Overview

overview

7

Static

static

3

46d40a00f3...18.exe

windows7-x64

3

46d40a00f3...18.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

3

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

7

$TEMP/remote.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$TEMP/sobar.exe

windows7-x64

3

$TEMP/sobar.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    14/07/2024, 17:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $STARTMENU/Internat Exp1orer.lnk

  • Size

    1KB

  • MD5

    9ffaab5f197ee38cf1fe65e19d4bb217

  • SHA1

    39ee57d785cb31b75fe79879ab5dfed14eb1a28e

  • SHA256

    6a1bfc7b4d0b3c749f9a5737f7f0253c634bdd62fe812948807c6beae039ecca

  • SHA512

    eaa04c6437eac713912a81b2e11f97cfdc38d5d5bb459d7f4ae94d140b2bd4d74685cda43697f00b6803b1b58da3bef78ca3d9d6a4b9f5e4278ff2451aee512b

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\$STARTMENU\Internat Exp1orer.lnk"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2368
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.113w.com/?waga
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2664
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2664 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2780

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4ef422995be3d5c6f24fd4832ab37de5

    SHA1

    0da791fe55f4946af6fd5bafc488d76f978ce7e4

    SHA256

    9737f6ff07ff512ed2792d98c6798e09eb96c9d4e11384c23cde722485e6b3be

    SHA512

    5b2eefbd8272033747c1bf1d3dc4bda131fa4eb982ec9fe74dc8311e5f723132c82be43fab67b9bc901e4ecce2c3ddec668ce33665f1768448fc30323882f562

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c835530908366832a39528971b5c2bad

    SHA1

    3317a204eea399526693bc84bcf5abdc3e45d29d

    SHA256

    b9ce67fc0eeb1eeff64f791d8163c00caccdfc69d1998974c108c9b4cfaec098

    SHA512

    81c7daec170621873809370c0100cb6105a4201561b16d39de06cbf27afeababb4ad14fe90a982a50a4677b03ca34085d6b42e84c2f4df4fcdd56932d09cf547

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    379e06a5fa18550e2d2d9550399baf15

    SHA1

    5c0f65a1b0e3a46b2252270fbd8435ff5d3411da

    SHA256

    0dcd3c2700de451d80a9814a87b7029720cf9e6984114c78aa9bbf124ada9129

    SHA512

    3b0a49f5ef80a02cda0039dd6ced1a40fcffaaecdd3d5d403ef7a5773518f3c0ba6a965639e5ecf462022bbcce3f2d882a4c3d40d3959096e09600a1e8f550b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e8cba00082f5aed31dfe0b25c949d359

    SHA1

    6c12af678aed16821d5b1063f9d37dab3008cdb9

    SHA256

    806f47d6fe10bad47e5a896f0ec7911a6da67ef62fc2c2f7d2f9341e19115391

    SHA512

    b3a1e5672e8c99f39df3394898cb69abdcc4887bed849077a98db61b3b99f335bbde58b9440ac6598158e76a5748abf2cd4393c2ae6793deaef4dd3f41e9c7aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    800953e3e3230d8af1d18635ef6e80cc

    SHA1

    c086b534e88ef52450694c9ef1d0828414e12d68

    SHA256

    2b16c4ea865d5ac81de38918398d574f6f38739b06df9782c718988f9f1f1500

    SHA512

    0a889c3d0097a19f688ae159636520f115763e449e5acb0dca78d98079aa43fe2e719d07ea20165fc7f74092ca292a4615b29271e201af312fb0da5e3b8922c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3283f7500d1a7056a1fdc6d354d9adbd

    SHA1

    5a35bd090850efa6d02abb2ccc719fc6ba1e1ea1

    SHA256

    b864e692772ca731c0099b58d53e61f3a30588259939a7ba9c9ffd83757e19db

    SHA512

    b4425aeb6e0be226d575d48429d48e3b2fa126f027793421cd6a9b817aa0c359f741e864bc039ec9c29f450e6bd230c9823d19c5914e6d4ac107ca3ff1839167

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    398fd26d4f2d37051f5f5f638d6da74b

    SHA1

    76dfbcd5fbe5e60b447ff0dc81a623cb2887cc0c

    SHA256

    9fa0ff7975b64ddcad254488b5da1853adbd8f7e7a960600c5a27773a3eedda2

    SHA512

    f2777f67ed19735871ee9c801496a44dedd33664f5865e5604ad4c78d853380bdff9d924e104c7f2f0c2602cdd4c9a7e23f343f7155c738be5525754ba6e8028

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    123e362d51c1303159c5658f3b645464

    SHA1

    791f2e677d533ba70bb25ae0682cd18c39612344

    SHA256

    ac7a205c1c0d80e5c731e23b3e9ceb77cf4e40b1f86a532650cbbf2390bb81ed

    SHA512

    68dfa3e4458ae349c16c5e0f90e81be75becfcccf843291f39e095e9899001ed998cde45447d1ec399eea68a6bdd0bdc40b944dc35bbec57f7e492b4cce4df52

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0e41ac0f88ecb0f5893502dec2b5317c

    SHA1

    68034241125ea3d972641fc35d91e28d9b65c8b3

    SHA256

    9d74ad7a583e65571c3526592b82603583edefd8acb7119295f5130a2a30fe74

    SHA512

    eeb753f3117b9ffa866d57117027fc86f0cd1347708dcb4b890fcc40b48f631309cea5250d1902e3298b49d7062e67266a5653ba0df8b2ebba61f2de91ae2bd2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0c096e2d0229afd5694961d9f29d72ac

    SHA1

    69bd4f06e5ca49ffe357f250699960a90f3170cd

    SHA256

    650218102119afd8cdae5b65ece601b30e71a62a4158efc75ff3ebdee657efcc

    SHA512

    ccd3babeda8f2675579e47d85d2996d3a5191ed46bddb07d4ce7f0d2809ab3f3068f5319467d8c2b92038f3121cbd88651a888c28288b2bbf568392ea2dd8dc7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cab25a874cefe51995b89d70a171c611

    SHA1

    0babdee1c162ae887ba3ab45468a3c0a8b8d7407

    SHA256

    771e455be14e96df886a2048f5f0a71d814b2f079660d1dd553a5f5cb1e8e98b

    SHA512

    0108acc7904048e82db05696715da1981658794367cf1375ed157c7ff6cfe61f4f24da239dc7afe5b23484dc5ad432a69f244c397779098f6e01243814858a3a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eeee9e9f6a4fa1978e6f34ea530ffd70

    SHA1

    5525f63e689f2701cc2a496142e5cc6542fa113e

    SHA256

    3b0b5bbf1b972a41454456615ff918553822952f2edf4604978d6075508c5251

    SHA512

    9f1d3b9da0e055a695d2220cc76e6da5800502d2dd5f22fe4da88767aa93ee893963711871846bab6a963fd25858ea7c991461bf45f8391e11ee5c7b3eec99ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bf84d2a53db4af49e518fbdc2ea57dcd

    SHA1

    3429d0d986e86081567b2a6a09d94c604b55ec85

    SHA256

    1d3fae67456e355490b922b2a4341058648346410bafda587fabe9a1ce3a01c5

    SHA512

    0eb40dc848bf94282e1c1503ce8e3351b043087e79e1b03ef32780387298e341ec0f6e3913cbf6aa03d4ba378b052363a8dde3d9a035f1bb9876681b7de6c40b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    02d34cf6e89055ef2726228099e224f9

    SHA1

    f1a4648d03efc322721c99907b40aa8f9c3c6b92

    SHA256

    8b894f35190773d7082c613327c33c0e6c5790411e7a02e3360cc939787ffe3b

    SHA512

    ee6260a2afd392d141136c671145b13be0fcc38a7ec091ad697c808697a8e4129d3a1fdc359e2a25a3ae57e057222205a89e52730c4c375e63c9b47ac09ed667

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4484e393a1dd59ef59e68dd64ae35a4d

    SHA1

    a760f4633a6ee3e7bb87f9fd3392a6b51831f9eb

    SHA256

    8a89630b368055b11930b840356813e217af3821af7ec288ac71053c45f4816c

    SHA512

    62543490324881e2d37f511bbc4997ff720c7495cda2cf45e0f1aa0d3bd037aacb1e146442fad6612aef06723dd561ba79df561f366bec4e5d8a34272ab0ec1a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ecfd7f1a10314baab332da4d587e1832

    SHA1

    f40f334c27b10469e048e6add3d78ebccf5d3f6c

    SHA256

    10c2a7e800248f0242243b0d2c6b29fc2391a5be9180069d017708634e19683f

    SHA512

    ec99410437dcb13e50e71a7a0a7044e617aa87396440bd91edcc23cc2d893fd3a771662f9779ce3eacdfb0e9b3c815539fcc906adb866a9dc9ff0ddeabaf56b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    756dca08f0d5e3d77e057952767c006f

    SHA1

    7f34dc92991386f97c41df8ad61072f57a8b2654

    SHA256

    0976aaa9196f8fae5c0b3ed6cecc205cc525fb2312106c9cda3662df2fbf9fac

    SHA512

    0b3c32cfd474c569fbea7cdaba71b9277f7eac6adbbaa44c25a1a3081c05a839f15404e0af8aff57734b8f08b365249a45eed70b8f8c382f07901c5328d2746e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4669bca93aff7fd419fff491198e6e51

    SHA1

    278bee5c83a5dc4c25e2b149c401428d03d80e27

    SHA256

    02bca69b083d0b612702f7ff02fce4e2ebe09f8dbb4ef37820f3ebc95fd0dfb0

    SHA512

    2c7ca8cf99b6be9d50d16ec4362353a830f1f59180c396d922fd30737596669bef6cb22e9eca6d3d16ecb71977ac3eb07916470e035164b1a20cf4c00b5b5a8c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    60758c69b3c2d4ab2610e8da1ed32015

    SHA1

    bcbba114964baf8ee587712847dae79105f3ace0

    SHA256

    c672e355044a2c79a9050d23acb4ee9b622c73baf17b3cbbfb09a6008dc41a55

    SHA512

    1772540793a2bcc7229cbbcc69c46d401bf579e29912d7049b38b6777ca5198f91d44cfd9cd673c05e61d3f80832f678d83d868e76d296693a1b2ff195762d72

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF855.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF8C6.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit