36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Resubmissions

13-07-2024 14:14

240713-rj57ratgjm 1

13-07-2024 14:10

240713-rg151swcld 1

13-07-2024 13:51

240713-q58z4atbml 4

13-07-2024 13:19

240713-qkqysascrl 8

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
13-07-2024 14:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

target.vbs
Size

1B
MD5

7215ee9c7d9dc229d2921a40e899ec5f
SHA1

b858cb282617fb0956d960215c8e84d1ccf909c6
SHA256

36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
SHA512

f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs
adware spyware

Modify Registry
T1112

Processes:

helppane.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main helppane.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	helppane.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

helppane.exe

description	pid	process
Token: SeTakeOwnershipPrivilege	2832	helppane.exe
Token: SeTakeOwnershipPrivilege	2832	helppane.exe
Token: SeTakeOwnershipPrivilege	2832	helppane.exe
Token: SeTakeOwnershipPrivilege	2832	helppane.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

helppane.exe

pid process

2832 helppane.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

helppane.exe

pid process

2832 helppane.exe
2832 helppane.exe

pid	process
2832	helppane.exe

pid	process
2832	helppane.exe
2832	helppane.exe

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"
1⤵
PID:2876

C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\CompareBackup.dib

Filesize
708KB

MD5
fb8b8583aa41631184b19244bf90fc1d

SHA1
397a9c91aac383c4501c222f397040b65d4c29f7

SHA256
e0f375bad9be5fa1dedacb3084dc4b478f16fa6fa079f1338409239e9a8f7edb

SHA512
3774ce8b91780f2165d88e41688cb393ff9fa70b5a8609d8af105992299410c88283badaa7cb58254cdb0b29b6ec470e7685329903f8324ffe406ebc88984a14

Download Submit
C:\Users\Admin\Desktop\ConfirmReceive.otf

Filesize
615KB

MD5
9c4600edcb6e2866aa2a768ef62bc696

SHA1
62a1012adaa5369fbd24f80b6ace47723e68a514

SHA256
bea4458d92e6ad2b3bea78a41eefaca07cf124f6d595fcedf8958e6ea1a7a5d1

SHA512
e022c388c02da693dd73ae9c42e9d4768d0f4130e1284da3a6f75577ebeb6ab960c3cdf6b5a05c8bf34577723699a31d0df077631d45f43b93a9eeb4ac872c5e

Download Submit
C:\Users\Admin\Desktop\DebugNew.xlsx

Filesize
12KB

MD5
3708e2b6a205837af7f04f32c05709e7

SHA1
0bfd273dd6cc7e7d4ac5e8ee2df611a5b5bc296f

SHA256
7f444ed5ffc8d52d74e6148fe1c1de14b389f45d2dbaf04782fe6580f3d12e5a

SHA512
44a471e295612fed49153ada25b7f7b18ae62404c112d415f5145833b273580920f0f5efc8cfb2b0127f5fc6d5c42732fc41ae5404376f3c4b2722b1f955044e

Download Submit
C:\Users\Admin\Desktop\DebugReset.jpe

Filesize
476KB

MD5
25618c8e15acc315424ec2815982c5cb

SHA1
fa84ca45b290e2199208944b47eb874fdc0501cd

SHA256
5d835f0f2a78f2e82e9f57db86e92126bd0c26051605a1f0633c332bc8b411ef

SHA512
3700d011ae9621d1c60d3ef0b6b6a8ebfa73677719126ec21323dcb8c6d02d9406b904f5e83de42bdb9645b2f9d8682495bb999d6699c3dbc754978e472cd9ee

Download Submit
C:\Users\Admin\Desktop\DenyClear.jpe

Filesize
360KB

MD5
db6072dc8094c6f441737255ad968778

SHA1
95e1123865c9feb6a763e44eed8759d530da35a3

SHA256
15569a19c657d712b6762d619559e93e9f35e6308e4f0e847a326c867ad9cb63

SHA512
5247a4d14faee18f2e97901dc78546f7b9cf39d777a577258801f33d3453f50d860e9462947efce5d6ee10c23aa59014c1780b61fc2f4e4fef96884af657f960

Download Submit
C:\Users\Admin\Desktop\DisconnectWrite.avi

Filesize
1.0MB

MD5
e22ad73337630d8ce62a8352734b641f

SHA1
6b3cacbfd0d4ba5e79703434c3ac074a202a374c

SHA256
4edf245865dee7e497f0ffce88eb94445799e097c8a2013005479d3bde6358c8

SHA512
b3df8ac17e1b92e8c8c5e076ae15cf0d81b5b552c08eafec3e564d3f5c55e060a81818f8edb96287f0e339b5a8562d50b90b879b59227c453758483950b9120c

Download Submit
C:\Users\Admin\Desktop\DismountTest.mht

Filesize
336KB

MD5
9f220d8668be34ed1496ae751714c2e8

SHA1
632f3545405b156ce871a4ef45e7995b28bdf28c

SHA256
8654331ce7a1ef24dac8b8ca76f3b14e7f3427c6240d639b61d9a944d1510abe

SHA512
41b6d4b319849f6bce7b03bec97cce51cf9461ab4ae0fda8d4f23ca26645bbf0a7178a7ebc24543051f55ad5926c4aa760661438562ece356c12c95ce9d9a947

Download Submit
C:\Users\Admin\Desktop\EnterMerge.mht

Filesize
638KB

MD5
006ece11f458bd0b0c5530e593791826

SHA1
49b5ce267a3f0f2db6ede77048a375b9881e8cf4

SHA256
29be9abb2c9006f1798cc1f07dcf349782fedc74d44cb5392e139f96bfe2aeae

SHA512
ed084158b31fa30b5e3ac404f0d54adedf610e6a47fea8966a447627eacd119bbbafc28ba95774e70c897284ab7d80fdaf9d46487dc6365d707f88de7cd19a85

Download Submit
C:\Users\Admin\Desktop\GetConnect.wax

Filesize
313KB

MD5
4a1d7269df9c62848b958d87213f1f03

SHA1
9b26cc614a3f1a61ef7288a7e744a0565b5de14c

SHA256
8083a348cc334b6e5e0c6c9e161cff6322b3497d632ba66f44d7c8ad79f8cd5e

SHA512
58a750805080c29e1b819cf03f6f6ca9ef5fd55587740530c908b4afee8862f90a369a336b231e8a448954f34b736d0fa40c80f26668f9e5b677a878ce1c41bc

Download Submit
C:\Users\Admin\Desktop\GetMerge.TS

Filesize
267KB

MD5
9647e0823d6769c10790597992ecfdca

SHA1
3f680f7f1008eee3fd80aca17559d5df2deb758b

SHA256
e0006323231d2ed046ac6cad63e1937a12514fd846b78bbd680519a58d504d48

SHA512
a2571d991387aaa5efc3d3f9371791be818cec414d0b5b873cbd872dd8567791e54c13f1e30e77723295504c4f97931b4d2657bf93c6c56b3626a45d4d27efa5

Download Submit
C:\Users\Admin\Desktop\InitializeConvert.wmx

Filesize
406KB

MD5
4d9fbe7f344758792b24d3b4678cfc27

SHA1
a623b3d7199a9a53cd32e7d01ceb1b82e7849a15

SHA256
1c6ffbe7ca76e9e5faf96d8f3ff589d894202902a6d47dafb81caea9662783c6

SHA512
49b4a16ae12f28d2ba223fcc12fe8de2ff723b7c440eb4b71be075231c0fd9b79e4a819d81b4822eb6540284a8242c918e2caac734b43d4f6547eeea991264c8

Download Submit
C:\Users\Admin\Desktop\InvokeInstall.mpv2

Filesize
545KB

MD5
4abc539c4517251d4b3a0c4bff1bf8da

SHA1
ce121b52c3798476d49efef2d299939d6eb3783e

SHA256
e5390f6dfc47e469006ba031edeecb7b7f40553930f472b41d30e6e97cf8cdfa

SHA512
ab43856537db69e94df0457ecce691510f054c32173af46edc9211099641f504deab2ae964341c166119bcdf7778295e6341bcb3df2505090756ebe1d0704fc5

Download Submit
C:\Users\Admin\Desktop\LockPush.cfg

Filesize
569KB

MD5
b4581e0ce22c0d9106e5c707da587d30

SHA1
180a8781224ccec32ce0e26e738cf648388bd027

SHA256
0bfec270a616b8bfe02a33bb037aece096725ebce34e60217335bd48dbdd9eb4

SHA512
4e0a1ea9767edb02b26d54c37a9fb7053347b25da756cf790341804f6fa8749dfe182819f1ffeb9c3ba65b019c48d0efde52147846d926438b1193c84590c7ab

Download Submit
C:\Users\Admin\Desktop\OutDismount.au3

Filesize
685KB

MD5
7b85988f5b0e3ebef0033678b9c8dfdb

SHA1
d1d62309bc0a372a9a12ae8c60ed495e46f66b54

SHA256
e48ba734d89b629fc6f601fbd3bbcf5b036dc93c040ffe265fb53769718deab3

SHA512
45e0e85272ac1f1690eaf921a32919f8f37cf3f0445b15e141c4fc722280c7baeaa92ab582322c86e2d65e2c61368eacd4f4e3cc71e855203de3fdb0a23b29f6

Download Submit
C:\Users\Admin\Desktop\PopFind.potm

Filesize
731KB

MD5
903a762d7d95b23eea19929f30956888

SHA1
beb4ad16796471118aff22b3a764ffbf16db01b5

SHA256
ccf06649c133dd4a13db558e21cbdb807deaeda3dbf159b12a90abb1a9ad858e

SHA512
d58685573d34129b47237c0ca8052bcf5064640337271eef186926a63b1042cfaf87df5234b7bc06cf9c6b00ac26ab3bd6bf68175f8b13a66adf9e9baa28898e

Download Submit
C:\Users\Admin\Desktop\RenameDisconnect.docx

Filesize
20KB

MD5
dc0942392846f75f3df54ddea73439ed

SHA1
85aee48d8e9da3cf296e87b1369a9507fecd49e3

SHA256
3d82384887860f58f6e999698cb7065475464fd572f30c7f24e623ad5b037ef0

SHA512
cc5e8b2259d8b295cd35f40399ab1cce5615b269968311fb3ceac70a14ecb144d6b2360c85805e387660ecfc0866616ac1daef60c7c6bd6e61ea2986ede0d57c

Download Submit
C:\Users\Admin\Desktop\RepairRestore.vssm

Filesize
383KB

MD5
fd17816a405d1ad6d0f26c428203bf12

SHA1
93abe522e146f2462083e0265181a313a6d851f7

SHA256
994e26e0c33dc18a35dc0d39c97320d04909eb8223c77e4eac5418d2fa57945e

SHA512
970f99b0048f738b7e0268233db3fe2c1aa0c58b6d37bd640a185bb5313f31db4ab48f17b32a94746263f8d9a183d721f7c2e0668ab40840163fc9f19c39660e

Download Submit
C:\Users\Admin\Desktop\RequestUnlock.wmf

Filesize
429KB

MD5
0bf2353a74d94e0e0c5f6ac092f60782

SHA1
8fb14fb2476e408f681443bb322898780cb3516b

SHA256
65131a934944e0c3fa9e777b15e464572efb54c9089d0ceaff62ea150eaf19a1

SHA512
6a1de2487575d91f282f44f03b8786b7dd1e4cce6e86c35fdc4334a997954b759a77948561859b5a4deb6c1b1a251e591137c95b07fc2a1bac1d71658ba0c970

Download Submit
C:\Users\Admin\Desktop\RestartUnpublish.crw

Filesize
499KB

MD5
c82556325dbc5061b4eeae230b1638d4

SHA1
039df6b8c50f2657c5004d377bb973a5fc8ecdc5

SHA256
3b14517bfdc9481f35f7258424b6b3613568ad0b87267550e81c461ddbeb016f

SHA512
93da29e9df2732de301991d9162d5ce87e1fffb7b9adc0cf2eaee4da118ba3cd299d287b86ec4f09d2c069ed9e585ad7be5e16b70a31ccd1451b04b560f560a1

Download Submit
C:\Users\Admin\Desktop\RestoreBlock.jpeg

Filesize
662KB

MD5
12ac791685983bd0ed71fbef91b648ef

SHA1
bce32eb8bb3aa8af6b35e7db770d1e8ce1c8d138

SHA256
af7f4f496b3a8e71c09f53190976fb2d38b792a1f2ce1d303bb0ec90770b1673

SHA512
ff80d82d14bc33a3977e76eb4a9318949b48cd11362eea1c4f9a539dd9958c45251c02721e8982cd23a74b8b7286dc88f786dd150f1bcefa0589a9f6789bdfb7

Download Submit
C:\Users\Admin\Desktop\ResumeConnect.MTS

Filesize
452KB

MD5
11248ddd73b6230822350cd25b6a7408

SHA1
8a6091035c9f64357a40e3068e0f9db23a97956d

SHA256
e0d7eeced497c0a9448548cd3c130348935ec8a8c6c62a0131c0a060407021a5

SHA512
751b25bc508344b49137a1d4e84e1d31aa2834748fd6af3b65129716fe9a9d02fc8b22816d845fd97fd3e9d8bb924b6add68567f85a79f1c306ed313f5ffc143

Download Submit
C:\Users\Admin\Desktop\ResumeTrace.asp

Filesize
754KB

MD5
2d95c40f55bab708478185dd377e72f7

SHA1
414538359bb016aa3c479bfa62fe25c3aef56a5a

SHA256
0b464e9f21c807708dea41ddd24df46f4d93e15a1214b185aea7db7e29c27177

SHA512
ea0c096d9ca9939cd32de7c2b59914a1985be0d3af6454041dbe589e59f9a037d3bd0b3b29c058a0556d6de4abbc8923b87a709600c2d0d6b501bb1a0ff3766c

Download Submit
C:\Users\Admin\Desktop\RevokePing.asf

Filesize
592KB

MD5
809c0d2f682dedd6fc2db50d9adbf41f

SHA1
21df654dc1f01fb7e329b9f28cc567443e628a30

SHA256
841d6aec29dc0d563215865aeae15bc50ae3602069e224642f7bf7b0870e0109

SHA512
53d6e03f6389d48f748ae4245e60d49eaefe0e73cd75e1410cdce7f0b1afd05e97de34e13c2f0b9e7836744f5293a566509089d275abd0d298ecc21e5a98871e

Download Submit
C:\Users\Admin\Desktop\RevokeUnregister.ex_

Filesize
290KB

MD5
6273bc8153983dabd20e76e0b49b4245

SHA1
aefd60770a1009b79bda2879f44b35a3d5acf63c

SHA256
5226ef1a997cb8522027a4c99a59fe952a8a08da6729bbd5f057499bf65243ed

SHA512
255dc1461bde541206cc28fb3f15c6e7d953b4b976d71ac0e0d695d16f1b9f34cd9990687693ca37f91cedd91868514e1be8c1abdf08a4acbd83474bd37d7d2c

Download Submit
C:\Users\Admin\Desktop\UseEdit.ods

Filesize
522KB

MD5
b91e747e7280e477e8438c061257e840

SHA1
481251262b07718eabc2f241350376cc44a7f53d

SHA256
b7d188a35959437c40661513cbdc6ffe3b8b54a8b3c06f42c83c3fb21b9e4155

SHA512
085487bdf3a55c508a501c8b56cf30d18cf7670717968e82c50df88d7b85cddda009e28415bdfef06d16691ee5c3b92a5c46aea1b8536660beccf03368a723ae

Download Submit
memory/2832-25-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download