Overview

overview

10

Static

static

10

server.exe

windows7-x64

8

server.exe

windows10-2004-x64

8

server.out

ubuntu-18.04-amd64

7

socks32_tor.dll

windows7-x64

8

socks32_tor.dll

windows10-2004-x64

8

socks_tor.exe

windows7-x64

10

socks_tor.exe

windows10-2004-x64

10

www/system...ip2.js

windows7-x64

1

www/system...ip2.js

windows10-2004-x64

1

www/system...x.html

windows7-x64

1

www/system...x.html

windows10-2004-x64

1

www/system...ord.js

windows7-x64

1

www/system...ord.js

windows10-2004-x64

1

Analysis

  • max time kernel
    100s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    09-05-2023 04:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    www/systembc/index.html

  • Size

    16B

  • MD5

    f5a101e1a581bd03a5709b5c36f4c9c5

  • SHA1

    86548e7c6168d3d05819da7b4c4c94547bea43b5

  • SHA256

    a14b2375d7042a76207b40292ea3b5dec759b9908c566d5701493e1e6b381242

  • SHA512

    df6337bd65e4e4a01c256d55eb4cb11576e5b1da2c729c8b251a2f4752fb3128aa91667d58b938aec334651ea30b420a90459214f05cc70b8cda6b6d67564e9a

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\www\systembc\index.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1052
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1052 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:580

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    b5fcc55cffd66f38d548e8b63206c5e6

    SHA1

    79db08ababfa33a4f644fa8fe337195b5aba44c7

    SHA256

    7730df1165195dd5bb6b40d6e519b4ce07aceb03601a77bca6535d31698d4ca1

    SHA512

    aaa17175e90dbca04f0fa753084731313e70119fef7d408b41ff4170116ab24eaee0bd05dca2cc43464b1ee920819e5ce6f6e750d97e3c4fc605f01e7ff9c649

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c6559165bf9b969c745b2e8c93b2b646

    SHA1

    ca6d61e5f67860013269a4f1c70e7cb34792939b

    SHA256

    04da412a5404643552489da8f40d1e05d8174c9a08b4e5926ef1c32992a81429

    SHA512

    7b0793b4fc7ae672a6b5d19926b7cf3d9bdbd6d16ef6fb1fb4a78704696a0faaa27acf13ab47945a42a12f876b2be20549adea2e32187bb6e1a3ea8a36079118

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b9cf1398640ef25e93271b572a07f6b1

    SHA1

    885ee5ec10186a79c947404dc0c39a9ae3ef87a9

    SHA256

    366007e878fb472ac3398515199b9fb7aba89b70d9fdca69719ef461d0d826b3

    SHA512

    462d638e864c8184e1f4d6075caca38f2e6bc800ccf6926d40c7138907547f07ac2ae8765e6ca7da1845b3843a285d66bddc7d301bc99ceb121ecb9540486569

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a12cc2dcf885190d0307c82bcbcc1b71

    SHA1

    93315663c98aba0a326b854d7630c3ce9dd4b6f6

    SHA256

    a84250e69b59dbf9614f326adf3b859bade2fadad0642afd47894ed5d2cbe6a1

    SHA512

    4fe0cbce843ef064cac9b7014b2a6b935443e6687c874b2423dc88623c0528d908de5b32f8c26ac69ef912efd1ff52609a0fa1a6fcbdbb1ad3410e3dc8bffa82

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a2a050b3d73bc1a3d0392260943a8ee9

    SHA1

    04668fb19f8a97a90655f1b94840ba43212825c5

    SHA256

    c0e09e0c7136a04a82c5b7c96158c7653b8069ab2f07636ab2cefabcde3c5f18

    SHA512

    4e9dab0215e60040494270120b09a172aaf4912d8cda49c751d0ee1d00f68c558391d0bc65b1199e10c52df868abe844dc620bcfb86cba932b4d86f750820b41

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    db8a1876aedf17f8a1825c51fcb16b03

    SHA1

    a1723a391e751ecd8585346671d1a83fbbd1a951

    SHA256

    49ac44f9add866091fafc7ff277200bd7614b6f3f1b3823ec5cc3ff0581fbd1e

    SHA512

    2bbe20b1a35fc9e9c5c9390db9ba45e04dced543195a92fdc7044781d758ecdb7c64ee16306806c3959d726421d3313b645813b6755a1abae12bc308d914f4ed

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d658834103cf1261d5643b9f4a833bf6

    SHA1

    8fb3299839dbea6c198aaa034a27d53bcfa6edf2

    SHA256

    844b14d2d6559213849523274c37d838a019d2659781f80920821f1c5d570a32

    SHA512

    b44ce1c049ab29fb5ff642f02a28931c248ea16ccd94a0314f0282008c1706fe126ab82968a63e3e9de9b853bb563c1535b9fdc66c84e114c019b5f8e6ef69be

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    09fd431fa6e19f16140a41299bc7f566

    SHA1

    f7d8a74c2f30f20f3915d633338c1b479393a8d2

    SHA256

    9859c109bed98a3767230ba02891d43aa16a0e085a2819887dcebcad1878d92b

    SHA512

    2ff42b86d1af01eeb58254e382e1d7f94de0c2b64a82b69575a0c7b9bbc1b47a6f76e0489534f8106fca0cedf820643dbe77449304b9e48dd832215e40fc4b72

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6560cd675e55f70f94edfff7ae757c77

    SHA1

    10ff157bed0931a2a26156fc0a8c3dceac04245d

    SHA256

    5dec591a47eabd1f37903d7c7f376fdf1a14e4adc4af796cd15f9269b0496004

    SHA512

    76bb416f2e1615cdf0c16ee410ae037cd62b5b3754084bf1344c462473a86e844f5afab3d86863ba2141737bd60b8f05ab2fcffc59fcd418ef3ec4e6867dadce

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9d3e08538c2694dec4eb7ec8feb7d0a2

    SHA1

    635123cab5c079d56940502d1b6f8dd78b95924a

    SHA256

    a631dd08169e2faa9be80725b8e99f1b0368ad4f02af2c01f01d40be03325c82

    SHA512

    e744b70e39bf4739c4a1d74e6b65d1820cc0c2cd3e4f9c90781fedfcd55c06152ad230e646051d4a664399399c9b57312bb356646976ed273d4be982adcc6124

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOYUJSME\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab50C2.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZKWOYGQQ.txt
    Filesize

    601B

    MD5

    d16c74a8d7fff194f053914daa1f968e

    SHA1

    9e2d51c5e0d9f2d59fee14ceef3586ef41a0f226

    SHA256

    a36c421da45e6175af03f2517af65156fb9696692dda513c5706aa0588eed2e2

    SHA512

    d529d8087212f70732b8c5a7549b389fd81faf6fce5c6ab89ac4a93b17dfa4f059df2bb62c2416a629b75505927368f739b69a240d6c2210259012520d6bc997

    Download Submit