Overview

overview

3

Static

static

3

广捷居�...NN.vbs

windows7-x64

1

广捷居�...NN.vbs

windows10-2004-x64

1

广捷居�...em.asp

windows7-x64

3

广捷居�...em.asp

windows10-2004-x64

3

广捷居�...60.htm

windows7-x64

1

广捷居�...60.htm

windows10-2004-x64

1

广捷居�...60.htm

windows7-x64

1

广捷居�...60.htm

windows10-2004-x64

1

广捷居�..._2.htm

windows7-x64

1

广捷居�..._2.htm

windows10-2004-x64

1

广捷居�...02.htm

windows7-x64

1

广捷居�...02.htm

windows10-2004-x64

1

广捷居�...op.htm

windows7-x64

1

广捷居�...op.htm

windows10-2004-x64

1

广捷居�...op.htm

windows7-x64

1

广捷居�...op.htm

windows10-2004-x64

1

广捷居�...ch.asp

windows7-x64

3

广捷居�...ch.asp

windows10-2004-x64

3

广捷居�...me.vbs

windows7-x64

1

广捷居�...me.vbs

windows10-2004-x64

1

广捷居�...ome.js

windows7-x64

1

广捷居�...ome.js

windows10-2004-x64

1

广捷居�...rr.vbs

windows7-x64

1

广捷居�...rr.vbs

windows10-2004-x64

1

广捷居�...aq.htm

windows7-x64

1

广捷居�...aq.htm

windows10-2004-x64

1

广捷居�...nk.vbs

windows7-x64

1

广捷居�...nk.vbs

windows10-2004-x64

1

广捷居�...nk.vbs

windows7-x64

1

广捷居�...nk.vbs

windows10-2004-x64

1

广捷居�...me.vbs

windows7-x64

1

广捷居�...me.vbs

windows10-2004-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 23:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    广捷居程序gjj(去后门版)/wwwroot/ad/mb_top.htm

  • Size

    868B

  • MD5

    2ef15982f67cf4eeb03232d24bfd36aa

  • SHA1

    708a9351d065db5935919ff3040cb948480483f1

  • SHA256

    76506aa2111bb34609c714ac6ee533d028674b9b365c819e95985f1895a63f3e

  • SHA512

    00225243510b7133ce0ea57c47d698fbb70735c97c2bd8f94dff7849fef100dc9749c8e8d2a70e324e2a7d9f83ccaa5035f574ba5f284f789529b2f17f5072c3

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\广捷居程序gjj(去后门版)\wwwroot\ad\mb_top.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1868
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1868 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1264

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    88016b67ce1b2525e734a23938cc46c3

    SHA1

    7cc0a9e27252a3cfa6ca02a6a426082f60251157

    SHA256

    5c15266aef1963b86355cf9a09b202e21e872725b413b747162b2b2607ba6415

    SHA512

    9df809c1ef51fb6e0230989fb1cb0e2f1866cb6921651c48b8a92f08e6bdf3e4d3259123510d0914ead30fb279e1f00c59df53cad31f8180adc8aeadeb7e0165

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ca0053217ec7dbdd691c40628bee2366

    SHA1

    67d41605e9796eecf476e285bdc6e8628f0ede47

    SHA256

    91f15f07983b32bbafb64bf6dee2cc74765af0ead1d504548775ee242d72981f

    SHA512

    784a0dae4d0f7397483c932c67b1009ee6dd24c415858822bcb4e3a9d06a65862fbb12c741e2e0dee525a9dcb01a5e1c39bfcec9a1dee45f1158ecfae55e4a34

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    07354603e6f6e0c8b50f46ce62a05373

    SHA1

    d4835778df731ea3803be7a74c883bd54b3d5ac7

    SHA256

    23ce8594ea5e32611a7b312fbc17e4fb5c25d6fef60ddaa6ce8c7f8f2ea16a31

    SHA512

    5328d72cc925fd9a97412fc05a96ca4d053ae27f94d7ed4fce554b61c2715d2599533b5f99b7424a8d584c2bee443da351e5db2e16582d8ca115633a849344b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6b2584c9ccc950969980c4ca034ebf92

    SHA1

    22488fbeea6f74404007d4f494326bea3ca6c82e

    SHA256

    27e35960b2d94620adb0e0ef1b721d32a1e46526a06d701e1763d23caaf9437d

    SHA512

    c014991598d4d185c44bc8f4a74445adf7b6ca8378e63b636322a2ed437b065de38d15281d8d09ee85b4eebc266a871841cc43c152fa1d97b0b4dbc898ca75a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0bc132a61c030e51465e0a9c0236e83f

    SHA1

    c538c34fb8eea710f71b57254a54fe0aa113d036

    SHA256

    03f79cb23a4ebfec3e8f694fe8af792b6582185dc89251c8888a92f13a17972d

    SHA512

    2ea4e2bd3b32290e6dc56ca7b7b832ecc11662c410b87e7a6c201bec77852296b8cb10c6daee369909a681727cc587efdfee6f7b266c4c0757e309c087981b64

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7283.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7381.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit