Overview

overview

5

Static

static

4

var www ht...api.js

windows7-x64

1

var www ht...api.js

windows10-2004-x64

1

var www ht...a.html

windows7-x64

1

var www ht...a.html

windows10-2004-x64

1

var www ht...x.html

windows7-x64

1

var www ht...x.html

windows10-2004-x64

1

var www ht...g.html

windows7-x64

1

var www ht...g.html

windows10-2004-x64

1

var www ht...3.html

windows7-x64

1

var www ht...3.html

windows10-2004-x64

1

var www ht...e3.xml

windows7-x64

1

var www ht...e3.xml

windows10-2004-x64

3

var www ht...ase.js

windows7-x64

1

var www ht...ase.js

windows10-2004-x64

1

var www ht...b5a.js

windows7-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows7-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows7-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows7-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows7-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows7-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows7-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows7-x64

1

var www ht...b5a.js

windows10-2004-x64

1

var www ht...b5a.js

windows7-x64

1

var www ht...b5a.js

windows10-2004-x64

5

Resubmissions

19-07-2023 21:16

230719-z4frlabb95 4

19-07-2023 21:13

230719-z2sndabb89 5

11-11-2022 04:56

221111-fkt1bsbcbk 5

Analysis

  • max time kernel
    118s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    19-07-2023 21:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    var www html kemhan/wp-content/themes/menhan/css/[email protected]

  • Size

    242B

  • MD5

    60a91b6c17c166f9df9fabe704a94dfc

  • SHA1

    6372dabec5d08f1a7d75a3994c1ad7decd1153cc

  • SHA256

    4221c95ff4501a4b53cfbc73ba20004a65ca83ca6c64ce99b57982c93d2314a7

  • SHA512

    17df4452440f955523f5a13d058df5602e7d327c87a338783348d1195c728788dbcbecfeae51f169cfb9ed3c323afd4a55d6ea9a35588808c96f13c2a952da4a

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\var www html kemhan\wp-content\themes\menhan\css\[email protected]"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2356
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2356 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2256

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    9aae9177d85ac41ea63c28369099c4dd

    SHA1

    4d41a8cec22823b9fb67ab9736e2304a2f5152f4

    SHA256

    9b9921d16d426942113ca59a753608ce591e984c24a7b0c8a600b696c31fbaf6

    SHA512

    a21769f82974b7022f071ab81a9c551957a69148b5436e50f644bf88f780d7d70055710ed71d76baf28546ad2c24c303dafd6e527da71597aee795c74b122ee8

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    77aa8f9eb0ee4ed88e0ddda415d9c5b8

    SHA1

    cb428a2d29e530979a922fd4fad184bfec73eb3f

    SHA256

    269855fcd3c947d6ce3b967c7174f28ee635dffa74fe443852001d727217839e

    SHA512

    4bff864671c7076c92addf09088952457ae4ed592b749dca3a2955e91c1ceec6d2c1763e7e9757d23701253430358181858e37a81ee42b25772a126690400557

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    8ef28d806f6cf39ddd7598ed3bf1da29

    SHA1

    e0626a1b676dfc976a4bcd39f07c4ad688996bac

    SHA256

    a15df557bbc47011533080e1d1fa06d9cff05275861e62f7222db81e9e4f1c63

    SHA512

    efe59a533f593771fdaa21696b4dae1ee54bd7f3c97ef5a8aa1e0dc27b9415c0356c19855e5f2ef9a8383d268aef08a4d1bec518ce7618c59cf0d61f9a9249d4

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    8c83f2db81bced40eee3b6df10e4694c

    SHA1

    241712fc5904a43514a51e4ab9bed2897e8335da

    SHA256

    a9df6e590d73d1519c2065abc719fefc69509fe03d0261dee77c47ced6c4509e

    SHA512

    9a960e4e55e538a5a8c35e9fe5d2db1e2af388e4f85ea4055927d2e5473e85d8ebd37f4784cf232f46d2a2c0ec901bf97d3cc75889ebaab4153416aa0ad98348

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    00b3317c0d4df9213d06c8005ee7b6ce

    SHA1

    498a34ac7554319481cc03484b875555b898cbd3

    SHA256

    8f9de8ac7149ca02895b7f8d691ce10f426c3f02d9d4edf02a3541b74b1d7218

    SHA512

    2635569595715dd8d021eddbafadb534b844f069a619a022983d515c4b257615631ad9cf2a35348a62e12de64e293b91b623cd3daecdfb304a26bb7294220368

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    db481fe34dd65ea5d4a676956c1ea8a3

    SHA1

    f083914001baca69e4dd39bfa4581c25427b84fc

    SHA256

    eef3c7466f276dc8eddda422be5b4ae69be6266d613cccec520159f7f305cfac

    SHA512

    a0b954c20dcd5f201e6347d39aadac749942ae8f536cc4d2971d85f432eea3793e136389de4b4bb6a31d1e73cc0cff99bd7de50d26fecd201ee60619dd30b43e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    86801f9d4a9e057c436af3474024c0e2

    SHA1

    5599df5ab68e69ed3753faeab5b3d0d4a93d234d

    SHA256

    4f380f9eb181aa38a2bd73b00b85dc32650068b1d0e92349142ef74614fbc4d4

    SHA512

    5133e28060895c1096957a84174a46628d3a39c3ab36c1c2dc5c5a4a2c9b847121ffb82eea163664924b3ca1e3d173145c9b88d9c2adae2880c0872654bb2f92

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8AJTUMOT\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab4991.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar4B39.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\QTR8D2R2.txt
    Filesize

    601B

    MD5

    6ef3217a8831b613710b8e1102240965

    SHA1

    57c27ea61e713ebb1ef2d24e9609cdaae57a0f00

    SHA256

    4b7a7a3b21bf8690e00e5cfb305383450472baa46070e657003164d9c2fad5a9

    SHA512

    565326d208bb16e6764712524130f74ffef8df316736392ba411e8329a1f807710a1e84eb66d2696246134b4a6b0681380f7051886329bd78935ad74f5530c91

    Download Submit