

    SHA1

    6631b31d4356813acf6eb469659c67630ba4fe51

    SHA256

    86365f98860d452dfd12fb54464b78423875e59d59f29a10b6b275add449c6e6

    SHA512

    efd856909eef4ed8f1e3722c2932bc642e228b51fdd608183c23351c942569f18d3dc6442e476a86e0aee2edd1f5f2ac55e0b7920c287bc65172e3f814822e50

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    084acf176a35127437e6637990654b53

    SHA1

    1cea4d32d671a888f09bd73ce63f25b2d2410c0c

    SHA256

    f622024ee0b0380bfb2bfe5ff239a53e3b3a3973992785e29586cdfd15cd166e

    SHA512

    830efb5c7d73e400495141e568289fe35b6d109e7b481406c65546a9aca91eb8a52d0ad19b0a0077b06dbafd2dae4f275deacab0bac998dc8d96640d4f1a4b62

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cdd27a612b56bd8cfdc5c2fe958bf9d9

    SHA1

    37143085ce000d52ecc9894f959859f9d9bf456a

    SHA256

    62d6b3bb8f22c9ca8fded0825e158d5653d46a64d17285a5dd9cc73d9d6cb076

    SHA512

    a6f2e758f30d8dd2fbcb52cc529ad2ac747b7bf879efeca4d510330f937220f36360052c252cf73c46ce4d067010a00e3c702af00a5085e96d69607aee057c02

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c81db15ed59a971584feb29a3786ef8a

    SHA1

    330b0d039509ac7c7c83559494e9b8e07555af16

    SHA256

    4de6accfa4f1551e2765ff2fa0683997f2514fb3b1c2201c1d1cb0300839ddfc

    SHA512

    d1dd0e648808179502ff91008526c13de60a4af1a033864e38eb46d155089031437692cb84958c2fd8d43fe695223f4b6a32d63af58d1630dfb57a4c6c37a94b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    69873cde3b9a3281c625c19c75eebbd3

    SHA1

    88a6644df1c40a00d2b4e66bfebe79aa6d295a84

    SHA256

    2f86cace77f4781b284a785d0dd99fb4ec68686a881d220fc0c713bfda96444f

    SHA512

    04aba4da6fa04d3a931097e322c1e4fa6aa3504270a62d42d57f419a37ef74be68e4e8904915fdc4db6db89a9b0a95defc22af5bb04ab3b7ca73bc7e34b83e37

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1e1880e24ab600095aba238e56965fca

    SHA1

    58fd8ac8c930772ac2abde4775dcb6813efaa583

    SHA256

    cd1b427e83e3502bdf48eb62a7f4d99e0c8497faa1124a4fdbff3372e708b3d6

    SHA512

    268899970fb8c7e76662278ae79a8e7b88d7d29a4d013d473b81fab806c48f22ab8cead95b6efd8f6fd422273659ddb6d1263a1a885e175117dfe006bdeae159

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b2c995a2b7b8153e06b57659bf8f727d

    SHA1

    6445e2a4709299234554e2c3f2f14a5c0f7cf71b

    SHA256

    4a9492d5ef96c546c3f24534f9112c137b86414a97c2085fadf6d3d7fc5df6af

    SHA512

    1721c3c9168e3aee3346cc39dc0542ac90ad873e43b3d349e35f7f9a032422cb54ee922a4170a1ba0d10f353ab3ce649bd7c57cb16166c745ec646656b4f762c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6f2bc9cbb3b4f2fade312fa14fdd807b

    SHA1

    9cf1fd887802fe46f07a350ba56de1d7bf7f35fb

    SHA256

    0b48e8ec36df26a78b9a1efa33359af5c477a07281222e3fb9f139b38ba01e3e

    SHA512

    2bb4d0e6c1595eef30c194f47493500c94282f61c7a0a8c89c7182ebded9c0593da5de6015d023b702e9a9b6555df1210a28dff43c2c0acc824648a956dd24f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a7bc42f35e62550853164e411390c6df

    SHA1

    6b63f6421244a132d8118dd79e9514fcc82c372b

    SHA256

    98376cd304a49734e6124bf8f203c499b3a3926da6d15c5e1955f67f96f897ac

    SHA512

    ff7be0ac5f18ffa86626cdf77ed308a752667f785614ad86b2aa151670650dabdd81332487ffa9981a533fb59522b0671c9178e86c78f011100a7eeb40e83ce6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    85edf2bafe4494081e409e00c3e0add7

    SHA1

    3027295f03ee0a8df1a23e15d2e0c95a3ec512d1

    SHA256

    c81fa782bae4fb1fd7ab4ec1787ab21f60c6274bc4468994bc54f4a7a7fbf590

    SHA512

    f64c3a63f5165047408b716820e3910651915b67f44c4b720a4a6ab24442e1d2b39e26d144b39dfd867fa69f9dd2792495834174cbf698e70392b6a6827a8251

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab48B6.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar494B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit