Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://s.waimao008.c...

windows7-x64

1

http://s.waimao008.c...

windows10-2004-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 00:44

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    http://s.waimao008.com/crossOpenEmail/0e4d1c5?==?us-ascii?Q?d-c

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 50 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://s.waimao008.com/crossOpenEmail/0e4d1c5?==?us-ascii?Q?d-c
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1680
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1680 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1956

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          914B

          MD5

          e4a68ac854ac5242460afd72481b2a44

          SHA1

          df3c24f9bfd666761b268073fe06d1cc8d4f82a4

          SHA256

          cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

          SHA512

          5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          1KB

          MD5

          a266bb7dcc38a562631361bbf61dd11b

          SHA1

          3b1efd3a66ea28b16697394703a72ca340a05bd5

          SHA256

          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

          SHA512

          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          252B

          MD5

          a0444f4c51200ac00a06f9337728c46b

          SHA1

          f729635f3300c50a5ce848137fa9fa3636ab0ed0

          SHA256

          407ebdaa96f20e39ff9a65b0103b1eec96abc704651c38f7a9213ee2303901a1

          SHA512

          83272f45800cdcd580fce730262eabb9638b195ead88732ea32cd31b5a3534e23d9e1f5ff958aeb779e033be828c9f67c9e671e839a90ad80797123a9b5ba77f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          7bd1bf1c588870e646d1fcef0ddbcb29

          SHA1

          0d1b435ea3b9ec2ddaeb54507b9cd6b3c3ad9dfd

          SHA256

          e531704fec1750e979c5814b8384e096652ae498b0003a306f070bfa59dfe874

          SHA512

          bb5d19e1b59aa6fc60762faeb0de4fa638d87909e5fbddc68d26c7147e1bac28aa11fd1bd7b7d0a3b2bb6bf4255f8a7a296f32dbd7dbca6c04a1fa3aefce96a5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          8752a2954f6413242805b1c81c7257f6

          SHA1

          648045f23f772a0d9c8521a3a2a9f621e5770fad

          SHA256

          6ff300127cd8d2902ad114efc777e12193461faad887e69c93fb076ac6c6f57f

          SHA512

          c109a057037efeca24e5fe1effb01dec963968ab793e7c6a3ced5aa07858af00b1aa943a0be1efbeb4bebbfe9148640e82529468d83fd7f6002d42c86a17b96e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          f46d7863196c3cbcb8e16f951a8c1c26

          SHA1

          f6e781279415608e4b871e80a2a4dd3088df9516

          SHA256

          e58ec420461909ed1a687c336aa5c5912a23c0f8b6db0cc52ce067513df77122

          SHA512

          52038e2d2008168bd9949ab04c5d92e2f13028645884b22c0c4ea78ba7e6ef7441803e3b411a159bc566e463feecef6d3506fde8796e9e6e43b14a79f216e178

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          f05270bbc2d6a9d32247937fdba2d87f

          SHA1

          1b53e81a3286b9a7dae544b5d0de9755cf972df8

          SHA256

          378ee01320458b5237cfef68b2cef6c0fbff2afef899a1b498e90728c3707872

          SHA512

          5b1d6cfddf61064d4c25ec774886fc7ce2de94f0921a91682d994032e5e537748a3c9dd1d789bead2ff860035123c3c1975b0eba3b64931911c7af55512abf46

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          0fb443a331398613198b68e4db4243e9

          SHA1

          49db4fd51b35b00d5d55891f15fd0524f1dd3b0e

          SHA256

          ccc43682899607342f81afcf7399967ead9a17c7c18e5a62e528053f3dd667ae

          SHA512

          cfd2f905509703d0425c675ce59fdb2647fbda664a8f5b9b3390a5be36868c37c2acc7d39873b36215a86193c4caae44c190241e65f507cfb31ab706c091fc44

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          dd2efb7a781d54714edec06ed6691ff9

          SHA1

          af5cd4981975d65738a4f179a0e126aa9ddf1864

          SHA256

          ca02e22ec3af97e2408d62fd2421c997c004915bff00dd6dfe9ec4ffd7a72207

          SHA512

          6ac45ba639839c92d99e27849737320cf2c90ee0962563dda38d6870f27173195c9aba3af0589cbe284f64d2c913fc463a529840524ca71d9e99d8626bb37eb6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          67e1fa97754658b50f4213f07266adac

          SHA1

          46c5718b7e910285f4fe3faf3def84049a5d274c

          SHA256

          ca8a9f3a2f78e3c201aca5e401f2dcc2741c18ea4ea5878d0de6e8ad4b58ee61

          SHA512

          72deb1356cef5ba6090430bb51ed71c64dfa36a7ac08a81f2f481eda0277b0410505460d28c7ad4c666034b05b202958920021eb09cf9a4ee7f0408a39420368

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          b7904d74b1a75fc92c108fc100dc2914

          SHA1

          d259ea272fe45d950e15721b90efaa1b387a12a7

          SHA256

          751d2e516f55476e5685792b8c9a88b17432accb135c7802718e345bd252ec1e

          SHA512

          75c6c828502c6099b45ed0b8862774001e10b30b9bdb0ae93374b9c250ad1cfce7c437e3061e044e49d8299a01319c8c6a89acedd537aa5f34236deeed51574d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          242B

          MD5

          77f82f582ef338a8f01bdffc0751ebc1

          SHA1

          27452a2f18b5a4caf072d4818da94d820cd7a95c

          SHA256

          846bc06613100f0cb5cff8c9452afbd240128e7012d62ec2299d18a5e88e82fd

          SHA512

          b63b52ea647fc2dfb87ade6fa5e288a7a594e53703226f8bf8a369256e20ce9ebcc0563b725134b1d1d6e22f87cdf1a5816d1ece56845cf9956b1b9a595f10ae

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          242B

          MD5

          a8136b60b037cff234278cbe06532b5c

          SHA1

          2965fa993ed124e170603bc6fda6ebeaa8a0d791

          SHA256

          ff6e2f8459a0d94ba48e2d2838d1147964c8c81892bf72118243613ebdc1c3a0

          SHA512

          ab9215ae219d0405d063a25a7048fde62abea5a6d657c0710e4aee8d0e80f86628335f6faabd43fada8e0ed6f4aae0277130a9d4b174d53705e830e77cc1ad8e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
          Filesize

          4KB

          MD5

          da597791be3b6e732f0bc8b20e38ee62

          SHA1

          1125c45d285c360542027d7554a5c442288974de

          SHA256

          5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

          SHA512

          d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6DNORKN\qsml3W213O0A.xml
          Filesize

          233B

          MD5

          866e4180e840f59bd6c9b756f1ef0735

          SHA1

          38de3d2d917c106be609470f1eb94fe642663c88

          SHA256

          e37788fb3d7fe1e4591ca85148bba1b8c0b6a502b80794ac5f8e1beae716c2f1

          SHA512

          c43d89814ead1e632f8b7e47e8c220073e4bb443c12d466b54140e355730431e6a8f1d27d52926115428f5f0df878e10bd11fc6902c306d8353b8f70d7bfa938

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6DNORKN\qsml511C4Z8K.xml
          Filesize

          231B

          MD5

          b850feb854d504d8646346eb6ccb9d0c

          SHA1

          98aedcf23254130ba98df19c28630d353e165719

          SHA256

          c4f684ce11ba23b85f45704954f12d11d3fdfb89d9ed6e788f62102adbcb7716

          SHA512

          fd4c7a342a6969f71fc359e8a460f9ff4aab013844f11776aa5617afe4d9c8b976f86959adac3a359bf288e489076135d60a7971b3848d06b0b5a8ab6d2a00a8

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6DNORKN\qsml7942Q2B0.xml
          Filesize

          232B

          MD5

          e14a9adabf50eee50d901316016289f9

          SHA1

          52f58ea8187b8fe8a144cf2559104f52af9f0c72

          SHA256

          56be35495b0ab1b18be5b748f3880ec44d95f757e1479a9d77dbe05dede1dd09

          SHA512

          e89f80ea8b8fcf7b65378b91c944fac0efb9f74babb2ea41fc926d12195e3c84b3d0d82feed89c94d5985edd2054adb4f0c727c094c4f88b4e35a1999ac91e92

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6DNORKN\qsmlLW8I3KD3.xml
          Filesize

          234B

          MD5

          e083d94ce56d9b5a3d624c5f389ff04f

          SHA1

          3fa24c1b31e82c84dc5580bbf581b8c59bb71d78

          SHA256

          1022e7da111cf937e83c34489ba052423ebb5e1cc156c76817b0b37bffc9a4ef

          SHA512

          8d07171e53d4387197315ee0857d9585c16e370b2f0fa7842e2298acc73b3ade0e23ae74d5f30fbdaf029b49b5c64325032f19b775fa7f8ea41b1f8094298794

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6DNORKN\qsmlM1EK2LPC.xml
          Filesize

          230B

          MD5

          37bd1f667d1167bf6a07cb5a374f889c

          SHA1

          e2cf9f244a7c1cea3a4072de298a195ba0de0012

          SHA256

          a4f8350fc9877a8a262cb3bab509a53a603ea9fa8967a7706db33e2c1aa65776

          SHA512

          3084a7d6c8dc89d5ec9bc834627e80812c0f9f1e9d9006976f305145141c9a764b3734b9fd1c2d9e217f9b60bc96d18e7b5aab1c8d828b671250e0055564fb1e

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6DNORKN\qsmlWNHT29WH.xml
          Filesize

          238B

          MD5

          74f489334ea9560e8cd827061db6d6ba

          SHA1

          c13d836d82e7f1b29fc2abfe9bb2f8b34885097d

          SHA256

          4f7e5cf56a043f6876281ec5a825246632e484167fcba1ae1258b76faeba0678

          SHA512

          7a847fec7d127e45b9d153451b9fa0494bc8c4dc0803ac09177790975c6c69dc43a976b324e6a39865aa152b9d0289f219f257779096f4c2e099a82a6e309cde

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6DNORKN\qsmlZOHI38ZP.xml
          Filesize

          235B

          MD5

          25096d1a53bf0ad533d2b96176ee4d53

          SHA1

          c44d53821a35d9d15c3a3889b71ff2a4fee34cee

          SHA256

          656ec8b492d77d191b56974c12866e58af2d660e2e40e6aa3419c2a3e684aaf4

          SHA512

          f0c744f59d67f0cc2b8f426ec7d5c1908ac8b8c61c908626b37161d023ea79220ad9945b2426400572fd48bfc9fdbf53ef92647d7738ceaead1bdfec23248e37

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6DNORKN\qsml[10].xml
          Filesize

          239B

          MD5

          d878f9582b22b24bde3f13f839bbb437

          SHA1

          2af9ed2ee30676152388ecf3069a231281509fd8

          SHA256

          7bb0c1b4285868319c6e5f1a50f38996b55fd7c2c1ef7d542698eb4f1ac5cfd1

          SHA512

          0ccb33d3d98da6f0c2c60cd1717673d62f889b105e58b022131c6bef423de1c085ad3e2e205dd389a8dd7135f3235b47af49dfe526af622822bf7c05a49c7bbd

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6DNORKN\qsml[1].xml
          Filesize

          254B

          MD5

          1dae9296f010751f731c41ddb721a68f

          SHA1

          923b6f2c1a036ea1f50281a51a35962cd837108e

          SHA256

          0ad6090f17f08d32212220deb2c05ed8a0d98751e67b4e62b9aa7d5860a392b3

          SHA512

          4269ac0b33fa06cd1380254e1cfdb1466fdeb57c31bf532cfa55c1a3140faa7b1ff9d74ca857b0b497a0c677ad4479fcd70fd4f794b79ddf7415ec570cdaf679

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6DNORKN\qsml[2].xml
          Filesize

          253B

          MD5

          514e947788e6f5b84bea40474aa54999

          SHA1

          f10c573f57daf0452093d2ac674525b78de9d0cd

          SHA256

          6a79a360c22577076649f3939378bc4527b55af482bd10bd97848950a409204d

          SHA512

          cff205441c9b64f960d84a3aed1fec4b7610715e00002ab9319e2a7da2c5ff70cb4d00c5f41e83ec141e6c66ca11784a8b95cb369569a79259883670558af6bc

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6DNORKN\qsml[3].xml
          Filesize

          252B

          MD5

          74109e4331cee358f6867bb71399d7c9

          SHA1

          d423d4e70df1894358493ad5759a5580fc457d11

          SHA256

          fa13fae5c7ca32168cd96e19683562ccb776e62decb6c0b8148b3096b8024d08

          SHA512

          ce165a4565d3529a979a7e2c0e002d763127c1a788de98bde41bd0d6b85ac27055e2b3202a3783dc955561a5deceea2de4646e61c142d53c89f7e273b56652bb

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6DNORKN\qsml[4].xml
          Filesize

          251B

          MD5

          f34a840d70d8440fbcfecc774cb63d76

          SHA1

          7687f9e4072fef6eb29dff9f0844bdd36e569a21

          SHA256

          ce609b75c82a391962b27eb1bd6a55a8cdc086a5af694b63e1281e45eeb8ff40

          SHA512

          8aceb42ef643bb229b7a72ff045f7698c16c5035554e326ea65a52ffe33540a64f58a604a3959aeea9a5491ac6d90c8eccdb9a860701cca4b385f11307e81bef

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6DNORKN\qsml[5].xml
          Filesize

          250B

          MD5

          5cf0578212c9373f860215a137dd6d9f

          SHA1

          d3379f99a23639e3e321b0b21098403da06413be

          SHA256

          39058eb8a251ea24481383c422f6c6c573bdbd92e3aecf7e514d3db44ea103a3

          SHA512

          fa0e72294f1ccd4dd6b74b4c69f6d0060f5bebe0b714c9bc06a49d64b5e50e92c9f9fe255fd4bcec8439d6fc086e212171697be777491f7b9f95ed9323cc3f56

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6DNORKN\qsml[6].xml
          Filesize

          245B

          MD5

          f1ecb307baae1bed4dd776a0ce765845

          SHA1

          bf2e56f450eb5eaf5540661cdd5e577728c823b3

          SHA256

          9154d2cc366804bde41d8cb0a69fa1aab489923a93488f4260049096983df961

          SHA512

          b8f3760e9ded499fb08ca08ced850a1b3b90a45b70ea9c73c7d2c4dcf46d1bd92eb484ac53e9e985a171eb872c38906aa361e1e4986fb3c8a15ee3bc65a10ae1

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6DNORKN\qsml[7].xml
          Filesize

          244B

          MD5

          980e7be8f399dfb2d76e145db231d846

          SHA1

          6c9a04ef44cf5122c537c6c47fd8d257cf824051

          SHA256

          01c0eb1b4daec166ac8d4722f9bd711b497dc3d40064b0c812bf17d57b03e507

          SHA512

          51b3a82ba491deed4b931a2d14915711a9967b60e55001879b6c313e37a11c1e4d4bfbee651eda684e1361c81870790fd400310fdc7f678f3452283f70d8b8c3

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6DNORKN\qsml[8].xml
          Filesize

          243B

          MD5

          9b7167d92fcbd302a6038d647c3875c5

          SHA1

          be6a2d298da4e539fed6122905ed223fd5b3c1fd

          SHA256

          9873d6879f3503563fa380aa6857a426de0bff46a0efc823cee49dce5033d1bb

          SHA512

          98ba47f441afd5d304de277acc04ff35f1a9edbb589920f9eabdeaa606f277d44ab10e5d827bbd664718baa4bbf017e9df642bd7d49bd470afc883ea17883f88

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6DNORKN\qsml[9].xml
          Filesize

          242B

          MD5

          2ec9d4734578ca4524efa3545273a157

          SHA1

          4a9e2b34af1c20b03ded244e81edcd4a03732c2f

          SHA256

          5c45caaf87eb07a72f9292c31616cde80fe34e4f84a426db3cb18b5a4663483a

          SHA512

          d68345bcdf29166f54b70d2e90eee80e309eea09fe9b064b2477aa516cf778ce487ab53e4484195c3f1a59883e76de1456a667b8fd09cedef2045b2f267e4d2b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarCC0C.tmp
          Filesize

          171KB

          MD5

          9c0c641c06238516f27941aa1166d427

          SHA1

          64cd549fb8cf014fcd9312aa7a5b023847b6c977

          SHA256

          4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

          SHA512

          936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

          Download Submit