Overview

overview

8

Static

static

7

QQ聊天�...��.exe

windows7-x64

8

QQ聊天�...��.exe

windows10-2004-x64

7

卸载.exe

windows7-x64

7

卸载.exe

windows10-2004-x64

7

在线升级.exe

windows7-x64

7

在线升级.exe

windows10-2004-x64

7

在线帮助.htm

windows7-x64

1

在线帮助.htm

windows10-2004-x64

1

帮助.chm

windows7-x64

1

帮助.chm

windows10-2004-x64

1

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29-12-2023 21:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    在线帮助.htm

  • Size

    253B

  • MD5

    09ca99497be8a000113af16dfb97be11

  • SHA1

    b541e448590c8a40a1eaf9742c1016ab20a95a58

  • SHA256

    f40840743524ce35b679e5538c4839455f45eab9d082207c8270b98f865c179d

  • SHA512

    50fc84db9786b8469ed14afc31497c6bc911b06d3e464ed3a216d393d9655814b416bcfcacc5e6deb40fe645b67f11c0ad23713721c91106ffe5d28be5117d2b

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\在线帮助.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c84105db7f01b45e339e45b2b0cac005

    SHA1

    b0cb52d5c6998fb07710ad0f605ea8b0bdf9b296

    SHA256

    e15dd7fb6a038242e5cbccfacef51db651441c5e622a30f6c4eac04aab3236dc

    SHA512

    5fc16d4029a1632585b9a7e031e7e5dcb761d172a0e26b21bf74d3fb4ce24289f938f8e3041b13af9cdf0dd570fad774e6ce2a945b68378a804e630163573fcb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b9bf2689a07cb0ab0c0e4cd4d838742c

    SHA1

    33e257f153e549c955f317e2a78bd91e23cb6286

    SHA256

    b6ecaf7a5627f31013000156bc1508733cf5f2080f48827780e9b65e71478a5d

    SHA512

    c165dd66e8117b0474c743e09d9ab04e122c6804ec2c466c9f043df6216b2549217700acc7c568e7076b9b5f7419fba6ba21c4843d3f3a1d805b2a9d3b3b7006

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d36edd198076ea0d0f827c46d4f70e54

    SHA1

    0e79dbf7ee8fc65be15fd2775625ab24fc465492

    SHA256

    399c1415ad23ecdcdf222b3ab855d2d2f65228fdd020387a5fc6f9f5d9f59556

    SHA512

    0b787d654437c3ff9fd87be045d90a8e70eac3a785e8392ce2ff2f82de00f2b0ffb40c30cf6785d8fb07cd111bca2f2c93925e6faa04d4de71b2532490e5c32f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3469ac5f2183f4d2e850469a2fc75a70

    SHA1

    c1e4a0a8b321446531b076c6b1b263f3a3de15ec

    SHA256

    14fa91d30fffd890f81dedbadb2ef8652f1ae03399ce60ab845f512bbf91b0d5

    SHA512

    f7a2a2966e671ebf733ce13ee403128afb0833613c434e6120b350efbb026300eb2f61aa93b69ebb0ee5ea0c8709aae421027528c7580cfc7be31fd584df7b93

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7f6f38e8862382c660ad864ba4ecde0b

    SHA1

    491c9e385372c8d4567905e590dd47e00ed236d1

    SHA256

    af35ae98e03f0a8926695ffa9ff3192b80cc979db7b7b9750cad90801ce9328a

    SHA512

    acb882d337be88beb34bc9d8fb6bb269f4072b88e2f9fd9d17771b9f2d3fb230765297351a1bcfb18f157a1c8c47bf114827152f09bc167377ff1074e2b45e78

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3d52b993081b71a298c408854849b758

    SHA1

    60b782a251e0b20561a62ab2f7aad055074a17e6

    SHA256

    b8a968a7bdd98195f922d2f7619e90d96ecd1a381cb1023ba4ac4096a7870182

    SHA512

    9d7ef18b07236dce510b063788426a8defb86f69dba3ad0d6676252151236ed1c45e9a941696394de15ae3584666defbea64fbe063291ac2499765ec5a5f310f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7f5f04c9a7a3b8abf4faea3c4c0f3efd

    SHA1

    da0cce4c5fd09c7fe7b061287e5881e89b4a906c

    SHA256

    6e140ff14c676caf19358e377a836cc5005a44730cf1f2191e9c8714d10fb109

    SHA512

    c4bcd05369b0a60e57ee529bff22d770c998c5ac9cecd71e4691dd99dda832c491aa81901b613d25f58554979b4b6e3e3a59420d4bbf06fe67ec5cf512055bce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3c34b60b18a336b377e4e0fa1c7af795

    SHA1

    03d894ea404b5e04dea3ace7be1b28cde096f29d

    SHA256

    d3c75bbffff8b173ba009da668dfdaf8bb48265b070afffd506851b527cc6073

    SHA512

    9dfe2ab531cb40a39d8df974efd1faa47624e67921943ae8d7a1b2bc58d2e80317cee1d5797ef981fe64db9522060a0297eaa0daa2d3caf02284beab06c76ee2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6b3d8d30b14303ee049e21ef1162ec29

    SHA1

    960d17303204f92d8ce1ec16a861fa42406b4c0d

    SHA256

    95ee4a30c8d130137c4861a0cb45ec286656a3fdb803f66875b03a1c1a1b51fd

    SHA512

    b62608a43555ce015c1672cf3c54ba0d30675ef6af94e307775d2941d7a8206b80d1d567a9460b06c6063b2d4cb7a1aee962b79f4299ce60d8292f84b6fe28ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    17e5676281c8a0f338a00aec5fd55248

    SHA1

    5919a8f4380cdafdd7245b7d5f39765c43146c99

    SHA256

    dafa44bce1227293222052bcb694eeddf0c3af96d4595208ac5134f91f85a4ee

    SHA512

    03df175e9a23617f7904e4a14ba22abf04b3a9ca8858334cf58158a58bf303b4041c4704904911614407de80b51b479b9a1807a3c726c6120be6fa10223212f4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB10A.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB1A9.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit