Overview

overview

3

Static

static

3

95d7253a90...18.exe

windows7-x64

3

95d7253a90...18.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

3

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

3

$TEMP/remote.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    133s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    14/08/2024, 11:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    $STARTMENU/Internat Exp1orer.lnk

  • Size

    1KB

  • MD5

    9ffaab5f197ee38cf1fe65e19d4bb217

  • SHA1

    39ee57d785cb31b75fe79879ab5dfed14eb1a28e

  • SHA256

    6a1bfc7b4d0b3c749f9a5737f7f0253c634bdd62fe812948807c6beae039ecca

  • SHA512

    eaa04c6437eac713912a81b2e11f97cfdc38d5d5bb459d7f4ae94d140b2bd4d74685cda43697f00b6803b1b58da3bef78ca3d9d6a4b9f5e4278ff2451aee512b

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\$STARTMENU\Internat Exp1orer.lnk"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1920
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.113w.com/?waga
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2060
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2060 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2952

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b7073f47cd1f6141eaf800f115e458c8

    SHA1

    6c2e2ea1c7b2fdd62e357b45bab8c48141030ad7

    SHA256

    845b7793972b80ace829231d4192ced8122999053e639fae8d3580a873576340

    SHA512

    948bf142ab0c4a84b946d84206f8ac1bc718498e930c785dc4f8453a6277b0cfb20d8944e8fa351b7a22a4bfad2bcd01c51d6811a5ccb89634e0390541b33664

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4879da94d40f85596b916fce9aee899e

    SHA1

    ef7f08e3d2ce02b91e2a792cbe1ae882b4ebb7a7

    SHA256

    41bc19fed9cf0de448268f928e773f12cbd24aa488f051c2267ad583cf1d27ea

    SHA512

    c862ad40cdda5a26c94ba95ff966682ac225abec8d86a9103504c491bf07015c3c15751f92b1463dd05651514910d86a18e277420874bb0ad1ccfd78137e3578

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c7893eb5e565477458c2bf3f8dc1de86

    SHA1

    12b8e75af351d3a0a409fdf9f09210680d69a41e

    SHA256

    84e2918f7a07701b8e948b843d847cc0264da77708d2f6cf740213887f97cc08

    SHA512

    cf87ba9bf3242862816bf87ce6005720958f47cd57d7ed99b451458494bc62f16067dad7e3cb8eba1097d294dc047b9cb8258da47b6667a6afa6db8096a4a82e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4f1af5fab480af23ccb26b0ccaaa8ef5

    SHA1

    a0b69a28c464c523ce2be8dfab66455fb67a8ca8

    SHA256

    6d78b4910e4c9ae889b7a0d25d9aa9a3613b76f333f1d569695918c47da3c6d5

    SHA512

    96c93f053d58a342bc9b4263b59d23ad96166b1e58be409f551dda63dd45794dec3f76ad7adabc7bd340693f66d3d0e9501e743cee1378093889ea21fa128624

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5328828d4af8cd26c213ccc853944f98

    SHA1

    40f0530a1feb7f966a0f35a5ab61c500eb557f53

    SHA256

    21213924f4fe687477ae1eff8989a1ba6a6e7ef440f8ad68d060b526d4c0e915

    SHA512

    db197043178d61c6bf63e32f64b83674d0b83e62ecf2507405e287c32b30aab5ab0e3c3552a27c7a1133fa05564bff310a43a44d1f3c9976473e2f5e0c3b7c79

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bdd598e666354f3e45a39ba4a6eeaed7

    SHA1

    faf836cfb23c1940b75ae40523c61f7a6121daec

    SHA256

    38ffc8da65264a99687bc9cced2dc8718abf65fa8614e3612fa299b12e2fd6cc

    SHA512

    1b7e8e2a759728ba5421d74e3f98f20bb758d2f5dfbe72275fb43f6565ac42b76fb42cd84858e3a2f7213e91830c4211d8a00fe150a0db4ff300d0951dc66514

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    33b7fa0b756c617d4f9be3a78b59eeb9

    SHA1

    c1a163375d0e8671a51c5cddc4946669d85e0dac

    SHA256

    a24a98483f256e1f28bf0a01d40a2ee78129eb6998fd8c499049cd138570e045

    SHA512

    3b80b486393b7547b67b7afb652661a6ca62d3f09525c46406ecfcab7d73568e64660025e342dc2500dbf2f94d2f5049186120834dd7b60c5b9e67fbd3f760c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ace476c9d49ef705786b281ea798ee0c

    SHA1

    0f34fa2289bca3794e016bd2f18cf6ad7f454085

    SHA256

    2bde4a72077661f58a83bd6c56eddc589d6105efcbaef08526c87e0751e305f6

    SHA512

    1330305aebf1c45072058095a28672d832012b996d32f679e07ea094ce3071a865d30f25796031b9e752d860d898e334bb1294b79fac2605b8280b91da2e106f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd8e765729d1a0b7cbaf256045783c6e

    SHA1

    2a119a20491e3f3d0db211bcb4d9d4906c25782a

    SHA256

    609dd12f54a45fd221ff1f2a2b34a49dc27a40ccf45597d6dfb67306e12fc460

    SHA512

    7befb642a27bca91ae81f8f069e893cda28ac2bb30f7c740a97294cdb6a1f6616552fb73b36d834334660b81ffbbe01853ac1444e6263221c71de44ee1c00fb1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9cc36fee245365056b609b5ac4bca7b8

    SHA1

    86e4c59c5e61868c4df491539088e01750f4f278

    SHA256

    eea66a35a418860ebe9ab99eae2bfe43389ecaa6ef740fc0d6cda63633984554

    SHA512

    1859a2aeae61772fa9fa99751b1227b4154c19bdf4bc56f6749508bc9dd6fa801982bf194e5c983804892507b6ad92a8e6de5e7907ce463f2bc64ea8efd0fdf3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    407510d298c3ff9e0c83eaad91ec7dd9

    SHA1

    d6b76ba720a31640e4d8da2711fb3b016e7eb502

    SHA256

    9d6f3e27fba4bd597eda683b6ff98cb9cef6652e4bbe43cd6f5b7a4ba5668823

    SHA512

    4fd22f698716834bc22218a62fd6a6085c7723854a8385f6a677cfa79607bc117b37b584a9d7835f4682d4480d0b032696b44bfae62cc2c0ede188b388843713

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabCC95.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarCE7C.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit