Overview

overview

10

Static

static

10

8684e74d35...e.appx

windows7-x64

8684e74d35...e.appx

windows10-2004-x64

LMgwPLLUMY...LJ.ps1

windows7-x64

3

LMgwPLLUMY...LJ.ps1

windows10-2004-x64

8

PsfLauncher32.exe

windows7-x64

1

PsfLauncher32.exe

windows10-2004-x64

3

PsfLauncher64.exe

windows7-x64

1

PsfLauncher64.exe

windows10-2004-x64

1

PsfRunDll32.exe

windows7-x64

1

PsfRunDll32.exe

windows10-2004-x64

3

PsfRunDll64.exe

windows7-x64

1

PsfRunDll64.exe

windows10-2004-x64

1

PsfRuntime32.dll

windows7-x64

3

PsfRuntime32.dll

windows10-2004-x64

3

PsfRuntime64.dll

windows7-x64

1

PsfRuntime64.dll

windows10-2004-x64

1

StartingSc...er.ps1

windows7-x64

3

StartingSc...er.ps1

windows10-2004-x64

3

VFS/Progra...64.exe

windows7-x64

1

VFS/Progra...64.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    135s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28-10-2024 17:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LMgwPLLUMYUCMYqNCHLJ.ps1

  • Size

    5KB

  • MD5

    13e37ce0c6fd5ca118fca61d6dbbd7c2

  • SHA1

    2a084d1ef095c30e92283eda758383a83fc3ec19

  • SHA256

    ebfdea1721914a504465ea474edc3f823c3e13fc71c86f04f4793c61e5070d92

  • SHA512

    34a3aeed8e223987fe511dc74805f47e0d97e10afc46e1b60520dfbb5e7def8803a9e5e116913c5debeffeba7b0d74fc743867534a99f43fc57e16b45285556e

  • SSDEEP

    96:tPC1x6rjMxSRfmrV9qPpyDgXHPx0aMdPhEaQ0aMdPhEaRv:4fxDVwPwU3Px0NPhEF0NPhE4

Score
3/10
discoveryexecution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Using powershell.exe command.

    execution
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\LMgwPLLUMYUCMYqNCHLJ.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2092
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -s -NoLogo -NoProfile
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1980
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://blackrock.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2328
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2328 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2812

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee56761e427b997ce105fda1182f9962

    SHA1

    5054f3a782b928db7918672b41424616e02b09f2

    SHA256

    94afe5edd92a7314a9fe9162f8740c71cc7081ad1da03fa7b62d1cccfccc174c

    SHA512

    04067fff4d760776093d044facb2de43823a64f23f04d0c714feef8021ad90535ccd5a8e6dc6c3583b9644d91730bf1c2880b524bb755d874a77d4347d2df0fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9cfe5844042465ba79de206cd98e6ddd

    SHA1

    9fbfc8f3324efd4acf3fc96c66c8f0770a30f989

    SHA256

    4f6c2792d2822363875ab0344f9938c5d44b1373f9e07de6dfb3d2ccd4dca08e

    SHA512

    af30b41533f55205cb3e8d8b4744d08708c7758154efb254d60458e4359d8dfa6b0eb65f6ae5eb87e6b132e4c34bf2a73f30ddefd1d6709f8ae7eea269d7b4d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a672e7ecbe3c35b79ff96f64112963b5

    SHA1

    2ce4dfb856f23c60dd47d0b2057c3912b753c708

    SHA256

    0a0236200d40a5262b2ffa2a53a14529d065719269152554d28a376bcbf68173

    SHA512

    00185d98ff57d7adb45eb7c590b473850e35a9d271fa87c8f2d0f576f64193e31ce2b6dc1e8b70305c09fb9b081814cb202b26f17eaf4d65ae160bdec98e884a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8fbc2fe90554e78fa5854209ba549fa2

    SHA1

    d7549b28af3918d95963495e1fc062d3d3ac261d

    SHA256

    a42060ff0250bf6498bc4014d4fed60bdf6d6aa11e8e9f7f4364e5f17bd0a3bf

    SHA512

    30198e041e0129410a32e0fb22a86073531a3c391fc61b8fa9543a45e63baf836ff6f2c114441ad18eeb38aaf1f5c1337febd736d0c40e5212b0dfeb7eabb49e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    86a42d8a021c5dc57f22f4f04d376c40

    SHA1

    4a10f348abf0b6b59a5c9f00dcd181101960916e

    SHA256

    f835d883bbb230f39feaa5f944aa42470ad73adf1f9f8e09c11d18f36292f1a7

    SHA512

    decfc70c678e8de9fb7062aa31b6f59e62f78878d20b124892829e49712582286419706cd5fa64de32cb24751ce63e0bbf0f54cb80e02e554e6bcbcb06d273aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f6c7400fe0cec585eb9882d64718f1e2

    SHA1

    591090b0fc30972378d8bb6e60f780a91e8b54a5

    SHA256

    59b7940bc3520189c7da3c6f0feef528425601897f272d1b59062a4320ea8a6c

    SHA512

    1e558384576bac6f19172e4d16991d40c4f47659abfcabd9f83cf1fe2d56ee9c70e62cfd7202c4b81c11ae3f099cd8fc13dd37a0968d06a006e8fb11f5eb4580

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1c0c9d6264a05844fb095b89382ae659

    SHA1

    c3be4459fb14f714f33c7ab5619840105bf26505

    SHA256

    49ad6ca65715ed5cbdfbee9f95cb6363c28e341028d3a716cc3e6426e9420545

    SHA512

    6fa96957f099cb6a3a82008fb417ff2cb4089d524143b4887e06a3d0f8577841abd1407ddf027c49b59b5a70df6a1b2fc54ca1b0df5e0b5e53aa974d9215020a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    48e21fd6fe080746040329d5c0bd945b

    SHA1

    961bef5ead56df9b07a04b0a54ba144ab5f86693

    SHA256

    e25a2f3867a8edcdabd871ce68ad6639dcb524a2c523b49d28c107c2333dccd8

    SHA512

    aaad4213180320ae307b09135f1895c8f738ecae1dff0f80b4f2e59ae34c50d20fe9ea073595ba4849592f335830e8e0f3951cc4f4ba46bcd090f7fc2597d6b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    768f80176d1dd8a9ef8ea8a83d24f788

    SHA1

    d890b874b93f7c7b041b0583493baba770915348

    SHA256

    345e90a65eafa0b04c9a22a9e15c608c00e6cb67d4f5889c288f84a6d44dca4c

    SHA512

    cee24b0bdc904ded4370322b068013a63f4f3db4047320241b7baf0303a2566d0bed227799273d8e84b42407ca0ea44ee9c5039fc5911e600fc4601977c6aca2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    419db5a20da7f34c99e7343ba738e8ce

    SHA1

    6b1a48af90cbba0cd895a8387d623eca6602c93f

    SHA256

    99e2d04808fa90f82dd69663db2c4f231c7adaec3b49f5a5b77143bd39ad2073

    SHA512

    ce3b6b0017183bf8624fb2e3f5ccde41b4ca83290b6aa3f003b5752c687f4337da25a54380b4480f2daef517629eb1f4002f951b71889c19a2b8d1f272afabe9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fc41b47094de3949470650b3418ab0ef

    SHA1

    49fa6828b20cf8f5226a103dcc2dbd15c6a0c5fc

    SHA256

    cb4bb5c8cb9cbc209eebb605668e0851d5181d46fbac214361a30ea85c063974

    SHA512

    bad1b55b8ebc1b02b6491fcfd1c3bc0e0e948e8bfdc6f9702b3bee73bed00319017a6602d049aa7548d20b4bd5823036a87931c10edf86733715326af7e2253b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6b41c636444918d322d4ddac599dbdb4

    SHA1

    a27fe9626cc4346843a2504c5e51cb2a253edb27

    SHA256

    a40be32cdb8530c6f0a33d5aaf0185e783713ae8ee41a8edccb75286f988fe3c

    SHA512

    7fee1c52edc7afd96c9866edba8b9f6c9f6ca6d2589895567853776a02ca757a0a0cce8f097fb0e4a37b937f41dcaacfdeff140358ae710a067c9706f5bff22e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    137c552e20ed54c6a7d83cae0ab40dd1

    SHA1

    bcfb6d7110a622a34dbf6708d628225ff879c378

    SHA256

    0059afe0da5a5245f152ccd0cbae517a4505227505d41869e113a3a0c4c78318

    SHA512

    e399eff936a39f740814a5495a9c8bca0a26268fe175115877c1b75f09d92618797944266d4e7024d38b69f02d6182e4f4984a2bc3c081c181ba0e743e7cbf4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5272f9e666bbe6e203a5add2da2dec33

    SHA1

    a9c157ccfc999d39cc80b856aa8a020ba5d4fb1b

    SHA256

    4733be4eae5b2c744e37c614c42a245faafaf0aa0c245531710187d52e802801

    SHA512

    84d727665972fc22e73eb62f4ee3f351ca20b560a1d15fca23c0d91ac9e2157a30169c2c826313f5bd97da220d690e874859ddf85f04c53742c5efb7c44a1026

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4ebcde0277eb0557448269a6721d03f8

    SHA1

    75c431a88540b724feaf3739793230ebf499ef9c

    SHA256

    f0ae13f0e8361ef4a26cdbada6b429a1ce742b20418652889185350b7ef3d88d

    SHA512

    82a957585675485468daaff45a2dd8ab38b18ad8eb4f403088ae788558c7208a4dee045c924d53eb83d80941df9618b09544cfdca62655a4b4a15c0b0fb629bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    18a761b6fe36298a2e728b7a55f87587

    SHA1

    491bcd0f87a38fed3d0761e1d1ff1d4c7bd9e61d

    SHA256

    d7b1dda6d5ffb0840255c1afce94c34961d316a47df622f8b13ef0d5e461885c

    SHA512

    2c8d3664a3a0054946e8266e08ef37317fef73100b8295d8228753ffed2d234abeff59147dab84ac656a2e0bb898dcb7d99af927958f92026cd777c1c0c99a86

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4b7218bde304f3913e1fd8395cf67ff1

    SHA1

    853a0ae3e1dd7222ae2e089049f5c8a6bbc6f481

    SHA256

    a51d81e216b0b33f53bfeab0e8add8e280ed5dd2257f179b6bf84fe10120139e

    SHA512

    77cda316a248ea06b177b700159a9def880a546227f02da5431298ef5c8b1ed9bf6feaa8e7710e56573ae92e4e08929a16fa0fd7532c93187b0a6c64a9d36fc7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    190e90a48833a60b420d7a12c13f1798

    SHA1

    a6aa9b6140de1dff79d495c00def803441dc4ba2

    SHA256

    e0b5ffa1b5e845952bb70b6911a93f7f1e7822c446c97c333dff831312ffc10e

    SHA512

    3fb11c9f9f83ae558a19234a2a528e7f4a464f6926c5e5080a55dcb155fe7babd020f2d1c36540b343c9c92d505db1fe7fd90484ba9513872b5df65f9f931835

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    16c2e0e0115b700b00f349b5e6f94c22

    SHA1

    138ed97da77d7bef8ea29107e1e15552e42234f2

    SHA256

    b4ce7ff6982205734673ef587bd5b9f87691585f4d269f10af992f91e82b5fd4

    SHA512

    9ebdbd79039b299db1cefc8a404cbfb8a24d717dcb06040ad3fd93b83e21044621de80ec74877161b8096fc7f69d73c2b5fc4cf66f044d2adbcbd963762647f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    029ffbcaffb2b26740948e1845e67762

    SHA1

    8ba1c31e34566749ebf23e3ecaa7bd3f5d34104d

    SHA256

    bbb4c5d74b3f69c3063db92ecb37356af0a1e9473cefd1fefbde3a8dfec085e0

    SHA512

    b2fe2a3536a1e5b6871524c5f38bc24d12d46c556647693f3aab40b2a30902eb1198da684dd76fa58dd77dd8c5777245a1ae66b73ac298616ef10d1fbdf44f5e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFBDD.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFC7E.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
    Filesize

    7KB

    MD5

    6e8e08cbacd4b6d6c6040d8c48f67aa0

    SHA1

    d181ede72714e5e9d1d2f30797b796b9ae1a8563

    SHA256

    a8c8f6bb7f8f9156aca7f0d1c4db949e535d977b70da98f1c26b051bf7f8353b

    SHA512

    b5b1f6f9e833df831d5e7cf06db3116d43ea26bc1a9aa293b8cf4c31af887d2522ce75bcb6612fbeffde633b6d8405e228f1b99d65540a4f77be4e14cb1c6280

    Download Submit

  • memory/1980-19-0x000007FEF6020000-0x000007FEF69BD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1980-21-0x000007FEF6020000-0x000007FEF69BD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2092-12-0x0000000002B20000-0x0000000002B52000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2092-5-0x000000001B770000-0x000000001BA52000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2092-4-0x000007FEF62DE000-0x000007FEF62DF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2092-9-0x000007FEF6020000-0x000007FEF69BD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2092-10-0x000007FEF6020000-0x000007FEF69BD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2092-11-0x0000000002B20000-0x0000000002B52000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2092-13-0x000007FEF6020000-0x000007FEF69BD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2092-6-0x0000000002240000-0x0000000002248000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2092-20-0x000007FEF6020000-0x000007FEF69BD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2092-7-0x000007FEF6020000-0x000007FEF69BD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2092-8-0x000007FEF6020000-0x000007FEF69BD000-memory.dmp

    Filesize

    9.6MB

    Download