Overview

overview

7

Static

static

3

46d40a00f3...18.exe

windows7-x64

3

46d40a00f3...18.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

3

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

7

$TEMP/remote.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$TEMP/sobar.exe

windows7-x64

3

$TEMP/sobar.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    14/07/2024, 17:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $DESKTOP/Internat Exp1orer.lnk

  • Size

    1KB

  • MD5

    9ffaab5f197ee38cf1fe65e19d4bb217

  • SHA1

    39ee57d785cb31b75fe79879ab5dfed14eb1a28e

  • SHA256

    6a1bfc7b4d0b3c749f9a5737f7f0253c634bdd62fe812948807c6beae039ecca

  • SHA512

    eaa04c6437eac713912a81b2e11f97cfdc38d5d5bb459d7f4ae94d140b2bd4d74685cda43697f00b6803b1b58da3bef78ca3d9d6a4b9f5e4278ff2451aee512b

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\$DESKTOP\Internat Exp1orer.lnk"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3032
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.113w.com/?waga
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2732
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2732 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a2bdd9e73bc7d4898697cd1c43d32c6

    SHA1

    da7d12a39ac88f1f4a5d3e0a501ad5fe62c72880

    SHA256

    cc77b291f76ff5e1198483947015ae42d242da1bddfa742129be69db1132bdec

    SHA512

    6d8ae89ec21e2f13ee0c1733817e781be06b2e917ec461c85c547ec78a30f3d9ccbeef39b72257b47a739a1c6be6eb8213b1f25399d959ef5655c7e48399c10c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    067203b494c6ad4feb127bb2495662ed

    SHA1

    b4ed75557a5252c244deb50216174cf1429b8b97

    SHA256

    d18e151775898c1e6d7cdba908000424c55ee0e752d23db8a7140eb25012cae1

    SHA512

    0cbe59215053d7a7690b4aefc3707a1a6466a886cf77745fd08bcd675f149918b4eaaf7b054764cdf85cf09cc3a9ab8281819a7913acee4985b4a92b0b5d8695

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9ca045053c6c92ee4b7b3e4e55aec13b

    SHA1

    b58d262047cfb4c1e29093eeada8000cfde1e461

    SHA256

    e46b59d0dad188971cd81a77b8e12b8b7940e5d69dbd22a9881d9b069936c7bd

    SHA512

    4bb962bad83af4524e2ddf3d99d757fe624170da2bd70c7d2cf9fcd5cc3248f1c0f7455fafb394c4c6a44c565a55f16476910f06e42d929aaed37a855b85895b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    def1d520424928b98b6028e364d04b72

    SHA1

    8a53a959d24646862871a695bbbe259e349b0e4d

    SHA256

    c0d3f1415d8aadbf676e36f9744ceff17713ddf57d948bcafe33b0a4b0afcfe7

    SHA512

    b385907ed684c51a240a0a30324a12ba8df0f5638e7a771f3a0a2409467a9355178972d8312eb41074716672dd7894c5f59cf2b03a5db0e7641b6003def1240c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    09978b427bb1f05a4b70eb470ecbcd44

    SHA1

    5f1714da9896df9b9fc300044f4ba8d31154d0fb

    SHA256

    99715070278c5835a33e2d579b6e5f85b4c868f9c6da21daf7040bd0a07b823f

    SHA512

    d75ff866da49ae0aeed6efbe2c810057cc9b4db895c44394892bea4ca200c1968bd911f207e35063b24ce3901cc5284b92adb84a17ccb630555b546ebdb19891

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    40cd4c18443707523d51c7f48a74de5e

    SHA1

    27443fc6092057696b6e6c50bdd2adfe178a224e

    SHA256

    d323a18ad2a7826e4ece6a680597a6775f2fa12164090feceb365b71c8cbf1ee

    SHA512

    1c6033999fb0434af723d3d8437cde715b7fb3e09eb281f49a073ef61d6c0bd1bb379e32c0b1d8badb106bd9f44993aefc5da9cf48516be58662d2e2efda257e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    81feabfae8e0f8e2fb25d20c2998348f

    SHA1

    837262f36428bc120cd379ae703643ae4b189bc4

    SHA256

    3ca77f85ebf18e6bc57f31c0bf554790b1664c75605e5c653123e2975132f86c

    SHA512

    0053d85fd141d0c738a74502a1463d5130237a24773cffb32f6763b2afa905388fda1370e2b65068d3a21e622d6f80d6345a19f4bc401ae0d771b62a8599c2fb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    72bd0e30abdd39ed9f443496fe00ea5f

    SHA1

    9beba764b4eb07e6d831acdfd1e2d5f338657c2e

    SHA256

    ce732c32435533dd99d5272161d708cf4d15726d43583641bad1ed61447c0eb7

    SHA512

    d86ea3425716f493fe411312963214038d17530d1193459f121a3c7df97c36c9ede57d2b1d2c2ec5065c5a68cf4bc8772899da9daa2f77f8df971ba85992aef6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d6b8d1df78f4f213ddb2454a2dd05ee7

    SHA1

    f8b60004d9ee432b34ff1d143783a86fda9d38a2

    SHA256

    9ce8bf0d00c3c4f60e4488ec9649b97bebc9a5f4d6fbf693599ccba218db7893

    SHA512

    3ade608130b9405ea12fc0a3c57e67f5e4ca7dd6860295c3162349639d1e897e9308b6322ca117cf046e6e19320b8a5ac147463a93faccd3f7fd4200a5609891

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cfe3b3cece7a365a1db92353e8ccee35

    SHA1

    ec566f264294fdb6bf9913da4ab1987307be5110

    SHA256

    7dde925b2ca9ad82d8763528af698d01e8fdd19317d52e6db192b0444cee9ba8

    SHA512

    1bb835fffcae4a864df9b5233ec4d08fdae7337a08790aca68a05c36ffc5ec9278d98a035d0ba3d80ad3dc8c9f746cc0e6ee8623ada7d3e1c52e5545737ecf61

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    943ba5fbfa49fb29990cf021ef79753f

    SHA1

    ba08df838b618b5eb099389d978bec615bc57f98

    SHA256

    471be84b04015d44e6fd223397afd0241f0237512b93f69ce21c92cee16eefe6

    SHA512

    bfed8dffcbb25c5dc1f94e215b8c0b1ad664d6dc5273d1ed1ef108e9123615c6e3657008cc8febb1115de9386761f1879b88d0981169a09883a69855d6468167

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f8d2c33b5ef986b4411dbe60361c8a9a

    SHA1

    63b044cbea5d90a5681a43541544f6f49e186a78

    SHA256

    6bc405f350da2f1f674ceccd0943a0df9fc600ff495e1cd3785ef93176ca6463

    SHA512

    9d45e3daa0642f8d9bf6371b72a0d04bcae13ffffb1a6d4408a499e348f27d883fd532e50821cc45a3e7411d1fdd40432fd216f559ef5b1936e0142a93955a07

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    050c3fed44725e4579b356578c584a24

    SHA1

    becad520d78077529c7610663814ec2af3dbf9e4

    SHA256

    2a06b1e8d68825925d716add8533747bffbd66b19b7325fd6c2c2920aefc4320

    SHA512

    34961a96804ac28e448135ddfdb3b585d0030f126feb42127634067d82a9e18fd8b2df98df85d613f58948d3a10e1abdf9ae88f5dc2acca786a282afd3c5b658

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b49b6a253e3bd325cd6e2c952a7436db

    SHA1

    dc337cc1356878da248f947301c392f48fd91674

    SHA256

    ecbab2717f675810d510d2fd0c3cfc0a6b4882b1d700b33af11cd30113798753

    SHA512

    c784be3556b2b2c6cb6d6e4787b2f7662f0df166ea05193c59603907983f29fc1a6727ceda5dbac47010b0ca00bce963035b53a1bab7722cc73e46ac3a057f07

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    af5c3c4b42443ed20e90545d88b2ab9a

    SHA1

    7b7ccdee3ffbae38cb089d3772902cc87137b0b7

    SHA256

    088d42bc26e4cffe3ac7a68be07efa547e038a73d2acec742bbd9f41c5930bcc

    SHA512

    af24b471401739c35f366d389fc1134ab6827f8702c392cd44b7d44b23e97ed8f73af13ff4adf44dfa55cdc681a45096f891c03af52afc09d05ce39196b6f441

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    94822e705e4613ce4893b2a644532d8c

    SHA1

    b5b0f5077fe49ac1de8a2d55aa64b07f0b8cdf72

    SHA256

    de5150cd58771d3504de0c45c98d1a187e0da15e2a84aa096631f7240e3cb81e

    SHA512

    ec60b1c20ceab6a4e144d6ef5c5ebf5251417e5630ff2c4c86fed14b108f0ca2395a2b5b837a083ab39dc3a3b7bc52161ff2a654afcef2d7bf8a03dc9c8bc87f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabEE28.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarEE99.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit