Overview

overview

10

Static

static

10

apk/cyberR...ws.jar

windows7-x64

1

apk/cyberR...ws.jar

windows10-2004-x64

1

apk/cyberR...x.html

windows7-x64

3

apk/cyberR...x.html

windows10-2004-x64

3

apk/cyberR...x.html

windows7-x64

3

apk/cyberR...x.html

windows10-2004-x64

3

exe/crypte...te.bat

windows7-x64

10

exe/crypte...te.bat

windows10-2004-x64

10

exe/crypte...er.vbs

windows7-x64

10

exe/crypte...er.vbs

windows10-2004-x64

10

exe/crypte...-0.dll

windows7-x64

1

exe/crypte...-0.dll

windows10-2004-x64

1

exe/crypte...e3.exe

windows7-x64

3

exe/crypte...e3.exe

windows10-2004-x64

3

exe/crypte...-0.dll

windows7-x64

3

exe/crypte...-0.dll

windows10-2004-x64

3

exe/crypte...in.exe

windows7-x64

10

exe/crypte...in.exe

windows10-2004-x64

10

exe/crypte...e3.dll

windows7-x64

1

exe/crypte...e3.dll

windows10-2004-x64

1

libssp-0.dll

windows7-x64

3

libssp-0.dll

windows10-2004-x64

3

pidgin.exe

windows7-x64

10

pidgin.exe

windows10-2004-x64

10

sqlite3.dll

windows7-x64

1

sqlite3.dll

windows10-2004-x64

1

exe/non cr...x.html

windows7-x64

3

exe/non cr...x.html

windows10-2004-x64

3

exe/non cr...ed.exe

windows7-x64

10

exe/non cr...ed.exe

windows10-2004-x64

10

exe/non cr...x.html

windows7-x64

3

exe/non cr...x.html

windows10-2004-x64

3

Analysis

  • max time kernel
    135s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    20-08-2024 01:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    exe/non crypted/Darkgate 5864 port sample not startup/index.html

  • Size

    357B

  • MD5

    81a0a9ea5bad0982db117183726f1300

  • SHA1

    56630b086e3bb78c08785f410fe5d7eefaab775a

  • SHA256

    8dc2fe91915162ebe0393d4d50aa0aa757c68d96968f6887f6e6b546e5f3f880

  • SHA512

    a97857fd1d039cae83ff3418623bd49aea020cc9512adb046f3f591ac8e2661f135f2842d014f69a8042b6ee0125e2664b41638d773f93e97ba4cbe7dd94b115

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\exe\non crypted\Darkgate 5864 port sample not startup\index.html"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3016
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3016 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1656

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d07e7184b849bbbc0b16809d3dd395d1

    SHA1

    322ad3609da2302acc984ecb846ccf6ce177a910

    SHA256

    69cc92ff403c148de8e25202105019b9b42b33f01ceb6a21d89e382895489ca3

    SHA512

    db7970d16106dab5c2e974d00932cf4b81d4eca4655716f0283e11c03b95842270fa9ceef2ae37b744e0726b5c80aafe1f44285374a8cd3e21c62645b0e0b52b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    67e2fe1173fa2b8c37f3a73a478d5c17

    SHA1

    ffa1218a3b666d8e0bd2ad070e3c8d16166bacef

    SHA256

    2cae968a6bdb005d92e6597d25e02a4e2f7e51e398d2f48b66802e651f9a4d2b

    SHA512

    3a5e9bc229b0ec76af88f94f718d7a555a2ec74d8175392519f840d7e305c1f32f1d81fc09b4d3636aae87f786fca5e62435f82d1c9f53adbce7f97906ec7c01

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d8ae938f32f59879bfe96334c57ef41b

    SHA1

    731ab05190f8013213b455fa295967cbcee900a5

    SHA256

    ace63b3554323e96342a0aa4d060ccc8a06204c8937d236d5011a7b67e4fcac1

    SHA512

    1ff208b7dc604bcd028ccaa2ad7c5933883490ff5b3179a42e628432dbbbcbf12e4ee16ab9fe0756c1f72833ed663f1eb90e3867c1259b5d9896bde04e6ad966

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8b778902e465ce85eab9acce51ff0b11

    SHA1

    2a777bbf228593d1bf5570a2fa3421e5818073af

    SHA256

    209efd8afed543e7feecc7b4f5259b67181e592d3b3e8a8c9e078fa9e07b245a

    SHA512

    304e5b8966b299cf86d3a9a0d8611544552bc84914ed5ce676be4b740e956b53af7c6ebfa1e0c0c2bd643ab237e84f84d644f2b96e3f241cc8be50b13638acb3

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6229b0dd16e1dbba173e0b3f02ed602e

    SHA1

    089dcf78624545e31f28764c1b276c736a9ae0b2

    SHA256

    ad80c6a828795eaa54cef6505ed315a9d5f4b7f3758eea4d16f6c58f86e6f6c8

    SHA512

    08c978e5e29cad02ae8fa9e1c64b6b345d31a8e5c0fe6a417c3f1302611ad1b583cf7b2784179c5cdd27b65d691f3ef82ebfde42ccad926086bf6e6c7313c040

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    efe573d91307c0b43aea1edeeae29142

    SHA1

    d902c63de62ce26aeb218bf77370adba691677b1

    SHA256

    92cb00b2b57f73da6099fcc0bb43455cb28867170add8d8103652486fca623e2

    SHA512

    85f41c389f466f26aecb4cee8e4b56e12316a8673f7c6de22f2082fb96a2f16a563b379f32ef2946abe6148c9df72ac20e84f09b19f8a646ce36997bcd5253d1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5462533812592ed86dbfa9e381f82acc

    SHA1

    0235c6e7f2e70ba5cb790c157cbaabff40afb996

    SHA256

    fd965dfe6c6718ef967c54e116dd2ca085cdf78e02d1efeca5b54df7c133ec24

    SHA512

    25d11b789447adee9420c8b8e9672b843152a1998a271f8c0ae85d467af0daa3e04ca5197f4acb506dff0fdda50bb87c5260eb2a4fd70857f9af406716c784f2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5d1e714992046735fde97a1a51f1a317

    SHA1

    7aa5bb2d85b736fff11298f4c4a27e74eaa0f84b

    SHA256

    40f1153a98e5c598baff935db363bdb6dcac8e944b9a0b130e31a2d8a3031b77

    SHA512

    869c82adce9cd8efd096839f010fb68e9008c2d1aec83723abb589952731b6a938c7585b91caa94ec211c794cc634e02c5982103dfdf4e2a65b786a146bc2ede

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1339b97636e6f51a09154ba01ea431c5

    SHA1

    054a0c0350d0aaf0bdd402a90b7edd5655a51ec4

    SHA256

    fc63db10709c1e99d14d544cad16f6cf9da98385fedfd502d41c38f0c0957f7b

    SHA512

    6fb999b0e2437ee032b94bdc895f369a44328ccfcdc0a08bfbe87c7cc30121831a439e498297a471fe7560bfe69166324c8506e01ab5b591cd2d0f45882ee1ee

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f3e93e8c2faa1db2c0055b44d911577a

    SHA1

    c52a6a343fbf84ebd87b02a96f84a5acb8242f0b

    SHA256

    1be6453d092c7aa73ed2e4d05091eb637abc6d692ce077cd3f91997569aac347

    SHA512

    4bf7b318cf0a2baf1330c753a5746d88516b5a934fae1cb797f8ded40dd3279b3a14aaf724eda33e649e81f142655d3958580ebce6352b6530ac04169552bf4b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    79adffc3ace6875d09caa73f2eb78888

    SHA1

    55a7ad4226b3e9b871fa6645fc6b409a38cf1802

    SHA256

    66cf5eec6cfee867f34358b172d3d9cd3ed4b09ff4cd5db0fbdfd079f7ed3fd6

    SHA512

    961c1410393c2e30e24e8e9e930f90b76e317ae33defeaa45d4a635189d383b398f00edb27cb35af504e39fc17c11ac645c25175b69ba80a09364537ac47cbed

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\CabBF7B.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\TarC01A.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit