Overview

overview

7

Static

static

3

663df3aec0...18.exe

windows7-x64

3

663df3aec0...18.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

3

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

7

$TEMP/remote.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$TEMP/sobar.exe

windows7-x64

3

$TEMP/sobar.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    23-07-2024 05:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $SMPROGRAMS/Internat Exp1orer.lnk

  • Size

    1KB

  • MD5

    9ffaab5f197ee38cf1fe65e19d4bb217

  • SHA1

    39ee57d785cb31b75fe79879ab5dfed14eb1a28e

  • SHA256

    6a1bfc7b4d0b3c749f9a5737f7f0253c634bdd62fe812948807c6beae039ecca

  • SHA512

    eaa04c6437eac713912a81b2e11f97cfdc38d5d5bb459d7f4ae94d140b2bd4d74685cda43697f00b6803b1b58da3bef78ca3d9d6a4b9f5e4278ff2451aee512b

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\$SMPROGRAMS\Internat Exp1orer.lnk"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2812
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.113w.com/?waga
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2632
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2632 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2612

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4dd66df2a72c7de051c30e157fd71c27

    SHA1

    48de2602a5c30e43bfba06d92580d2b90c845b91

    SHA256

    f7ba7e19e6777eb9c242150753b08233e22436d3b563bee8f3e126a052282e3d

    SHA512

    c6cf4cf4661ac1d37dcbf1cf45a150b721117af1242736209f3d58c147f8af60f85125edbd374f6f40ce0ec45829f24b09062803854a19baa53d82bf6e02d205

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7eb375e1dcfbee85f1a70adc2c89cb55

    SHA1

    55d6d36b0cbd2d1505e37787668f8cf663dab6c9

    SHA256

    a87f081b31e08b5fbb04a9abc18d8cef0cfa5a43fe4e5bd30bf1c6a0d63070f4

    SHA512

    fdabc90a84af501be69183c285e0a2c49030532dc5b2d00fea0d99e14d843a27cf9355e7a813a565680cbaefefc3831d6b6f675314e3b8c470b55b13719d2606

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e3a6e0fdac2a43babcab7a3904b1f933

    SHA1

    654a457615f628b9e50fe496e669ab3381f12811

    SHA256

    abdaa1204819135164d79b5bf4c6f7d2b30bf567388e73493fd7573b5a5b6910

    SHA512

    1dde7c1debfd533eee043dc659cdbee8dcaf78c63fbe54ee2b8731c26a8668cc20bb369080b16b1e43d68c3e4846362575b50f8714d888b6f7978056fe754a15

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c1e8ccf1e48feac4e9d26a1749043b6e

    SHA1

    af0997be2bde7f2f9b7507864ee9c936387765f3

    SHA256

    51a2b87776c045e76fc1e39ef7ce16752e4778330d0babb6cf09fea19b2d4b7b

    SHA512

    385b1b700b9cf321ed46026c27e316bdafd4a155e93f6c77f0c639fc9c7de81c6ebdcd55e7b4094571a250b7b5754dc03dbd999e938cea1fd553577613ec0db4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b1eb36b99a6875189ec54a5cc771cd42

    SHA1

    b4d49459a47ce9a6768010a692122aab6499c8f9

    SHA256

    27e4e7f0167cbb07902b69b7112a7eb4a23c90bcaced039184c8cb9f79c185fa

    SHA512

    e3e2e91a7312ba58284d49bb598d1ed37ca665e5173bbc46b25156827f22e39b61681382b42854bcc3f2e55e646a4bef30cbcc847e1e0fdc360ed2fb59ddb584

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    65ef65a6f2b08068842639bfbc92966e

    SHA1

    df888565f5a9c1c81ffe22574618ad2164d9125d

    SHA256

    98d362a6e12f65c96c1be2c0c9dac2752642fc406591f711d7fd39182aeace67

    SHA512

    502ba87ab55ab4e27beb596ac59265c0f187dcb840f3fc1d85d4f85dc8052098fe6e54109615bb4d84a702958bf5bb22104d9eb5630f2b4030f9369b096468d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5e79ab3f892ec54b6da19f7850ab8c24

    SHA1

    82ca67d335d8bfc88618a103b25f25f844adb24a

    SHA256

    0baa418002ce616286d6af8e39227b0738e9ee2e0092326d8d03da948fb1dc55

    SHA512

    3579b7198ced196d302f9027aff33ff2abd680417657a0bd2cf359c03d00fbaae62b2a53870879a1667764df5d11c8fd3ff393f0e6f13a2c98382a92234d12f9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a1a93a6648b6e4a2da628338ac1f5eb2

    SHA1

    c39c57cfaeae7a0c8763f8dd4a06381015aa7b68

    SHA256

    466aeaa892ba7d2cf5fd0b5b3157d52babfb537b607390a56d26cb34c87f87bd

    SHA512

    5af2756fd67a43be3d0afab672771a42d6355f225cf75480c5943ebb777067a3a516fe4401aae5e9a09a8db0fa6f45721858a8ae6e9407d1d9297fff1918e563

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fd1dc421c68b72cc2dfb3e6a78d0863a

    SHA1

    824f1c873f5d079c3e61705fe61d53712d217004

    SHA256

    02461efac80c2ad43fc6fa2d9ded470e002265b2121270272e9985193d45d2db

    SHA512

    3c3e2d7a6c79245693eeb548954246080b3e2204b31f49382d4ac7a28e67a781ea01b9344ccb52712a39e6b398727e180a1a352b5a2e4420b88616c538723bce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b3eb05b26debe5d0d8036421012798c

    SHA1

    9367847c19e637d4836f143f129aa4f5ea30ce63

    SHA256

    09e349dc6902002ef3a53afe40ae93f1cce269fc6c64abdfdb5efa359ca00a87

    SHA512

    471002cd30a2a6f007abddabf5d98b8d7ad4ca829caef0a881df4b251f2cd49f59af3a9195ae232b0510eb4bb02847be3d396106c4047b67719689cc533f0b0f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c1988c4cf9492d27db95dc4c2fa816e6

    SHA1

    453c35e85321a2e5d417b84290c62c4932a87f2e

    SHA256

    71184b1fbe6c3cf75c31ff776f701ee01b682bd8d059c8ab234f2a6f1aa5efe9

    SHA512

    35a5f43bb18926a6eb3f36d2061a8892f6157aab1ac959df491584c868d901a99fe96d7d5022fc42c7d202e40d90d60587d2d7b5ed6bb446db8f8286e5bba91f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9d27597711f1bcf9996c45aa1db44c6f

    SHA1

    bd80f77af85a37aef12d73bcd4d443e3f167ded0

    SHA256

    919a79fbe96a44522dcbf8ce5dd1249de2c62751ccccd99d05fb4f440f0cdd2c

    SHA512

    6a80aeed6a7e45fd9128716f9c169dfc1b1f1fa7c923383c4611d020aa67acde32e07ef34084705029fe6ff3317a60b1ff3f29a10f583950260ee4037da47086

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8ec63937d3a484a7bd22460f73a50ab8

    SHA1

    070895b3c98c093f0b7fe91cff80f3d12e5db72a

    SHA256

    262c35fb7cc0ca38a2f76fad65035ba02bd287b194f0874c52f11a3f257ad305

    SHA512

    813416939d35161aed55624df9d885ed375bda76bf8b6e07989a6f553f5bb81d40bb632933ec63c3e0fb46b694e3902d97572a6af1c5f837af05ffe600d3bed1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6904ec897b20fcd688f9ecb972419793

    SHA1

    9f648fac41522f2a633f7c016d1b9d5076f8c1de

    SHA256

    c9f8365dd899267ff96ad02ca9deb3420fe6082cf1415e93797d99b0f29a0fcf

    SHA512

    8828772dbd285b68c12630ba7fb35a3a304538adaf0ea609debdf5167a1a781a1f1f9c3f9dbd98737fde89c6d491ffccb5b62d6a042d68bbc0c06a79a07cfcb5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7433bb3f4a6d775e35c1c4344f456008

    SHA1

    a9e96d9c7af7ccd08cb5430800933d2a882e9d43

    SHA256

    b77a03fe4485ebf80ddd4f85b02a5fcead7556a457f3b6bc3cf0c2fe8aac1f11

    SHA512

    f26b4882053e44077c55a0b6e37f110bb99002aa40a87bd8848eee695575fc16e392b971ab0cd3a09058dd4e984b112133a0d359161a27cf91df66ca6af4c21a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d6481eb6560d7998997d3606f86fac1c

    SHA1

    1bc5c7f93de29beefb29eeb4eb5f9b1bcf1072a9

    SHA256

    52ccfbc7ec1683cad27b22c34c0a2f8cf6cf116a374558712321b36e5a6302fd

    SHA512

    1d9966a1f7477f17a84d21ecdc931196a3762c5a8389c9a5cf1780016f054e6403fe9653b926ac4952691da9776d221738826caeaa9399827b4e4c8d6d17f082

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e32dacc3a2656443e86d182691503774

    SHA1

    991f2e533b437b6a74c2c9e66f9a49ce3691955e

    SHA256

    36655665a4c86fe9d62238211ad651c9636130bbfa7dc8598cf69d460a87ae8f

    SHA512

    de3775f5f4093cdb656d23c472ed313d7079f9e610d250c1aac292db3d34a4cf1a929e8711820173b17acba4f8eb247c3a4726c1bdfc655b457b8e56fb033312

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    14aba662775773d06f8bc5d5edcda592

    SHA1

    7da63f633728fd671efb3de94ef39979b0044f7a

    SHA256

    4a7aa8cd4e4ad8a529a705134f21e3c4a963f816021cef9a6646a54f0c115e46

    SHA512

    7caf9d888ce3ef5f9c41ad31cb2952f3bab1ff2e29607a578de96ac614f64182973996030259d3b08ed951ad2ddb37e634807731851177b054dfaad2c2e9b2d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    93548ad396c5037b0451dd7fa598d126

    SHA1

    0309f4896201e975367fb9549ef149bdfd66eeef

    SHA256

    617521cdc707a16799cfb8a710545e35ceac2e6ef5b3814c8a45ac042c5f5e7e

    SHA512

    677600c1057559b4d2e7a23f230913d0281a7f51af3892b8e70deea59711325b05837fdf6b1b69a7459c0810c5a8c5bc36205f9fa4a23bcbabe1b2ac1cf0766b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabAEF7.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarAF68.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit