Overview

overview

7

Static

static

7

RedVIP5Rel...88.exe

windows7-x64

7

RedVIP5Rel...88.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

DLLCLT.dll

windows7-x64

3

DLLCLT.dll

windows10-2004-x64

3

DownLoad/attrib.exe

windows7-x64

3

DownLoad/attrib.exe

windows10-2004-x64

3

DownLoad/rar.exe

windows7-x64

3

DownLoad/rar.exe

windows10-2004-x64

3

McuFlash/Download.exe

windows7-x64

3

McuFlash/Download.exe

windows10-2004-x64

3

RedVIPControls.dll

windows7-x64

3

RedVIPControls.dll

windows10-2004-x64

3

VIP.exe

windows7-x64

4

VIP.exe

windows10-2004-x64

4

VIPExec.exe

windows7-x64

3

VIPExec.exe

windows10-2004-x64

3

VIPUpdate.exe

windows7-x64

3

VIPUpdate.exe

windows10-2004-x64

3

VPADLL.dll

windows7-x64

3

VPADLL.dll

windows10-2004-x64

3

VPVDLL.dll

windows7-x64

3

VPVDLL.dll

windows10-2004-x64

3

advert/ad_mcu.html

windows7-x64

3

advert/ad_mcu.html

windows10-2004-x64

3

divx.dll

windows7-x64

3

divx.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    104s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06-09-2024 01:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    advert/ad_mcu.html

  • Size

    297B

  • MD5

    9dba8fa6e94d7a54a75fbcff06df6757

  • SHA1

    f4d8aebeb717143fa5bc471de432eb594a10818a

  • SHA256

    9d62ecc0d9862b36c8353e040c411317663f6793875664c68e26c22f38f95293

  • SHA512

    95d5c73ce6d4977569dc06370d60dd566448e81c1cef87c2495e8176e72020b45bb3a7b9b25e52f885500b8459b31d11cbe504c1aac6c0e483b238e54d190d45

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\advert\ad_mcu.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1640
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1640 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    18299a297fa497ee6feba3f1dfca3b80

    SHA1

    0ca5adb8723edba5a921913d7af09b6f7dbfec98

    SHA256

    c0611742c384cc72a429a5207d1fc4241646baa3b468672af417c96a7ac4a211

    SHA512

    27b49738e023ca0707837a4829b38511c86a38d169ef4130114471cc7b5e826f4ef3a776b97a0a1420b9c959cdc039413c00e17de8e4177d9fcf41849317baf6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1c7da37f77368697514e970cab90966a

    SHA1

    43c6776b873d82ffd2f69c173aa07a9dff2ac0c0

    SHA256

    83cc7c2c7b5633ba2883eb57fe7bc95f7058042d4c6636029b67d5a9b69fa8ea

    SHA512

    af9ab1cf1aa63540d6e321370aba08c62fe785af9a058ee60be1c42553c34e33d2234c360d1a0a6870af0861f99906f993596846c09992c10d9b40bc793a42a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    63de0ae58cc39c01ed094f6a4254062c

    SHA1

    24347e7d45f764090b02ca404c9d2e57090cf9ce

    SHA256

    20abd6a7caed2e56ebebcdde87bdee1f2ea19bba69c7cd07facfb1b54cb49bca

    SHA512

    82741ce21da52b9fb152b38de7da37d956d4a6b9f45c6d192eff32daa4d01367f78553ca0c39ee90732042b02f85881b74228ce4904a9cddc2dad9041890e097

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d599c0e42c69e49c6f4f0d90c518613a

    SHA1

    85439d43577819af36001e7fde30b2ea76d72955

    SHA256

    600da75224114f20074effa8e31cf87265c683a87351ca4ed79e7b1af746b6ad

    SHA512

    5ddf89c13d6b323055cd1b8401e86e0c443e10629daec84de2acf8beaeeab3b93a010c141613ca13204687c65f88ad93d13e4cd34d50d834f954ee51dc6131b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a03144675cb07b2c026fca87901136f7

    SHA1

    f395003f319cd5d6639d7b8dd2a121075f31d506

    SHA256

    e217e8922d11eb3a7f8395411724e37389b7c82df23a5a25423ce96b6d2369ff

    SHA512

    90a8681495d8b7d55d479d5a9cadfe82327cc2c76ed09c42dc77768268d05b7f8ff2a770432534997e4a0030aea7d5008c7c04166f9484d76821dfa693e5f4b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    995663fa3c5e1ada6c0d2524123cb13a

    SHA1

    b85f3c96d1987a373d0c0c543b2cd5b9f2e9e4db

    SHA256

    869d8c6052d2f60813797af2711af5f3bf5109fafc382eefc4b1383d3fefeaa9

    SHA512

    acfd3df20408ec86c9a783d75331d14f36853dffb3c4bdae0375a106e6a8b2479b8a59cd2f6e9d09da396b590380def7e16586c9b1da93e7fe2679808db5b443

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f075a3f26042721ce49d4c4fb667be85

    SHA1

    3c344f48719645f97825ba54f44d71a7a8fe7848

    SHA256

    b64c8dc9efc6c5d85cfd605bd204c5d21092944f8256d5c5c6a9b9c51a6e3ce0

    SHA512

    0e8e96606172b337fb15a899ff452c8f093daabea28f6c4fc581e99e2448ecadff8af40800fde3259fc8036343b64d1935282a363e83bebd240478343efbbad7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bedfdc9e4b717658e9fcd5b468fc584e

    SHA1

    7993bb14b7007ce9c4dd8fed8b88c90d21d30fb9

    SHA256

    408281ae82234c465331849e454b225b29b162619e62445656c9ae951af538df

    SHA512

    27c0a06224254877342d255c62deef13b20938d477a49b7cd0062dc31e05cd1cd6f7a4e2731fcf55d579dfc2e8c0928792fffdf422fab16b9de75c957648e40a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e5771b2405b569cc9360aed73f9acb06

    SHA1

    740f7807f0572dc282465d5670bda52e5838b550

    SHA256

    0f189f05072dd7338574c840319497fd3d1d7e800e1ef6c47ebd47372967ffd8

    SHA512

    ca6d5913e702b9c1feb1372293af8f4532175f811e530d24acb302c7c9e792dea7a48a20c8e9a24dde208cb5fe2bca89c911d9129a8bbf593456e4852fb7e225

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    399ec9d6798278bf8ebebc576df63ec4

    SHA1

    04d0af0422bf9679ed70f762adc65ec2ff3343d4

    SHA256

    8e76b2923c2f4af4149bba4bb6ad08bd58e6997dd2eefc1105c25893ed89df8d

    SHA512

    675d45070780b395a56258f834d6ad0482aa50865f894d257b46013b999160d5b042fb37e5ed36ac00012e63cdfd8397903f712b29bf9074ce0d02f991aa1b0b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b9d69e6b322a3d3c1247042f33ff8c10

    SHA1

    08ca5e2a58b4d15f76cc6ae31ecebf2d21b2e275

    SHA256

    c1bb9cc984cce4f3d4fba3bcb13e4785fbe0a5395022102d9641e114ad6255d3

    SHA512

    a513b50688dc31bd3dc83fd1a04f82cc478e1e92dac418fa4a6d187e5817b3abacc3122908742b5779f3dcf6594d4b78fd8c1c51636054b6ae525775ebd53157

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    364dffaf101294115af1d6d5a8726478

    SHA1

    136f1f59d0fc5662da8610a194d011e210428a8a

    SHA256

    c859f4c1a3f34d6f9bffcfd84ed003a82c4cbb6c38045a08aa8f0905c9b53b14

    SHA512

    2ed3a9c1cca934ede9dce4952b50ae2446a0588713af540b2288db64ffce1b54bcf1fe1bff7dbb63e85cced15ccfbd3cc7f42453a92f0c61f6c13fb5c62bed4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df0b1bef4fe443556dc77a39c710e6b3

    SHA1

    db4b4b6208d062a92b7108999b7c1f1c23b17b80

    SHA256

    c26d925e36a1c89b07913d3ad84511581a7b20af7104913561bdc09f48b86df3

    SHA512

    86d0fbcad4248a18fc0d4165c8c0c580e93bea3dc328e4c8ceaa751e7ac592188b4ffc1b7bb205d6317672cafa8cb6b77573fa9ec9bd2457a702bd980aef1bd4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9dbfa5415163a59a60d7b0fc3cd56700

    SHA1

    f37e9a19c788a4ab9c55981fb6ad0cfec5a06eb3

    SHA256

    86c49a11b95dbd57e9590ea1ba0244efccac47ac3a4c306b20b0981f9682d989

    SHA512

    3c3f63ff993d52a404b032c706ae6f938f51555eb8c0d96988c7a3a356c7eabaeed45836654b5d202a63f8515a0ffc5d05386f3fc2559cf07a8334ddcc278417

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    59e7a273261ce49f118f35886a01e033

    SHA1

    f15f1c68850531d4435fdd1cbbf4091f52ea0bea

    SHA256

    f43383f47c9fc357f9a2c38bdd9b1635803aedeff823b5ae00c65eadb5194539

    SHA512

    62f64c3ebaf71d2a060631cd0daa8d82d5d0b100d126d12b27a35d2be758569fb47ef773b40ade9dedde92289dea26d467127b6b03989cb947f9f446dd404228

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    77d37e8d57be14cd0d4c51af9a0ec392

    SHA1

    c2e8cea88e550eacfd2512b4e12e8d9730cf15c2

    SHA256

    8fce0887781a717366d5f539025260fe2c32dff9925949dd6690b5729b2d536e

    SHA512

    d2429ce26b8af2e04ab47aff18a1e64b20763a357e5c8d6c59716a6b455386a3217d048b1445bd20a8625612ce481d937833a2edc253ed6d442cb1cdadd43503

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    920aff06f613ae3e5794ff1e46b7c6e5

    SHA1

    ea2ae715270b772bebf52022d3335416417eb9b8

    SHA256

    524158db6222bfd6afc6de9908851f58b0a29321ae515663d2426563c138c7f8

    SHA512

    4135ae0ea8a8291fcec5cbb6d8c8f354e2b1ec76569091b752a63ae47326b479feef8eda5658793062a3b01c904587f3624760535e8e1f30fc0ae7a5bdf16c31

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD70F.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD7DE.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit