Overview

overview

3

Static

static

3

95d7253a90...18.exe

windows7-x64

3

95d7253a90...18.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

3

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

3

$TEMP/remote.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    139s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    14/08/2024, 11:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    $SMPROGRAMS/Internat Exp1orer.lnk

  • Size

    1KB

  • MD5

    9ffaab5f197ee38cf1fe65e19d4bb217

  • SHA1

    39ee57d785cb31b75fe79879ab5dfed14eb1a28e

  • SHA256

    6a1bfc7b4d0b3c749f9a5737f7f0253c634bdd62fe812948807c6beae039ecca

  • SHA512

    eaa04c6437eac713912a81b2e11f97cfdc38d5d5bb459d7f4ae94d140b2bd4d74685cda43697f00b6803b1b58da3bef78ca3d9d6a4b9f5e4278ff2451aee512b

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\$SMPROGRAMS\Internat Exp1orer.lnk"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1944
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.113w.com/?waga
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3040
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3040 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2104

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    50d03f5339f7f33a2f8730cec73bc2b6

    SHA1

    ef7b56b2e8ba169ac0af76b17bee1686105b9607

    SHA256

    e74fa2f7728ee8721733ef1323b90772dea40efd395231263953bdaf9e9d57d6

    SHA512

    43d0616e635aca8668094f56188c469c79eded029eedf19e4a3086ca64cd772d31ba4c8ea3a545dc4a4e621768de334c776f7c6c35593a61faf3aabf24269550

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    59acca5262f0fb17c5fdc73c33b4a143

    SHA1

    a1e315d7f7dc50949a9a5cce40a7bdcac2cbd567

    SHA256

    71fa87b184c677a94beea02ae50f7cb11ca99d60b55561e02cca0057d1279b6c

    SHA512

    0dd994840252cd5b4eeea68c300418ad429fcf763fd85a2315ca82328b71d6c48a698d7dde0c3eb3b87707d1286c73896cddfe369f69ecefde2c2e399646ef47

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    126fea2ab5ad25f2787bdb3568b75b91

    SHA1

    3aa23a014d1361f3b538c6e547ceb97e80bfc1bc

    SHA256

    34045a797a84c9b1415545844aaaaf377ccb97ace8cad388aa3faa70659b0a73

    SHA512

    180ed209bf41d4478d2f03a4141152581466ff9eea5cd5e8eceec95c3c7cf3c5fbf2872833aee2eff43fb4f8026785263e3bbd141fb0682453940cd4c60be918

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e38e30ef0298a8424f1027e8acc1f4c6

    SHA1

    a48beb8428f86234ebdc4940865d8303926904ee

    SHA256

    f5a26bdea9bb93a65a152061b99d27685e6dc22c59d45e8d5a85527afaad8cbb

    SHA512

    d1c2be1d6177b969d5d42dadbb6d77b4da48515059c018a523facfa59f1c0121c2c292243b24d8af736dedc33f3beb06e6c09860d185f94bf8e6d5149d18a7f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bd1e4f2e232d25f7e1f1803dd71529cd

    SHA1

    e8effb6f881930a7b9caf1eea4d3e9cd41c54df5

    SHA256

    579ac594952e8e3892761b84401693fca73f7c017c8f9b336d5e7c652aa3e10b

    SHA512

    d03dfb0564f0ce7d9e364315cc2a1998599317309b3fea9d425f8aa1bf6a3f5712c2621a562895469ea44f2b03438f49753ebeef51bb3de837e6611136297fa3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    34eb1df3dd85ea95a6caab51650872b5

    SHA1

    0b74a486b6d98653dc8e619a6641fe96da59175c

    SHA256

    ab9a66411ac6dce3f9bbba8afa94c344a425f73ea1090ed061f524255e847b21

    SHA512

    42e3c69e1e37589ae23d69d8e3a88ffe2f94dc8b83457e5946334bfa7eacdbd0b72c800761c58a1749d9b2cf7411b33596e71809308be1e9fc6378938ca79604

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dfdf7420c625fa4483adf183be7e757b

    SHA1

    761921078d504b342ebe4c96fa99796e6d9a51f5

    SHA256

    ebf3a8c8d2ec59ea25d20e879e225041f5001fc182d2c918f2dad010a795941d

    SHA512

    03745957e32293d5382da9bd38d42b6f01ee4172ba5bd432cecd172f21610661d47e374f00d0f2976eaf238f5745772cfedcb986c0b0d8960c297f948faa2261

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    763dd35db41159acffffee805f291eff

    SHA1

    e9f3949f34bfb514d3323ad3e090a292181f3393

    SHA256

    23c9561df86215430c352695f58933d5c179638e2b69b5ae25d9bb2020f06077

    SHA512

    b2af02b8fa459acbfbb8bdf1447871b1447fab954e76cd0aa602a560cf244f1ca930eaec9979518229f765b2fba16d8fe31293c38aff6477b4557c0530ed8481

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cb0ada066705c96dbf1e17e61090181e

    SHA1

    b1babf4b6b9ec3c77300a489a519fd4054dbe6cf

    SHA256

    5c1802e64373472b5e0b072b1dffd2206091313d421ba1d33da4ffe7e666b1c1

    SHA512

    17bd0b508280859974a1cf2313d5ca5dbb02d76ad05fd48478bbb089e29716c2ec5e4417a9a4134a9f2be678dd3b91aea0c0ac69cd025e59525b6ca02ddd33e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6cf83e31fbe4081aac38598c21f4e82

    SHA1

    6ce4a74c4bba29424f2c8d92414eeb8872a2d728

    SHA256

    5d97b2ed93eceb42d4aaef737221281e6f7a19bcfaf4bb0c7209ae0b3e0c0945

    SHA512

    a746cffd44a0ac5348f6da1715ae676c297f4008e29bc8d115c3ca2d3c94e24442befc1c64e6b880cb9e52536c464ba1037d7345ac36b5cf57f89805c974b849

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab56BB.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5D53.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit