Overview

overview

3

Static

static

3

广捷居�...NN.vbs

windows7-x64

1

广捷居�...NN.vbs

windows10-2004-x64

1

广捷居�...em.asp

windows7-x64

3

广捷居�...em.asp

windows10-2004-x64

3

广捷居�...60.htm

windows7-x64

1

广捷居�...60.htm

windows10-2004-x64

1

广捷居�...60.htm

windows7-x64

1

广捷居�...60.htm

windows10-2004-x64

1

广捷居�..._2.htm

windows7-x64

1

广捷居�..._2.htm

windows10-2004-x64

1

广捷居�...02.htm

windows7-x64

1

广捷居�...02.htm

windows10-2004-x64

1

广捷居�...op.htm

windows7-x64

1

广捷居�...op.htm

windows10-2004-x64

1

广捷居�...op.htm

windows7-x64

1

广捷居�...op.htm

windows10-2004-x64

1

广捷居�...ch.asp

windows7-x64

3

广捷居�...ch.asp

windows10-2004-x64

3

广捷居�...me.vbs

windows7-x64

1

广捷居�...me.vbs

windows10-2004-x64

1

广捷居�...ome.js

windows7-x64

1

广捷居�...ome.js

windows10-2004-x64

1

广捷居�...rr.vbs

windows7-x64

1

广捷居�...rr.vbs

windows10-2004-x64

1

广捷居�...aq.htm

windows7-x64

1

广捷居�...aq.htm

windows10-2004-x64

1

广捷居�...nk.vbs

windows7-x64

1

广捷居�...nk.vbs

windows10-2004-x64

1

广捷居�...nk.vbs

windows7-x64

1

广捷居�...nk.vbs

windows10-2004-x64

1

广捷居�...me.vbs

windows7-x64

1

广捷居�...me.vbs

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    162s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 23:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    广捷居程序gjj(去后门版)/wwwroot/ad/ad_02.htm

  • Size

    832B

  • MD5

    04d1fe4a5f86b1551919c41abc32fe17

  • SHA1

    160a5261aadaa3bea05f302d1ab44fd9517168a7

  • SHA256

    afa428b510b3806ab2b529a911a506ac6141cb13aeff971ead4c84caf6dc352a

  • SHA512

    d86868850b12278c40fcb46848f5ed0102c6b75a32519ea7cdc0e456fb30687ad7a734d8d81eaa464de40561792c1de1d7bfaa930fc4349d78f1c7bb024cf8df

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\广捷居程序gjj(去后门版)\wwwroot\ad\ad_02.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2184
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2160

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    359c29c6a68a8b791cd23f7134da8816

    SHA1

    d4097149476b20333cc2a5fa6fa346bb248c5461

    SHA256

    112628d05095d1155880c8b9657e7cc29b2532292cbfaa3b2debac983193818e

    SHA512

    dea5e374d75df3361533e10a406b4e824286f46c18e9044cfb598e75cedce90f0be996e0a2ba1091ccb85e0fc77aae77e56d2ea9e66e30d936e7aed00636fad8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8b6ca2f5c475ce8df7b4b1c99dcde02d

    SHA1

    636a6ee2b4f0655560d7ec60a25e884d98b2dc24

    SHA256

    2fba5d9491b7cf4036d579f12636451b10f505f5e38a6987771571354ed53add

    SHA512

    b60755d44600c4121386abc8b505e84255cc4287bb4442b55fea3aa160d1feeee80690dc9ef1453a7023e10c42340be9b68339b09a52c5622fab983a3c81d35b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dc9fb841d3c8d97335aab24d929df88d

    SHA1

    e5778f20654a7912742c6467168e69ab55a5ea4b

    SHA256

    9ba1f5dee18e1256a3d6af72c26eb818b5db2784f958525c5f9f8f6693ba7d91

    SHA512

    6f895a46d85a445fcf3c3288c48ecd727c544f475e895c18042371de0c5d462eecb0706a0c4d1f85cd4fe8b60ba19fdf12cbcc304dd7659be454f216d7783d8e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eb711ed937ed636fea5046ff1b2892cc

    SHA1

    748cb8f565c5f5381e7a940dfa6fdc36cdf9e2ae

    SHA256

    fb096a51f555d36d27004ed0d6701cc7126b48e13a6e38de467d2a9d08d7561e

    SHA512

    b6ce3e830b6967e343b0455574513f37a286951a15f64ae943fab31bec96b86b266a51a74bbd0d0e27ef810994dd428b77166cb67800d737bcf21540e843ec83

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b5699891e55a9435ae6dfc7e1fcbcb38

    SHA1

    3ce39ddbc5b329ffb927e3b67ac2236cd5095c65

    SHA256

    88809c04a475c3c5cc7f1712aa9603ac8297377056edae04ef89b8bdf3640734

    SHA512

    0a0fb5ce9052741d1ad2a79c26a4b1d18c815bf0e8e68220c41579a77e3d7bba3b7b52ffc6b1a082d40b8fe34d58d6d28df4b99e1dfc14bec93b919289099e1c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    725a86fcc1e4c2bda469cabcd6daa0e4

    SHA1

    d7bf428914e97669ece7c684ee75334bae2a916e

    SHA256

    3bdc596d7ab94f26177f4548283e951bc50a4dd900c45e98388579cf73e72ad6

    SHA512

    a18d38d882416a1402865fd1553c4b16980a0d31a41ae4031d35c2ab32de371015ad64c9d5e3388040b933f57b3c2fda05ee5eac32c336bb87964c63ab833e37

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dc81967fdbd295bf8bc7c4053f73f705

    SHA1

    dce17243bfbadb0575e985f0886f072bc8f79106

    SHA256

    3f2bff51bcb5ed7708dc29eddadae3b3111aa6b7afaf86c901874380d5c526e1

    SHA512

    668972b2c0320b55d2cdf65958c5b736c4ab401ee96e6ba1af85c3565da3438f9965ed7bb7886be547ba4a0ecfe5ceab08127dad1710ea5f5562468392d01a42

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabEA91.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarEAA3.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit