Overview

overview

7

Static

static

3

46d40a00f3...18.exe

windows7-x64

3

46d40a00f3...18.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

3

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

7

$TEMP/remote.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$TEMP/sobar.exe

windows7-x64

3

$TEMP/sobar.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    73s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    14/07/2024, 17:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $FAVORITES/Ա.lnk

  • Size

    1KB

  • MD5

    62d588bdb74e4e2e5d1689fa9272ce39

  • SHA1

    9d0db515d8f65e57353381d707060f7343a74da7

  • SHA256

    248402dd02a096f9721d61fe867fac5cacf4dc9001fa2aa6a50a59f7405606ef

  • SHA512

    cbb47f7e4227177ad39a1c914e00e0ca13209fe0839d13819299ad203572b69026c541d71c5101e4cdddbcf7786c6adf339af3e4b0aab65cb188614f646a893e

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$FAVORITES\Ա.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2120
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.mai520.com/?taobao
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2976
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2976 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    93eee809515cb5ea8a59b71d46e97b56

    SHA1

    d200338020e36098f215c5ebf95f7186a8724775

    SHA256

    f1a0f0af37328ce3540b63962445e8167a7eb3f54a4a287d316d6329a770b8cc

    SHA512

    2d89aa8c767ed568c894022e966cdcdd3742e9a615034ad9e99003d896eef8078b650f03c856bef899d68b6fcf27e2d32e30cb12d8e5ba7730bf34fc07520f8f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    19d2942098853e28197b21e455922afc

    SHA1

    0c68cfa3979b34c284624d34d94dd26bf1be5200

    SHA256

    bd49b534fb483d8d029fde4c31e60682cb2734f9a558e7c044108b137b6b8d8f

    SHA512

    d2270179f32246253c8199b482cf7b784994abd36dfc8cf4b98ea067447168e2ab0c1b2f7ab78919f4d2a97b03f6e395ab2d2f92430962c37f6093acfad738bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c0b9082dfafc1271bf861c1a848e126

    SHA1

    a4e613a74efc54ba5815a724d8ea3d694cbd4273

    SHA256

    b978a668c579304d29b1bd77542a1ca983db16341cb8ddd598ca843bdfca89fe

    SHA512

    815648091cd1b8459359867d5ef53ea835627d0b20943141f0850fcdf0fe779a6b29400bdd2cae443a188fd0d76318c589afeb8d0cef6926b0489ea3d4dadf45

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dff23bb6e47effc054f10cf147b22683

    SHA1

    9701400fbdb1fdadb329106c4153e4cd59ef3630

    SHA256

    9ad14000db92b79489368742ecc6e544b5db8100a1d88cefe0017bba6f50c272

    SHA512

    9b796a81b905b73dacb7c0bd37e6f79140ea30a51dda5fa071a49c3e36324f2380d3c4fac1b446f5a462150be80641ad4ce5815b318358d2929cf0a1303131ab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8dacd8daffac1734ae471fc647ebcf2a

    SHA1

    8476c68daf416e22751bddbc7b6adf5ec7855777

    SHA256

    3f29d1439148faa4faa0ca451c332517dbb5645dfeda5c6cf19d280e381dbdf4

    SHA512

    3433f48564d42bf03308c07758c525084a0c32ec25713309e3aaee01664801b3e71f7cbf31b7f99310f7dc986ba5e1c0f71f55f26a28fdd1f2906968a9d5bf44

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8405260e4e06b466e53824ecf4b767ef

    SHA1

    f91e8afae355a7cd3e513d30a062de9636ed15be

    SHA256

    92852c6c32cd54fdf61543e621163ee9139b7e5b680556958f86fd3336c850fb

    SHA512

    d6a06aad9ea24da2f6a1115abb9a6821b865379613df22c0b43c84a857cd871ff0e1d20e6707378151adcdf2302127a8641aa89fab324884c83540f65dc335be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc9b1961f9f9124ee5ed2d5939a2bf74

    SHA1

    153e445d518fc0195debeb3fa9a039436de520a4

    SHA256

    fe40e65ffcde78ebb95a006353f7c38578d4e070f2e672f14f0c52e66e7ae97e

    SHA512

    653e5c182f5398c7d2f367640b8738e39abdde8e36f61b649ee27e7e45c0d5db231e76573bc1521ab47e121468579da83ee55c92a0e6358f0745bcffd9c3881c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8ee97c5ac054ee6ba3a575cd9fc1bd62

    SHA1

    eb9c48c1ea2e67efca9e7006d69e85c522046d2e

    SHA256

    186f5914b4ecf607021895d8c0b6d30be35b1c8cc66d654c300e104c74da01e3

    SHA512

    2e1f80a6ad17945bae14e0f29a9885c4f37c959a558506a26f559fed3c3a61a98fa386636b3a8475e5d8b8077972b84fdd3c7ac18bc3ce302738c38a4a863f81

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7e90b15b3037f91183b1a01aca0d10a4

    SHA1

    511d7cfadbb528ba9f089ded61adcb8456560ca0

    SHA256

    9ddd7815ef3c37e7fffa1ab027b110da31756278452d787f4d92ea9bb9bf1cb1

    SHA512

    3764058592377ccb1c540c8d58c61546944d7739f743765aa64663de941477f951350c12166500978cd235b45a7144b0cb50f2547fa68aded4db6d842f645dd3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    37c887d581c5e0a692dd9a6c28d9e550

    SHA1

    43a545eccf294a51e225bfbc866093120c7a36ff

    SHA256

    414493257de526072ab1f4afcb6142891939f54807ebdb93a874e649ba238d65

    SHA512

    2eea0689fca1838096295b4f44ac0b564f7bbc5c9f0d14cc283013f453c038156534958653a0039f579e9ee2ca51a44296485e4e9dc581c4e67c25bdb6175709

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9f34933be7758b601ff9737810525da2

    SHA1

    672e9a6f31af1e4a0ff299f0ce24d6776c405af3

    SHA256

    494e2ec7132bcc8a08a5dc2446efaa5097ef9af41abfb53354b62be4674960c8

    SHA512

    5e4f6dcea077a1e3bf5ae0c457f909c82a8114561e6e18467ea9fc3c043587268b7dddfcebaa119a696a1b2ab181c1563e6731f39a965394b8b7d18dbb1feeec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2107443fd1093836d68792706516a07c

    SHA1

    dbd732f6a02c80d70c43c4bc86c0afc052f5e6e2

    SHA256

    95d1c30d4606dd10c803a33c0ba234d31df7683f60893c58b39b04de00f0753f

    SHA512

    31ea74cc2b673366674e5b2c3ed8d3c3f03bbd928059633fe6cc4ca761d09d78c22bb17916e384b6678f75f9ef750a455d3ce32b762a70fb78fd4317b474fc8a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6c11082e7b234b573604d549096fcab6

    SHA1

    976580bdb629d4cdd677560789b096e9200b35de

    SHA256

    8cced571b8dddde2ef48c984589b7136aa1161ae6148ead9436f46f55c6b8452

    SHA512

    e4ec229eb3debb6e05b5949ec077067fd31393df5ef99e3dcbd0250992a15a01a77205997354b9c36203220d21f13367307a856e0b064c4693177869c5c90673

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c1b2a81f6b77a97a61a08ef42ffb929b

    SHA1

    8b5b8230a3fed60b07ca72dae1d72d38b7131537

    SHA256

    ce4c9b152c06127074dc6e5a0e12265058ec3b1f0eee4d30bcf38c588aa01689

    SHA512

    95e58849ca0c0fbdc11d924fdfc23f393e47a1cbdb26df7805ed88a6589e84473e3224f376e9713359581d644f9f00d400c906d16141c876009c8c86f861a7a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6393c35b1da40532f7de7bb0415e38ac

    SHA1

    2fd324af0fb0e4c4889a430136f56243d94beff1

    SHA256

    66949729180c628b12872cf595690e73acd7edcc6e2193e5863976190a87df59

    SHA512

    94c4512df6085a706403ac9b60198176899713e31c2e4bca4aaab1b3bb5c2a8b0c72ca9c5b76424ad02b865c405b57be18e66cabe120791c1d9122f8daea986d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8de710b7ed21821d9297950f4bfe5d21

    SHA1

    ba43fed96ce057964661f644db4c9c93ec1ebea9

    SHA256

    2b622a951c69deaae60708112dd639e6a2fb2dfdb5a541ae454222b099921d9a

    SHA512

    00ce32493c356621cf598c01557bbe73f5f63c7c7a88332bae76982bba6e64323b9c3d3615850802846d97aa298b917fb54fc20b5f60ee5ec5ed9d6d0dadf7d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    66e41ed05f58241993dfc496457a8039

    SHA1

    12b668963854ee863b7e7b13cc1b13837874acd9

    SHA256

    67c9dcfb59e287d30f69a7726b9c9920b1617e1dc2abf2100b35113bedba361e

    SHA512

    ed4a153d2a5b1c9af1ceb7438d19c4400d45b447596057e7d25ea69bad884ed546c2d3c7f46e8dc38150fbf6ab1bee81e883073f0953070bdde35f247ae40142

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ae5695defc5309c109cb8f4b483c2d26

    SHA1

    0b8706c7e3ca26f243638fcc332b8a69401c72a9

    SHA256

    8def71fbe26652afd9b44c0a9f48e208ee8191381034dded3eb3133e6b8a5cfd

    SHA512

    b404ffb3ed4084b11e28dd4d937c795324b2cf3e8266c87ace92c9d7398253ff7b0a851a9f06dfb8d393f2e99a98676581c50bcb3cd312319eb625e3580ea48b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ccdbe1aa16b639a2f35993bfb7d80ec

    SHA1

    1bce48786ec7eb14c506cdc745cd65eb3da010e5

    SHA256

    b3cbd24095e21891f884f4b9cf2a95b8b94cb269c41965337f4005ec29ed40b3

    SHA512

    bbcffaa4cc88167875ef85825de7e968c690868bc83c424858a5e1cb6520baca2c17d7370b4c4433114779a692c99cd876a049d76f47311861695dee7c3a0f92

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab8105.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar81B4.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit