e1ad601efd3c675be2e72465506d0dd59438230ba8083d2849c4b5901d736eb5

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06-10-2024 07:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DjVuReader-win10.exe
Size

4.5MB
MD5

d53d9e24224f5cfa6ebd97536d39f28a
SHA1

ebc2a345cc1f48fc1697a2a603292658a576fb97
SHA256

e1ad601efd3c675be2e72465506d0dd59438230ba8083d2849c4b5901d736eb5
SHA512

96775d0ab205628d3182e509cc75e1a7421c77fad92711ba0e6eef054fd40d9fc1315d77ff7bc341bd8c71f3fc46d4308b4b4c1d531c26ec06b1c722f62f185a
SSDEEP

98304:ayIrBsw4uyo1B/4pe1qBclziRvikZq2Zfg5VucQt+u3N:a1Ww4ulZwhsSfg5k+u9

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 36 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\DjVuReader-win10\last-ok.html	DjVuReader-win10.exe
File created	C:\Program Files (x86)\DjVuReader-win10\ya-page.html	DjVuReader-win10.exe
File opened for modification	C:\Program Files (x86)\DjVuReader-win10\Zf8rvhm.exe	DjVuReader-win10.exe
File opened for modification	C:\Program Files (x86)\DjVuReader-win10\anim.gif	DjVuReader-win10.exe
File created	C:\Program Files (x86)\DjVuReader-win10\last-ok.html	DjVuReader-win10.exe
File opened for modification	C:\Program Files (x86)\DjVuReader-win10\last-page.html	DjVuReader-win10.exe
File opened for modification	C:\Program Files (x86)\DjVuReader-win10	DjVuReader-win10.exe
File created	C:\Program Files (x86)\DjVuReader-win10\img\io-C8t9XT02OGTvUT2xx1Q.webp (1280×720) - Google Chrome_240715221730.png	DjVuReader-win10.exe
File created	C:\Program Files (x86)\DjVuReader-win10\img\log-game.png	DjVuReader-win10.exe
File opened for modification	C:\Program Files (x86)\DjVuReader-win10\img\log-game.png	DjVuReader-win10.exe
File created	C:\Program Files (x86)\DjVuReader-win10\img\logo-offer.png	DjVuReader-win10.exe
File opened for modification	C:\Program Files (x86)\DjVuReader-win10\img\logo-offer.png	DjVuReader-win10.exe
File created	C:\Program Files (x86)\DjVuReader-win10\img\master-logo.png	DjVuReader-win10.exe
File opened for modification	C:\Program Files (x86)\DjVuReader-win10\gam-page.html	DjVuReader-win10.exe
File opened for modification	C:\Program Files (x86)\DjVuReader-win10\icon.ico	DjVuReader-win10.exe
File opened for modification	C:\Program Files (x86)\DjVuReader-win10\setup.zip	DjVuReader-win10.exe
File created	C:\Program Files (x86)\DjVuReader-win10\icon.png	DjVuReader-win10.exe
File opened for modification	C:\Program Files (x86)\DjVuReader-win10\icon.png	DjVuReader-win10.exe
File opened for modification	C:\Program Files (x86)\DjVuReader-win10\img	DjVuReader-win10.exe
File created	C:\Program Files (x86)\DjVuReader-win10\last-page.html	DjVuReader-win10.exe
File created	C:\Program Files (x86)\DjVuReader-win10\start.hta	DjVuReader-win10.exe
File created	C:\Program Files (x86)\DjVuReader-win10\Zf8rvhm.exe	DjVuReader-win10.exe
File opened for modification	C:\Program Files (x86)\DjVuReader-win10\ya-page.html	DjVuReader-win10.exe
File created	C:\Program Files (x86)\DjVuReader-win10\icon.ico	DjVuReader-win10.exe
File created	C:\Program Files (x86)\DjVuReader-win10\icons.ico	DjVuReader-win10.exe
File opened for modification	C:\Program Files (x86)\DjVuReader-win10\img\io-C8t9XT02OGTvUT2xx1Q.webp (1280×720) - Google Chrome_240715221730.png	DjVuReader-win10.exe
File opened for modification	C:\Program Files (x86)\DjVuReader-win10\img\master-logo.png	DjVuReader-win10.exe
File opened for modification	C:\Program Files (x86)\DjVuReader-win10\start.hta	DjVuReader-win10.exe
File created	C:\Program Files (x86)\DjVuReader-win10\vid-6.txt	DjVuReader-win10.exe
File opened for modification	C:\Program Files (x86)\DjVuReader-win10\vid-6.txt	DjVuReader-win10.exe
File opened for modification	C:\Program Files (x86)\DjVuReader-win10\icon.ico	mshta.exe
File created	C:\Program Files (x86)\DjVuReader-win10\__tmp_rar_sfx_access_check_259434015	DjVuReader-win10.exe
File created	C:\Program Files (x86)\DjVuReader-win10\gam-page.html	DjVuReader-win10.exe
File opened for modification	C:\Program Files (x86)\DjVuReader-win10\icons.ico	DjVuReader-win10.exe
File created	C:\Program Files (x86)\DjVuReader-win10\anim.gif	DjVuReader-win10.exe
File created	C:\Program Files (x86)\DjVuReader-win10\setup.zip	DjVuReader-win10.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DjVuReader-win10.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mshta.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 2888	2532	DjVuReader-win10.exe	30
PID 2532 wrote to memory of 2888	2532	DjVuReader-win10.exe	30
PID 2532 wrote to memory of 2888	2532	DjVuReader-win10.exe	30
PID 2532 wrote to memory of 2888	2532	DjVuReader-win10.exe	30
PID 2532 wrote to memory of 2888	2532	DjVuReader-win10.exe	30
PID 2532 wrote to memory of 2888	2532	DjVuReader-win10.exe	30
PID 2532 wrote to memory of 2888	2532	DjVuReader-win10.exe	30

C:\Users\Admin\AppData\Local\Temp\DjVuReader-win10.exe
"C:\Users\Admin\AppData\Local\Temp\DjVuReader-win10.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Windows\SysWOW64\mshta.exe
  "C:\Windows\SysWOW64\mshta.exe" "C:\Program Files (x86)\DjVuReader-win10\start.hta"
  2⤵
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  PID:2888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\DjVuReader-win10\icon.ico

Filesize
105KB

MD5
6b1ad23531e7e02fd2d7524edba770a3

SHA1
c0d9116c61cd7b7dffa31d006ab6833753a06b15

SHA256
9129ce627153f884a21bb07c1fe925685976b333053da37d6498939d26842e95

SHA512
d20cda3cb4122e0e74f12ad0af08249e8472984a6ec1e433ed4f9b045f52d4eb1789855054694496b7b370fad7a5a06303c737b5a9be53489fa2206b698c5d7f

Download Submit
C:\Program Files (x86)\DjVuReader-win10\img\master-logo.png

Filesize
26KB

MD5
971d3f323c6f3de131338e4e006d3852

SHA1
6ba628df375d2a617999c6a6328a7117b81ab7e7

SHA256
085f0535a202973f1d78c5d54dfb96eda1f174bca238e09fb8537aa2ffc4fe7a

SHA512
61056c197a48d14b8f99842e1872f2d636542976224dca4857040f64ddfc7b32a860a029bb25814707a856e34f658f63e808991d5ae770720de3256310cbb14f

Download Submit
C:\Program Files (x86)\DjVuReader-win10\start.hta

Filesize
3KB

MD5
6e59ee57e47be5cd1949be630913939d

SHA1
498d75da2da2567149bb33471643e1134ad0d4bd

SHA256
2aef5d05bc715dd805f9ae0dc24f10d1826c92ce0da3227da30965d4084a59e1

SHA512
713b84483576df289114a03ca38ad38f53601005f93e5c4b134d2d293f00a94840430036e96771360d345f3c622c4e02e561fb78177a4e2d05f43a91f76ec3b9

Download Submit