Overview

overview

3

Static

static

3

广捷居�...NN.vbs

windows7-x64

1

广捷居�...NN.vbs

windows10-2004-x64

1

广捷居�...em.asp

windows7-x64

3

广捷居�...em.asp

windows10-2004-x64

3

广捷居�...60.htm

windows7-x64

1

广捷居�...60.htm

windows10-2004-x64

1

广捷居�...60.htm

windows7-x64

1

广捷居�...60.htm

windows10-2004-x64

1

广捷居�..._2.htm

windows7-x64

1

广捷居�..._2.htm

windows10-2004-x64

1

广捷居�...02.htm

windows7-x64

1

广捷居�...02.htm

windows10-2004-x64

1

广捷居�...op.htm

windows7-x64

1

广捷居�...op.htm

windows10-2004-x64

1

广捷居�...op.htm

windows7-x64

1

广捷居�...op.htm

windows10-2004-x64

1

广捷居�...ch.asp

windows7-x64

3

广捷居�...ch.asp

windows10-2004-x64

3

广捷居�...me.vbs

windows7-x64

1

广捷居�...me.vbs

windows10-2004-x64

1

广捷居�...ome.js

windows7-x64

1

广捷居�...ome.js

windows10-2004-x64

1

广捷居�...rr.vbs

windows7-x64

1

广捷居�...rr.vbs

windows10-2004-x64

1

广捷居�...aq.htm

windows7-x64

1

广捷居�...aq.htm

windows10-2004-x64

1

广捷居�...nk.vbs

windows7-x64

1

广捷居�...nk.vbs

windows10-2004-x64

1

广捷居�...nk.vbs

windows7-x64

1

广捷居�...nk.vbs

windows10-2004-x64

1

广捷居�...me.vbs

windows7-x64

1

广捷居�...me.vbs

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 23:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    广捷居程序gjj(去后门版)/wwwroot/ad/top.htm

  • Size

    1KB

  • MD5

    1c2136d6c4467ad5331ce0d27c724ddf

  • SHA1

    e6dadc737d390d3e49e217f44dbceb6455c47d3a

  • SHA256

    74b57fa234eb5ad2201a2cd47958109f307a2d57180371de82ac8f41a9cb82ac

  • SHA512

    e35f40a0850c37f582ad8d5e30edbdf3414550640173df11cffc0090bde908a4665b9c01ed8dc7e0464194b4f0ef6c0c4cd22e49282be32d4bf9e24658a4cd9a

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 43 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\广捷居程序gjj(去后门版)\wwwroot\ad\top.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2736
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2736 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    0eb1a98b3a439645780085d64d67e404

    SHA1

    1f323272a41158c94c0ffa35ec58b1cf2b3cb2e1

    SHA256

    f19abd18b95930406c907fa6cc4a8b0b5e374a5c9bcb7cc99d19a9ed13edfaaf

    SHA512

    7de0f787c982e002815f7733015dee042a66452db68b86a985a841f3041527b9b96eacfeef99eaab2a6585ba47f41bd35b1324f0a84417c54c3e1a6f274ab0f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4e33fea3ca27f8611d15be68fa68b10b

    SHA1

    d2ad5abc45ff24d2acc879ff628db43a749a7e11

    SHA256

    0624e759542771f03f10bb0869b50237b8dc3fbd502a5edb440f53293cf6bbe6

    SHA512

    38c8b3d871d0193a42b88d47970cbd48e76021b82b9be20ec892a4d86245dbfde64633791c6c1e963277cf605edac52fbabb73ffa467596768bcc996b855e371

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d6f9a07ac43451e07aad27a6882991c8

    SHA1

    b926222bea370f96596fbccccc932dab26665859

    SHA256

    8d7861b59ddf2837e1c9950a64c19e9a8141632c94083723d95a62e1ac9688d0

    SHA512

    3e5f656b34dbc778fb6c093f855cbeeb6b78643b94a707547b6ff1398270721e9ad02e99f2b1b41a6a093af329d96c4ac6dbfadae70da66e113eb9606cc7435e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    85d1034184dc668e12dc659274d10295

    SHA1

    59d04762cccf514bb86f2680e9e7e7158533607c

    SHA256

    f728b34522697213ab05c7d10c138839f64b89359aaa6750ec1367fbb80663cf

    SHA512

    3f4eefd90de8155f33c4dee36a6e5f221c544129b8bfa68d4e20a07b9fc60e42d55c8a927ff9343a095378673de46301bf10ce6b9be5c93a655de7577d347697

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ad51c84b6b777207be9350a3ec44ce98

    SHA1

    b1d87b2c030d8c8cc7e670df72d5acca91c03b3b

    SHA256

    14115af167e72a1fb6e389d7bd907d194519e74bae84f34026695b93ac448172

    SHA512

    7e79caa90106f2af9d5f140dfae47616c3322f8d8c36313e39647fa4f8da84a58f2ea121d5238055f624d94b4606551b8dabb6d28c3cf688c4590490c057c31f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    510d5573bec727c3124894b5fad5a071

    SHA1

    8ccc02e5c81fc2eda174949d48f92cb5f3e30bd8

    SHA256

    d432fe1a6a1b37d134e49e9f58e72e5878b44a7f311159337284b6ceb04660f4

    SHA512

    784c6010a2a04a50a7f1b90acf0d8a11f19b138912222e93feb66bb1a59b76d01afba898baefaefce06745cd2a952ecb58cc8e60914385a8959d719d71b20c74

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    49a93211116a7dfbc7c7595d1e10f1dc

    SHA1

    ac47ebef85e0d979bb64a1cfcc5eebcbe240b642

    SHA256

    6c87d66f668c2305e12f6c34c6e9c909e88f6a90481075d66c7b1ba1a1bca975

    SHA512

    443616ed13446a0e65505b4a209a3bf29398940cc45d3f0743edf353a2f7eb77ddc16150a9755fc245ae1bcabb27c688f00f7052f9c430c0d8e6c0a20c4161f1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e13a8e8ad58e90dd4884fb6da5d2d7f5

    SHA1

    0757d75f399cd10ed8b1b4f7b2ba29a5403e4dee

    SHA256

    600db2e389f593d0ad02b5238c073166b4c479258901ed0b038a16ffa311e843

    SHA512

    3011bfe578f4406feef2ff91072a4ca6abd6f9fb491c20bb6a52e884053318d96a00e9731f7659e1a6ec7c76ee69bd4d8daddf7627c57bd4e8e85054697ab258

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a5c03e4f435451072907913fb531a084

    SHA1

    cb3458cc775ef7290f6801e45998733f80b6e450

    SHA256

    7270f93557ddefbe133c2b8e4d9dee78b898e992d775a0bbbd0fd06233e6bef1

    SHA512

    b08ca6134f53af0d9ae730618ab019e7b67ef809c7d975eba1c412de0dcfdc9b0ca0b0710a899a8d74aa9998d7a4574544e05f9a98a7ce2c259fb6032a623192

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2670799370b64201aa4948e785dc549a

    SHA1

    c8706cf0b5e24cc204b4e319738f128dbeef10e5

    SHA256

    b2b65aac349206fa6d70578be0145f3d67d813512f190096e697a6be2361a5b0

    SHA512

    94385372a873906bee73a163772640b35293582d293713a0e6a427d24c7b7b0abe74a90d83e67278237747cf8400c118fffa6d773a8a57ab738b332ff386b57d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0ab86ad4d80350e9a52d225dd95522d7

    SHA1

    d4a1bdc433accbcbfeec63f0ae9a396972703302

    SHA256

    3830ee753be72437a474d9144e5cee8d3d7e1c415b88e513d8cadbc7964a8782

    SHA512

    359d870f9eeffb3e9b5a9e5f5ce4f075b9b941dc62a4df94c8fce5ffa59a37fe2acfddd3b885b2d9fde66df347421108d4ed9d58a8a7aa6e8794c79e9a181847

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit