Overview

overview

7

Static

static

3

46d40a00f3...18.exe

windows7-x64

3

46d40a00f3...18.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

3

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

7

$TEMP/remote.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$TEMP/sobar.exe

windows7-x64

3

$TEMP/sobar.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    14-07-2024 17:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $SMPROGRAMS/Ա.lnk

  • Size

    1KB

  • MD5

    62d588bdb74e4e2e5d1689fa9272ce39

  • SHA1

    9d0db515d8f65e57353381d707060f7343a74da7

  • SHA256

    248402dd02a096f9721d61fe867fac5cacf4dc9001fa2aa6a50a59f7405606ef

  • SHA512

    cbb47f7e4227177ad39a1c914e00e0ca13209fe0839d13819299ad203572b69026c541d71c5101e4cdddbcf7786c6adf339af3e4b0aab65cb188614f646a893e

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$SMPROGRAMS\Ա.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1304
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.mai520.com/?taobao
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2868
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2980

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a648609ff81a63c791af37091fdf59fa

    SHA1

    8b5f6d44244a689549798578f0e0d5fa3112854a

    SHA256

    18d5c692a7019b57da89071068ff7b4b25427a14fe52336884e3696ae01272b4

    SHA512

    32e48c1c202f37b7bef01bf88a2e602f7482a7cda7a28047434303b9a95f3cf6669470f51903c438a27a3f60c2292fd4ecb66093fc169531ff522a07333175a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fe28a8907aabf1455dc2d1299908fd59

    SHA1

    74e548d52d7f32326525e51479a3d8ddbf3e4ea5

    SHA256

    c10a0ebd14d9c8ce77ec1b907d6bfae6c81d2ea4e5cbf22d97ac3590f3facc1a

    SHA512

    5ac85bc0adccebd5adfbd03b6a8da3f0d5d524f643b83bb04398dc633a14d27b858b4e96186a736942160fdd8f64864bbbafc57f15ea82f6145673868b8b3c94

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7cb5e72210470ee70525455f0cd03ad3

    SHA1

    2a5a414a609dac9f131596a2ef42cf5d4c7b656c

    SHA256

    063ad3ddd31e760d06190dd9001e7ef634561637a0d1b6b4149679b4b172f591

    SHA512

    b332573994959401fd7e59c53d1b1efaa762f41b269c7cc36738eef194e25d88f31f1da81e045c8e85ba241c3a91d693ca109825bf8cef6076ffd4639dbcfd11

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    107249fb938bede2e196d466c62d3088

    SHA1

    c71f6059afbbb03542f57e3375f26a4f3d6eb119

    SHA256

    d4fa670c2cb959309aa5a8d7b1e590793e1cb9927d62ad69a1f67cd9f375d160

    SHA512

    636650b90a6cbb208d408f03b3a4fa7bd02a51f1081d782093d6221f2fe8f9963af8926938ad8c5e11374b1f9b6a04deadad296bc365b03cf52375e2cc529cdc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e8a475803751a2a687600bf6bcf1f465

    SHA1

    baf64c2e6f26691815a532c1bc7164791c443f04

    SHA256

    198436389cce269be224ff5c025587c199975bdab8557782f359a07fb1995614

    SHA512

    628fc97fb33c751d7123faaba101c8c42dc6665e3572d9fa47923e76b6a607812e9c6234e47307c47f9c37dba9cfb0e0f9fd79965304a352d15bc00790166148

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e9505edb30a479a5d41801cc20cd4fdd

    SHA1

    a6c165f4780553e6498666ebf82487c5fb46e88f

    SHA256

    00304b39533a3e131f69d6bb5ac0d9ec0d6757fb9a7326d0a09eb0b802a1a3ff

    SHA512

    6705a015a25b4edcea407a3ccb0de9321c105f6741e422987420a0c371a2bbaf48fbcfe06c8077417aefafa29e0a4d3ae3e5624b5dcd85d3e9ce7e0e2109250e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3818221ffabb29e9b8d51b99559e774d

    SHA1

    c48a18b039da5b807edd6b931ffd0806d4d6484a

    SHA256

    c4b9aafa867348bc4b561059dd6b34578c2137ecd58b692d1483aee5cd69fc4e

    SHA512

    7d6cdf37be34e3502ed0adcbe0667b65e858313f2f86b062a6c957a343e64902b80db97d2a055f78d52f08950ff81a6eaf0c9f3c5c272323d045937791ad6505

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0c322f08037b3b0d225a6dade60f3c17

    SHA1

    1ca17336dec123b6724a67ea6b27e4e6da1783b5

    SHA256

    d7348302bcfbac659622ac2fd4aac17458fb4637ec68adeb902f4e249ca2c3ab

    SHA512

    251ab9611821b40c8213ab1e53fa7abff0a08ed1d41d6d1c3ee50f68be0587931f64ab3317531271fffd48a6030df6b5133a3200c8c882ab08e6513ff24f1e88

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4737ecca8d7c62976539c814d96d5059

    SHA1

    9629f44a117636d6a7dd83da13c61b168783006c

    SHA256

    76493e9bdd58685a2e274e8c424a39d4e035c475cb47f998ada71ce074fd234e

    SHA512

    4d21e281169e2cd2e677c22c3f2b7683caa3a0a90f7a55155d83b1bb59b65a214ab013223d6338313fd23639bf26e7f799898ee74b3a4f8bb403988533790117

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8f4fe8721d8409f95df8329cf2714c3b

    SHA1

    a5a848f406363afa16f60109a1db06c8bbfd2656

    SHA256

    ad946f36dbd8897b2d88c57420439faeabbd1e403b54832e1d5b51af3112cef3

    SHA512

    6012b42e82c1b0d612e369185a247561cdeeaee22be2d35fe5aa24383e15d166bd6988acf99000e1c7d3dbadc35908f7da6c61d33d0b19c9dfc3d99b3e5fdf7c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6D08.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6D2B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit