Overview

overview

7

Static

static

3

46d40a00f3...18.exe

windows7-x64

3

46d40a00f3...18.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

3

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

7

$TEMP/remote.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$TEMP/sobar.exe

windows7-x64

3

$TEMP/sobar.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    14/07/2024, 17:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $DESKTOP/ԱմƷ.lnk

  • Size

    1KB

  • MD5

    3801cf5240ef322de5fb53224f763068

  • SHA1

    e4286f9b6e5986b6a237bc70fdc03e8a36287e11

  • SHA256

    23dde6d591dc39c8b7901a49ce2edbe1591ef2b68d69700a4c81fd741f2d714e

  • SHA512

    3d26058c20050e236cb78533485dc2dd02ed6be0ab7037e8eac5916b75abe189d38f57ed45899787cbe69318ec4d6763633d1a8a96600fd0b20b83aaa9f03ef4

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$DESKTOP\ԱմƷ.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2540
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.wagabb.com/taob.html?desk
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3012
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3012 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2724

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    675962486c10ba3a65deeb54fff5ebe7

    SHA1

    b5dde29e1f4c9fdae3d90d38e35b0084dd1a9cb6

    SHA256

    487d845109b615ebb6fa5fdc7bcac2f2c8f9c984acdb5609ced9cea893883e5c

    SHA512

    b91667f6278d250520ea4236515812504ffc7d33379d5e4cfdad425a62131bb0322e63889e625ec44075108b9b9586e1a12128b713b96bce4fd1799dfe6e8980

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4602df0a49c02832d7c70fd3a6743ea8

    SHA1

    835a46e7eb3326bffbc00831af6a09b3ce8be3ce

    SHA256

    5c4655424d90195eabd1f0422aeac4c55e2e34e09238ffb53fb3c5ce558d5524

    SHA512

    e44ef8ad3f56a84db5a500bf589951d736001d58d85af70fdc03f996b6a475a924c06a0cbef73364a1bdeeddac37ab5f88dbbc03a18a3d6a320a765a8c176e6f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    462be2f5eb112bb4ee9a0717b2ac7cf8

    SHA1

    a146f2483a1aa00c39e30006a6011457c420e120

    SHA256

    6d7643c762e45da14e7069c089d6012cc72336b909b97219442826afeb586bf1

    SHA512

    2c00e9bcb68ba3952daa03c541c6165a11d69c1156b7fcfae8f94f623bdd071513f003531469c777450915929ed3ab06dc59a4f89ba2cd5006f543e0f1fb1037

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a76127bce4e99509717609690ea37095

    SHA1

    dd16c649f37f40924b6e8b812508e59cb3d44da3

    SHA256

    ccca4029ad01a6c9bd8c8709b857fc1da73ab8bb7b4a5a7248e2f5827d9860f4

    SHA512

    5abe3531672ded594aab743505e5d8d27a11adbfe865cbcfd82c7da0e93f77d1380bb24ac0fb78e3e061fc19abe3473a2b4f722a0d11af74243dbdf10bcc0caf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    094a3da274c0e585c1ad53690e556641

    SHA1

    a1aa0bd8beebc1d101e11870c7f84cfc61865fff

    SHA256

    53ac2dcf50bc6de0627bd292d4a4af78d7cda1b92912e8a851385565aa4d896f

    SHA512

    3bd3406932fa6751e26878a7417e5ba0a95237b0944509279c720b846ad0161be8908d54ded85fdd15e205fb26aefb1b3d45688f7fb693e281532fedac871bde

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c6453b2b92cc655ac65eeb1a03ca8ea

    SHA1

    80cf470c1993436dd93864c20c47c91e054b57b3

    SHA256

    fb90616a678a3cd6850f0a138ae66f6c0504b4fba47c0504007894bb27afee6b

    SHA512

    826d93591852af91bb6661f6029e634ecdae8299af21d5f8c91520b17826e3146b006fe7c5f9df102bdbd334c71d654596424f94ca489806cc522e17da765015

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c7c25deed972818ca95cdf79b285450

    SHA1

    15c30cb80ed224587d6031550d3ba9a2d5a1b6d0

    SHA256

    56b98db0c82314be5f1ffd8f3624e429178dd88f623aa49cfe84c4607916fdd4

    SHA512

    65375fc614cb124b37738acb21ceca7268fbdf774204910ac14dacb1e71b52f7786bf342a0135b7e7b3db15748c1a3fb2c187e96bee68911a1dfacc012bde7fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d485f1fa02e8caed792a39e70cde147

    SHA1

    96c6940c044c36d9b27729b9534f29366082ec52

    SHA256

    f7bd6e111c9c55ac476d0c0ecd68167491ee199761c6bddb543b6932f3917c43

    SHA512

    edb357b3373a4f29d957f4709fb33c1b8fc37d65e048cf43310e5e517d2ac09bc45c4c500a76fb99c2288e07ba36d5928afbb99d610c58456f92520f16cb8065

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    03bc7ad8658be375b1197572e81ede88

    SHA1

    3f4eeb18ae2d8f35818f2c09e03db658dae46382

    SHA256

    692d53361ef5625780540e17f7694ae68d0500a8e9d4de09992847fbfa579abb

    SHA512

    c10efe39b5e18bdd3261c20933e3101d65f1c71f3c458bb7a1575b49a4ef5011ee339c9e2ade37149a019e387d6ef35b9696d7f3428e1bba940f8dc752a2e5a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    97c27fe4b81d27ef524ee5f05d5ba051

    SHA1

    2c1f34bd49eb49d72e0cf837fda5a5532f6c6cb2

    SHA256

    37f66634b48f13a35c67363c6e18e72f0a44e83dbce653e5328f6e744e3398cb

    SHA512

    8d887753939e92b3c63e3827f6dfc99842014df4fcc13c4e66a80736b5db8b4ed1bb4d76ab7960b4bc0ff573fddf610a63726b34f517bce42d082133e5141b9f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    18a5869eefde93d00210b3e665e8cff7

    SHA1

    20c903a2d89ed44691612cd500bdda2bbc0859ce

    SHA256

    88ca3ec2750520e9cb71f49af733cbf91372f941e75653428da3b01cfd56c30c

    SHA512

    1b661fcaa68ebb3259d75b1ad4618b1aae32440081638fcc10724eaa77278a83aab78fd80550ac6e89e736c3e15e19e4bd03fb6464e09ba6bf8f424749d3907a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    239228507781250f9c239c508c890ab6

    SHA1

    83f64b8cb9bf46645f9dd8d9c587e795b6f90b16

    SHA256

    aa4d9133de7774f0f6deedcd58823cd5edea86e40a1775ea7ea536f845e9feee

    SHA512

    cf7ee9ea51948ed3b13272adc63d5a504ca316397a9ebdc26facffd6dd9892254e9016acf504afc390d184877b5d07993b5220cf65e0ebb5ed23ed4380358704

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be1cff1878a732acfa12aa4228c524b2

    SHA1

    fcd9aa93290bb9b0ed6e00a49ea2bf2b71f60ec7

    SHA256

    afe5fbcf242906088edff1a6a39bf1d33e5dbac4a35f77e20257ea90a46f2b03

    SHA512

    e62c227949d7de5a7d90ef39422dec791a1c0df089d3f9eb95ea9101b057a77e26bba42f2bf2e306dd27b4a3bb8db46b172e7f5c235d3cebd86fcefaa6632fbe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8501bbeffe771a4ad9a1562aed0548d4

    SHA1

    453b3819bb89ed549d4fc08e442705184b702244

    SHA256

    6253037c15b1bf21ffc69c56089b46080401c5a25bb44ca471489e16965582b8

    SHA512

    4424d7ea10034c8ff6dac3bc0d8bb4ab15cc47da35863eb65d06d407afd9f87eba7df3acdb4d8459545a630c43c6f67cd5bc1a0bd61613d988c767e1ea11277d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    808872b8ae025ec4748486e20d0b3c4b

    SHA1

    35cc5bef6ee7a93c0f883ab980734027887a057f

    SHA256

    0a4a43cf39c0e9c49f801aac1810bea7dee7a61bf18f11d5a9487c820b52c3fb

    SHA512

    5df51157d0faac6c2f960f87349eef8648b336dc51a6acf121b1e350c4a230886c8dd397d54f6ab4dd796efb9f4b59bfb5f798d318a22b020220f7563668c56e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ed73b70cad0fea6017de62ad4ea7601

    SHA1

    d246c259f982831f9aad1b353180d1ea8c6a43fa

    SHA256

    12c9f4ac3ee84195a6f15bdbee688e9e562b3f934152bc783f0389fd9b5212b3

    SHA512

    84612de2c5bf73dbc563cdc385d20fbc1936d953cc9c6cff418dd64c6f57d098c5bc18c132b6488cbd3d255f557924b76915c26d12dc268fc3ef812d88279926

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    35f441b37d0a87607e3092a2645d6c33

    SHA1

    39ced52bea5cd4ff3f192a6c8fe7283bfec0c5db

    SHA256

    fb313a03b0ee2edcb412d9dbd1713be212949947304711321f092fa48fece448

    SHA512

    c01d4f626efbc4be49b80d3e450288ca804a176998989e1c8077e6945ad63e22e486f6e136255775049552e445c95d0a2941144b681521cb50e5c197a5d2d936

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a8f050ebe7f9dfcdaae06b230fd26ed

    SHA1

    a920600081b09086b4bc944340270bdc1d45aeed

    SHA256

    91d46074a0967b2a274399ede5665ead3b49934f3cb54e2940200edea349e2a6

    SHA512

    f843345ca232ec9ac91a07e834de4aa9868a7b4fe4b8738cdc001e148409ff286308d00d4e08fbc2b0435a599d78c19d65ba36b32795f9ca33318c5d330ab8f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5e413b425ea73243ee886531c96f7683

    SHA1

    26f7affe44ff606a498b983bd080c76d241ac1af

    SHA256

    761dc01772aede4c82b589299c0385d5460cc5aa230fd056a9d16ef0a2ea234b

    SHA512

    6a1f6865de0fc71fd18e26b4dc4bcf2ddc6b077f7b6729d1804a77c065bcb30fd74fc24f7271c6afb5725d460f692529588770a22e316a68ba6c061c8f1cdaee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFCD8.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFD49.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit