Overview

overview

3

Static

static

3

95d7253a90...18.exe

windows7-x64

3

95d7253a90...18.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

3

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

3

$TEMP/remote.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    73s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    14/08/2024, 11:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    $FAVORITES/Ա.lnk

  • Size

    1KB

  • MD5

    62d588bdb74e4e2e5d1689fa9272ce39

  • SHA1

    9d0db515d8f65e57353381d707060f7343a74da7

  • SHA256

    248402dd02a096f9721d61fe867fac5cacf4dc9001fa2aa6a50a59f7405606ef

  • SHA512

    cbb47f7e4227177ad39a1c914e00e0ca13209fe0839d13819299ad203572b69026c541d71c5101e4cdddbcf7786c6adf339af3e4b0aab65cb188614f646a893e

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$FAVORITES\Ա.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1368
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.mai520.com/?taobao
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2908
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2908 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2624

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8135dd48a6c78c7c78abbf3ead427665

          SHA1

          6946be24eaa9ef0993f42d667210dd5d257d88ed

          SHA256

          cae8d461628815c2ab3a408af71dc2e74cfc53a93d1481a4f6463da8c03c1e01

          SHA512

          a640916a3391dc681e5301df33cf9f1dae7fedabec50d9a0990522578a2faef1bcba7912faedcc67ba56251d2ce4402190022b7a446db13edf087978707c1eda

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7a144831f3c0107029640aeba523eb37

          SHA1

          594074a306acd66fcc37b66275cae096a5a27e37

          SHA256

          a55d96684d99155fee358b4ddf1f1f8f874a91c15fe560abb7cb0a2bd7007818

          SHA512

          a284920d1a1bfc08d2cc52bbf4f8fc106668c788149f3aa6032dae3a2ec27de754d8735aa1bd4db98786aef166ccff0e095f7ef20cdd7597dca1c6a36e2ead91

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          79bc03f92645486ba6a8ffd196e909fc

          SHA1

          ff8fe47ac29edfe09d8a62b4b46ece05fc9dbadd

          SHA256

          e6d8a4cd5ead4b89d291b2e59fcb2ffeea54e66985ac6f7e9cf6fbf566a3257f

          SHA512

          e76997aa9ffa5b37e645e4a0040a96612d7c035bcc4ff297b614db6b51b53fbcd7943d2cf39cc55da47df85ed564e653139cdb4950e2eb9fe486b2f6ebaea1b6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          895e290201ddae53d2ef854ad1f612d6

          SHA1

          db67746c005144a031cdd96f160e33218ae068b4

          SHA256

          061027939545ade0ef957a63a01b1b9ff5f522d453d15c4413dfc5395dd8d69d

          SHA512

          f0368debb10431c9e3248a315c017ed059a77e6c3cbc34fc38883beb6b6ba82d9f6f65c2d04ca09df6cdd5ed9c3606ddc0fa9b140be8e72eb606bdb77aeb6d8c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          bcf323cf62bf3e68604d286ba5f8e5cd

          SHA1

          60856f904edc8a1e8d161e9cdde50c49e9f6fa85

          SHA256

          80a3ab86ed9f6be37380239bc86d2c87b163f28d86f21e8f9439c831d08d44af

          SHA512

          fa9e24a3badeaefd6f5eb4be8501023c4eb2b2128b906e3169b02d6858b0866d633cfcd1428bac9e145bc431ff261a46237b3ffc94375504efea3deb9f528872

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4a42af417111042eaf8df31800b90ff7

          SHA1

          9ea6ac2cfeab62c6f503f0bcb15fae6ff03fd941

          SHA256

          78aa5307fdd31240b275dded076a3dfa6d88ef520b8a2bcb441a68d3e0bc078e

          SHA512

          9575acbd0abc795844f53f86e63f1b7272622671babc0e328587df8a602fbbdff7c3276d370ad06eea00d89fa185e03abd9a4d909e0eea763bbeb3bec9a3499e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d53e8826e33d1c57d7d98220dd1fff26

          SHA1

          aed9bf9443c6d254ca86e84290822b18f61bb779

          SHA256

          f8b7e1c692ec585501b99e96c6c656660f32223e203f47bc79982c598f36990d

          SHA512

          87a5116bfe61e604c24c7c2e5d753716be5628c89ceeffc535bf2f9057725ca805c81df521238bf7c9830c69699f96c3805752c8de58b88c073ca1bf26ddeb95

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8a20b7e9588cb3b7ce3b88d039796c82

          SHA1

          32656c80a0812bd52ec19f201d062d957fe3947b

          SHA256

          939934b48f68ba4b70eac4f397a7e337a8df27c6dc88846ff786a1bcab56ae8e

          SHA512

          945220eba26fd33dc03a7f0b2cc8531c13a3a35a789e6b15a7fab66232fe692e4e6e6c1af411c3db6932e2aa630acfff78e387e4d8138f742827b6fd169e2393

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4efc639d8a937c4ea7bd0917ddb4dee5

          SHA1

          2c9644e393eae60745a7862704ac0a6d17b41e00

          SHA256

          82dd093a514afe7a8a7ae18080215b44550aa0921c9b5a986380e319ce7e8be3

          SHA512

          48c9b7f203b615a65a83e754564d49c625916f2e9d97a543b067ebd88c0b27a93274d7bc8b813a247e1faaf7cd8732b017b9d25383aeda2e26f7b6a13c118668

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c09fd3995f195f10aca606afa3ab088c

          SHA1

          d022e0da82f0b9f83b7bdb318457ea83ad74e2e5

          SHA256

          ed982795de0148d836634fcb09ed2502753c88a411efdd355fd16002e994e4e4

          SHA512

          95fc9a1ebdb372bbc33cdeccf26bc3f04c1b066f270b4d3de84215418d964141f8188e773972362746b26adce0269516cb2e4c536f47aeddf56f2d113984e30e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          82ee8be96eb7e61f88ec89d9967d263e

          SHA1

          6b6f3f41d7a7465697374ade93e63f7cb5e202c0

          SHA256

          b73f80714d8af0e6d3c3b6f20dfd62b7ac4b3c4f7d67fbf476809a165d9520d3

          SHA512

          4801f84305c266340d668dbe0c33220ca36ed80f62222f41a7d9c5dfb25a76b159ee01dc911b045010bdf34ed7e0edce8ff38653593c6b0bdfb22b95a7cb329e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5ef316e1b547cb2bb813ea6e6b000018

          SHA1

          313425ef233c6d392ae904c5d1c056822c75dd63

          SHA256

          6409aba755eb21664e5868e6d0807647c602436b83ff9560ae590c0446b86c1e

          SHA512

          a0762bd12d8645aa1b5140713bd133f1425af14464147940f21d99104b0126703dd1ecd0e17d31e7b8b7364982bad190fc1672827fcf0566b48a00062c00c662

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          33acfe0e1a3c8a54da532144e27f56f0

          SHA1

          6ec8037d48721c7dde3519d5fa4ed888be92d17a

          SHA256

          5d6e16d08e1793a2edecee4c4539fcd59a8764abd5942af531382bfcc747b0d5

          SHA512

          c2a64a191b9593de976cc4a10a8ad4aa9c744c7d43c6e152f1cc955c8d38947d83f4ac4fbf61c817d79cc1b09639c5164c625d6990d6561e92f1acca1f1b9552

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8f0e602e530ca8d546c75f159d2a9dc6

          SHA1

          4ba399183edf557f5246e63c189dd019e44d7194

          SHA256

          aab3e51584a8f60dc8b28fe0f527cd9b3f1e052a58263192fca6e02c24e53e88

          SHA512

          d69be605633ec391283ca9bb889cf54df8c7fb2d44690b01d498214fc1375e9fbededb4191274f362d064e7ec462cf0579bdac3c9eda4fd73120291b5dc3e5e8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1d41f710c129567df9fbd8b6abba03fe

          SHA1

          6e0e8cf35477cd08f42e123bd6af3a5d9c0a66f5

          SHA256

          9cf07b50a4afe0b13186d4e7f8ecab0d11168fcccb9b599e0c02b3ac3eb57948

          SHA512

          7ac79256d310fbb02c08c99b7cf7684a1af93f66a326b8822c2bcda7879c65df93d84d1ace373ddeda4b5961496f6c6128e50181adb75ff6a0d043b8cba5dd9f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a4e71737457ee108b12dbd71b7e502cc

          SHA1

          7162bd82207309682964c832164842ee71430199

          SHA256

          dfaed9fa6da2dc8bca16e8ef4efa6107194744f8e0bb70f53e3f96d780cb4ceb

          SHA512

          6300410c215b566eb7674343169c1659712439dda79afadcca9836be99b04337486c6f7e636f81c11e620983633d3b025e446ae27cd77202175ec2d73b335faa

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          57dfdb18bfae99b37e1459c78816ebef

          SHA1

          1918dad1a6ac6b14c55eaf9ab3e9ec217563b33d

          SHA256

          1f0bd45846683e3e072224cb1c7cc86c33f588f360cf71e093c7b6b65e11df27

          SHA512

          9588f87f0d9a770af07b034ffa90756b0e5bbb7ba16746e3b567b6e9a63ac8d77c120c7cf12b5bc6a37e2d027ec6f265e7f035c437b6f419ed36ea45bb3aa9f3

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab1D73.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar1DE3.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit