Overview

overview

7

Static

static

3

5a6f5ade9b...18.exe

windows7-x64

3

5a6f5ade9b...18.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

1

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

7

$TEMP/remote.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$TEMP/sobar.exe

windows7-x64

3

$TEMP/sobar.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    19/07/2024, 04:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    $FAVORITES/Ա.lnk

  • Size

    1KB

  • MD5

    62d588bdb74e4e2e5d1689fa9272ce39

  • SHA1

    9d0db515d8f65e57353381d707060f7343a74da7

  • SHA256

    248402dd02a096f9721d61fe867fac5cacf4dc9001fa2aa6a50a59f7405606ef

  • SHA512

    cbb47f7e4227177ad39a1c914e00e0ca13209fe0839d13819299ad203572b69026c541d71c5101e4cdddbcf7786c6adf339af3e4b0aab65cb188614f646a893e

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$FAVORITES\Ա.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2064
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.mai520.com/?taobao
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2076
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2076 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2308

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          868e53cbcac34a5ff4ea7ffc5a805831

          SHA1

          ee377d2483eb9b2b8c563ff63bf6245dfa7e2ecf

          SHA256

          677c67cf858e206ac8bc062c5fc079c9957e377dba43b125f1eb7150e04efa80

          SHA512

          75023d231308ec067d48f99347f9c6f3f22267fd7d58132bd87d8341a490fdc08dcf1109c786147f57538d40f33e627f167d58a48c3dbe4f7f86c839a4a6cc9d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          51c4b3317ce7266f880ea4d93d36c600

          SHA1

          da9932f59fd0421c50050f69e5d91b2874d88293

          SHA256

          9e17a43baa5bb173e897808403ad0ed0aab7295f23b21610e18151c7315b1e2a

          SHA512

          6556128a3e52976243abf9da22438ae53d1a648f65b77c6f506bea3ba0838500d7d4c8ae3cffe72dce60397a3c24842c351099a4ccb4e38dfe5a64c2399de08d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          112e9b8e32813bb591a53fded5b35801

          SHA1

          2ef044be7987b904628d88937d0d06eefd9c6574

          SHA256

          38003d8b848346f9060b4155da69de8ffba56ae413fedcf7f59812e8d8629495

          SHA512

          aa38741e729cebd279c2baebb102f4c5f97c15df3031e8bf3d60142ba044e420a3d0b5d652e96f1c87422b409dfc66d664b8765dceaaa3381e36b69dc8a618a7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9bbf167abc4e477ec4ab108d236ba888

          SHA1

          5bce4face37bf1e4bc91f00078d7856d4060f3e9

          SHA256

          1c9d8949cc58829bac860e7dfb4f9373ce7774238f62bed1269684449c50d4b9

          SHA512

          9d63038bad3504015a4e1a6117e39fadcd3008b303e4d428d9607bd61463f0c82b4dcb1c7445618182c4e7b4731bbd0620283e66de73414d8eee30715cc29f5f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d84d04a393e769d0ceb5a38bee5d890b

          SHA1

          31823e65c05e6284a5636f5f9ca7961b2e939fac

          SHA256

          0618b162754ddf194f6a76cee0a626f9a51364b932b0ea7494d17de5963b31e3

          SHA512

          aa41329e3d96a1272586a447388f884e3285fe024e1d5c559020cbe44357b36ca692ba91bb61107075fd5d0b4284f5c41e5ffaf2aaf11fdfedde5b9423d666bf

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7f485a900cf4ddfc9f3d949bc0bdf13f

          SHA1

          69240e38aae08052246dc584b3a102d30d71a858

          SHA256

          8336d160e298c8069396d6a6e7e231600e2d47d26fcafbffa21d2e1ff3e1cf19

          SHA512

          c67e603ab841cace332cb6a7f35f89e60802d314dacf4290cf7514a1be56f401b833b8e42cb8d80eb7ad37d44fad9eb3d853a3321761890ba7e5359104c146e2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          058a44e5b7a336ba4d65184127bac9eb

          SHA1

          744a0c6637d1aa3483a9185f09b5ae2ebe2f0c3f

          SHA256

          a80d1bc850506299f4380c309bd810a58bc8ca86b682c04c88a70a7a5bb92866

          SHA512

          3ed4a7de1a74416dbdca7f8fd3e3dab40cb0b830ef8e27dfc2bc342a0f3510f33d969a1304768c83ae1854af66dc6ef3298bd4c7dedcb33ce3ef8148709e2f5a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          68e064ab977b3802e89bf355a355eb09

          SHA1

          38d1ad73467b0658f298dfe31222ebda745b1fc8

          SHA256

          145c22950e7901827e0f7e987a9dfe29f0ae267bcfb0ee92420c6adf4a2343ad

          SHA512

          d06e01ae2bc470918d5c3456307279eaef826f2141e4a7b107d72100f11b6ca4164923914da0885aaee41660064b5f7fa162e66accf09ce580bf3af4c0fb86c7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c1e46ceafd1a2270cdaf08c807b4e6b3

          SHA1

          b94f1290eed114a4119e256fb02a9dc1d85090a1

          SHA256

          1f3b58439ca1b32726eb267933cf467cb526469bdc5ea8f82769f485053bae70

          SHA512

          67e8aaa3c55716325575a0b5b6b851673c9422a425d03c6d29f004e052fa718aedf5c23fb3d963c1a23c5f58c95d3214a39776fa8a69f2cfca9630e2b62a54ae

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f6eb15e6999cd8dd389e8c223cd50f3a

          SHA1

          2e2b257fac6b67d5f4e6f6feee48907f74c4661c

          SHA256

          1bac88e1d056d9237e80af72a64597cf38010d1268aa621cade14eefb087bde1

          SHA512

          150affef159922e5dee4731866a520404419c6476564fb50b812da3ae88de8736ca3c83933e36a4c12254a7dc6a25f016d530add9c7ec049837d065dc92ffc42

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          410e0609a971dec241855ceb292dd058

          SHA1

          f4f8decaba4f7aee2f75cded08034f7d08e115b5

          SHA256

          4ec2bb2964d38a86fb4b6e3b733b6ac486fb105291f46bf09eb63b231cff395f

          SHA512

          d067bc7883ead8b32598f9c2b6a6fc98a0fde6ea2edcef52f1e2c03cb6bab18072071e63c2c6fa875bace4633310a790fb9c766d9b30e51a81df3b80dd4d5388

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4aac84294155aba42c037f03cd07c466

          SHA1

          d838423ac9c2cbb1bd8178152406c1cfdfd1d27f

          SHA256

          8a3c6bf0330d998006503865e8e9f329c25d8e021ed36a91a0294f799013b177

          SHA512

          548128f5ad19f2991216e5ac3df2ed1c345d59096cb9ea23262c357317d24dfce1c9d802018abce535a631d55f6ef695f1ac61236397cd4047933bb61bd13a23

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          151b0d904eb71a76d16c3744cca1d9a3

          SHA1

          cec91c7f0c12fd5ba8141fd9eacf2acda16ad638

          SHA256

          1a48341fe9008bff96efc184c7404a178a24bec9b97496e09b1b5791590df3b6

          SHA512

          fb6a9df2bfd4eec6f32fc7e8b0a4b9aef753b4ef35c6cb129972a896d392189b0655cb1743d2adfee79325557f91df4c76fb051a4aae797ce75e7bed3e7b51bb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          eba48de49b5028ce0704090cdc27426d

          SHA1

          94387b23ddbbf33048f2494b9ea33c9bbcb891b1

          SHA256

          36f6a607a196352d2d381df10fc3af0725a9815357c71de98242bba41e70e302

          SHA512

          1ed350b0c1d30419056f395fd8bdc648dbaf3205f9a3606bf838fb5e90800dabead2fa3ee4fec10e82436fc4f0421b353b5779b844c90e5ff660487b401e5533

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          6bb17e009cc1f2ef6dbbdc9c6c681bb2

          SHA1

          152cafed8ab357c24a7601630da4e7bd20da4ef9

          SHA256

          87946f143e66c61aac973ed429559c19e5c8c6d0a51830c0830b91ad1afa3460

          SHA512

          68c8557108587ad280b909bbfff4481d3eede82b4bd176e680938516f65fd47066a73027b5ba1814b92459476292090a271f9e4071bbdd8817be4ac622d75ed9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f4fefc434874d1ca6e239220272eade6

          SHA1

          8034bfb0b2d71b078a5ea8708943b58b3dc9ecf0

          SHA256

          c0c6b9db9b50cce8d48f0b365ce1f426118366e20573e9d3c2d02dacf24cd4d6

          SHA512

          5694a9d5b9a8a2de76c0e6094e46cda695d41073d906446cb4ac945cf9c62d9cacca983f9627ce98a9298cb23ebdc0a0239678110cd020506a621f68c8dfb5d4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b873ecdc999c080c68c9b0ad2f8d2896

          SHA1

          de4df8208b0a41f35b7711bfa075df63417f4212

          SHA256

          c85f3e770d558ea1f0fad91d112ea20e408b4cb75e34ae7d512bc637fad3ce0a

          SHA512

          3ca8c76b61a1eb10adf96b0c05c5b2875a9a2a9cfb7fd84219fbb56da0154b36a2aefd55d3c68800f9691aba5e71fdbcc812577a7c87a60be414c84e935a994b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          cd554b26f8ca0cdbec0057eac2bc4fe8

          SHA1

          f462338dff22c3cf2b510891f3932d2c2b015cd0

          SHA256

          a98c975013660b7e28cd440e110df532655d1b355fca53af98c1c7674b2fd58c

          SHA512

          786ec42445cd1db2a20e14d92c56d9f84c0d4db905daf7657850c4ca3bcfd86ec8aa7d2fe05922b81138121bb9a9c38218a4749b0c826b63e0726d0d7054a464

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab8E2E.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar8EAF.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit