Overview
overview
7Static
static
3BorisFX Sa...re.dll
windows7-x64
1BorisFX Sa...re.dll
windows10-2004-x64
1BorisFX Sa...up.exe
windows7-x64
7BorisFX Sa...up.exe
windows10-2004-x64
7BorisFX Sa...64.lnk
windows7-x64
3BorisFX Sa...64.lnk
windows10-2004-x64
3BorisFX Sa...64.lnk
windows7-x64
3BorisFX Sa...64.lnk
windows10-2004-x64
3Analysis
-
max time kernel
121s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
23-07-2024 23:41
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
BorisFX Sapphire OFX/File/Sapphire.dll
Resource
win7-20240708-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
BorisFX Sapphire OFX/File/Sapphire.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral3
Sample
BorisFX Sapphire OFX/Setup.exe
Resource
win7-20240704-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral4
Sample
BorisFX Sapphire OFX/Setup.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral5
Sample
BorisFX Sapphire OFX/Win64.lnk
Resource
win7-20240704-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral6
Sample
BorisFX Sapphire OFX/Win64.lnk
Resource
win10v2004-20240709-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral7
Sample
BorisFX Sapphire OFX/lib64.lnk
Resource
win7-20240705-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral8
Sample
BorisFX Sapphire OFX/lib64.lnk
Resource
win10v2004-20240704-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
BorisFX Sapphire OFX/lib64.lnk
-
Size
1KB
-
MD5
ece77d126cc9026316e2cba71fa19389
-
SHA1
3c99bfcb66acf5f02a7cb8da2bf3b413a5adf1e6
-
SHA256
f8cf1265fde57643ff0d84dfba2f4cd2fadb53a65fa6e8176e41f6f4d9a32039
-
SHA512
92a3b40a08304be74d304bc8cf21866d0c395e9e920d3d14e081fcab20749aaaf52767c584a2e87eaede56577998892509d5fca38bf1704d9654087221f2b8cc
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 30 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 8c00310000000000ca52a101110050524f4752417e310000740009000400efbe874fdb49ca52d22d2e0000003c0000000000010000000000000000004a00000000007faca900500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000 cmd.exe Key created \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000 cmd.exe Key created \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 6000310000000000c35230bc10005341505048497e310000480009000400efbec152912aca52b2322e000000b0d8010000000f0000000000000000000000000000001ad98400530061007000700068006900720065004f0046005800000018000000 cmd.exe Key created \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_Classes\Local Settings cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff cmd.exe Key created \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell cmd.exe Key created \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 cmd.exe Key created \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 cmd.exe Key created \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\MRUListEx = ffffffff cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 = 5000310000000000c35221bc10006c69623634003c0009000400efbec152c52aca52b2322e000000e2ce0200000002000000000000000000000000000000981d3f006c006900620036003400000014000000 cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = 00000000ffffffff cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 cmd.exe Set value (str) \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" cmd.exe Key created \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 5600310000000000c152912a100047656e4172747300400009000400efbec152912aca52b3322e00000021c3010000000f000000000000000000000000000000d9f07100470065006e004100720074007300000016000000 cmd.exe Set value (int) \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\NodeSlot = "1" cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff cmd.exe Key created \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 cmd.exe Set value (data) \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 cmd.exe Key created \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 cmd.exe Key created \REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 cmd.exe