Overview

overview

10

Static

static

10

wjj11.exe

windows7-x64

10

wjj11.exe

windows10-2004-x64

10

使用说明.htm

windows7-x64

1

使用说明.htm

windows10-2004-x64

1

小游戏.htm

windows7-x64

1

小游戏.htm

windows10-2004-x64

1

常用软�...��.htm

windows7-x64

1

常用软�...��.htm

windows10-2004-x64

1

Analysis

  • max time kernel
    134s
  • max time network
    168s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    27-11-2022 11:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    常用软件合集.htm

  • Size

    88B

  • MD5

    5967ad35d7f881dbf791d0ed77426d6f

  • SHA1

    3f1402ab9518330034a556e3e49433ca5ce6fe1b

  • SHA256

    cdbe65a81ff04a5a6412ad0deea549418e22fa3207a7ad94b01172d1ce69aefc

  • SHA512

    65ee6b0bd1fa9e902b7e3803eb714ce5443539ca780807082bfc84cff2364a44e2b82a446f838fed88edb3445b2fc8e693db0a80a877f30f76415a3000ee3e56

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\常用软件合集.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:936

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a280f990d10976582a1055adb1358ad8

    SHA1

    7ce1207ea6c295c1e0d44c098b1e9fe5c88cf065

    SHA256

    3849a272b82b2c62ca15c49b4965f37ad2a6c095482996c61487dd671fe95901

    SHA512

    803d56c6e6ed3441c0174ac92a8fb2dca5e859e03c13863bbc801bdcecf41f4c621ecf4ba4658c24e11bba70035169deae4478a24649a5f2edf1b651aaceeb1b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4a26e02c454c034da17bc711b3f3bde7

    SHA1

    e6eef847f6376d7476311bbf10d7dfa20e82846d

    SHA256

    70ce0b500a248e5f3f78840d4639a552126908c17617d6fb5d35dff2d4f2c646

    SHA512

    e91c683d9c9c26b493432ecfef396bad6e81a3fbae3d195e3ff8207f3485bd20fb61f7577e8093edd6d6f13486cb66ff910637c71c5bbd302e5f59456787f0cb

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ec0ee7783d3439b8e662441442743f9c

    SHA1

    033320d22d267e8c8e523759b4bac6adb65401c8

    SHA256

    aadb9fefa0ba55cd1ac708dd538becc34e2c83e6b7be16b52df6a9f670dfbbd4

    SHA512

    8ca58430da48a1db49656f78022b1df45efa39168cbdb7998d6c1a98b7c6b09f73fff860b7a0ac4a1f4701e3b347396c5daf6cd83707816aa1a2688f73515d14

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e9524a4d012cc9c3d2df73d2acfa2b80

    SHA1

    c169172e0a82662ca9e9f311d68339614d9c7366

    SHA256

    11f8088a3e0d5f70f721675e428bd6d6f5493818acf22c2691dcf7f36065995d

    SHA512

    68e08561c71d4b4638d8d822a3ddafe1789f56096302d185e1e6fda9c0867662a84d07469225d498ba031cf796647819791660de3892d85115bc07d235f98caa

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\G2PDLNCH.txt
    Filesize

    601B

    MD5

    9eef431a1dfe0cf993faa2101f88607c

    SHA1

    becdabd33ccac84222a46813f0878191c9f2b78d

    SHA256

    e244768962f87a099aba7e85b4e6b3252787635ca5ecbbe434ac76d68a237c17

    SHA512

    5487e6b1919ddc9dc8baa56605d874d39cdc56b6e3964ec922a9f67c8967951ea438e07e1c0042d8d21da43c25b8453633c79acf7f77eaae85c2b009fea7369d

    Download Submit