Overview

overview

7

Static

static

3

85d6536e27...18.exe

windows7-x64

3

85d6536e27...18.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

3

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

7

$TEMP/remote.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$TEMP/sobar.exe

windows7-x64

3

$TEMP/sobar.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    10-08-2024 11:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $DESKTOP/Internat Exp1orer.lnk

  • Size

    1KB

  • MD5

    9ffaab5f197ee38cf1fe65e19d4bb217

  • SHA1

    39ee57d785cb31b75fe79879ab5dfed14eb1a28e

  • SHA256

    6a1bfc7b4d0b3c749f9a5737f7f0253c634bdd62fe812948807c6beae039ecca

  • SHA512

    eaa04c6437eac713912a81b2e11f97cfdc38d5d5bb459d7f4ae94d140b2bd4d74685cda43697f00b6803b1b58da3bef78ca3d9d6a4b9f5e4278ff2451aee512b

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\$DESKTOP\Internat Exp1orer.lnk"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1948
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.113w.com/?waga
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2784
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2944

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6689613eaf0cff2c710efc66122b5be5

    SHA1

    5f25cc62c7d7a9168a4895f8e850625545d343be

    SHA256

    4cbecd9f5e206f234dfe6f8550cdab87e2483097ed4a79be26b77e529471abf6

    SHA512

    f56f17d37eb2b621d472925ba223ca74a43a6465f3ef25238d462323ec8e6b26a9429be629e46dfab581a5e2fa4f0a9b9a1f84f1ed23f704f4ece5f01ffa129b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ade3f79198c5875d04953775293b42aa

    SHA1

    7e475cc3e6150f6e7c26af581f8d54e7c28001d7

    SHA256

    878c22fc44320e92dc6271da23a87150861222ccb2abdb2292c78bb36dcbb83d

    SHA512

    5bba826e9695551bfa78bc1c5ad64db7c9f80c8e02ee4f6c440eebc6a8238d38dd114884b0d601186c45ca150829ffdaad09b15337cc2bf2ce30a7f7b1cd5f10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    37563c596f3ed708d6bffbd6046e6993

    SHA1

    105d5f15118030690f031c49616a8e842b861b0c

    SHA256

    e9e197dc081e73713a8799f9e68e09f1b7d49ff8be2f97ed22cea96b1abc6603

    SHA512

    95f5293c0885bb63ae3c043cd262dbd7d60282320afbb989e3c5e301d2e0684f85b857213c5e01bedb7d342256ee24a14df38a340e3315b028ae976b8a7b207a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2bc55b3967c841546b2d377b2241bbf1

    SHA1

    5f9f49652da6da372204fb1f14b301eb610433fe

    SHA256

    b585fa67ead8f08f958fafb6f7f4a110a45a4ed5052b9bc3a0f016469080999d

    SHA512

    433715aa503c3c87febbb70a5819323d07fcd294bebeb87d7e8b6aea59ae42ecb93b22fa9596534fcd771dd2c0ad68be5abdf81b847839444f5e7ba596033ee2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    161cd28c8d7754d539aa51e93f480262

    SHA1

    2f237c97e0fdf6f816c0ed3cc2b9c4a23ea83568

    SHA256

    a913caa975da8c18d8ed5637763e8d807649c494a0d7448811f02b229b83c5c8

    SHA512

    698c4c30c62d7ab7be4ef0c98f25c4a5d41606f5b975fb969e71aef68fd4f6bcde7a5a5aeae8ff948cdd592267be8a4d819724043a3bd36681c93b1160f09997

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d8c1dcac2cd793326e6df129f7b6358e

    SHA1

    746bebbca2247c4dea0793bf42dac59c283a722b

    SHA256

    0c36f07d3d7329e7701a65383b52c92beccb2bbd0f7b8c6fe75e98949a3f83a9

    SHA512

    02fc8c7dc13f5d50bda52d1b801a1ae3b32f9591a28e223f925923a81a2f5574e00e941be3c7b3720edc5534501c61083e3e0dbbd118b1b793809a401d1c50d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    804db3b16f83960e8ab78f574afb4c1d

    SHA1

    660ae3828c0a641532795f1b5c0278d30c939658

    SHA256

    00f443aff738dee792d17c2163c8f79298aa05d0a3a059bb6d227d51841ba1ff

    SHA512

    9ad2b1631c2c4e27a0198b02be6a34084cb96cf9c841ad5c768ecd24af0fc96d8f5dfde9c797f1d96e3489ad741171d7511afb1250c3160ea39b6e9d88b7ca28

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    14b8c89832cafcd1c1c72afe23232d7b

    SHA1

    e2f28d9b9e0126183840925bb695d421a7bee005

    SHA256

    528cbb687088562066071dda5e28e51b5ed39cd7682dfdaae5152550e664ae1f

    SHA512

    8571ac57058e060b44cf004182fd99cebe5c2fafece3fc253a46d1333b8d81d017eae74c155ae88b5e4f2549c4e4aca25dcf5100c66a5ac99803a333887ec88b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6dec581632967a53860430398acee7ba

    SHA1

    240c9b6b73ad967d7118e2766b9bba436afbbfeb

    SHA256

    32175af920b8e7ed8b00fc5840d6b6bd6780810701c1f39ea0b226dc15b28f62

    SHA512

    1ef0226fe9572e52b877bdacc17f817f318e0e0277c5ad4850b50b6da3236f426001479185a2a6c9c708bf1508f01ad413042842a2e42b56006a95f54b9c0b6f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a8d4802fb4e7e26da0b6ca532252e8e4

    SHA1

    6f9e5b48424b2c6eff896ca146757801943d53fb

    SHA256

    8499385b5cf42c0491196eb8c5e2beb716091224ae64825a08de9bbbfd2b4951

    SHA512

    f6bbbe2e01501e26c1d4c3ced4b87758700a3438a63feb38e564bfaaf7c4203afb4f61cbdac000e7a56099cbfe2bde58b182b3aa5746f7ad4533133a467fa22e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    82aae79bdebb5f71817d2c9ade8ea216

    SHA1

    8062f6ff456188ef219ed0465d2cb061e30a6769

    SHA256

    5a27e9e3ea01b2fd5b9251dd880fe885fa3b285bcc0c19e020f588c0516271e4

    SHA512

    1fdc90c0f0151438b052c49eea76bbf1e6aba78b1a0ec2888674266a865a23d1f9fbaaa335d1f0df9ec6f1458b2b4a92ee937a86cb9e25403c9b46a918a709e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    417c25a093ef6769a956af44c4b2d94e

    SHA1

    9ad344d8be7c2f2b33f86545592361f128e9e29b

    SHA256

    49764ed56eb9280015906c6b4a99df309150494ba818f56c70d83c7dc6783b22

    SHA512

    04bc9de42f88c447f1208bc0fb82f4d58d5af42a158b9baf3d7974105755964cafb98a89589cde1316f019c2f2c0289e0e903a85b5a974a672d4c03aa6a724c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    72fcde141a4f0d348b904abfaa23ccd5

    SHA1

    f7cdd734cf1ceea8cbd0640b3eeebf44243e470d

    SHA256

    b76c57874fc424dddb86a271620d1161b218ae721997d1003593f7010ef95de8

    SHA512

    5266b03122168ee4d6422d895a9e809ecdc1863b18235eb0d76ca5ac6753a4a739af529b99aceabdcdcc0c5323b2e9e10b9026aef7aa5f1eeedb63839c6f4706

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    071727a6dc1ec32850e424157d300ae6

    SHA1

    21a9ae0a0b51cfb05677bc1fefd7438a1c1ca4d8

    SHA256

    c784a94b2b2adfcdacd8b4f84a4546d420df96807cfac4f7a5b2ead58aa836ba

    SHA512

    8082c9f02b768f3befeaae9c3a812a9faa761ffc5106d23288d60ee865db504cbcf3e41c9edc0b53893d0b1196b8b981c6030ba38ea9667b68f26af9cf7a17c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    356b06a527474e79a7b954827259d541

    SHA1

    754dd7d8c037481636825ba6ddf05247586add84

    SHA256

    a0eaf50ad749a6a597a67f267e51a6947efd67e384d6e7a2e25dd308f8641ec0

    SHA512

    3f22920d085f987d5a7e813855c01134da0d84c811afeb916c3c45b38f4974cd60dd0e8db7baebb44eea2f0b12a983713deaf128aafc8907c26ab5adaa4109dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ee0e5b1c708a2745c684448da950a50

    SHA1

    f0ff9966c9228621beccad10bbe10b3023f21e37

    SHA256

    0956d0a4a15b204245a29a127872a9e08614bb4311ee6ad294f36eb8b2a3ebcf

    SHA512

    75bac4486ac53062657751bbdcc7e6db16382d8c87ca645af90cab1a0e3f6075890f85514f9258fddebf0f73626d3a87f4acd71d67f68961398590942342f986

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    36239633e3ded10448445c3999e7daaf

    SHA1

    6c21f7db29e16f454d51f8e8ed06fe8275d9ecf0

    SHA256

    2af587d8b587a1ab042d06447f91fcf9c773225ff6004a0ab3152d973a79662f

    SHA512

    c034352b103c75bf7e42335a24e8a01b68bbf7fb97230aaed8ecf99dca348b903ace5017f2225358bd0e6e51b465858686fd2e9b286cabc5412d939ac5c0ca6f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    909c5e8468757c690c172565eab33660

    SHA1

    fc58f4b95fb60b5ffb486879b7ee17aa7eb9b59b

    SHA256

    cf28dd92e1d7ebc95d9c6df34a4f59c595e44f1d880a7d7495d41e3289a65413

    SHA512

    75dbd630486f29c39933b8df5b08b2da839005cbd088d742f5de6a3ee5178ff762a2d4caa45bad92aa5e8142d22603be3b26767303ab41475abab28bdf4e5c21

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE0BF.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE160.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit