Resubmissions
17-01-2025 20:14
250117-yz7h3s1qfw 1017-01-2025 20:12
250117-yy9l2sslcr 1017-01-2025 17:25
250117-vy9p9sxpez 1017-01-2025 17:21
250117-vw8eesyjfp 1017-01-2025 14:16
250117-rk9ass1rhk 1017-01-2025 14:12
250117-rhv1ds1lds 1016-01-2025 12:52
250116-p4et7a1mez 1016-01-2025 12:50
250116-p29xjssjep 1016-01-2025 12:49
250116-p2cbaasjam 1013-01-2025 04:35
250113-e7x5tswlfz 10Analysis
-
max time kernel
145s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
12-01-2025 15:53
General
-
Target
Malware-1-master/butterflyondesktop.exe
-
Size
2.8MB
-
MD5
1535aa21451192109b86be9bcc7c4345
-
SHA1
1af211c686c4d4bf0239ed6620358a19691cf88c
-
SHA256
4641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6
-
SHA512
1762b29f7b26911a7e6d244454eac7268235e2e0c27cd2ca639b8acdde2528c9ddf202ed59ca3155ee1d6ad3deba559a6eaf4ed74624c68688761e3e404e54da
-
SSDEEP
49152:5aA7f7tlVmdqK23H2bpHI4Qs5ABV9WRHZRsgI82lcHGAaKLinXBgJ:Q+VMkX224QsWBq5SfARGRgJ
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 7 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 6 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 39 IoCs
-
Suspicious use of FindShellTrayWindow 3 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 19 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\butterflyondesktop.exe"C:\Users\Admin\AppData\Local\Temp\Malware-1-master\butterflyondesktop.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-DJG5C.tmp\butterflyondesktop.tmp"C:\Users\Admin\AppData\Local\Temp\is-DJG5C.tmp\butterflyondesktop.tmp" /SL5="$5014E,2719719,54272,C:\Users\Admin\AppData\Local\Temp\Malware-1-master\butterflyondesktop.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://freedesktopsoft.com/butterflyondesktoplike.html3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2820 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.0MB
MD581aab57e0ef37ddff02d0106ced6b91e
SHA16e3895b350ef1545902bd23e7162dfce4c64e029
SHA256a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287
SHA512a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
Filesize
252B
MD5cb0e7e6cc9143af12f8734712cb1baf6
SHA169f1c325d0784988c1baebde74e1a4858a672e3c
SHA256832f170ad11801030787c84921d1b88c11783cb09868fa2fc81eec07ac7a94ca
SHA51294f1c4485c4c422712e1c99aba335e62e82c43bb8b0d3e36fe2a179c82a281127f2941a617d8b01449d9519998539caa3ec3a5045046296073e44a41655b7e37
-
Filesize
342B
MD52190f60d90d86dbb835d8950c6ce90e7
SHA117d9e8b3f7f7804a205fc0f684223593b4ce0739
SHA256a5c06580eea6e24651f3e4feee26ad9d8217b35b95bfcc734910ef5b15bbbe87
SHA512c905e3a3878c0a043b5c1f4be2e1a3d2e71e5fc8d1f3751d7e4b69514976264fec9b9c649fdf2b005bece506e7329554d2b15efb78b0a1eb719dfc4ea3b07e56
-
Filesize
342B
MD5a85e357932492fcd5a0c6f6efa906e16
SHA1cd5d176345265be8f61699c22be57c1fc895a471
SHA25658fd99ec1593ff964203165c4d698e0e4dcb346a15f755c92123a8d6d38f58f3
SHA512405311d8213c59beeaae766ed5caaad01dc016a38215fe101f5ed8af98aa61bf5c1e4532ea98e91000b3ce0e68ac8887635327dd920083b7f054c2e8146a08e9
-
Filesize
342B
MD5ec0d5b8ecb02f0852b1fcfbfcfed1c96
SHA11bef0130b3e11035fe8ee03ca5bba34f5d4b3d3e
SHA256fee321ec0fb57a77c22aba7d13b746b649aa4e4754809aaa7c950bbee5a47dd8
SHA512163467f09bd2eaf0c58f38ffa9947442fb7c4fecc633fa1eb09ce115c3a6e66bc6437b5ab631f43bf6d6d4c239f2ae208608004beff4683c239588526aadaa58
-
Filesize
342B
MD5f4d71f6a7ee91c10669602ac4b466437
SHA1af38eb08d21e4ff51c287f46fffc8aad2e2f0fb2
SHA256ebd4033d9de1f2cb8cf3142c0e0950934ccc92910666f738437da673b22b4e20
SHA512649acf199cdab70ecbe3720ae69b02fa598cd464edf071bd8ab637ea431965837ba6cf7fff2a5503ce9d85a75ad4a9849b4095c6d30e7f355739c33e5ecf02e5
-
Filesize
342B
MD54615fc4c6ae055c7e0d582ccdc69e36d
SHA1f1c85d271b1f1de7b26734235f0b86329c83bd4d
SHA256765e311988f06676e4294ec5c1842f9efc18589f150ce1426f1b22f3690856ca
SHA512acb6db5eafea218fa0c7b81d7f540e265dc490639671666632a8efc1571b1f029ea835221d6797b5095212eeb62ee3132a266cbef21fa3406dd5ae2168befc00
-
Filesize
342B
MD5ccc770327ea3a5bf948d940d7c3c7f10
SHA1985f3dcbe218b36280410b5b1bbbdd373c72fa72
SHA256aeb21986a1f30d18d8a0ee838126e6be83be78dced012f974318591c44147ba9
SHA5123e113d8b97aa06210543bd1b5aaa57e28088eeea00f8dfdb47f6a19cff8c638fc9b67e058fafc86c2ada22eefd24952f6ffac43d8ce629c310cbb09823f86ff6
-
Filesize
342B
MD5a3fac7941304b2de94e4c6a17e90388d
SHA13ddc76b748bcf84caad26ac9fb0bd5c2561a33ac
SHA2562231927b439cf89575f7c4551e443563725a9f129954cba20504cc44b34e73fd
SHA512ab03852156f9bfd68ca7146155eafaee3a73eab5fa836bd79861bc671c597548845ddcfdedcd6719bbb246e4272dfa1e5db4b3c91fdeb39ca09ed8f1036ae3a0
-
Filesize
342B
MD577cf38280ae4b07c57d50f65a10e4d14
SHA12bf09e6950707b54d175fecba4b9db881c6b9ce9
SHA2561858d7a2efc10948f584c247b0a006078f77b24fade0dd005a33dd34473f480b
SHA51246d83d1d8d99aa89ab0ecefff79c04cb8bc500f5b387c33ba6741ddede81b4265bf7f6a1b7af7316fb45a41bf23f3572d47636232466c5caee386cce18e14108
-
Filesize
342B
MD5e35155d6e99198fb2ad91611dd97827b
SHA1ee1d27ba951e6f5f3f105e85c650ae55b13a4d55
SHA256115e872d958f056e5e2a49b15f344be492faba227d3c501ac803e369575dff54
SHA512f54eb3c738138845ca6c47b9ad359be05454a3d064475199d72e12b92279950b71c0427d97079ac06dd3f0c82cff6be79207aedb284f9228f39966bbca9e966e
-
Filesize
342B
MD536ed568ea212b7c7df407c968f60a940
SHA19e330a41c80d029bde79f9c14a8d3d01b372c9c5
SHA256a28ade1bdf68e6d66183263ae175c8db4de620cf63786acb671b0b2a3719df73
SHA512eb969656e67345ac0bec5b7d01d1bfba88bca8dbd448ec9de3bdb162abb6760b83234a0714c062c9e91e84fdc5b639bec858c1f6ce49cc9d3cddeeb223f6f01f
-
Filesize
342B
MD577b55032dba6355a0355021119e9ed21
SHA108dc31ed4a0e898dbbb6ebee01930c6dd094b905
SHA2562f9f525e24026026bc5ed6e63f4a6adc1cf02fb42cb19af4d6b8a80055fddf0c
SHA51259af54dd06656899d3fbc9ae2c34fe1144ee72597c06930bc0d0500b1a88f6d6bbae4bdd7af5fb1bf357068f9d05de4c1ed058a72c306473b99ecd43cea7db1d
-
Filesize
342B
MD56c482d2d0ceaae66886d2450abe0f1c4
SHA1d592bd39e28246c1c17b667724ff9f9694496394
SHA256fd751a2a463b19a839825abbe58aa7ac87026d607c839cb7331b2dafe636a108
SHA5129513b61f6ec8e8f6de867029d999008a0dc1eaf62320b12bd76814da3643eaf5f9672eb492859576edef616eb4f9c0e4785361b356bd643a7160642fcffb1ad8
-
Filesize
342B
MD5558e21d226caddce760a2d1862fe1211
SHA1f605323882fc8efc9a65501ecfa28173b7691687
SHA2563cd3b14abb1d1ff7953fa52039f03c333aa09fd598795044bda690c4b0a1ce69
SHA512d23d1b3db4815848d3adba265b4268a4138694a07c89adab027adcb39f8b9905cc0746482709d04c3a0a43c9fe178fd8b59dd3abe87f4517f2dec2dd5376c162
-
Filesize
342B
MD5d8812b7f7935f27b6b2d43f64f9aead6
SHA10214689232cb4c0357f10c0a9fe4e106ea44a91a
SHA25643d36c680134bf5d9399186fe7bcf36d0f652ef6e41546888660289561f1626a
SHA512de7fd0877c26ec9252f13b8505d5c69abc97cca526d34e47c4efc9b0d031607d2720689c69c4bf0b022c8c318d40458b0e2488c503d4581a7765bbbf712e7344
-
Filesize
342B
MD5db381b04e415b589f42ae1ced1c2a5a2
SHA12101815d88ec484ed547201061d7b69d38fc2313
SHA2560a02ceaefd5935ac75ac7c0a62519cb3554295d2426d59e2fed13530e7e9739f
SHA512c4c044322dc8f1aceefa7c10f99a008820553eec89603ef410274ebbdc668d4f981cd0e6ec0718d8b1a50020ce629e6678081ae4b2911a7cabe01cdd1dfba5ca
-
Filesize
342B
MD5f53066b8e5ed4a0b43ab76e4cdba172f
SHA1a87a2568511834712966f7cc8e3b57b82cc0b81c
SHA2564689b194ab34f4bfe80f15c6d6115cbfc6fcbf4461df516950a059a823dde0e8
SHA51251a29d72c38fdf27af7d8bb483f0430c7b5d96c7f078f3b93cf102f2c286391dc1efcdb0e2990297ad300f6d12f04cf63aebac14b12c52a25c532089d20eee56
-
Filesize
342B
MD5936dcae43fc136a4660e5445ca521f5f
SHA11b34c84499f912058a3366dab76a79e976a3ce5b
SHA2562841447df2930497d3c8bbd8dc55f0f802aed30f196b4f9f09c317f7f0eef183
SHA51285e0bded96c17c9bfa8c1dd1269d956a09273b7fddbebe65b356b57e8818833b7e6240d86467f2a244c1beb444c4ed2aea390847902df91e9f857eb47519609a
-
Filesize
342B
MD5193eb9f5f1bb87a8b2eff30731899a44
SHA1a4f4f6014ee523a257b62c6218b2c43a4d41c1ce
SHA25695a20d3aa4ec3580bede8a80730929c7271ba872d5090812288eed1a4da4f18c
SHA5128f072720ac3b57e0004596771f38970ddbee134181b08b76a56f8b3b60eb16ba30e8dd46df70bc847de5132c169713cf31bd5be4ab2d3714246268ac08eb4acf
-
Filesize
342B
MD56a818c4310d6c408af04c5b35c964bc2
SHA103966bff58b7eac734ff24e530f1e4d30e16f457
SHA256b14218eeb59fcaf2db234133f8b270b4dbe7f1859bc8898bb69439ce05ebeee8
SHA512f6b05b51af368a8a16d0e517a1dcd923efb91e7bc75eeae6f4dc38a8753acfcaf1b1104250bc9fe9d76129c67af53bc30a1024bfbdada560b0cc3997d9247b21
-
Filesize
342B
MD5902bf31fcbd6093d10706ea3eb1c3000
SHA1c7374b93156b223e33f80a16015ddd7e4d4d1c80
SHA256f69b7c20e57d37771a6c3ce77d93f337ce4db73d646d5f2b45c9e8ce5d7646bd
SHA5127649ac02832d300c4718cbabf77c6e7039eaab9669345784fb985bb942d4643b5c8cb1b04a13412ef8c15d768f11af6b4613481d90db86558a7dcb1d2a755873
-
Filesize
342B
MD532023eafae1b8e0288d64584ed83770e
SHA12f515f406e830cc20f2580e0648d129d63914def
SHA25661429e8443426f065a0160aef9d97958a315b0379af820aea37eab50f8ab8985
SHA5129e092070997d0f0275bbab56a92feff064f694208978be1dd4454727d7f29f02848fe84740064c4b7f7768cbb132423d45e2bf22ef1910348c2b70f7a027fa5d
-
Filesize
242B
MD529b4c54c6879f10d7ff26debd5673f64
SHA118d9a337a0669e1fa0f6daea3fc06b599cd2a378
SHA2562692cc10ebe650ce98f7c702171ba463f933f5d594256bb030de973aaabb0de4
SHA51275218a9b1693032dd01b1892d28dea418f19c5d7ca758fa02f3f6ebb45322dddedc33f84d0800472ea405f8d57559d83e1d396785e0582ae01fadd764a332808
-
Filesize
1KB
MD5d717976ee850d48dbb7aaec129c9e1da
SHA129929f8abfb42dfa1892bbe844792a35c1a7ab82
SHA256c6c4c2b9d8000d6339f6a874693d16ce1ca09e1fd26fedc850a7f515bb8a2375
SHA512a0d166519aa8595b39fb128b833731f3df62a90f4ac3364bc9ed63c6cbaf935fc10d555e7727c2704949966e62f62d2404cc430b6346b2131740fe327c3b6d2d
-
Filesize
1KB
MD5972196f80fc453debb271c6bfdf1d1be
SHA101965ba3f3c61a9a23d261bc69f7ef5abe0b2dc3
SHA256769684bc8078079c7c13898e1cccce6bc8ddec801bafde8a6aec2331c532f778
SHA512cb74de07067d43477bd62ab7875e83da00fad5ac1f9f08b8b30f5ebb14b1da720e0af5867b6e4ab2a02acd93f4134e26d9f1a56c896da071fc23a4241dc767f1
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
698KB
MD51fee4db19d9f5af7834ec556311e69dd
SHA1ff779b9a3515b5a85ab27198939c58c0ad08da70
SHA2563d550c908d5a8de143c5cd5f4fe431528cd5fa20b77f4605a9b8ca063e83fc36
SHA512306652c0c4739fce284e9740397e4c8924cd31b6e294c18dd42536d6e00ad8d4c93d9642fe2408f54273d046f04f154f25948936930dd9c81255f3726f31ee65
-
Filesize
22KB
MD592dc6ef532fbb4a5c3201469a5b5eb63
SHA13e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA2569884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA5129908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3
-
Filesize
688KB
MD5c765336f0dcf4efdcc2101eed67cd30c
SHA1fa0279f59738c5aa3b6b20106e109ccd77f895a7
SHA256c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28
SHA51206a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891
-
Filesize
752KB
-
Filesize
752KB
-
Filesize
752KB
-
Filesize
752KB
-
Filesize
752KB
-
Filesize
752KB
-
Filesize
80KB
-
Filesize
80KB
-
Filesize
80KB
-
Filesize
40KB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB