Overview

overview

3

Static

static

3

ea98f771c1...18.exe

windows7-x64

3

ea98f771c1...18.exe

windows10-2004-x64

3

$APPDATA/I...er.lnk

windows7-x64

3

$APPDATA/I...er.lnk

windows10-2004-x64

3

$DESKTOP/I...er.lnk

windows7-x64

3

$DESKTOP/I...er.lnk

windows10-2004-x64

3

$DESKTOP/�...Ʒ.lnk

windows7-x64

3

$DESKTOP/�...Ʒ.lnk

windows10-2004-x64

3

$FAVORITES...��.lnk

windows7-x64

3

$FAVORITES...��.lnk

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SMPROGRAM...er.lnk

windows7-x64

3

$SMPROGRAM...er.lnk

windows10-2004-x64

3

$SMPROGRAM...��.lnk

windows7-x64

3

$SMPROGRAM...��.lnk

windows10-2004-x64

3

$STARTMENU...er.lnk

windows7-x64

3

$STARTMENU...er.lnk

windows10-2004-x64

3

$STARTMENU...��.lnk

windows7-x64

3

$STARTMENU...��.lnk

windows10-2004-x64

3

$TEMP/remote.exe

windows7-x64

$TEMP/remote.exe

windows10-2004-x64

Analysis

  • max time kernel
    120s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 04:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $APPDATA/Internat Exp1orer.lnk

  • Size

    1KB

  • MD5

    9ffaab5f197ee38cf1fe65e19d4bb217

  • SHA1

    39ee57d785cb31b75fe79879ab5dfed14eb1a28e

  • SHA256

    6a1bfc7b4d0b3c749f9a5737f7f0253c634bdd62fe812948807c6beae039ecca

  • SHA512

    eaa04c6437eac713912a81b2e11f97cfdc38d5d5bb459d7f4ae94d140b2bd4d74685cda43697f00b6803b1b58da3bef78ca3d9d6a4b9f5e4278ff2451aee512b

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\$APPDATA\Internat Exp1orer.lnk"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2648
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.113w.com/?waga
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2592
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2592 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2612

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c85ad5e5538dcb2f73cab2c034ae5d46

    SHA1

    e6f91f81ff237fd7b9d06bd1cbe98c5a1b105db8

    SHA256

    cea007c6211c8de175ba3445625f4d82898acd2a65f668f480d74d7b68303708

    SHA512

    e0b6bd624d52ff82cd9a4e1c7f418f33d2b17365ec572e8eae11edc2bed698fbd274de9c0262bbbd477ca42e565b71adec28d51dc5c34ff0d685f2b4f2a04cc0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    93d20cc83c27ff4dd257916ce33f2fbe

    SHA1

    d5eda037f55952b99aec8b4e24792102781eb11b

    SHA256

    95d7110767d6572cd5062d770105f1b6fde821bab1be0a3a010021963617f118

    SHA512

    d1d09cf1c10a58247568dfb7539fc500e6417ff10c5d012c366ea5aaee8ca94504adf2543b43bc530b86655c811e348783f5c1bf62afad9a36d0511514bbafdf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ec8dc279315c18978d35e9762370175f

    SHA1

    19133156991004a865d2362852692202f9be63cc

    SHA256

    2a56944a989619dd564aa556416ec62f0317a8258dea7c5d6d3b146cc82e9ada

    SHA512

    d56e48a9772b383df91aa8b242c443dad03590f10fd806e0f8df5a63130c1837f6c60bdc13e32bef2f065fd3bd40533775750abfd20b3f541e7db6062747bb8d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5bbb59bcd890c829b3e75a9156029ad1

    SHA1

    dd37000c9486d2f657ef487fe3a0cca9c1d16df3

    SHA256

    3f00dd3daaab07bc70c2aaa413e377574bf983f506e46b706a0c6abb2161fcb6

    SHA512

    3c0fa1e51e572e44b44ef0be618415f3383dadc175c0c4e41e4c91bcaa725326828d95603bb1157fe48adbc912a5ec5b6762b1cc10966083de27723562e57d5f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c5e0c1493ca56d154675e431b87c27ef

    SHA1

    92fb028db44e63ad7545da04283d2e485b8f1f78

    SHA256

    8e100312d73ffc54f2f83298c9f1fb4cc66ccfd26a39620ba64cfb4863e3aa25

    SHA512

    7f0f5aad0c96a87d95522aef5b6a0ee774f118190df172223c7743acf761e8b151ff4d20d3c5af8ba1f09616ce725313355792c8c32c1ec0950e6c20c3abc8d1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d88d858674d8be4507e68972ad06ec67

    SHA1

    bfdeba5dad1789a640db18dd2655508735e76e35

    SHA256

    fde94d302c17a75dfdf3fe5fd13713b0c038560626ee7fc9fb4e0134087995b8

    SHA512

    bb09fe9a2ec7d74534bd65d4629585a135f8a07e00e0006e426f72c2d166fefa3f58407094b2d764e3b35e082e0a6d8c71eecd4378e71c56e9f2e17150eac615

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fd83009af9a5968d12c35e0b67528f0d

    SHA1

    ae5a73e90651800ae8976c9b5e7192e71a17772e

    SHA256

    fc6f3e3d29ed88d11e334ec42738d3252b6d792f86a5aea9a84f9dbc9c023d3a

    SHA512

    06276a62450b656ab00c8c553c53a78fa74b0a47e9eef73ba686544caddf02ec24a2f4709f0644947ff49984eba879f63a0c86437b9a67c5bade878dbe7a4580

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0d318e0e6d9bbe20b673b2dec205f324

    SHA1

    1327e5908493d85a6db22cf1b0b53b4690a11471

    SHA256

    de08125920f860ac92290f3ae33d67f8bf8ca5d490d7a21a04aed071f0ccae03

    SHA512

    8d27f8d44012c4ae193ca1aad964e22b3d21dd0c734f322bf44e753c54a3a8b00e1bdf79459717534eb924929b60b10e34cfd2bfebeb94a376903811c7dc23d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    17056180a80bd124718d60d20f17c08e

    SHA1

    05b76c85d72bdd1223ebad1c800915eacf3d2863

    SHA256

    ed51f0d9bd786567eab838ce061893cb80df06500a3e3beb4d9a337c95b4971c

    SHA512

    fffb806e7055d1d39b7bb494e9e48d4ed6a58fbfb96e3848fa5c64f0705d535b246fa0f68996a059212930b2f28ee37b0cf18fd9170a4ca9ecaf99bff8f68a13

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1f0aefb21208505fc39b0c6012c2c86e

    SHA1

    d60b0eefd5ea7edfdef329883f89cd233b4157b9

    SHA256

    aff457be9df9a61b82a953ae5e35e0c40faa8d18858d3b33147dacc36cd585ad

    SHA512

    5cc858f60c211bb3dc7d7e959183bb1606fae61e60ad3e112907eb99a251905fb0013c2d8a012077fd34fba5f1ec4d7e3a9d96e4921d446e8597008fd5201c9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    67ceb3eae3f3d632cb3490c51ebd5ffd

    SHA1

    402a25295cd5ee93ee8bd93aff0cd3dd046f9711

    SHA256

    348a67c917c4d72866f2848ad1193bd9d533d38d5c507118eb368ba16dbb9d4a

    SHA512

    a560f9209257c1937f792784c43330b6f53b65d5edc102379520383ed07d4635372773c713905537157e120d3b385c4ee2bf518dd64fc5d3310e465980596300

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    620ebfd67d27a885757a5ee8e63c4bfe

    SHA1

    c574c7552b35da3bba3b18fac37ad6f6ae162355

    SHA256

    0098af34737031cf9ac5ad3a8bc32751ad9fc5b70947613176e00732ba2e50bc

    SHA512

    1d3e5fe0bb1e16b32b635674b20a971a6ad1c388967b89ae52b1cc1942827536d8410698b68588df4e28c598b2f9c9b787e21fd75af29c2516df419b4f5fd4a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6eca229704385ab5402fc662f9e24bfe

    SHA1

    e188e6a456d880328963a42acf56ebb2257a3262

    SHA256

    248e519f8f4c4446572968e8220a94923a7dd1f7bbd90254a7593b83b4dab7b1

    SHA512

    188676f4f4b6c478a83b84e0ca739a667ea774dc11698867ccf19ac2cd8358660dad61b7da606c41290866dd61cacfe758301b6bf0dc491b8c6af95184bda198

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d269ea57b13cc35e4cfa9e888b261ba1

    SHA1

    46e1aff8ddbec2f63bf8470521e8b27936a3b583

    SHA256

    135c40e0a6aeea3c325428e5bbb2ad5a4c9144757e2af2465050ce4b0bd1bf8c

    SHA512

    297ad812f39844b225c284968cb6ac8b78a9262a25a6e00baaaa444a661a09df0ce91467d5bc6a73d027a8fae9c3ed565c3cb6bf122d7829a792e44d37552259

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8c24975d7ddc39ab2a834dd90ec63e3d

    SHA1

    11c76630fed9ad4a31e200ec35ca803ac7fc4a05

    SHA256

    eb0dbece69771d8ea60e60bb8ba14189c5200e78a15f9155471ffe177a6b42c8

    SHA512

    50f3f51b7ea1c620ff0850ee19255cf97be70d1c09b6f1d4cf36bc77326fd2ab0ce63d18f8ec92685b323aaa8daf76904e2adb0d127f9cf8b90757a5e99d4a6f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a51f553ab8e714919bf6ebc6e111c40b

    SHA1

    7bf6d31afa63400e0c5ec048b464943d399482a8

    SHA256

    8ca2b155dbea198c4d1626fe777ba7038e5a7dad968beedf8c1de9153f902121

    SHA512

    349007ed9c9fe113d2f6cc05dfe59f8f33bd5382e47ae10bcea59214e549a99cdcc62525a9f4f6ce761fb378d6807b2a2132048fef5461a65a3c97702b1c2f3d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    93c799564f6b0e0423ed54b52474d237

    SHA1

    95b5d4c0aa9e48b3576c27db6847376b646f5f28

    SHA256

    76746465613da9e474a45748d2b91f08bfdafa1e8e63ce16e34aaf9b02ad2d0b

    SHA512

    abe3e2c3569c7c09e493c2a5585774674dfd08aad08e3b6001ba2c1a8df55a184e1974c6bf452cc9761947b958530c0d164682610e91bee2d6f9d860ba5517c6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab32E6.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3356.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit