Overview

overview

7

Static

static

3

4b1c188412...18.exe

windows7-x64

3

4b1c188412...18.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

3

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

7

$TEMP/remote.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$TEMP/sobar.exe

windows7-x64

3

$TEMP/sobar.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    136s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    15/07/2024, 19:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $STARTMENU/Ա.lnk

  • Size

    1KB

  • MD5

    62d588bdb74e4e2e5d1689fa9272ce39

  • SHA1

    9d0db515d8f65e57353381d707060f7343a74da7

  • SHA256

    248402dd02a096f9721d61fe867fac5cacf4dc9001fa2aa6a50a59f7405606ef

  • SHA512

    cbb47f7e4227177ad39a1c914e00e0ca13209fe0839d13819299ad203572b69026c541d71c5101e4cdddbcf7786c6adf339af3e4b0aab65cb188614f646a893e

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$STARTMENU\Ա.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2348
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.mai520.com/?taobao
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1968
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1968 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2568

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b0696017b46e7ed6e6cacf008a54cda7

    SHA1

    182fc6ac7c98a338d3c092a6f6123c5e21a34d93

    SHA256

    2da05748e0c7bd8d1d72d991513b90f62ddf14a04c935a685181d7a8adf6a5a8

    SHA512

    0d3e72b406ef411de6f4964f2d365875487ae3ff78f783bab7c9f66fdb59d8050349852cabae27aeaf3bda0cafd5d2cbe6d8d3e3477ce0bbdb185affc199ac45

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ee0726c6617e4efe78a4d42b16b7582

    SHA1

    926764be27547d5593daba29617c7b2cb49b7ba2

    SHA256

    02ab58d7497bf4fbde0f363e26a87a68df2fdc45c04904a124716c3cb466b061

    SHA512

    82d475fb0fd38045b506a84f0898c8b05ccc3b579f13acd90bce55e99274bcd5ee0c84963ace88e7d6b6147f63d5c2c1fd9a07c499c98e45e9204139d9231121

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d3b7a62c2c86025978782c47f084c98c

    SHA1

    bfff64de70102ed85f2f071d852db94588d37112

    SHA256

    8f7eb7ad356ec43519632ca5999a6a5eb7e98176f44ce598c3e783f575815f2a

    SHA512

    6de308cd0cc7adc66a1a5cf4eb686d725f98139dce33742bb0d8b2574015a76c6d6976912a8de611bd76564910ee3e6285bb546f8edcf25940d6a0756d977d72

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4ec0bf69e62a4e901df203521db5537b

    SHA1

    0b047e1fdc0e42cf4984ad03e4ff1fc52ee73154

    SHA256

    6df08e62ae1c6188f1601a23c8a8e14011b4f2009ac4fabc62b89aa9391fbe62

    SHA512

    85444f7f5612df59d0f982797f830d9476bf074b7475547cac840cb31bbff84c18869a100db556dfb379bad1eb25a55b8ccb53534cb08926592fa3a966e609bd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    961381299f4c05f458ba717115edaaff

    SHA1

    09e3a9d18c1cc4721fa69f305452d9b61336e6e5

    SHA256

    761367494db3775cb653ae0551022be2af6b2c5bcad0af34c359b75e1e57ff69

    SHA512

    cc5773bb11b3f49b9e918d11bb1d4b2d29ad25d687fe3515317507a3ca178e896a98a514efbd0c63a6abca0d89df318da0c8cfee365e39d9760ecb8eb9b61b03

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ecf9290e3da9d604a83946bbc529c10a

    SHA1

    87fd06cd8e16576733540ad84088fea1cd0b9bd5

    SHA256

    1b4ef047b5a87b23a92b78ef14d580c84991714f9222f040fd9bd660dd071eb6

    SHA512

    7c1e5d5d9b245e63a01a3027bf9d212500fb3525aef3ced908af7a080079cc1d142c69b970280d5da8fbf4d394623b2807e2c8f291002a082812784c933db381

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    809c29a5038268ef8dcd8f98adb6b9e5

    SHA1

    6dc1e8bcb2060dd22cd8a96927123531894d03db

    SHA256

    fcd3673e5fa7c0df5e9adb6586a774aff2ac5aee12b43ad6e2f765ba49ce015d

    SHA512

    a3c758ed6074362dda4c7314374ab3db4285fe1137d87f51e472ed8d24963c8738b38f1fb81e20f839e472d92ab434541a70675b73e77bafab1815119cb7513f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2b671145985b62ba99f8a19387d7553

    SHA1

    5d289bcc5c8542b6f0c1795b21b78e4a8775da1d

    SHA256

    a5bc52ea7d371589bf9b4535eceb41c57729cad75deeacd1c1350ab41ac73dbe

    SHA512

    bcf2404a2e97b4a2aa10a87bd331e38a2d8085975379a7a4d31922ade6f4d0c972253fe9e4fcdca535991880b0b1dc34231eea1957108e21af9fdeb670c04e65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a6e1a5adf640738c5ce4d71b503e41f7

    SHA1

    f35947ee20b8abeac7bb5f3b8204d9acc4561d25

    SHA256

    ac3dec934ad4ac23f4868bb3d7b53b48711e47ac63be08cde7bf9c8fb11beaae

    SHA512

    70595b5b70db88fa709dcafd93dd419bd2f5db96112a3eb6d0c3af48816a7353f7e751445f842b126981d62011b34488e7d2d94a56d23e43eac742e448b6bcd3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d9105180160362646cc1a57b6f6a7978

    SHA1

    5429c07d73ec70603bd7c9df11c4c3e4232d44f3

    SHA256

    c055e79e29bf79c130593dfd55f44fec7fe41882191882575639bf508c68a810

    SHA512

    46b378dcb05449ba1c3829ae40093dbe5b0262bc85c71464db40e021b55b380dd183340209be71418be51dde0a7dd02980b36c66e53209f0bded8c35210bb1a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c8eae738400b36a816ed10e4c33ac78d

    SHA1

    e52d75ff4f3e23797e1a37fa16a6005f672dd79d

    SHA256

    0972cdadda5ae674d668ba3c88eb86d2064db9cc9b0865c6d3ca95aa76c468a6

    SHA512

    ef10067bedac3a880e80e0d50c5a6e99a8a3500bd0a31222bc1883d70e7ab94782149e6d1d11b738b6403ed7cc69ee2c252d4c0aeb9f84de92708c81460c6c00

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0ad755e92cf4cd60b3027613ee0173f6

    SHA1

    a925232c1c3a9f679551f5f28e2ad238d49e4f4f

    SHA256

    f737fdd6a276488eb9cfe7a48a0665dddde84daa49b9d5d744a899e3f143eb2f

    SHA512

    f55e32aad426cfc55f3f358f523d01bc0563367b12b8fa8b943828a354fdcf5d9488481ce90226a91eb19fe9bc5c164e66dc2983ae74b65f30949cefc297c976

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    db5e9ae245946d32b4d7e76faf910213

    SHA1

    c53c25e1bab530de3ad900f62df36acb528641b0

    SHA256

    bacc0c3c8abd36e307f97dfc0dc204df6c4328cc8bd1f0e741d528125fa6cf52

    SHA512

    a92dc1a3e1c0814cd86b5e21424286021fd69d07ae9820ae2fdf3c1a6c252d6a50d6bd435724b4267a763e51a5ceb43f68fdb6e8dad6567621399c64ed3a8f2f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    56806e1c8b6f4791de62b10f05424641

    SHA1

    f680709c29f7595b4ad5489ac19b8e35cc1e1b02

    SHA256

    8af73aad1728700ec11e89d32406d71f4b094303e975b8b9c03e6f955820257a

    SHA512

    6040ac87bc7355150b90517cf4e22e45248d60ec8eb4c4678da98f166224c243d08029716a22e36bb56480e6f6c284bdc5741211eb84ec8bd6c7b412956950c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    414d45a35be12b6b3bc0491801fd1472

    SHA1

    2ce4c0db665a0235372412b9a1a785d7c6e5603e

    SHA256

    30464ec996d8d1222457644500e762dd97d5d993d5f814e013e1272437b4be2c

    SHA512

    5630e4352aba357eb60219cbba56a1c742ed647ac824d0d6c854bb580b7615b7019a352189913591b9e480fd02e3316507cf74d4319fc80fb0b266e9906b81e6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD03C.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD09E.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2348-34-0x00000000023D0000-0x00000000024D0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2348-33-0x00000000023D0000-0x00000000024D0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2348-32-0x00000000023D0000-0x00000000024D0000-memory.dmp

    Filesize

    1024KB

    Download