Overview

overview

10

Static

static

3

Cracked by....1.exe

windows7-x64

7

Cracked by....1.exe

windows10-2004-x64

10

DotNetZip.dll

windows7-x64

1

DotNetZip.dll

windows10-2004-x64

1

Entropy.dll

windows7-x64

1

Entropy.dll

windows10-2004-x64

1

HandyControl.dll

windows7-x64

1

HandyControl.dll

windows10-2004-x64

1

IpMatcher.dll

windows7-x64

1

IpMatcher.dll

windows10-2004-x64

1

MailBee.NET.dll

windows7-x64

1

MailBee.NET.dll

windows10-2004-x64

1

Microsoft....es.dll

windows7-x64

1

Microsoft....es.dll

windows10-2004-x64

1

Newtonsoft.Json.dll

windows7-x64

1

Newtonsoft.Json.dll

windows10-2004-x64

1

Presentati...ta.dll

windows7-x64

3

Presentati...ta.dll

windows10-2004-x64

3

core32.exe

windows7-x64

1

core32.exe

windows10-2004-x64

3

drivefsext.exe

windows7-x64

3

drivefsext.exe

windows10-2004-x64

3

lib.exe

windows7-x64

6

lib.exe

windows10-2004-x64

6

x64/GoSrp.dll

windows7-x64

1

x64/GoSrp.dll

windows10-2004-x64

1

x64/SQLite...op.dll

windows7-x64

1

x64/SQLite...op.dll

windows10-2004-x64

1

x86/GoSrp.dll

windows7-x64

3

x86/GoSrp.dll

windows10-2004-x64

3

x86/SQLite...op.dll

windows7-x64

3

x86/SQLite...op.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    134s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06-09-2024 05:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lib.exe

  • Size

    2.6MB

  • MD5

    0bd541037d1794d63bb58654f1e897c5

  • SHA1

    a901fc2bc1fcc672b6dfee0d3e93b4ca8f11c710

  • SHA256

    2e8931e43c5674bc641651868ef311e2d3407e0132325c0795bdf4f5404fb30f

  • SHA512

    85412b5357e65ceebdd1f460e4764e3b5b11c242250500f9f55fdbaa0d2c6aa15cf0f68f7e1d88369a013a2d16c95e235db68dd48590e306de59cf01fb7128c9

  • SSDEEP

    24576:rVsQ6BKfC+CWDU2fy6Uuri8MmOmbCYUz7PH8Zeaj0HM3ow5Xt:rVeBB2kMOnYUvPb

Score
6/10
discovery

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\lib.exe
    "C:\Users\Admin\AppData\Local\Temp\lib.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2096
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/z5vMmkQ8pj
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:780
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:780 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2092

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a944d00a8f7f716183fdbbb7be1df0ae

    SHA1

    e95b75834c303a212a1fbe15959eb8eed723123f

    SHA256

    e069263eb9f765784b8fca70bd9cdac06b35422b9a8b97216d3a0143d801039a

    SHA512

    862fb12b3e52ca4525be7125d7f89acb586885d61600bfb3091096b4425cb7dc988353118f0f9d6e0c1f865e0ab394a79dcddfc0564e1f6eee9032945da6f436

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3c44a0360c042fc0e0e653372e9b695c

    SHA1

    192d6636a2724a0eb6b0cbb151209f7344fc0605

    SHA256

    2f7f279b1a21ad71647d1253292c9bb3aaca0e5d5bca6f3d13675ce47fc82562

    SHA512

    145e4b7e63e4b82e1cfc554572853b1e69b04367d161cd0ed29c3992b578c8274f677335817227b7b4861d8ad4cdeba0c155acd24848f4a0ef93f8c3cae77708

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3b9481e87b8ee75d2612ecb2527c869f

    SHA1

    9b2656a45afe8ebb86fe8c8d75f3e7ec563c8b57

    SHA256

    be556c4687b080949172cc62cc848d62bdefc2f58bc2f91127b213a7ba38de9e

    SHA512

    49b1e4ab3009fc9ff8f82a7de2cb89033070d83e9c6fa59e39e6e7f37a7d7749af09f28377cacec477617c24d2414e7e332243b827c202ad22b39db6a6728d8e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d76d85f281c8be3daa2ae9bdba83cff4

    SHA1

    1edd3472e9cfaed473efd49c8227214c72c371c8

    SHA256

    508de4509dfc04a66ed6867153945f99dfcf7031a60813ea2bc01df9b9e23d96

    SHA512

    84c3f0f7eac3cc185128d35e57df586ccf610e409a7467aa87d7630c56ba286d140be39e33d639aee40cf642500ff4f553a167a04d6930ccf8605cda9d878f5d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1be4a4e45cc7cc37093276fa2ed6fe20

    SHA1

    924d78d4fef18a41bf5246256a69562b634cea32

    SHA256

    c41e9182d8aa26d40ee64e7138396df2ebde7b7a6eb8fc6aa53076d8bcfde07d

    SHA512

    457b8fe3dcccd80b3e67f0297c7a96f1fb1210b3b874aa1dc8d56acde497f3ce610b99792a3ede8ea21bd64ab45ed7238e17f5b8f98b08c7161b435b1644c2d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a67ba606bc48f8d1b59552deaa9a5393

    SHA1

    8d126e336d29c663abdec40433615eed3a9b2780

    SHA256

    620d3336cbc5e56bf2d36870a938c7fc06183611f787a78000ef07991bdb635e

    SHA512

    7f0516523d262b176727fc2866b55a2795a967b751266f151eaf58a127215aeeb37f575b2eb741ac24c204a18781b7f2ca5f7b878ae565efea3b89c4c505f55b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6fce848405249fe73899e4bf29691cea

    SHA1

    207b979b2c35288ebc15a25887acfe89af688e78

    SHA256

    e6f11b139ab3602799a2aa05b62227d2a6dc1233fb644a34a5e29bbcdb7042ca

    SHA512

    311150864dcf8594ccf07918eebe3c74d422a3b7dff81e2c5b56636ba20243ecd2ee00fd7741bcf9e8a41cc31697ca65e17e3cc09ae232c406594ed1bcb33bbb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6134046617aaad2dcca8b11a65d24e02

    SHA1

    48b2cd2f91e18ed58972d16da9a55fbff4bbc7b7

    SHA256

    bac3fb802604a79f24bbe8ed47c35bc3c690596eed22c2996946bd73ae6c6c3c

    SHA512

    0ae23a91b917d05eb38424b47f71770505e5117f08e9aa24a6331c234d598c41dbf19ce5e235bd04b29f9fb5c90628a9579dd7edbe3dc0fc71bc00492ec816ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c1d0bf83798c5f772364ae3f212a8c0

    SHA1

    29768721758575b66a18f049c29841c71335aa41

    SHA256

    d57f964099b0367cf78c8794228d07813eb3a22f0442327256342ad1a0204cc6

    SHA512

    0dcefc1dae675b56cfb88e48a35f510f7d282a7f0a89317682359ec341a587180a234e00f8ff0a209769ca8533d3730a21ea75e18fc58e4d4990cb7fdd30814f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    74e6d65ffc28966b32f8ee6566d529a2

    SHA1

    222052c0273aed367b1c75580d641bd135be9772

    SHA256

    9cb02392068d98a2712077cd6856e7ee2b2182bcf4bfc4ac8f9ba70a461f787b

    SHA512

    571b5387634ce2d27f190efd2e1a2e4794551daa1ba9aa1c83b558aaa79c3ef81da0ce3f2e59a5a73abf33140b42b28e74c9040fb2f788ea63f102b5bb5f5de2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b4cd3b0588138188c5eb729bb120a69a

    SHA1

    6750ae33e3ad244e19a7f7ee9a446e542875155b

    SHA256

    3966902fb849e68b7eb3e7db0f5fb286787318fd2d057c133ed6be1635b0d2a8

    SHA512

    f1c585d4acd897c253d2c63c7d07254644185d4144f79a244b7a46a11f99621993f3529ba78541cad7af28ee23e4c294c7bee9fd3ec926fe93870e836da95268

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0855301ed6f52104aaf9b12661b70ebe

    SHA1

    cc595269ee9c71da2d60ca50dd2b6a63b16e79c1

    SHA256

    0dbeab9132411ac76f46cd96b91a2cbf85e90e964ac8db29f84d766ac5d59070

    SHA512

    b5ae685b7be726885feb5e32c22c75ebb3dc3b6c662833af4c443ef99d10ef924738a4875c41583b634743f0e478f825620a4d6d6eb9b415b84e4368bc6fe56c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2fd10ed6b9c851533c4a3ec8fa39ee37

    SHA1

    ae713349b02e3785e2a244f1242286463e980f22

    SHA256

    450a9e3b43d9cc2cc86d9718766dfb4b6541cf33337ff9148893e6de13b6d729

    SHA512

    466f874a7ffc413564e411b8bc6d9aaab461bc189a79529fc32a2b76bcde0f497fa5ae751512a0ac176d3ed9bcedebb8aa48c14899930ef317f987b667b39362

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e5bfbabfcbc0a96465f1aa0b495b41b0

    SHA1

    22b398805ae599ad9fbe63555cddfad770d41bf0

    SHA256

    03f1489299b1347d002b701f93b0dd7983a0004b3bdfe7a6a2f07f921a74b162

    SHA512

    eb2d2865ae6ef21e2e28ff9c0873341a003de14cf3dc3357e93b907cc50240becaf173c273bd6b9dd996343bb16f4798440fab13a0092b96183d422683b74ed9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b8e4f370989620adf7dceb0e10f9aa4a

    SHA1

    ccd1c7b382e342e5893167220684b66ce8ba3e22

    SHA256

    b88e653f646abe0e6a661b8effb762576133b6ccde162210f66d75409ffb38e2

    SHA512

    0998b18216f3ba55f932eed16fc7e7085fc6e28d42a4bff16a31339baae5871497be4e5c729c2770e99708f360202a9110b74989e536dde0cbd7049b3d052455

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1e02cd87063ec84b125f53dd3d8da0b0

    SHA1

    4eb613c89607e39cc0bd84c74a18781c2fe40537

    SHA256

    72196c10418d5da4af5cae7a0cef76d0a226165f929117413f805b580c913803

    SHA512

    99bbe18a5374d1712b47ea64b03e82f507fc89a8b7418118cd2e6af41d00dc749b5c1ba2529bac8ed73b6aa3ea71c2abc291e357527d037fa370c58024a954f6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    58f328fb1166341e92bff5d997bdc05e

    SHA1

    088343ee756b489cba8fa89e6890602710d10844

    SHA256

    d28b6b25b66794ffc2d32f29455f3f1c0908eb4763e12b42939f1b3851ab4329

    SHA512

    4f8776dea3c8e1dd208cb60b8ee101f44b83e7695ee9d6ffe81893732c5551e7919ca050f2a4cd1ff54a6da24f3f985ea19332623eb9c281246370138937c52d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fe4be2141371c966c8f9a122b0fcb031

    SHA1

    068dc7a0498dab41e696dbf1e154c31fcabbb7f5

    SHA256

    68ad2161eb0928395e609cae53356b60c5846c1a00989bc32ebfa160a0d4b5d5

    SHA512

    b1690b0bd5106d7bc2fd8dc7988903d75bb1d27ebc28fb1c17b48d1b222ef9d2044f6e18622b5839230c1d452f2df0f7a15c20dd9a23bdb1174ca31e59f49ee0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aac6396cbeeed301247d8b404f769a32

    SHA1

    b537d286a3c701b4a2b62aa8105ff76c190b0ce0

    SHA256

    260d776079dcf94397b761bc644c42c0df6ebed2cf68d85ef4c0d56797dc20f0

    SHA512

    f015a6e6e7099bc6b5804e43cb87618cd249063057f558ec383696d0fc80ee2ecfca9e5bb58973d45365328ab1828b1322c69a960dbc47aef4edae711ed5c9fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e3114fb03b39fa15e3cf5741fc7b4cea

    SHA1

    df52e2831651151f61a089e2a65a41a2b71e419a

    SHA256

    94898946779160f6b85ae21c69673cd1eab7ca9192fe716e4d06c834d7f83db3

    SHA512

    df1891e1dc60bb1f29cd3faf2346fda63acef4fc30d3ef4e279bfdda36b6ab1d8cb9a11d5c356358dae9f197b99682989fd08f4da57af9828acdcda6c757c030

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c4380369886aa5ce3d2fd9888af537a3

    SHA1

    acc727f9b808fff910cc44082e099c148a6f3c04

    SHA256

    a3842f478ab058597bc608588d488bc829f52837f108d160cac5adb4bdab8e1b

    SHA512

    9681925bb7e51d6e3076dc3f83a49a0eb953c2188a83ca85ceaaaa5bc86b8ceed145de70f7f2e09c7e95f09200c7a1566075b7902fcfd0e6a66d069840ed8005

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\e1ur8h2\imagestore.dat
    Filesize

    24KB

    MD5

    0d2df1376b1167889096450fbe6a6ba3

    SHA1

    3f1024a1250303b3fab74bbbf3b629f4920c7a92

    SHA256

    89a4a43835b51f56bee61278ab19dd2b3cfe9e4516a44fc212ae5d294070dcad

    SHA512

    67ad8a42caf31c8a3d88e95dae1b226b7371802514b5b9821360cdfdac4a7ae7ac414df11fde7b44723176f2904431e9a9d16f4efb89fbed52e127ff4e1457ea

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S8GI6B9B\favicon[1].ico
    Filesize

    23KB

    MD5

    ec2c34cadd4b5f4594415127380a85e6

    SHA1

    e7e129270da0153510ef04a148d08702b980b679

    SHA256

    128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7

    SHA512

    c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB695.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB714.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2096-2-0x000007FEF5970000-0x000007FEF635C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2096-554-0x000007FEF5970000-0x000007FEF635C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2096-557-0x00000000006E0000-0x00000000006EA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2096-558-0x000007FEF5970000-0x000007FEF635C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2096-559-0x000007FEF5970000-0x000007FEF635C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2096-0-0x000007FEF5973000-0x000007FEF5974000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2096-555-0x000007FEF5970000-0x000007FEF635C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2096-556-0x000007FEF5970000-0x000007FEF635C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2096-551-0x000007FEF5970000-0x000007FEF635C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2096-552-0x00000000006E0000-0x00000000006EA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2096-553-0x00000000006E0000-0x00000000006EA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2096-1-0x000000013F4A0000-0x000000013F744000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2096-3-0x000000001CB90000-0x000000001CD4C000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2096-120-0x000007FEF5973000-0x000007FEF5974000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2096-136-0x000007FEF5970000-0x000007FEF635C000-memory.dmp

    Filesize

    9.9MB

    Download