Overview

overview

10

Static

static

3

infected/F...98.exe

windows7-x64

7

infected/F...98.exe

windows10-2004-x64

7

infected/I...er.exe

windows10-2004-x64

10

infected/R...ed.exe

windows7-x64

10

infected/R...ed.exe

windows10-2004-x64

10

infected/S...64.exe

windows7-x64

10

infected/S...64.exe

windows10-2004-x64

10

infected/b...kO.exe

windows7-x64

7

infected/b...kO.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-11-2024 02:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    infected/Furk Ultra_10298.exe

  • Size

    8.7MB

  • MD5

    98194b1fd3ceea50438976b40ea59d05

  • SHA1

    ed918fbb5765aa91e5c9d2c492ec00667478ac35

  • SHA256

    3e091df4051e6b0859c2142a0869a415e5968c20edb5e9a60fcd077f7b61be19

  • SHA512

    9587acb23ee51e4743c5399b78b64f2a0e87e2413cd56e220df8c08ebe0f352ac0ca83c1826f09718876a6248057e9cbac0f38ee725de83b4ca7de4f805f30bf

  • SSDEEP

    196608:wu6nOE62LOa8ewFCrqNeuUG59Fa9FVDNWXVkHo/ly:MOb2C6wFCrqNZ529PDNs2Ho/k

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 15 IoCs
  • Checks for any installed AV software in registry 1 TTPs 8 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies system certificate store 2 TTPs 8 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\infected\Furk Ultra_10298.exe
    "C:\Users\Admin\AppData\Local\Temp\infected\Furk Ultra_10298.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2288
    • C:\Users\Admin\AppData\Local\setup10298.exe
      C:\Users\Admin\AppData\Local\setup10298.exe hhwnd=458860 hreturntoinstaller hextras=id:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 &mdash; Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry- page not found"/> <style type="text/css"> body {font-size:14px; color:#777777; font-family:arial; text-align:center;} h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;} h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;} p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px } div {width:320px; text-align:center; margin-left:auto;margin-right:auto;} a:link {color: #34536A;} a:visited {color: #34536A;} a:active {color: #34536A;} a:hover {color: #34536A;} </style> </head> <body> <p><a href="http://dlsft.com/">dlsft.com</a></p> <h1>404</h1> <h2>Page Not Found</h2> <div> It seems that the page you were trying to reach does not exist anymore-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 &mdash; Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry, page not found"/> <style type="text/css"> body {font-size:14px; color:#777777; font-family:arial; text-align:center;} h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;} h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;} p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px } div {width:320px; text-align:center; margin-left:auto;margin-right:auto;} a:link {color: #34536A;} a:visited {color: #34536A;} a:active {color: #34536A;} a:hover {color: #34536A;} </style> </head> <body> <p><a href="http://dlsft.com/">dlsft.com</a></p> <h1>404</h1> <h2>Page Not Found</h2> <div> It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. You can start again from the <a href="http://dlsft.com/">home</a> or go back to <a href="javascript:%20history.go(-1)">previous page</a>. </div> </body> </html>
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3460
      • C:\Users\Admin\AppData\Local\Temp\7zS48D9EEA7\GenericSetup.exe
        .\GenericSetup.exe hhwnd=458860 hreturntoinstaller hextras=id:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 &mdash; Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry- page not found"/> <style type="text/css"> body {font-size:14px; color:#777777; font-family:arial; text-align:center;} h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;} h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;} p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px } div {width:320px; text-align:center; margin-left:auto;margin-right:auto;} a:link {color: #34536A;} a:visited {color: #34536A;} a:active {color: #34536A;} a:hover {color: #34536A;} </style> </head> <body> <p><a href="http://dlsft.com/">dlsft.com</a></p> <h1>404</h1> <h2>Page Not Found</h2> <div> It seems that the page you were trying to reach does not exist anymore-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 &mdash; Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry, page not found"/> <style type="text/css"> body {font-size:14px; color:#777777; font-family:arial; text-align:center;} h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;} h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;} p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px } div {width:320px; text-align:center; margin-left:auto;margin-right:auto;} a:link {color: #34536A;} a:visited {color: #34536A;} a:active {color: #34536A;} a:hover {color: #34536A;} </style> </head> <body> <p><a href="http://dlsft.com/">dlsft.com</a></p> <h1>404</h1> <h2>Page Not Found</h2> <div> It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. You can start again from the <a href="http://dlsft.com/">home</a> or go back to <a href="javascript:%20history.go(-1)">previous page</a>. </div> </body> </html>
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks for any installed AV software in registry
        • System Location Discovery: System Language Discovery
        • Modifies system certificate store
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:1616

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7zS48D9EEA7\GenericSetup.LastScreen.dll
    Filesize

    31KB

    MD5

    3319432d3a694a481f5672fa9eb743d0

    SHA1

    99bff8f4941eb3cee3e0a7cb86b89eda1df07bf9

    SHA256

    768b4eb487e2dc8bcb8ec6221734ca69dce7f522d7640cc2a547f95296509693

    SHA512

    7f2a1c6c8d9d135b9e00e04f715c9b6b8ba12cb317f7b78ee3efbe3e426a99afce022306eb5bf02fe51c13857d3943b2b009b10b9cc96683e6bcbca1f9045c7f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS48D9EEA7\GenericSetup.dll
    Filesize

    6.8MB

    MD5

    4d65e6eb25db2ce61f4a7a48d9f6082a

    SHA1

    130abbae19f227b0ef4f278e90398b3b3c7c2eff

    SHA256

    1e2e26d769d69f6b06cad2f2fec81a125e4f3d14aee969357784fb533d80b89a

    SHA512

    b0842b4fc07dd332c53f56f1337b32064dad7a15663397655b73061bf3d61b44ecdd47ed626b92e69383cfaa41a9c70d4a18ece79fdbab2daf1d06adb1be4bfb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS48D9EEA7\GenericSetup.exe
    Filesize

    25KB

    MD5

    85b0a721491803f8f0208a1856241562

    SHA1

    90beb8d419b83bd76924826725a14c03b3e6533f

    SHA256

    18be33f7c9f28b0a514f3f40983f452f476470691b1be4f2aba5ba5e06c6a345

    SHA512

    8ff86e4b4d9cb5e2e88826a822457cb863262e3b73645c0c3309f13fb496997e53005ebe1825c6f92463c6642ec9abc6bbe359b35410b0621649b8d3aaf66c71

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS48D9EEA7\GenericSetup.exe.config
    Filesize

    814B

    MD5

    fd63ee3928edd99afc5bdf17e4f1e7b6

    SHA1

    1b40433b064215ea6c001332c2ffa093b1177875

    SHA256

    2a2ddbdc4600e829ad756fd5e84a79c0401fa846ad4f2f2fb235b410e82434a9

    SHA512

    1925cde90ee84db1e5c15fa774ee5f10fa368948df7643259b03599ad58cfce9d409fd2cd752ff4cbca60b4bbe92b184ff92a0c6e8b78849c4497d38266bd3b4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS48D9EEA7\HtmlAgilityPack.dll
    Filesize

    149KB

    MD5

    7874850410e21b5f48bfe34174fb318c

    SHA1

    19522b1b9d932aa89df580c73ef629007ec32b6f

    SHA256

    c6250da15c349033de9b910c3dc10a156e47d69ec7e2076ce9011af7f3d885d1

    SHA512

    dad611ca9779b594aad7898261cc7ef0db500850eb81560c04d5d938ae4e2338e786773f63f59aab6564ad13acb4800f1862a2189803cc8cc8ad26a368f25eaa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS48D9EEA7\MyDownloader.Core.dll
    Filesize

    56KB

    MD5

    f931e960cc4ed0d2f392376525ff44db

    SHA1

    1895aaa8f5b8314d8a4c5938d1405775d3837109

    SHA256

    1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870

    SHA512

    7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS48D9EEA7\MyDownloader.Extension.dll
    Filesize

    168KB

    MD5

    28f1996059e79df241388bd9f89cf0b1

    SHA1

    6ad6f7cde374686a42d9c0fcebadaf00adf21c76

    SHA256

    c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce

    SHA512

    9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS48D9EEA7\Newtonsoft.Json.dll
    Filesize

    476KB

    MD5

    3c4d2f6fd240dc804e10bbb5f16c6182

    SHA1

    30d66e6a1ead9541133bad2c715c1971ae943196

    SHA256

    1f7a328eb4fa73df5d2996202f5dab02530b0339458137774c72731b9f85ca2e

    SHA512

    0657f0ab1d7fc9730d4bf6b8c8373f512d57a34063bcfa1f93a803b0afe2a93219da5dc679414dd155956bd696cb7547fc09663f8891eb9b03d9c93b3c1fe95d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7zS48D9EEA7\Ninject.dll
    Filesize

    133KB

    MD5

    ce80365e2602b7cff0222e0db395428c

    SHA1

    50c9625eda1d156c9d7a672839e9faaea1dffdbd

    SHA256

    3475dd6f1612e984573276529d8147029d6bfa55d41bef2577b3aa601d2fbbe5

    SHA512

    5ea1de091a108143bb74fccdb4f0553f72613e58d8551fff51ce1aab34636c856758719dfa1a0e4cc833acb8e75729793dede65c4562e1aa3f68ec50463d36f3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\GenericSetup.exe_1730774350\Resources\OfferPage.html
    Filesize

    1KB

    MD5

    5f29b47126c45d119442ad3b896f74eb

    SHA1

    801a4e5b7d01f81c9c398b4d8d9a5f49e5269eef

    SHA256

    4e85074502c0267e04b324cdbb46df644e040513e94dd13c6625fb2e039c9a3f

    SHA512

    81ddcda6399365ad83689b14d22488137b88a80988eeed40ff1678fc387cb098227f520514a3d1a2a213efb4a8f435d87f40647bbe35a273c8d277d2c639c18e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\GenericSetup.exe_1730774350\sciter32.dll
    Filesize

    5.6MB

    MD5

    b431083586e39d018e19880ad1a5ce8f

    SHA1

    3bbf957ab534d845d485a8698accc0a40b63cedd

    SHA256

    b525fdcc32c5a359a7f5738a30eff0c6390734d8a2c987c62e14c619f99d406b

    SHA512

    7805a3464fcc3ac4ea1258e2412180c52f2af40a79b540348486c830a20c2bbed337bbf5f4a8926b3ef98c63c87747014f5b43c35f7ec4e7a3693b9dbd0ae67b

    Download Submit

  • C:\Users\Admin\AppData\Local\setup10298.exe
    Filesize

    3.1MB

    MD5

    369acf60d8b5ed6168c74955ee04654f

    SHA1

    1753fff63efa6ed5ad30ede6b959261ac67dd13e

    SHA256

    3ff8ec8f9f27a27f414a90bfed5b7f5a3c118b33cf0f80aeb7026e0a53e26632

    SHA512

    2582b3b4525321fece978710403e4bd4dd6e9f0869de1fec784e4e79ac98e8c6498a601c9db45d5af4f1b99e3a2cc07b9e3ec18144e18ce82b41eb64ce4eb643

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-us\default.dic
    Filesize

    2B

    MD5

    f3b25701fe362ec84616a93a45ce9998

    SHA1

    d62636d8caec13f04e28442a0a6fa1afeb024bbb

    SHA256

    b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

    SHA512

    98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

    Download Submit

  • memory/1616-70-0x00000000054F0000-0x000000000551C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1616-105-0x0000000007610000-0x00000000076A2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1616-75-0x0000000005A70000-0x0000000005A82000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1616-66-0x0000000005440000-0x0000000005468000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1616-90-0x0000000006C80000-0x0000000006CFC000-memory.dmp

    Filesize

    496KB

    Download

  • memory/1616-92-0x0000000006EB0000-0x0000000007204000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1616-93-0x00000000078E0000-0x0000000007E84000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/1616-71-0x0000000005790000-0x00000000057F6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1616-62-0x0000000005AF0000-0x00000000061CA000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1616-58-0x0000000001180000-0x000000000118C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1616-54-0x0000000000700000-0x000000000070A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1616-140-0x0000000008430000-0x000000000845E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1616-52-0x000000007159E000-0x000000007159F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1616-156-0x000000007159E000-0x000000007159F000-memory.dmp

    Filesize

    4KB

    Download