Overview

overview

7

Static

static

3

3a3cf39276...18.exe

windows7-x64

3

3a3cf39276...18.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

3

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

7

$TEMP/remote.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$TEMP/sobar.exe

windows7-x64

$TEMP/sobar.exe

windows10-2004-x64

Analysis

  • max time kernel
    118s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    11-07-2024 18:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $DESKTOP/ԱմƷ.lnk

  • Size

    1KB

  • MD5

    3801cf5240ef322de5fb53224f763068

  • SHA1

    e4286f9b6e5986b6a237bc70fdc03e8a36287e11

  • SHA256

    23dde6d591dc39c8b7901a49ce2edbe1591ef2b68d69700a4c81fd741f2d714e

  • SHA512

    3d26058c20050e236cb78533485dc2dd02ed6be0ab7037e8eac5916b75abe189d38f57ed45899787cbe69318ec4d6763633d1a8a96600fd0b20b83aaa9f03ef4

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$DESKTOP\ԱմƷ.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2924
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.wagabb.com/taob.html?desk
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2044
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2044 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2536

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c16ee6802d60bdc527b545698c0143df

    SHA1

    b714967eae71821378357928fcd22fce4fc5380d

    SHA256

    8f32fabf9708701975ad75ac246c5fa4052ecd534a0bd5aff67b6a98021f52e8

    SHA512

    5f26b40d724ff53c481fb100b70dbb3faa7e6054634ea672a3d1274935401e749032bac51e98ce40f0fcae55193aa455ffd953078a307bef67cfe5c20f24a3cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca6b5ed451ae3361d888ced9941b1210

    SHA1

    36ce2e5acc673ec112a86e2adf1372c17fdb44bd

    SHA256

    dcaeefa205951da23877d93316ae1986ece7a8426d3830aaaf918278514ba359

    SHA512

    3c2c0fc8ee17fb7c97bb3378f147f618efbe911c9524e712f77d037574b3f3bdef821f7a48a1d1e8a39de002387a186cc805f108d81b2172e443c6a3375740cf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9232fb22ec24df079249510df2eb9958

    SHA1

    e6886280a23a89905b855391ad2d9ed6b751d3fb

    SHA256

    ad6f553128b250743f210d809c2615e9fb5c97a9a6a68315ccb8ee86032654f0

    SHA512

    341d7a543284f2c4408a0fcb8052d393eccd4a5a62cb38d1ce9fcb50916f7cb0a015d0dfbecd1b7fca409650272762f28add992df0460dd4418e1af094315823

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a730b53f64aabe146884003369ccf229

    SHA1

    c78b982ab5ff379cbd9d21cae02f664d7bda8f25

    SHA256

    97477c088843ca28dde5f1776da2686919c363f067d2f926ff3ac3456ee0c058

    SHA512

    00e8885ebe1c6153edde7e59dfcd563ec303d545ab5c7f7fea98b73244d772fbcc0fedabbd38109501ccaa904c0548e8c202fb495c21997e9ea2a080370ed787

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    92786e185e884c022008d3326eb2d725

    SHA1

    305f4a187a83b57e44beb00df4dd5d9e04b55f88

    SHA256

    018f740c0458a1b92b733a2833cb029a7f58dd3d517b98df5b6372fa6e6e5635

    SHA512

    d920464ec88f655e484a528fada06bb691f478b5a5346d38e813773e2e438b7cee0968a4c837dd16b3f77a9dd813cd5f90819cac90fd67a5ebc91c62ef840988

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0bc0fbbd4ea160a6c1beacf8529542f9

    SHA1

    9a0561333086844a885e620828a948f899deda21

    SHA256

    b664cb7c60ff64d6ceef4eafeca0220619b62854b3ec787bb0e1ad3e4a743c65

    SHA512

    39dd7a47ce9991fed4e0ee7f442476153ba527f77cf94d441fc33677a2e00c01440412c98f3759466d5754503e2d22f6d381f211f8229e61aa2ce297299998fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c599550eb8ace49432ca722ea735ce67

    SHA1

    90d35feb92746ece8819f3cb0383b2b10eeada60

    SHA256

    7de779a299e88fb1003c4b74d95d33f53d27184a9c79092d41ecc21c5045718a

    SHA512

    e411af42d6bc4711235ed7742340b6d7bc1edb311921dba2aca49c30bfa873edcfbe51553435b3b3fb31b5ddfec653c852f687557df2d02367ba01e82b09d10c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d07ec8be4a80554940873e8f209c7e02

    SHA1

    df91121606fb457d0b1b32a2f3a2228ea0886529

    SHA256

    bee886193aa89bdb55749dd57b94c69922130a81b6ff502b72404537403dff5a

    SHA512

    ea4918dadb53e67e95877733afb91993e43c1571b182e2f7654c960d1c4256f63587726b85f5b4f72f10501d12fe4bed8492ebb8a416c09297ab9517eba8c0a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    502ab4f053459d833a96227f66efeb3b

    SHA1

    ef8d25760e82986da5b9020f1d63d16d6ae6ae13

    SHA256

    f0807c69ef6eaf4e01be603899b1eb82885130c1c9d238fded79e3069fe806f1

    SHA512

    fa64d8ac6f262c0510323f81ae575052e9a9d20e3eb60732a9e6d7feef309cf49a8f02128d407e529bfa8227cee2548594eeaa5c93fc3430d558d94879e15be7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7d0c550777f39928a2d093f6b9190bcf

    SHA1

    1c3901f6854275d1c4207e840a453a8f3ee0ee97

    SHA256

    0f7c87a79bf259f1aa8ee57f66f38b3d96c0f066f4728f13c86ed097a33ca7cc

    SHA512

    230adc4536b885d2b5c4d55708a4b6acd1410f74c2d38cd9238bdcc7a3506f4b9e11f8b190c7c771060655d3b6222bb092df9aaac50893687a0937ee3705cb9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a79c0f56efabf4c87f5b2360de0ae104

    SHA1

    a126b72c1692e21ad9f3a61782749b8d060654b6

    SHA256

    573324877ed991bc33e51a80efb32c1b2965fd24b4d97996f9094a655a8c89c5

    SHA512

    879a55e9a6caeb33b69695b2894b1b22412bc8dee2606f1d79471807059f741c17cb447ab3aaa3ffddf7617898bd00262c844ea378c17eb328b8d34d920ed964

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    28cdf2f9f496393afef6a8c9e406be05

    SHA1

    075b66ce693e535d81b000718ce02a7fd15dab3e

    SHA256

    6620267c8c566a3d25fe5938185ab8e6a80e662cc8cbcf5d4ac8e6978ccbadb8

    SHA512

    332f29cb188a232dc9fd97be7222844f84c6562d96b5d3746f3094a561bbbd3a519ef6ff54b8e32dc1cc578e7a6bc508020dcd5ba3fe61d2ad72531491952f69

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e161abcfa14375d716e9cc7714448ed9

    SHA1

    157bfe97cf2d7115e3225ce01d18558e75f11e36

    SHA256

    e55360889a0e7e5181667709605bed2c14abab50c788dec9f3bf91eea8852606

    SHA512

    301ddc4b2f184593a554faa17601d1f84cebb0a2407ef726ce0b067f723683e325ef167bdccb51a6eab23f97967ad14f79d5937ff8310403f0ad25590ba170b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    806e47f788d4094a69ba010c8851d91e

    SHA1

    9664f24d75dd93be16c2ff22dbb8781b1bfddab8

    SHA256

    766ac33f6db2829a9a780d87824338e56ad2ab94413769ca8c4c8bb781341919

    SHA512

    eb6bd99ad1e034383a6db7519711a964d8d86d01d9edf1b8501b36aa900d7d1d8c0179b2665455a25024a774a991eb082f634b8e38a925b56a9f1310ee1da941

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f7f621c6d2b3d35c972b93b58324bbc

    SHA1

    adcffcdf1e9c524f466332ccb03dd6aa086d8c69

    SHA256

    deb8bc4e836ce1cf1db6ea72c12ac58e32ad9d10793b49b847f04d82d222bd41

    SHA512

    947fa1da2599397f93439eeef327eeb3e70dfa3de15900a24b1c57596975cc3d668c26cc1127fca314acf0d153560c332794efca5a5783ad5501385d30082f27

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    74b7bf4ccce796fab7568341485e2950

    SHA1

    f8746efee78513ea552d5849739d609c1cc94805

    SHA256

    93851a90f8c907089f91adb84e97039435e1509f29bdeffbcd0d0f857feb3b51

    SHA512

    5b7428d6d38a0051aa41fa7f14d39543ead4baad4264f380526bfc5f217c93de1253c2ae447ad1bebdba72ee272acec11550a69010cec79d43f01230fad52527

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e4e1020428db1b24f40e7c1f457f156e

    SHA1

    9693ae3986de144c1c03187db49a90bed2444e02

    SHA256

    1afb68736643755eaf239cfbc5a37a5f830bd0f4c89b536e53321a578f6a3cb0

    SHA512

    0ed973376dac9ec99517586e6daff29c851f7799ba0afcda15f5504570c344fdbd66fcc700850e76a7a9d0715b87b0bade79581849c6aa07b25006b0be8f24c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    579a5d595792fa40487da4790f77a2ba

    SHA1

    6e9b2ba11471e1417d78793c99a1528994be5e8a

    SHA256

    8105c467f0bdb73c290ebc8ba2030742553f658644e12dfde28ee3220be50222

    SHA512

    647724bf38ccb07cba92b8f105e1e415ef643febcf4ecba130b280503c138e0d196fb2d63bcbeeb26286f2be62648d427880651043b4da79bad51b4cf80bbac5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabEB2.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF24.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit