Overview

overview

3

Static

static

3

95d7253a90...18.exe

windows7-x64

3

95d7253a90...18.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

3

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

3

$TEMP/remote.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    73s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    14-08-2024 11:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $FAVORITES/Ա.lnk

  • Size

    1KB

  • MD5

    62d588bdb74e4e2e5d1689fa9272ce39

  • SHA1

    9d0db515d8f65e57353381d707060f7343a74da7

  • SHA256

    248402dd02a096f9721d61fe867fac5cacf4dc9001fa2aa6a50a59f7405606ef

  • SHA512

    cbb47f7e4227177ad39a1c914e00e0ca13209fe0839d13819299ad203572b69026c541d71c5101e4cdddbcf7786c6adf339af3e4b0aab65cb188614f646a893e

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$FAVORITES\Ա.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1368
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.mai520.com/?taobao
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2908
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2908 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2624

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8135dd48a6c78c7c78abbf3ead427665

    SHA1

    6946be24eaa9ef0993f42d667210dd5d257d88ed

    SHA256

    cae8d461628815c2ab3a408af71dc2e74cfc53a93d1481a4f6463da8c03c1e01

    SHA512

    a640916a3391dc681e5301df33cf9f1dae7fedabec50d9a0990522578a2faef1bcba7912faedcc67ba56251d2ce4402190022b7a446db13edf087978707c1eda

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a144831f3c0107029640aeba523eb37

    SHA1

    594074a306acd66fcc37b66275cae096a5a27e37

    SHA256

    a55d96684d99155fee358b4ddf1f1f8f874a91c15fe560abb7cb0a2bd7007818

    SHA512

    a284920d1a1bfc08d2cc52bbf4f8fc106668c788149f3aa6032dae3a2ec27de754d8735aa1bd4db98786aef166ccff0e095f7ef20cdd7597dca1c6a36e2ead91

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    79bc03f92645486ba6a8ffd196e909fc

    SHA1

    ff8fe47ac29edfe09d8a62b4b46ece05fc9dbadd

    SHA256

    e6d8a4cd5ead4b89d291b2e59fcb2ffeea54e66985ac6f7e9cf6fbf566a3257f

    SHA512

    e76997aa9ffa5b37e645e4a0040a96612d7c035bcc4ff297b614db6b51b53fbcd7943d2cf39cc55da47df85ed564e653139cdb4950e2eb9fe486b2f6ebaea1b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    895e290201ddae53d2ef854ad1f612d6

    SHA1

    db67746c005144a031cdd96f160e33218ae068b4

    SHA256

    061027939545ade0ef957a63a01b1b9ff5f522d453d15c4413dfc5395dd8d69d

    SHA512

    f0368debb10431c9e3248a315c017ed059a77e6c3cbc34fc38883beb6b6ba82d9f6f65c2d04ca09df6cdd5ed9c3606ddc0fa9b140be8e72eb606bdb77aeb6d8c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bcf323cf62bf3e68604d286ba5f8e5cd

    SHA1

    60856f904edc8a1e8d161e9cdde50c49e9f6fa85

    SHA256

    80a3ab86ed9f6be37380239bc86d2c87b163f28d86f21e8f9439c831d08d44af

    SHA512

    fa9e24a3badeaefd6f5eb4be8501023c4eb2b2128b906e3169b02d6858b0866d633cfcd1428bac9e145bc431ff261a46237b3ffc94375504efea3deb9f528872

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4a42af417111042eaf8df31800b90ff7

    SHA1

    9ea6ac2cfeab62c6f503f0bcb15fae6ff03fd941

    SHA256

    78aa5307fdd31240b275dded076a3dfa6d88ef520b8a2bcb441a68d3e0bc078e

    SHA512

    9575acbd0abc795844f53f86e63f1b7272622671babc0e328587df8a602fbbdff7c3276d370ad06eea00d89fa185e03abd9a4d909e0eea763bbeb3bec9a3499e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d53e8826e33d1c57d7d98220dd1fff26

    SHA1

    aed9bf9443c6d254ca86e84290822b18f61bb779

    SHA256

    f8b7e1c692ec585501b99e96c6c656660f32223e203f47bc79982c598f36990d

    SHA512

    87a5116bfe61e604c24c7c2e5d753716be5628c89ceeffc535bf2f9057725ca805c81df521238bf7c9830c69699f96c3805752c8de58b88c073ca1bf26ddeb95

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a20b7e9588cb3b7ce3b88d039796c82

    SHA1

    32656c80a0812bd52ec19f201d062d957fe3947b

    SHA256

    939934b48f68ba4b70eac4f397a7e337a8df27c6dc88846ff786a1bcab56ae8e

    SHA512

    945220eba26fd33dc03a7f0b2cc8531c13a3a35a789e6b15a7fab66232fe692e4e6e6c1af411c3db6932e2aa630acfff78e387e4d8138f742827b6fd169e2393

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4efc639d8a937c4ea7bd0917ddb4dee5

    SHA1

    2c9644e393eae60745a7862704ac0a6d17b41e00

    SHA256

    82dd093a514afe7a8a7ae18080215b44550aa0921c9b5a986380e319ce7e8be3

    SHA512

    48c9b7f203b615a65a83e754564d49c625916f2e9d97a543b067ebd88c0b27a93274d7bc8b813a247e1faaf7cd8732b017b9d25383aeda2e26f7b6a13c118668

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c09fd3995f195f10aca606afa3ab088c

    SHA1

    d022e0da82f0b9f83b7bdb318457ea83ad74e2e5

    SHA256

    ed982795de0148d836634fcb09ed2502753c88a411efdd355fd16002e994e4e4

    SHA512

    95fc9a1ebdb372bbc33cdeccf26bc3f04c1b066f270b4d3de84215418d964141f8188e773972362746b26adce0269516cb2e4c536f47aeddf56f2d113984e30e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    82ee8be96eb7e61f88ec89d9967d263e

    SHA1

    6b6f3f41d7a7465697374ade93e63f7cb5e202c0

    SHA256

    b73f80714d8af0e6d3c3b6f20dfd62b7ac4b3c4f7d67fbf476809a165d9520d3

    SHA512

    4801f84305c266340d668dbe0c33220ca36ed80f62222f41a7d9c5dfb25a76b159ee01dc911b045010bdf34ed7e0edce8ff38653593c6b0bdfb22b95a7cb329e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5ef316e1b547cb2bb813ea6e6b000018

    SHA1

    313425ef233c6d392ae904c5d1c056822c75dd63

    SHA256

    6409aba755eb21664e5868e6d0807647c602436b83ff9560ae590c0446b86c1e

    SHA512

    a0762bd12d8645aa1b5140713bd133f1425af14464147940f21d99104b0126703dd1ecd0e17d31e7b8b7364982bad190fc1672827fcf0566b48a00062c00c662

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    33acfe0e1a3c8a54da532144e27f56f0

    SHA1

    6ec8037d48721c7dde3519d5fa4ed888be92d17a

    SHA256

    5d6e16d08e1793a2edecee4c4539fcd59a8764abd5942af531382bfcc747b0d5

    SHA512

    c2a64a191b9593de976cc4a10a8ad4aa9c744c7d43c6e152f1cc955c8d38947d83f4ac4fbf61c817d79cc1b09639c5164c625d6990d6561e92f1acca1f1b9552

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8f0e602e530ca8d546c75f159d2a9dc6

    SHA1

    4ba399183edf557f5246e63c189dd019e44d7194

    SHA256

    aab3e51584a8f60dc8b28fe0f527cd9b3f1e052a58263192fca6e02c24e53e88

    SHA512

    d69be605633ec391283ca9bb889cf54df8c7fb2d44690b01d498214fc1375e9fbededb4191274f362d064e7ec462cf0579bdac3c9eda4fd73120291b5dc3e5e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1d41f710c129567df9fbd8b6abba03fe

    SHA1

    6e0e8cf35477cd08f42e123bd6af3a5d9c0a66f5

    SHA256

    9cf07b50a4afe0b13186d4e7f8ecab0d11168fcccb9b599e0c02b3ac3eb57948

    SHA512

    7ac79256d310fbb02c08c99b7cf7684a1af93f66a326b8822c2bcda7879c65df93d84d1ace373ddeda4b5961496f6c6128e50181adb75ff6a0d043b8cba5dd9f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a4e71737457ee108b12dbd71b7e502cc

    SHA1

    7162bd82207309682964c832164842ee71430199

    SHA256

    dfaed9fa6da2dc8bca16e8ef4efa6107194744f8e0bb70f53e3f96d780cb4ceb

    SHA512

    6300410c215b566eb7674343169c1659712439dda79afadcca9836be99b04337486c6f7e636f81c11e620983633d3b025e446ae27cd77202175ec2d73b335faa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    57dfdb18bfae99b37e1459c78816ebef

    SHA1

    1918dad1a6ac6b14c55eaf9ab3e9ec217563b33d

    SHA256

    1f0bd45846683e3e072224cb1c7cc86c33f588f360cf71e093c7b6b65e11df27

    SHA512

    9588f87f0d9a770af07b034ffa90756b0e5bbb7ba16746e3b567b6e9a63ac8d77c120c7cf12b5bc6a37e2d027ec6f265e7f035c437b6f419ed36ea45bb3aa9f3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab1D73.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1DE3.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit