Overview

overview

10

Static

static

10

DefenderControl.exe

windows7-x64

3

DefenderControl.exe

windows10-2004-x64

3

Software U...ol.exe

windows7-x64

10

Software U...ol.exe

windows10-2004-x64

10

Software U...l.html

windows7-x64

3

Software U...l.html

windows10-2004-x64

3

Telegram Channel.lnk

windows7-x64

3

Telegram Channel.lnk

windows10-2004-x64

7

XSSLite St...ber.js

windows7-x64

3

XSSLite St...ber.js

windows10-2004-x64

3

XSSLite St...ets.js

windows7-x64

3

XSSLite St...ets.js

windows10-2004-x64

3

XSSLite St...ram.js

windows7-x64

3

XSSLite St...ram.js

windows10-2004-x64

3

XSSLite St...ion.js

windows7-x64

3

XSSLite St...ion.js

windows10-2004-x64

3

XSSLite St...ra.dll

windows7-x64

1

XSSLite St...ra.dll

windows10-2004-x64

1

XSSLite St...dy.dll

windows7-x64

1

XSSLite St...dy.dll

windows10-2004-x64

1

XSSLite St...dy.dll

windows7-x64

1

XSSLite St...dy.dll

windows10-2004-x64

1

XSSLite St...dy.dll

windows7-x64

1

XSSLite St...dy.dll

windows10-2004-x64

1

XSSLite St...on.dll

windows7-x64

1

XSSLite St...on.dll

windows10-2004-x64

1

XSSLite St...rs.dll

windows7-x64

1

XSSLite St...rs.dll

windows10-2004-x64

1

XSSLite St...ed.dll

windows7-x64

1

XSSLite St...ed.dll

windows10-2004-x64

1

XSSLite St...db.dll

windows7-x64

1

XSSLite St...db.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    85s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    20-12-2024 21:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Telegram Channel.lnk

  • Size

    1KB

  • MD5

    4e0880288ad4607823df224723cd5c3c

  • SHA1

    ca7a9cbbb1c5a2af44102a45c578b4e10601873e

  • SHA256

    aeede2993a3dd6053b6bcb19fe3ad1fbb9b69fc54b5aef79ef58b279f558346f

  • SHA512

    85d82b3be13368dd254fc967793813b4eb6c4b89bd21bebb27f68cf12d06dc1ae6335ec113650c30d8e6904f54163f7bc78746b1505b7494d9e220bd7d7e2d91

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Telegram Channel.lnk"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2668
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe" "https://t.me/ThreatCommunity"
      2⤵
        PID:2340
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2528
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" https://t.me/ThreatCommunity
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2580
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2580 CREDAT:275457 /prefetch:2
          3⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1640

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      258124a61309e52fbf8c4ec69e69224d

      SHA1

      e52ed1271d91f03839e63b96a4c0835451f92e80

      SHA256

      9c6da56c6fb5353ab2af3b1093771ade0dc1ad0efad8a6f69b8c406a51279043

      SHA512

      16dfe89fa22796f20e7f389bd3dacd45e97cbe0fdc1c5434d218a419327ca2a7dc1065515fdabf85fde026ce18ea098c6550fe1b5f4de308345b9ff0c25dc72d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bcba8902642d2575ca31afec641ab4de

      SHA1

      7b7df7c73112417e93ec401ff1b51f2b81049908

      SHA256

      2b66eaa4d71bde86f67241e5e9c656687eee502463c7e23f5e25fa58062b3825

      SHA512

      e9567d476aa1aa8ba154c91b37e79ad0886721d9dfd0fefe11bac2966dbfeaee804a2550c927067d732d4d91d674ed98346ba1071d7f0622891a2d4e169f1590

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      585e096cd9b167f939d3b64ab94b2cd2

      SHA1

      1b6832a3a41142076d184850cf3e772a15980bb0

      SHA256

      061ea93a18611e4f86d056ca172adc0b675cc3cc514ed7044c1ed3da9624df76

      SHA512

      38d0123878d4dc06011ca7c22977f69f1ad5ea5a837269f34d2cb3725cf5e1e3badc5947c85340fff8a7d9764886d144e1da599507f65a7f8642805fe5adb03e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c98272c7ff4a18d9ac93d6f2ba91310f

      SHA1

      e9a22e1858e4932f257473ea9dff4bdbd42618bb

      SHA256

      87e348e2e0cec86fcf9074512b710fd043193ca429d1fa68bd9c486674a7c6d8

      SHA512

      f45dc50084b6f89ff7c065f494ec08abe134e3e5d91b942083b8ab4b7b7f3769158b726ad7849b3e4c58a27d001b1dac4c968e5a34269e3dedf500eae1206207

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f309c43f28e15dc3a4f9354d3e89d187

      SHA1

      59355cbb4d7b9ec82ea1a82ec845f7252fb49aaf

      SHA256

      cedbd8b787f365bd3ec99fbf4f03b557d0dff24b06adead229dd86e311669283

      SHA512

      8304ff97e5194872d29c570f4b416fe9c4811d8b54aba6dcbe697c3304d731e13864902045044940f58752f71d2a99e58b6ce35c8286958bb20b90ef664b3c15

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a3ed72bc8184903a2a3b224f3bd0492e

      SHA1

      c6aec1776ec7e1ef01080eefdfdd4faad8b7797e

      SHA256

      f840e76b27323f014296d8bdba049c6184c96959f1e919cbf7e76fa9fa0bd49d

      SHA512

      869046e373461fdf95bca0efcf4a071073f6af836eaf3d591fe389e0625349f7c5769315cf13136dc645472db2781e68628293dad0ba865dfe0ae41d0fdc7c9b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      941b25da196f4ced4162fff1e02cab2e

      SHA1

      ae7efefcc18dc8663d71c756f27bb0f46a5370f0

      SHA256

      bd46914108466b3326560465bb57643162adfd61acc6c381af3928889db0c67a

      SHA512

      6ba31a06246da54118b6bc6658fe14ed1719d7c19777186e18e837d04d4b91bc7b3302d98d2360c94d609b546d5d0e02100e879afc6fc44b4b7f71fda31078da

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      142c1ee5b0924c074cf6aa21d6480f13

      SHA1

      c1276b733543b0a380fa48e9f9e581b7e0dab570

      SHA256

      eaabd655826913093e66c9d5b5c1c6a942c6b52ec85085a0c481a591f86a4ccf

      SHA512

      bf908c11b8aa60fdcb12d55a83c64bb6aa42f000a789e38a39e42045b19c3a97cc92e8a297238cd1b4956354ba6f1d67ab60edb2706a1d6a513f4285b0075334

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cc9f947079edc0cc7f9610a78129c6ad

      SHA1

      bebb05fa50f25a7f03d60513473e92e2613027dd

      SHA256

      40b4dc4dc419b17afb4a6756495b5ca555579d94660465f170d77eb37fbcf662

      SHA512

      3028657860d9898dd30fc2085a1c9eabe89c935e3b203afe7f704b0338b632b308f80ba63467a0016c7c29222cc944875cc9387eca23e2c509de9a644216b728

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0fd941fb7d72b35d489894af5ec7c46c

      SHA1

      0dcf91558945d821ed7a874c84868eb137c81176

      SHA256

      3c6ff9c23c0a6f7e4ffdfc2cc0d141c3337066b6c55ee3c626ff92438e86b08a

      SHA512

      da6fff6abb07f92b897948143b92febf5c2aa142dc0dc7562e924cf0302569c97fe370940ea6fbf07cad65e6bc8135782c876642d05a1a077b0a9705e2dd6302

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d4d2ab940c41b550a025964fc9c1cb5a

      SHA1

      9cdcaaa30577b99296aaaef9e3e839bb6f8856cf

      SHA256

      086d3321b5c8b36a7f8a7a19a0bc1ff9991844180de75fb2ff177f6433bdd929

      SHA512

      bf1ae6ce59f06d5b8c123f65094ab3a8bbc4e9fb1b0820b556c5e01ded264764e928e39fc16bfe21f2b0ee7dd7e528c44e6ad809d5d833db24477b35fbd9f0d8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d11c487891be129d728d75227944f90c

      SHA1

      19277bec9aa597238aeb19b15f5176799b1f0d78

      SHA256

      cbc6ea202b9f12ce6f136c97197e9677387b64c11584c79dd3251cae01079855

      SHA512

      314bf25d63cb444266bb9f1e14a55e7e28d3e058461cf1b3bbb191e03c04177360ce9ae521750aabdc358ad85eaa78b29d25b256f3e564a1fad78915df951760

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab8C2C.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar8C3F.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit