Overview

overview

3

Static

static

3

ea98f771c1...18.exe

windows7-x64

3

ea98f771c1...18.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

3

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

$TEMP/remote.exe

windows10-2004-x64

Analysis

  • max time kernel
    118s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 04:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $STARTMENU/Internat Exp1orer.lnk

  • Size

    1KB

  • MD5

    9ffaab5f197ee38cf1fe65e19d4bb217

  • SHA1

    39ee57d785cb31b75fe79879ab5dfed14eb1a28e

  • SHA256

    6a1bfc7b4d0b3c749f9a5737f7f0253c634bdd62fe812948807c6beae039ecca

  • SHA512

    eaa04c6437eac713912a81b2e11f97cfdc38d5d5bb459d7f4ae94d140b2bd4d74685cda43697f00b6803b1b58da3bef78ca3d9d6a4b9f5e4278ff2451aee512b

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\$STARTMENU\Internat Exp1orer.lnk"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2516
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.113w.com/?waga
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2728
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2728 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    015f987b609f8c9ce9b41872614fd508

    SHA1

    2a58bd41499d2d602ba35cf048ad6c2a77b73f91

    SHA256

    e9680b8face396b8d173eb727dcbd388890069283fe55fa215baebbdb328ecbd

    SHA512

    037a2333fd380ed1f2b3116e9d137c4e218b95d8ef9cfbd31676fd8b2314a1948f7d7557f828fdbd42fc71b207d61d553b435bba531e4c9a661d45ae65a6d7f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ef79fba5feeac8b48e4f4e742a9de363

    SHA1

    d2931f6c042ff6172bf442f20144c5307ac9e42d

    SHA256

    d8da08ff8aa7b2ac84e88ebc50ea8dcb62eecf168971cb63badcdbb1930d4c9d

    SHA512

    5f63af460bb28ec41124f1f14ebc1acb51d946c398df680f96163b7f8e9848d4cd7e3da1ca936df427db9cc9065c91f88bb85dc6c0208e3b41c97f050ffcd1bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9be117cc254d42bfaa80e9508643441b

    SHA1

    465089442d1040f89c9391260bbad437f902db40

    SHA256

    529cf5d58875aba06be97d50a879afcdc871cb7f32b296a6bd5167fcab404bc1

    SHA512

    0bac608dd8a7293cca7cc87ffb216fab0449001f23cdf10e8a13594b8de724c02109e4f49ecf9866377320716425387c41f05dab3b261ecec97057d8fbca9a76

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ddd0ee0eac1e72009a5fe180d015af5

    SHA1

    c861e6af6e5b60d7f3b3e4189f0c31aba2692ad7

    SHA256

    75311f7ba722f65f65db9823ada70b66817af3050f97490d3d1c30ed7e9594f3

    SHA512

    f854071a1586c8b616789651034e02a72d53c997bdac57e61e3066ad807e827b6a8b077470fe454721ccb8d18ad5328fdba7a61bf2ffef7ae77ca246b9bfd999

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    37c22c4e1b2b46c84d9d2e787617e3fd

    SHA1

    ff0dc78cbe7d87e2ff50f176015fbf3db27c7eb1

    SHA256

    7105814740e0f2089bb3f2f4df4a4ba37a76167f59c522500cbbd4ca879eb24d

    SHA512

    72fee2b5c03ab04711fe2616d19d37de37fb8f78cc26d63f11115b45f56b86111649ac422c5a0b06382887e95984bde7bffdd3aa12dd7f19bd01f6072c2eca10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e33c6588f7b8405c2ca5b3d5b3c29724

    SHA1

    6648757daccd32d7bc4b745e01000dc96ea0bad0

    SHA256

    8a23afd878536810bff88a599e7c44837229a2a9af696f9f967ec4c1a48faec5

    SHA512

    5fd547bc05a43a669b133d6d5397d0f88825fafb29835fb0866a10dbd2f0fbf6dee957ce1f6b5ff8aeb09c87bf3bbca13b61229affa375029aee9b7b891be88a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    885ffcdf3e7b9dc29fab9259093f447d

    SHA1

    3bbc28632b9e09afa37edc59a06a0dae1d7058a4

    SHA256

    719006ebe6945a207270dc2be09f0db67a33fe5184b7124f1f663bd4d8bf86e1

    SHA512

    52e1cc2afdb7deafe320f07eb1d55f17a0938f8187be8d999aa8b21c919b5546537aa142308d18f9aa533d1c828d8c813119b09cc4086ec6a98ffdc9230241ab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    83945ff4a61410d85af40340ed5594c0

    SHA1

    1f33ec63d87ec0df08a7c3440e26904852f3e960

    SHA256

    41a5f8b44122f046737b20bb79048dd0f925025f5d263a2ad2c6ddc48dc90f0b

    SHA512

    f6709a7ecc39a90a0820794812cdede7d7dce8ca0ef802a4a24855eb8ac4b2e1ca4df2c9763ebe1af11e87f945387a5af679aaa1c8fcc9a60c00cb5f9f62b1c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a413d28f7832712008c3746a5e540432

    SHA1

    429b40369eaf6d4a3e3cec03f6a4b12875d4d898

    SHA256

    c3a6e1a973d2d75ebb975f2f5d5b47791bd3d6e7b8bfa428483a1bc960d9cd76

    SHA512

    222a7a508c628a94cf7afefbcc8ee54cdf4c89320456ebb1e6547f066cc6eacfcc9207a41a1ada72e15c47aa7456ef1661be4278ebad50eda17ea77d92dc51ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b3c268ea535887b209953b848170f8cc

    SHA1

    c093b8fab3909b8369b61aad5bce5ca0ebe27ae7

    SHA256

    b991e8b3f58720fbabe46584049fab5852b521f6e0bcc20f3aca0b0d276cf87a

    SHA512

    418cd87b56f43110a62a0b1ab19900c80823948187cff2b75d35729413faca57a116989c2c4e4edd1812362ecd3e163f007a0e72286e9982fed65a177b2a36a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f175b6eacd0cdbff4a37ffee9ac7b277

    SHA1

    a3bed3c5844cf30a5ce9b8ec4db415940fb26c31

    SHA256

    c11df71a37d4f1aaea7428f6745303d1dd461710d8a050a65b264c5ef91f13fa

    SHA512

    0ac12c342f889264f2023e869466684941a265b4368102f4705c61a09f803c04fe026081d8e70cf02850e4290ce47ce7cac9cc118304ad88c8a0c997b0c0623b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    975795edf69594eb00366562a9688bf2

    SHA1

    543ddf33d80da0e63ca9e74404f40e2c64d14923

    SHA256

    922056c6c55e1edb027a6e4b57bd0e114c462aa96db00fece8bdf5227a63a928

    SHA512

    9cd9937ae6cd64534952f605b9b653f2a3656379f31fad50c2016bc7225b87bd189799a674ef8ff9c67a99ad7ec5e70a766e9c2838d499c1cb794e16d73f3e7b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9bbbe8f8ff3a8cedc6740e5f2d3b56d1

    SHA1

    9a57e5fda6966220ed7faaf806b422698d51066c

    SHA256

    b89a1bc49cf12f0d8b0a0e0cf1fbc92a055ba4d68d938aa2566c2e159d039f90

    SHA512

    325280ccbe3dfb560e71a66aa91516676d27842f93b809b18db66a25b4b33d5ea112eb0ec5cd7964fa23f33c14b878d963b97406223c0b66931cb751d598557d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    762a2f8b511e19608bbde985b9b572a2

    SHA1

    ca81c5d989d3491fb398c87b7ee8250d5ec5fd78

    SHA256

    d7f928e8c68bab9cd7a54e59db1dce6944202ab674dc8781f54b07745202d209

    SHA512

    c9fa43d00823adf8bf88da26ab03d1efda1a1d63116211d6b927a0ab5d689804e66b9bd436bc628d885039a6b6c30d66156ce7e2677f33be555675ebaf62801a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    943ffa40ea53a1645d7358ed108be9f5

    SHA1

    e82b5d7a22f76ac78c46bb7b7ea1f261bcf5f71f

    SHA256

    d2886e3996610126a4bc580856d28d3126ab243c1a17e5c7e7760e27a49ca497

    SHA512

    02319ce896514f805cf12315f7b02318572ad3577789698c46035cfd747ee756048e4f28fc4a3b7e20a04ced9e619d845719c04fea55e01bd85d64f6208408eb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b5482f6134b9d5ac98163af586253845

    SHA1

    d1d2a1c9ada8620c229a461b2ebf9bf1a2ab5698

    SHA256

    35f78a65f2609d3d0da044863e4a63b2795f4a4a2e3fee93f53d95b1f67edc47

    SHA512

    7c147d3459533cf5909a62a152132d03aa6b9e724b2f781bff4adba457043f98c18d5b9179bfd92704c9fc889a736b48801c78241c681508c1e19b498a24ab2b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    686382f41b7f2985e2b4e22e9a25969e

    SHA1

    bd428f4fad6d948bc5def167e189891d0c102c0c

    SHA256

    331d2694197905fe50f2dbea1b547b6556c0f4618c212f144d242cf2e55da293

    SHA512

    7791292dcac5dfa305d7b56b82f9d61dcf40f7c614e9295426499c31c596276205c69da41853986a530d0e13bfe6a62c40161370fd2bf19679eb740c304183ab

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab11D.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1CB.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit