Overview

overview

7

Static

static

7

vpnclient2/28vpn.exe

windows7-x64

7

vpnclient2/28vpn.exe

windows10-2004-x64

7

vpnclient2....0.exe

windows7-x64

7

vpnclient2....0.exe

windows10-2004-x64

7

vpnclient2....0.exe

windows7-x64

7

vpnclient2....0.exe

windows10-2004-x64

7

vpnclient2...ao.htm

windows7-x64

1

vpnclient2...ao.htm

windows10-2004-x64

1

vpnclient2/top.htm

windows7-x64

1

vpnclient2/top.htm

windows10-2004-x64

1

top.htm

windows7-x64

1

top.htm

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2023 00:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    top.htm

  • Size

    990B

  • MD5

    72defc966eb83b40d830b3bc66354d94

  • SHA1

    c83173bfd34ab77873c01c76446d939fe22d364e

  • SHA256

    64d69ca7b9efa905812324a8d8ea59bdd7f124624e541a6a4ae0a8490e1e381e

  • SHA512

    137d6ae33ae11091ba863a7590a5b3bc8f15012a3a93654f553a138d3b10820d854831307a8a0ddafeecdd84fd8ea88d4e8a52790e8d97b8c4a27086e8d61e9d

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\top.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2260
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2260 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d662c302c857dfd7201f05d86bdcd540

    SHA1

    f3b59034650bae24982411b108dbf841d50f3219

    SHA256

    ef81a68edbbe7fa47a2b4cc5fde2882d7eaf16bb22bbb4bd8e2bf99441d123d9

    SHA512

    9276e06aaf07bba1bf88a2646ce6db1c2345f3e03fa127c7eb46542ce87637abe66e7452c3fe2d1621b9516d9a348badc84f28ef8049969f3529aa320a995e64

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b243ea36974b505b2d97c5b343b858c5

    SHA1

    1fd3ff2bf9909ade54b02d43f5063c83960b8b10

    SHA256

    6d9ec2b0a4cdd3eb7f5567790619859385eab2d2d33b3373672a7a566acbc6c5

    SHA512

    a118255083ad83552c73eb728cfc163fa631b56919d954d02564c7f604e42038ff8dba6aa23c25b5586e924b8d2690a25bead63a7af4120ca4f238ea818ca243

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1a252911b358cc296f66c0593971454d

    SHA1

    35501562b503a5288cb41567ff06e660e1d30628

    SHA256

    77639b1b3ee5226894c355e70594a689ec7c142eed8625723b7832f5e937afb4

    SHA512

    0142a7516dc6765993db4085f7b474e16d173966d2b48ab2f19633ace7d967fe02b488eaed2f03b71c0ff2af535600124fdfdf6435191230128064bfc5b23b61

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eefc1dbbbcd9cf0be3e6f6e9c0007816

    SHA1

    643c63d44778392875866befad89850824572ed8

    SHA256

    9989fb555db186524f23da177172e297bb1effb9cd6a53d24056048ad8a8b93a

    SHA512

    95c48368bf87eebb27563104275ce31be2f2c6b03c8c4f0640122a6fcba5de5456b025474d01c572f875a19b313e7fb126c149c55ee2c5835c36574ce5fb0bc3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    48a476744ad816ee0909542365b1a185

    SHA1

    c067ae69234b292d07216d47641d75926914156b

    SHA256

    36ca16904b3070f81963424a645accc77f1667d77f426180004e1d7ff5770b1c

    SHA512

    01ab6e6efcb4daf4f155ca3ed93e5d8109f76c4f0f0017f972b17c0fd37284a0a1f22f8dd54bc777e035d76959547794d6ba57cae4ffb587db97e619e868391e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    76691b65ff7e40e230b49bafbd637ce7

    SHA1

    9534faefd9d7cd65740853c57699187c785b4e92

    SHA256

    1048c05a97d7e093f804fcbaad9b856928429a00b1355349c22140000eef7414

    SHA512

    053dee8fd29e99ea229cb321014a5758d31d56cf11fc9860ff96d1430fbe4c78167a3ec9881c26ab98ce5059c672a2f2c41292705b982b48b5a7f6c7107cc11b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    74b717006d81032b99c06bcd58e1118c

    SHA1

    9ebe550fc48e6ba5774c2c7c17b7db1983691d4b

    SHA256

    4bab485fd4addd98103d934f80d7709ab8a483c60349c3f722614596680532b3

    SHA512

    c9cb25c19ff8d6f98a24f7f3a579e5574f4c0201fe47c157cc40bfec137981fb3df84d3d403afbfeb1031c1436e97f8dc556af5beefa0c6d600a99d3489a0bd9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3497fe4e6a34743926026a984ef3cfaf

    SHA1

    28a221ea5ab8134cf4c73d246eb9f2bc88663cd9

    SHA256

    d0fc1f514a0e457fde7302f0ad66c3f130fa1727ae1a3a0fe5c1cedddcaf1d1a

    SHA512

    3621c7432bda80fe3db4caafce4617b4d10a51536dd34911a7131d5bfdfce7496495d2a56b5e3ac0d27d40687405195ec26b6a4d9725065d4b433b46b9b0d99d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    62e2953f245db1bcc54672d7f072d5f0

    SHA1

    9965f7c179b6dcae5dc12518967e5fa038b38526

    SHA256

    c2fe3cd563f1290c2edd2b108654fbacc01dfde232d493a1449f14e74fd92778

    SHA512

    0940e88381823007a263900e7ce89355db68acb7c42ab2319b9f4b50997b4586aeae3d665368844fe1f5437f7277c994215c14f142712b5eac45a3b857dc3031

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB2A0.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB2D1.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit