Overview

overview

7

Static

static

3

ea76821341...18.exe

windows7-x64

3

ea76821341...18.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

3

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

7

$TEMP/remote.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$TEMP/sobar.exe

windows7-x64

3

$TEMP/sobar.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 03:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $SMPROGRAMS/Internat Exp1orer.lnk

  • Size

    1KB

  • MD5

    9ffaab5f197ee38cf1fe65e19d4bb217

  • SHA1

    39ee57d785cb31b75fe79879ab5dfed14eb1a28e

  • SHA256

    6a1bfc7b4d0b3c749f9a5737f7f0253c634bdd62fe812948807c6beae039ecca

  • SHA512

    eaa04c6437eac713912a81b2e11f97cfdc38d5d5bb459d7f4ae94d140b2bd4d74685cda43697f00b6803b1b58da3bef78ca3d9d6a4b9f5e4278ff2451aee512b

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\$SMPROGRAMS\Internat Exp1orer.lnk"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2404
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.113w.com/?waga
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1648
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1648 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2964

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b1e4f09c44838cb0260c5b52b4e6185d

    SHA1

    11418e357f079c1d13ab83e1ec1a54234530f216

    SHA256

    05aa407de6fdaaa4df739adfb5507696cef3a9ef769c5c72c12b8efa418c17bb

    SHA512

    072d49f22f58a096c4aa9c2a7d6bfe96fec4c1dc35db3738515b9cb4d7cb1343ac3d39f11867dcffaa63ad915ca374104e5ab286487badfc91dc23f1cb8c94d1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc0cc1d3efc275890ec6c865e75891f0

    SHA1

    be0448214febd5a2cc2f40968ee1720d053abad9

    SHA256

    8aa8051f6d4fdf3dc128e68ba047b53d76c9378c1085ce357ccb7943e3900f24

    SHA512

    25fb91d8b4eec2738eca7ab44ae4e88838711898b2f6c9fb7d513c95fd115267d5105d6891ca5852b12aedf02e97028186e1af4557a5ecfc12ea6d10262ce803

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7c41424a8f73124e2260e3889513dfef

    SHA1

    322e2fd995716811c5fab677a75cec1f47120920

    SHA256

    3909429d32b94df20ac11f260f3ffab6f80aa09119b46b1327595fcd287a6a0a

    SHA512

    9df958d5c9069d090b6004b7de188d996ac6f8ca9c72394cfa25ba3a747a362b7cab14ba3da83cce7854f42add522cc0e11296d4243a7671b4c2883b97f8ec4f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a88ebb0edd453e89c9f5b3f35894eae4

    SHA1

    c07884a2d3a0e78c25495345ca8a9a0988afea38

    SHA256

    a495eeb9005ddcc845678253cb07f035b7d0de1a6ae27492eadb58ac43cce310

    SHA512

    266637bef524f07c6e01f62af86899d4d254098d4102b5c10fb5d996f21d05cb2186136d3d0f37f88226538439579c4f65410b917e04b8b9c70e8d4c9b81253e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c4b18010e36f7105617ee0af481a4737

    SHA1

    92135f552b7e8b90c8f209d4861baa97b1ba43db

    SHA256

    e090832e61d7a46f0db632fbdceb03d8e37e5f1130f193070285224686e93373

    SHA512

    909780c0ee9aec4212f3aaaaccd1808ada77cf2222303dcce7de50e4266bfd576525999d30deea0c36e4a8faa59dfcd4cce640bae936b7ca60256e5b9e58aeed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6dc37a020450f2f12e13b31cbb318e07

    SHA1

    afb91264df8b477f07c10ff251a2e0828490ecdd

    SHA256

    0b796fb043e37f769824b01bcfa3ac6e138cebbaf5b1224d851a8fdf5862834c

    SHA512

    b4cb6abcb887e09f0217e9e9f84b4636dc6b6952ac02167c17968ae392f5ed83fd2f9794f4193161055227e64d1f8357f1b57296519796a5285adf6f4c2aa090

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    46331f5200921dcff199fbd7239b3f58

    SHA1

    f254a513863fc2e4fe117963dcf8e0ccea0fa4f1

    SHA256

    91ed4a244d0ea5eb14aba9af1a1d03b8a05ff720b9c742ab81e8216e5e72363b

    SHA512

    682fae68b6916853d7887818eb2fe07bcba19dfcdc66e3fddebaf4ce6c60c3594e49d6dbe1f252c65c88b078ad219cb7064d29f87a1b664432a1795721559b54

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bec5bf46add23d0812b59c5c733accb0

    SHA1

    8c775c436ee486848c976852cef0733f27128ba2

    SHA256

    60c27506d9b87dc2f13caf9a29c962e0212cf0c68c183ead239db940d1cd63ce

    SHA512

    bfd7c7782926655b3d6463d6d56600c47c30c8b14a507b62099eeda758abc5a09707693b2279fc3c10267ea304b274348f27e0d2735d69b8c55ba98f1742f5e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5671ef0597a3716dbeed42c513be6c13

    SHA1

    f1cad695d8ab1aad759d26cea206d4e8df0c2ec3

    SHA256

    6c5984e5067f00f6a03ff9db37b3dfdf04c4a69b1407e076c269e7b649c51eae

    SHA512

    4079abd794418b27299ad542898f3a4b0c8e91d4ef9ed40ad2bd6179b16cf98edd6c04e0c522e286b635ac72d7d58831addb2e8ceabb8b1ee7a5bc90aecf4617

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6680503d47ecb209c7f44bc1fa9091cf

    SHA1

    c9f7673cf01c84d709c2f6adef0cd18aff6d43d7

    SHA256

    1cb8f7df494dc6d42a28097ce2cba55feb43afdbe732d290940bdb2de1f166d3

    SHA512

    650d1b8f5f48905caa8c57a8af0d1f2def7e9d40f31b88d816007980bf1def59c789e0da0809d26eb9cc4fc8f1d1e7fc3f54da1080e4ffd52d565a16b5baca39

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e355413bcde78541dee602ca8cf2a434

    SHA1

    803331a964663e0e5cf212c23c964dc8af005144

    SHA256

    134a3c56de2d7510a9e86945534f0744c56863ab886102b831adcbee06053808

    SHA512

    39b489478772e3b3817a764f415cb6d8f68bdb89cac41b4cfb37d1850015330e465b28ad6f3f92a0ad3099a2e9492189e958a719a920051b3e4202919d0076be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bf9f48076fc391f25347bf11418ad739

    SHA1

    219e27b43bcbbd2946cc7d57ae1075b117aa47a5

    SHA256

    02352551aeacb21a0f1576e4910b920db16abdaf80f185dee753397ab3a66d1c

    SHA512

    38294c9455b736d10ebe02cba87180c755ca8da4a66b1111488906c818a7bdf769020560ae272420e5ddd7596dd8273a12d2999aeea531af76235131cc3a5742

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b15c336e684744533d92b8b2cc804bad

    SHA1

    ccfcab24ccad233a3b004e4d18b47fee5e60dd30

    SHA256

    9726d5294d95506c54e1c0d09d066a6f04b50149dbe13a5b5c8fb7d2216b6323

    SHA512

    90f414a6fdea7023581103b3371e8b62bb7c68f9df68b29e5b22a1f721545a99abb5e4594b7bb238ae5a60ab94f8267aa18d46519555def83a78fb5ec652f758

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f9c854a1d38318550f1ecd35976e10d

    SHA1

    33a0f857858cdd400d4422ba1bedb0a7275a11a8

    SHA256

    965f2aaf7fe798d820bc97456179ef7917a62863fa8ac8e50307a8ff1e3cd665

    SHA512

    1b68fead083de983f4e7d6e3b14be3df49e3ef7b1b2e6c2bbc1094adbe1cb7af83bdd67aa8e4a7ffeffc90a735f5237c184b648e7b2f4845278407a6e929a673

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    23bb4d3750999ff133d8c48fcebe9908

    SHA1

    a6d4e96930c5883f9ad31e94037fb8ead9c7314c

    SHA256

    58348a72d87033988c175deee947a3958731fc366ce1e1c265c9f42018c58cbe

    SHA512

    f86c8c06b1bf8988ef083f245717bae68f1826fa357d8777e9865430675ce662126ce290f291ba10fa6f932f30fc459fb3872103c06231ffb608c03edd3cf167

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f93a1f26e347d55ca34f7b32aab047e9

    SHA1

    469ed61d306d4bb53e920d6b67bb10e5dd9254da

    SHA256

    3329f0aaffbd8cd21d79dea6bb536681bacc73feb2dca35546f9d48726484326

    SHA512

    3921f7582bfb602045a2fb2217a7e91642150ce9bde2dd3ca5c71d140bc2afe26b725b3e26fbb1f1dd63bf3ffbb0efeaf926fce74c78feb1980273fa582ff8ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d79ceaba277c4975d3e3c6ae5e1ed98c

    SHA1

    26426cbfed13ba543cef1816c17d469745deddd2

    SHA256

    5787e29ea462d7ba620c1dc3f30887d8c2dd745aadd2bc6760dd21d4b08cda52

    SHA512

    f1f2d3d936a73df6fc5c8d2ea51d7efd48cac09d613c02a14531ba13d08ba8a594348de8c6247829ed3f5cac12e89722951bfc67bdcb0bb97403e45a164caddd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be71606d0cbf576e8001e818a7fe7369

    SHA1

    c7ab22c11c4ff60a7174684d5bd68e68816e96b3

    SHA256

    751074b3d81e7e9a454f55d35134d09f6a305b2efd3f206e1de54c56c3e89d5a

    SHA512

    50b35f3f79ed63a640825ddc8014fcdba3dca4ca5db57f43840e742fd0dbb7971728f9e81a920240bbe27c7e7864aa3934d48470131244546a7feebee6aa1518

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF27C.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF2EF.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit