Overview

overview

6

Static

static

3

WebCracker...k4.exe

windows7-x64

1

WebCracker...k4.exe

windows10-2004-x64

1

WebCracker...ic.exe

windows7-x64

1

WebCracker...ic.exe

windows10-2004-x64

1

readme.url

windows7-x64

6

readme.url

windows10-2004-x64

3

下载王w...om.url

windows7-x64

1

下载王w...om.url

windows10-2004-x64

1

Analysis

  • max time kernel
    172s
  • max time network
    223s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 15:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    readme.url

  • Size

    328B

  • MD5

    63ce37659e34f6542d31a4bc64ec19e5

  • SHA1

    31938110d10a8ebce18ce02d1ebaca0e344a797c

  • SHA256

    36dcd2cc9ef2a279014b4f85915100f62d36bd0c2cf439638d4ce0e9c18cc2ff

  • SHA512

    39dc956c870a2bd80786dd215b503e5f22a1259bb858ff37ae601cb11d425afd5304e6472512c99afcb98569f08990e1d03df5e3d392ec484b1a98dd3f7b86e2

Score
6/10
evasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\readme.url
    1⤵
    • Checks whether UAC is enabled
    PID:2724
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2564
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2564 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1042de2b65f1314de2173899b6414dfd

    SHA1

    2fcf74e5960cd8eace0e355225fdab9e7c2fcfd6

    SHA256

    c036745d0b316a9d66daeb072bfb3ad54c08fc6c402e7259ef120e19c5143838

    SHA512

    42beef4736dd297659090009bd18e762a7519160d607917287139d3f03e45cefaa886adf973ae9abacad2ca5618a6bb5f93722c23fa99fc9685730d354d804da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d114c3a78af642977472a5933fc420a0

    SHA1

    0013944083b006492c17e71ca2e7d4f8b3b203e6

    SHA256

    f81a3085b6888665afc4a365ced0cf10d67c2783f49ef1ac34cbc06bd182877b

    SHA512

    c9031bc88de48f88649d23208105d96f26e1a641a253ba0b9373f73598c426a5a1984f2045bfdbad5238401dcc6bf02bd0aa0df16e54ba08c9b7ca48e861aabd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9c148022cf94696d2aa77719bac3444f

    SHA1

    8c87aaae8f43f24d9d89a417e203c70b7cc31210

    SHA256

    bb33b767e222409aa27ab939c68e8cf6c38af2ec186c439e5f07403a029ad6cc

    SHA512

    4cfee7c94d4c5a222a785621105a6c4b60ea1e9109aaf9f86b8a7d34f1ebf3fb566dda1844e36a6dc0a9f331f0c82903d53eadf215cfee72731b796f695b8fdf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e87a10490e842b93476e37620cc7d2c0

    SHA1

    77925ac94cce613b9d03fc998b7dd500e7042bc2

    SHA256

    f834e2f6811f628e44ae1a4ea5ad283bfbacefb1c6a50bafa6b12cc51306f87b

    SHA512

    6fb5f2ae207421c426ebff639b00d2e5c900442f519c02d6d010c613ed0c9cf0be2ef3cae5178a977525accb5e5cd2ac82c543471605e16533f3f0dd3fd13571

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    44fe49cf2940322d59994e2027b7bb34

    SHA1

    0364d5c3c1029f38e23cc5cb73c595d42521ebee

    SHA256

    75e65d79d0ca3dd0e447766d0c1dcff8f4ec45fa06ee285d48e91447e62e3160

    SHA512

    ae41e7f87d37359be7f2f3014503d06a854601cd6140fc030593763e08bf48a9bcf3ec58eadf34573c325925106fe73bcf1ea1633f8135b95bea0383ae31bedc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    52b5a519e345ed6f9c1ca1c140320393

    SHA1

    bb9ed000c609039c5273884162a76201c8a4545d

    SHA256

    021ce50a43e8f6ce80bd8b1c4bf0e872b424f10d794b02950ed9fb5359a4aa3c

    SHA512

    62f1aeb2a2679874fabe74563cbea946b719ae0dc58b92efab74d333a816aee8a130704501bdecf065895e7bd8d1fadcd4d3bc3ce3c0b0b28535192fb8b165a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6e292cd7f8e194b1efe4d12465403c5e

    SHA1

    e06248d8cc3962fa451a3f0decdca5d91a0299e4

    SHA256

    9091117b9003185ef3bde855a895dd423179a42a98b6cb6fb5b1a211317efcb4

    SHA512

    5a534dfe69a66a0bd2d90c82076e455142417e3d3c389cb7dfe477369798b54e1263f096b19f6ac71103441a7542ad51c8c7e4eb41afb7b16c8ee82c3be0f9ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    14d270e629dd71f6433c796f02a39ca4

    SHA1

    3010861ca95189153f23c4618f83cbb510821820

    SHA256

    2bafc46390e6b7bf75f8033662f25ca34bb8ee226c4c8b63d6e49521a95a5758

    SHA512

    c62de4edfe16ecb6795cd2fb4584e7729c2eb4924876592aa6258b779fe622542e503ba4e73f909e832d10a0f8f4265580aeb0f149dcaf49cadeb5fb93538829

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    61faa87b528be4592e785c7899b42756

    SHA1

    fd0ec303142a66046d8409b6132ce6979b0726c8

    SHA256

    3b34c0ea6a56afa6469e1ebde6fdc976b238faca31a041b1c1fa2b20adf9738d

    SHA512

    a33e908e6ad87d6dd0a832e77350e2defc0e23c38678782d42bea4e000983dd9645c042e8cb99d061c3d75e26e71e45c13156439b38c614f6b01ba409686e8f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4c6f30dcef1134f042385dc6b6a55b7b

    SHA1

    2b4935e438f38abeef5021d75954cd7885ec71a0

    SHA256

    87dfde5c79225b72782d7e4e96be7d85e378deea3df67c0608486d4091159f40

    SHA512

    edb68a30bb9e82d282976589833e532071fd4ced81e3e385210dd595d32800407d2f2575f5ba02549de101258ee9fdb5cf4f250d66b6ed1e6579c8352c7797c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b3827da28d70fbd6a9c33a92606dd473

    SHA1

    e253cf63c2dae93314de6193fdbfbf806fb94ef4

    SHA256

    5f3cbf5946116bb593a47d16c9612a7b21167c59db09550efdec179bd4eb4b80

    SHA512

    cd52d669c96f497c9e6bc0ec5e07e9d3b68214eef5041a8020e8b9843e1f3bfd3a53d8493d55a23c3aa5ab47da9fd29cf1d53e809466bdbbf7c75bcf834dfc92

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a3fe81ebd854d5ca4a1d0a6b067b4537

    SHA1

    f276cf50ecee5982d5a9469c0af35582a47b9b1d

    SHA256

    2816570cf9b204a2f9ba24e7e2a915d6057413e23e25f21a81d82900498ab185

    SHA512

    e497539d852b8c2fd00f6640e1ecd393983b06edb786163dc6c8331fd2a415c8e09e7b1a55f06c1ff98f71381a1d48422d860436a48be07541bf1d458c7bcdaf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b339e97d3103a753f7e6b521749de0b9

    SHA1

    38f2a63ad72f996895f1c1888b745e5d4a91d437

    SHA256

    ed84a4c015707b497433924664e646571e010335382bd248ccdc03e0142b2e51

    SHA512

    ed0723d9a79dce824545df76e6e70a2265b6ce8596918ba8062bb8c67b839505dcb95b437a8c46260b109167bc715fbbd02b856e12679d6279a0464ab5081790

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e43c7b8d2de79fb22b162bac8b23812d

    SHA1

    1a1d18f46e66072457973c843340ab98b9e62d0e

    SHA256

    29fc6eca295a56cd5b0d66e498e350c25664a97624652075cbe008dda2d67ceb

    SHA512

    dff210cf9d6b33547335a22327d8cb3c88c01d855fca82e1be2579509c91dffdc08eaa7e953988536fa7b754670a3288df12adc55639031a2b8cfc069ae31cd7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\d151rer\imagestore.dat
    Filesize

    16KB

    MD5

    235139a7f3688182ce4a41935cac5358

    SHA1

    63b505a461e3d8a4c29f7ad48d99d0da28088255

    SHA256

    1330594a2550d268c8155e305bf382652820989d72d4d2b6bfcf047869ae8e93

    SHA512

    07a00b650d267f12bf54158bf80a326732f5762c8cac33737e8dcd8d462adab77c874499cfce754a29eb5c7001c53c1a3888cf7b9b33fa185658cc6e1740a150

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CFHPCFFP\favicon[2].ico
    Filesize

    16KB

    MD5

    717b138033a41361b32b60fc5062ab2a

    SHA1

    af9841b6f0923f890f41feec52c94a0cd68f01d8

    SHA256

    c70088079fe9441a726c66ce0e73ae38315ec80051d3dd542c41b82fa0a1993a

    SHA512

    1985bf59c3ee8289bbe55fbe572371d1f401949e6a0179b35ca89e292173780956161feb257303fe9ff5fd2898ca7fd6105eb1796841ade0e1124eeb89aa70ac

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CTTGCPI6\baidu[1].svg
    Filesize

    3KB

    MD5

    85beaf5496f291521eb75ba38eacbd87

    SHA1

    69ff271acf091c6eb963270e6442d6080f1f6d06

    SHA256

    c8a65645a2850992b802a41c3014687c3e881f9d4454da8a8b4ffeb56e9173f5

    SHA512

    cc26ddc23116d342d115c0c834bd23faf7d28f0f9d2d87bd7c971a3c43bbe2237f756d2efc591b7618364f6cc74f7eebde4ef46fdfb4be66b0da272ca38ae6ed

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3989.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3A09.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2724-0-0x00000000001C0000-0x00000000001D0000-memory.dmp

    Filesize

    64KB

    Download