Overview

overview

10

Static

static

10

server.exe

windows7-x64

8

server.exe

windows10-2004-x64

8

server.out

ubuntu-18.04-amd64

7

socks.out

ubuntu-18.04-amd64

7

www/system...ip2.js

windows7-x64

1

www/system...ip2.js

windows10-2004-x64

1

www/system...x.html

windows7-x64

1

www/system...x.html

windows10-2004-x64

1

www/system...ord.js

windows7-x64

1

www/system...ord.js

windows10-2004-x64

1

Analysis

  • max time kernel
    98s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    09-05-2023 04:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    www/systembc/index.html

  • Size

    16B

  • MD5

    f5a101e1a581bd03a5709b5c36f4c9c5

  • SHA1

    86548e7c6168d3d05819da7b4c4c94547bea43b5

  • SHA256

    a14b2375d7042a76207b40292ea3b5dec759b9908c566d5701493e1e6b381242

  • SHA512

    df6337bd65e4e4a01c256d55eb4cb11576e5b1da2c729c8b251a2f4752fb3128aa91667d58b938aec334651ea30b420a90459214f05cc70b8cda6b6d67564e9a

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\www\systembc\index.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1704 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1696

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ab065a5ec48109d9c2e53a78cb32f659

    SHA1

    dfac7acefef81f648b986995f96d99e85e6669d5

    SHA256

    4c5176dc5af5979aa75921aa29a62f353ea7d0bb12650de444893dec13dc96d6

    SHA512

    7bd7dce0693262095609310279811e61092ef9809c729d72d55116bf6f1e7d85cc29fd113e078bf49a8794280348acacd6e2f33dbb1c52d3be7cbf951af89183

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1af0d0f36ad8028ae02e5e2a9d3803c8

    SHA1

    8b793f2b18f73b7edc8329d466bdb30bb664687d

    SHA256

    52a7d834bb872115067b2149be809f2388f7817f681fb32bce2dd5160d1596a1

    SHA512

    fbe616cb74f86fec378f8020e9b8b4dd7d25b90f70af420638a75d0daf15c0f5901c6218bc32bf821a421b32ce137b72cb50c822554cb3584f63ed496fb46a99

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b9605146a2e96db2dfdb680ee448aaf9

    SHA1

    136500cb7255e944ea144f668482f7fe87a1dd45

    SHA256

    a8312b6e25b6cbb98fbbab65c4f78d8b0ec63417ae7a12dcc0683e38e860577c

    SHA512

    7a7331e508c8e360eb05c6aac704b38ce97af1fb2fe46d26928897a417bc7ac679e148e7926fbc5a3860549a11831bc45610e8d7a275a1581899a8263fdfef23

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2b596768ff66175b2dcca1a0ad7a248f

    SHA1

    24ac5385415d2e0f92f2e6004e0bd6b3691ffb79

    SHA256

    3f5c043ea2319a0689e3ba257b01b0e23c97ca85eeeb6ac38d9b0df8a0057eca

    SHA512

    90906e26b1b9364b5381d09c2b15183bc7054fdc63a6f3c4efe66136ba48b8f9cd0169da2872437c0f45ec5b6b815c3ebc07f7a2ced501cc90e8752255789f51

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    44e1928c07e462fba3dec065eef61a6d

    SHA1

    0a4aacaf11e0c918abe1af3289476581d5e2b5d4

    SHA256

    36a7e3bab9ce1a157fc136b4ce9a4b8f2bb4aa65a7fdbe5fff6b33f15966defa

    SHA512

    f32f927d58172f0b6e553f23f5dfc434edbd9fbcabefd195efa40b4c23c670c00fdaca7e7b03812afbb15b41ada71cb0d21b1f29a3965449bc5664206988a57f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4033a083806a4ad84481f0bc111e70a7

    SHA1

    908e29bd32a0394cc9a139d0332f56d23e223653

    SHA256

    f55a28e8a036af493e5d28409def5ca5fcda1c0c30806e0732df9a04ab8def70

    SHA512

    846872388f480f8f91cb8e594b9cecbb71b140a4196540b9697e9836e45de7fad926885ab99aa4ff7f654483e747df381f25edc538528043f9febee1c08c30d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8e49800dab04243d6966922c60b82742

    SHA1

    f39f59f4e1db5ad61366f7369f693db05b8731fc

    SHA256

    6e38e0bb720e51883d8da0d0d0a2947f786bf3ea1f3799614f713ef4b16e33be

    SHA512

    22f05cc293dcd68bf70e5baf1ccdc093772cab2475d60983bf7afd77c0d5ffe2336f65ddea334a395f8c8ac4a4f6dedf1e08cdac931093e740aba0ef7ca46b18

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a43111b24680442df4937354b14803d3

    SHA1

    7f6744b397803739de02131da2310c528b8ab5ce

    SHA256

    92df9ad7a894f6b57d297e5d3d67fd06ecfe6fb7e28bb49f81236cd78f61ee23

    SHA512

    0f42e54ead073718fb52c9f8eab4fe259b424f6faf57c4fe3b5c926db6f786db83a6755e110783aff6f8e634b61ee99cc83bf15f3d7ac2f00ea9b5300204e62a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f925c7bc9ebea29afbd058a5965756aa

    SHA1

    95910cb7db5268d51520d0e847c51ed22c25fa75

    SHA256

    6426098e70a380830da0f0cbd43cd959d1c17b5ba398d4ee92d7305d22e0c80c

    SHA512

    cfa64123e92ee6485ba9ea5536836fbf7b6e2f775ee6f33bcb8a362ffe120619d1c07af7a3ec8b3894e5ef876d2c6b356c0d286d7e8b39441cc2d7e2722269e9

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQ77JNZF\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab75CF.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7911.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\3M1VVV6J.txt
    Filesize

    608B

    MD5

    27b643568d774da26f9245b50bd82f7e

    SHA1

    791b78038e9b2e1f937548e5542a76af71e92a2a

    SHA256

    d8c0dcff91cd1f6027e29b96d0d4c2c5d4f6723227a8a9496fadfadcd196a176

    SHA512

    08be9e01e0a21f7f765ce249ad9a49a3df691577e10a20debb8126f4ddf1210994efb8d207694421e9ddc0902a2beadaedaa0c345cfd1efa6a5249cc0b23a689

    Download Submit