Overview
overview
10Static
static
1Readm.md/cef.js
windows7-x64
3Readm.md/cef.js
windows10-2004-x64
3Readm.md/c...ent.js
windows7-x64
3Readm.md/c...ent.js
windows10-2004-x64
3Readm.md/c...ent.js
windows7-x64
3Readm.md/c...ent.js
windows10-2004-x64
3Readm.md/c...lf.dll
windows7-x64
3Readm.md/c...lf.dll
windows10-2004-x64
3Readm.md/w...11.dll
windows7-x64
3Readm.md/w...11.dll
windows10-2004-x64
3lnstaIIer .x64.exe
windows7-x64
1lnstaIIer .x64.exe
windows10-2004-x64
10Analysis
-
max time kernel
91s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
27-12-2024 02:14
Static task
static1
Behavioral task
behavioral1
Sample
Readm.md/cef.js
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Readm.md/cef.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Readm.md/cef_100_percent.js
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
Readm.md/cef_100_percent.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Readm.md/cef_200_percent.js
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
Readm.md/cef_200_percent.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Readm.md/chrome_elf.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Readm.md/chrome_elf.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Readm.md/wow64/YandexDisk3ShellExt-1511.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
Readm.md/wow64/YandexDisk3ShellExt-1511.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
lnstaIIer .x64.exe
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
lnstaIIer .x64.exe
Resource
win10v2004-20241007-en
General
-
Target
Readm.md/wow64/YandexDisk3ShellExt-1511.dll
-
Size
950KB
-
MD5
62985a9dd149cbe7d518cdefd6abed78
-
SHA1
4724c802e7a1c82bc1932f6acdc9057188d268a5
-
SHA256
4637c2a9554bc0289a4789a538b09221a216ef74644bcd05a50bc334d17cf306
-
SHA512
434af6b17c7bc615d5b195000996f09d0482720974c03926bb48c6fbe200a73f97ddad17fedbcff3ba1232439662aa65046c9c1158b15bb2faeab2e24e685864
-
SSDEEP
12288:oxIDiqMK2jSR6327g6uh7/jUvUc/8iElCf/FQ7jp9nJAY4Q/0UtdOXat+j+uq11/:eIajqf/FQ7jWQ/zt+jI11
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3280 wrote to memory of 4748 3280 regsvr32.exe 81 PID 3280 wrote to memory of 4748 3280 regsvr32.exe 81 PID 3280 wrote to memory of 4748 3280 regsvr32.exe 81
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\Readm.md\wow64\YandexDisk3ShellExt-1511.dll1⤵
- Suspicious use of WriteProcessMemory
PID:3280 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\Readm.md\wow64\YandexDisk3ShellExt-1511.dll2⤵
- System Location Discovery: System Language Discovery
PID:4748
-