Overview

overview

7

Static

static

3

5a6f5ade9b...18.exe

windows7-x64

3

5a6f5ade9b...18.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

1

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

7

$TEMP/remote.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$TEMP/sobar.exe

windows7-x64

3

$TEMP/sobar.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    19-07-2024 04:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $STARTMENU/Ա.lnk

  • Size

    1KB

  • MD5

    62d588bdb74e4e2e5d1689fa9272ce39

  • SHA1

    9d0db515d8f65e57353381d707060f7343a74da7

  • SHA256

    248402dd02a096f9721d61fe867fac5cacf4dc9001fa2aa6a50a59f7405606ef

  • SHA512

    cbb47f7e4227177ad39a1c914e00e0ca13209fe0839d13819299ad203572b69026c541d71c5101e4cdddbcf7786c6adf339af3e4b0aab65cb188614f646a893e

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$STARTMENU\Ա.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2936
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.mai520.com/?taobao
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2324
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2324 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2772

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f3dccee227cddc57a1f33c41d65b4de0

    SHA1

    fc7af8085e3895dfea48dc891918811b07e72b37

    SHA256

    d2acd082f2502e521459061881c3b86310fa5ce2705ae929e5b24456c7758134

    SHA512

    288df64dfa750e1a4dedcc7c647575c47d507e94bb14951be27e13b4737d0bc1eafdc2e56159d6f34b4b7604a9ca7ec2632f15398e8568bc80c4712b3ccab4d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    19f42067ded15dee90a64d28c1005555

    SHA1

    cb200d819f91dba13380d971c1fce62c3f4edad0

    SHA256

    bbf296671bbc132e168778be9022e516c874d310a036f4ed373dde2e31c9a5cb

    SHA512

    bb689959e62ecdcf1445f30922c3dfa36af2a93dfdf959adb660b8d054e047dae2898559131816a4980f21b578427a606b36ca90143a6e181cfa5d8fd91cd97b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b954f8dd077439918db43ae8c985c0e8

    SHA1

    3066d002def5a6fc0eb3a4c8c8c2a8e97d24b5c2

    SHA256

    be40f7e21d64d4f60ff56a15ce4375e4dbff5919ab9d5e0740b89cf7ae6e1a3c

    SHA512

    86eebb6824b69a5d801684b3711d4e2cc354d2828497980a4b9332328ac44f4ec1f8d2bc2cc45cffe379e34aec08a4a5259c44aed5a34c7b8c118cadf51645ff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    631b333b21489e3880e110220f6fd305

    SHA1

    bba07c56c1ffdc6ee689bb6d8e1d5b7f70aba810

    SHA256

    881e522d8d42b504429b8b883cd69ed85c423b1aead6df91b208df850a934bc7

    SHA512

    adc11cd2200cce934e5780a6c7d8872d8bb8a851177a2d497ba25424a947d70fbebbaffb110c47918a86a11a3f1b6a0702e741e81f1864397b43104d11d1301f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b50d0f34b7064cb57e724069cd43f35e

    SHA1

    03fe4ab89362da4d571a7c1863f4a9bd4dc2fa2e

    SHA256

    30ec9e7d37ab5bff1aa3eae50251dacdb5250beab9dd47feeef0d7526c02c979

    SHA512

    848b9461080dcb4e94c311d363487fd5420800e607f537a985dad6091a9e05c27ddf114e574959c324d3f0ff2e5331e37b07a828bc3a2224b7687c80a4c487fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6b9671f3ffaaa2d82707a58d06239204

    SHA1

    8910c75728beffcd09f8fcdf68c547a333fc45a5

    SHA256

    b2b0bf2aea3f9a0414a9d25b54bd89717b6492f85b934a0a5947879c497070f1

    SHA512

    8e59e9bbfd433ff4314afb5137d5a80529107df34a6a1cb36910b4b3f3a929c46775ff1473ef01705a924e51e5335705eab5cdb7d72439089d448646485e6778

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d25feedad688877d96395e69295c1942

    SHA1

    8a661ca0654b9289ee65a09ce056ec0b68932309

    SHA256

    a4ecee66c66725a23fd0c060edf5f64ff06d7bb74339b9039675271a88557d88

    SHA512

    5180709ebdb8dc5d03a4b8a1592f28891f623e32094738cdd8bde187b53ef605c7c44e043843f5e4b454bb9fa041bdd4d63cbbc471bf380f6e4688da3f30dc3f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    47d363620b7264db27592ce6c031652d

    SHA1

    e32f6b1b5a5745543624b77e420ed3ada448d1cc

    SHA256

    a417b5182fc8f02c314b978408d0e7ddcc22e756c88ae0fdc4054572ca935898

    SHA512

    16268d04536e4a86f2acfef7a9a5b7f625463bd99a346b0e6099b44d86a84b83efc0b32436c832a172de5ed1cb6048ba65defceba24bca02c678c4fda840dd7f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bf53cabde92d71b92129df99906eab48

    SHA1

    543d3fdc451551902c903b91155119beab2316aa

    SHA256

    64fad3ce4a72ab99b1262587aa9d454aaeb996b2c664cc94443f5661ef7f2f65

    SHA512

    e0b6d79eddaaf8e405f4b396bd97bc2d1915f6c7932584399445ab5b73a73ecaa71a255338c630cc0601c3ba05165108925f8b38f2360d09d1164d132e3bf7e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dab038f4ae83cdf808eab7e9c1425eb1

    SHA1

    85ea04041536f27cb2f531c215cb0b92dcf83995

    SHA256

    b380e702d07c18bdac7d2293dda28884d39f64c3526e73392a4510fb2bee0f6b

    SHA512

    50a9c62565d1f31e116cef5579f97fe5a1ce96b4737155f67bae757c0015b650cb7f87cb7c3c1c963b31c74fdfcdf6f569f2bab375fc2eaf6c92a8fea03be16e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c0329251303e8a85dbbd86e1ac63da76

    SHA1

    80110c1d621daa6e5b67303caa686dcef57eb231

    SHA256

    afb8e9a7e3306a282bca036045031f64e0dfae3aa083814123a98b2548824621

    SHA512

    f805b6557e7d031e7542b4de77a0e910a020eecd727f822f5a98fc5f67e673003a6c9606c221f6d5b336772aa3be1bb6c120c2f015c85856476a5e70e73a7472

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eed88d42b23cd90c106339398a3e0ed5

    SHA1

    2146eee92d68d6d8d4e5e1a4e3251f3deb0a6f1e

    SHA256

    a40db2576495a0ddf3039af2c86b0fbabe771c0239cd39d899e454f517c0e2e3

    SHA512

    47503c006b455aef1460e73e60e80dbbefce55804cc3cdb5e76564531e9fb58ed686e560a29f653348662112c45e5672f0d4ec3e77f35725cb4bf7c67357667a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    69873ee0bd6bd1ba52fc56f88260dea8

    SHA1

    14b7eb70aab862a2085a817ad3fb5b9b563bd367

    SHA256

    53ee9c6bb250441dbe1a6cc25b9e5aae1cff4708619c55c3f5e95d4ac41a4562

    SHA512

    bf016fde19d328c2146d5037043814e4250cc52207d1e319bf78f2f1a17e228ab7434c4f9c31cd212b8c014f54c733d77fa1e80e7a55696ff60d4b5ba041aff7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    654a2743e116d5effac43271fc0c8d22

    SHA1

    c8621e32ad96b864c1913e94c8ab1348112c68cb

    SHA256

    5c036aadf725875c2b5fa434c5ae0c01823b0c6d6750c9afbdd8e5bf8b4a4ef1

    SHA512

    2f98935176c017e37bc8396e22e8799d6635a22ecc8a21bed4cdf7bb0c65e95940cd57c7e746a1657f26998075f9c300af1bfec02645d9e335341699139dc86e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ebc3de8190cf108c15d2ccc079ec48ce

    SHA1

    0b374c4791d700cd14fbc66e3feccc4e6c742303

    SHA256

    b16deb8a53e5783307c4ec1367e6edc67e7d1e553c759a382a6c73250bdf03b7

    SHA512

    285b56c491c29fe5480b7ea8072137a99f238d5cc8c84308f1992119f12b45e784354cc112c9030073a52ef57143703f19740d9698157a7cf24a3ec4149ec981

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b62ed44350aef3ccdd831bfcd0c9e3b0

    SHA1

    d28ecb3fce1cd9b46b69d505220b9af79406e04c

    SHA256

    86e7e1d7eeee98d8b1f8ea3ebff89a1d5fb1f84ff53d6a27e39a78564de1a916

    SHA512

    6719df5347a8a2b2f680af2b6d6e0a92ab7903611ac7163eaa9ebce500f829e236498ba5509c497fa2c3dfa73a31a90cb807315a2a9f80c743c02c12a0b6f1c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    092fc6da4820dc62092515b72bd845d8

    SHA1

    58507cb12b84efd642e7a859799859650ae6900c

    SHA256

    e712e87584146d5dd580f75fe1e02ad6d4510f773957ad0cc59630ab4ce00677

    SHA512

    2a6324c9a1de8f2c063410c23e353b17ef08e748b61e3dcbfe52646fe641b39613ae537ebf3d19b08ffd255d82703175b09ffbdb869a2022c560d43aac81e66a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    492a4cf2927bc69aca9e1e5b40664f86

    SHA1

    19eb65e9b1a2e30447b540c55fea1d646be6392f

    SHA256

    f531be4042a4236623edffaacf1a3df8ad5aae5241bfeab669347894e5b775a1

    SHA512

    dce7928484b26fcfcefef5bc4806484e10174c0b89a83e592418ca779250223984cff8589b4a41bba9963fd4bb8696a2805a774d7751a036cb13dfb942ecdc80

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b94ed2e5d4e203a8853e696340ecfe5

    SHA1

    94130e52421096dd63073917dc1635758ee0f59d

    SHA256

    d2997637781c121170a3c94913bfaf0069406164952bd373c7391d94e9a26340

    SHA512

    47dd81de50dbff0bfd55b5b0925a16b8ce9ba6f6464b18e394336853ab1653f611649e1c0bbbf68af48c4a69514dff8e833b3a990a5850f8a1af552a8aab9c22

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab51BB.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar522C.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit