Analysis
-
max time kernel
118s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
14-10-2023 03:57
General
-
Target
½ļ/17.js
-
Size
1KB
-
MD5
840422981206fe204ad674b563497eee
-
SHA1
fbadcc5fa1e489d965591d769da3bf7039fc5b7f
-
SHA256
76522e1121f296222f3a9c9913638e5e6e9ab4be9206fc86ed32c1827b44b689
-
SHA512
8cc95a62d66b7afcb8f402b4603773a3d3b877cdbf0c07492f75cc3b5bfc6e5cb91aa0997509b0e939a187ad8037d766ba23a4c3758da94a31940a4fc348d9ee
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer settings 1 TTPs 33 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 10 IoCs
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\½ļ\17.js1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" This page can’t be displayed This page can’t be displayed Make sure the web address http://hqnwha.xyz is correct. Look for the page with your search engine. Refresh the page in a few minutes. Check that all network cables are plugged in. Verify that airplane mode is turned off. Make sure your wireless switch is turned on. See if you can connect to mobile broadband. Restart your router. Fix connection problems2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Move-Item 'C:\Users\Admin\AppData\Local\Temp\½ļ\17.js' 'C:\Users\Admin\\AppData\\Roaming\\Microsoft\\Windows\Start Menu\Programs\Startup\'2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2128 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344B
MD507436cc3fc94e3b69f9da891b4bb2d79
SHA1dd34b86d7fd00e560b0b78265a8e47b2af0868a4
SHA256b9f3fc1ea607349155799fb640b347ff959f184bd08f8c3327c74db0bf4e52d5
SHA5123a9eb4e465886c4c29c9f0c90715da9c89c40b88898a29c2ee16e0a8dc08a688f2808742c3267a411b133dcc182401f1f6cb0715929d086419a0258a31907b4b
-
Filesize
344B
MD5bf65a6aa9adb3b94f3d19e58d701d441
SHA15bc896068292f4f151d8a680debb7d44b675998d
SHA256636aec14c659ffa420fb619f125597358a2d930905eae09160590eb3319b000a
SHA512ae8fea87f79f50c177a3ac2346e12e1103fcd51cb5c6c5a575ca3e2ffcb75e5edb62342c0fc4e0402f9f198089b76888afdb1248615012578ca5e7e64b38385d
-
Filesize
344B
MD5d3940257658235574c0262c1f327ad52
SHA134a57ef48c09eb981f6b4d9ccc4ff380ccea6bea
SHA256b8af4592571b050f4eb563d6ad7c3366f855f5ea7fb240ffeb56fca439f570be
SHA5126d97d956f3841cd5b10cbe9372ba23d8d5b636887674c86b66888d553850b9a447c9fa4afdc6dbffa96f160d4087d52e28c43c70df2e6cec38bc355ad0e4037d
-
Filesize
344B
MD57af7743c95e8378c160043ef778183af
SHA1894a9b952a8915312849549ca9b660d8636985f9
SHA256c21b2c3e334b743c1b870af14f46ed195beae180f02e145f3f9eed4ce90f79be
SHA51238350a348545eb691af466919c0b36695850bd76b1c0b3830b37a7bd7d2786f0b2a7b448ea6a59d06117530804ae5a002667554663ec1ca447cb6324524f4000
-
Filesize
344B
MD5060fe98c09118f5b05f7e949a434dde4
SHA1954b86189e83eb4edc0570dbf45483c6182a769b
SHA2561ed3405d1c9f4f3a264bbfeda368f0bb40a2c1348c9ce8aeead40ef83d90e25e
SHA512354220a2901bf266a8de0113417bfeff683b9afd7f79110c46f46eb3553b2466a8e194d086178b1a855dc3675acf0b537c3474a42e2e0d37ec2ee5a3c3c457fe
-
Filesize
344B
MD52d9c228871836468fa93a74044c9c83e
SHA18ed0a51e902839b0408be9eac6206a3539095a81
SHA256068605d33335ea13dd5ef477874081d0b2544cf36b29b77e200f14731913b650
SHA512fadfe4e25e38b9aea7f1ebd21c83c3ff004bb8f22d1d080e79e686cd32d46727c5aff034ad72b0342be80ce3cbb653c9e995de411d0a697a9ff2b8ce23c19557
-
Filesize
344B
MD5a7bd3df6e1bab640d874c03348ace603
SHA104608ac5047198ac7e22fcb2ae8c3fd257aa27ec
SHA256b7def88fcd4fb0dfa6385d6fc88082ac82b9618a8216caa50af3ea758959fd63
SHA5125ffad8d8485eadce368474baa9cd530452490d1b418f9ab06f489e658a2e5a8015acc692f7881646311112c82ee66e05fd0d919fd03d42beb2a2670e111c82c0
-
Filesize
344B
MD5d7679a76c4580f98f4045a5f0a53aaf5
SHA16c62005502eea8c774d6ad1647a5547baa1eac20
SHA256b4d98b66e42c79e6ba5a64d36ccd6cf6340fc44565cdef2e71da32eb6a1cfd12
SHA51293827cbb4188416ed2aee1f7e745921a90f5862cde5f22635d4211106caaf047946f927dca13f4bf70535d1723fb560d026c5e66e2d5f4fe15850bdff740b753
-
Filesize
344B
MD5795d282ceb82c3fd214c232673eaac32
SHA1b4a9363e0aac9a6309d067c699d6f61a91f5f6c6
SHA256b5993df0c0feeadf84bffb090880e42403d542a82954741cea27c48be6dc0527
SHA5126ce74ffcbfae247a34ea2ecd698043b27763a3b79f54ba7846072f3b5433d8bd3a33d9b700f79e49d1f7e45d566c7f05880574c8a62d8e3c4184dd314588f6f0
-
Filesize
344B
MD5b44cf55eb3883958a961215dc2130082
SHA1b9d87e72b4736b648742d45bcfab862218fbc5fb
SHA256d2abccac4ae4bbb89111888801f53e6ba74dfbee0f6b0ffb26a425e9c22874f9
SHA512a16c959151da3ba29c27e06039f05d1702746d621b76d5774147c079e9e841f951cfe1e4cb40600bc3a221a1e2c574ca19e3416774d4376e4aa02815bbf6da57
-
Filesize
344B
MD5f45198119aaf071eb4299086b2986136
SHA118ff6b109b8910842cc26cf6eb088a6e7dbf3eb9
SHA256efb76420ef29d07daf41108e377b539376e39f5c76a11ecc612b07e674e36238
SHA512c1d03fe442f520c7995f89cecbf6b62a8336094662aaaad680a0571e0f1ac8b4fc61a5e83a87feee24f4edda8bdc447550e419cf0a915edf6364af59bc1a965a
-
Filesize
344B
MD560f2d28d1bc50efe32746f4487b1dc98
SHA12fa3d6c8f96f26486f53e431b990eaa6d4d3fce5
SHA25670d380cee68ae3e7be9583dcf9644586fba4afa9d8be5d81fab184447ad08f78
SHA5124d7cc241c78743d25f86939027aa06041380fb933175a6e3fc23545408ca6da7963e6a18876f793f97c898841876bf05b8bd3dbdf410a86db73d20b8d4847658
-
Filesize
344B
MD5537d8ce7ac9116f94fca23a6474ea676
SHA1296da7f56d2647aa3b4379493f511fdb12fb4cd4
SHA256a625962fd37f144653150a4159f22847b54a00fbdb046de913ed70e6a59e9030
SHA512e613a6efef0a1d6359c35bb7f1000f34fd319747c5ce31a8b5327cddf41f4a86a1d17b3d0aff32ee0c192364e9df20dc51cbca03e050e29e463ac529609411c7
-
Filesize
344B
MD5d5c74ad4bb9141ffafb462b8487bb983
SHA11e50574578732687e6992978bbed0ead2139d0fb
SHA256de75bb9597068439dc240cfd1280a7bbf1d74a7a525eed7137d53676fa5fc355
SHA512606b21ea6ca00f271979e1599272b52ad80dc41ce02fe648fcc3489a633477257fd7b36805f0006011c01fc0b53ad2e411908335e8bc53ed32365ae0edb5a1bb
-
Filesize
344B
MD59990790a793d04c11e998c0324261af7
SHA1292028d7fc11afc308bdce7682ed256ccd822f99
SHA256a27c1865ef438444c8d12a4ba957a6da37c7d711b5db17759ca4a54bbeb48fda
SHA51299786e50bc31678d87d8848c97dc83e1b4a4bb1a4f83f6f422f8b1b058641169d7439c063c27c8b28cd0f82003c3b7c4674fb59dda2db4d5687f6823911efdf0
-
Filesize
344B
MD5fa62dafb30f82c9e14940bd4eefc9d74
SHA10443c4609082225680db041ee5bbfab7b3c33994
SHA256d685604681d5ebfde2d0c73a0dcf6e18ad35ab55b2f7b1569b731eb1ff5add07
SHA512226fc9e26daa38cdd8c394cda09fad5c4fc6bfc2a0f4c1a16d87b90be33e95ffe22a0546dac19549235543dbee722cfbb0db5066b566132ca870ab3eff292c2e
-
Filesize
344B
MD5accbd465c4ba017af298ec04c938b64c
SHA1714d3e46ad012d70acebc748fe24363143f5647f
SHA256c5f9128818c6a4ceee954f5e4416507d9c79762237149f37381988043bc7c3e8
SHA512808042be76ee549a4a31cf0a59136c84ad2f603008e9cb8863ad53b6725f77e09950f85ba1fb26b3b3309239189aafeaa72afac2aa672e9273b15f7f77f58dfb
-
Filesize
344B
MD5a20c69d3ccb42b7730f9e6718ce4aa3e
SHA1b243b885064a212cfdde943ec11e4691c93aacea
SHA256c99898d95c3aec5549bb604527ca9bdc6bfe82d7db5e6cd3a3462130940e6a91
SHA5122fad02b861aedaa1b24b662fcb262c6bb58fad097ea400c7dd595523a080f984822ecf46c8307bee9e965cfd89467a52349a517ce74a987384f36db431849554
-
Filesize
344B
MD55da14b793d9813a09b90c5c7e6cbceec
SHA19ef17cbea361896e433fae701f049183e2bfc93d
SHA25661ada7aa0dc4eb4c7d0944c0a09d17a45151ffa51fc62479ce26f183fcd045cd
SHA5123a641bde0cf60f8e4389ab9fd043e9a0d4f8756c7585dd2ab764e4053ada4dd00e7232c2e31c44ea0651a75c25f42de710c0c0be8459714a1aa34adfae9b432f
-
Filesize
344B
MD53b9c5e2a13c2439f33916eae79db610d
SHA197fb26b9b205238af4d54d27d833e69098e28b54
SHA25648ee6334dc1cda1af7286384b7d3272545aa912c533b0e84c6763d808b4a1b6e
SHA51286dc8cae5ea50fb1c6067d6e7f09a70bdedc3dcc2d33cc3ad0d71e538a07fa4da6cf90515b86144b9e6f3484ad09e1d39561272b2782ccd304b72372a3310078
-
Filesize
61KB
MD5f3441b8572aae8801c04f3060b550443
SHA14ef0a35436125d6821831ef36c28ffaf196cda15
SHA2566720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA5125ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9
-
Filesize
163KB
MD59441737383d21192400eca82fda910ec
SHA1725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA5127608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf
-
Filesize
7KB
MD56c0ff2841cf4aef9fc8f6be492e230af
SHA16c33b820e2927058a5a3a88bd8f43902aa7dafda
SHA256ae070bb65252e6fdfe7b44c00ccf88d6f86618ea9184462740bff0dad2ab99f3
SHA512a177d07bbf1b35353dba6eecb2114c0ef1840ee36ac17c633f0cc9f8cb4670134d75c75f6e3e63698e797b17b1a3b3c8cd612503be7bc5cec1deb351d090cca8
-
Filesize
7KB
MD56c0ff2841cf4aef9fc8f6be492e230af
SHA16c33b820e2927058a5a3a88bd8f43902aa7dafda
SHA256ae070bb65252e6fdfe7b44c00ccf88d6f86618ea9184462740bff0dad2ab99f3
SHA512a177d07bbf1b35353dba6eecb2114c0ef1840ee36ac17c633f0cc9f8cb4670134d75c75f6e3e63698e797b17b1a3b3c8cd612503be7bc5cec1deb351d090cca8
-
Filesize
64KB
-
Filesize
9.6MB
-
Filesize
412KB
-
Filesize
12KB
-
Filesize
512KB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
512KB
-
Filesize
512KB
-
Filesize
9.6MB
-
Filesize
2.9MB
-
Filesize
32KB