Overview

overview

3

Static

static

3

广捷居�...NN.vbs

windows7-x64

1

广捷居�...NN.vbs

windows10-2004-x64

1

广捷居�...em.asp

windows7-x64

3

广捷居�...em.asp

windows10-2004-x64

3

广捷居�...60.htm

windows7-x64

1

广捷居�...60.htm

windows10-2004-x64

1

广捷居�...60.htm

windows7-x64

1

广捷居�...60.htm

windows10-2004-x64

1

广捷居�..._2.htm

windows7-x64

1

广捷居�..._2.htm

windows10-2004-x64

1

广捷居�...02.htm

windows7-x64

1

广捷居�...02.htm

windows10-2004-x64

1

广捷居�...op.htm

windows7-x64

1

广捷居�...op.htm

windows10-2004-x64

1

广捷居�...op.htm

windows7-x64

1

广捷居�...op.htm

windows10-2004-x64

1

广捷居�...ch.asp

windows7-x64

3

广捷居�...ch.asp

windows10-2004-x64

3

广捷居�...me.vbs

windows7-x64

1

广捷居�...me.vbs

windows10-2004-x64

1

广捷居�...ome.js

windows7-x64

1

广捷居�...ome.js

windows10-2004-x64

1

广捷居�...rr.vbs

windows7-x64

1

广捷居�...rr.vbs

windows10-2004-x64

1

广捷居�...aq.htm

windows7-x64

1

广捷居�...aq.htm

windows10-2004-x64

1

广捷居�...nk.vbs

windows7-x64

1

广捷居�...nk.vbs

windows10-2004-x64

1

广捷居�...nk.vbs

windows7-x64

1

广捷居�...nk.vbs

windows10-2004-x64

1

广捷居�...me.vbs

windows7-x64

1

广捷居�...me.vbs

windows10-2004-x64

1

Analysis

  • max time kernel
    139s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 23:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    广捷居程序gjj(去后门版)/wwwroot/ad/120X60.htm

  • Size

    475B

  • MD5

    4d07fd1be2da9898069d02711c9a5d5f

  • SHA1

    da644bc184c80a42907a2df9c2c06b6414d298e0

  • SHA256

    c645348c66344f8456e17ae62c3eb7ba3bb895fb00e4cde382dc268e325e8df5

  • SHA512

    aaf11573075141c83f9fe9e39e6dc1ae411e125c5e48af3b2f534224acd100bf0afc190666af660e739a81a211e8099081f11e69d8b6050cbf72f0c92c2bcaa7

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 43 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\广捷居程序gjj(去后门版)\wwwroot\ad\120X60.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1708
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1708 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2000

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9bb1d51717e82b05e7189eb363a31bf4

    SHA1

    b5378f34f7f17532607369a4c8286fa9b691ceeb

    SHA256

    c5b54864bbd155708ba54e6ad674fbd3c2eb0f990a44762ef25bb51ffccc5bf9

    SHA512

    d07421326409ab0db0ccbb87a8e5b6deccc9fcb62bafd10d21cc5706e4cd31e5d41f6c0a6ae059331ef449c371a60c09661188cc40e063c0030df4131bcf5016

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    43adfd742c4cb151d329ee68872bfa13

    SHA1

    85a0b11867a63358b21eb8303f112f6f34aa1a40

    SHA256

    82fa49f12851b702043ca4f09e557f75a32eb228df2c7598c1dc1540a122d184

    SHA512

    d43b5ef498306bd9b46244349ff337d59dbed7ad28e268ffed2fcc58790b1624ed6a835fb7c937dee17dbe002f8ad92c2441bfb5d3ed7411b9dbfd4d9687cf68

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3cb89404d89d48bc3a0bcf8ff34fe161

    SHA1

    f1d3fdb8def0f5d8ec58c371d171a21a5ada3a71

    SHA256

    ef1380f59ddb6ef4f1bb9ea5a0f00a6eca82fc46bf6b352953e5fb6d6e8cb64a

    SHA512

    30da27ab6a3d2e103208691a87c19b894e92155c87c9a878ec57023db3aca64e3a395ecea13975c45b9c29665568cb7d7ca7f1b7508ccb3c2c55451869bbfd93

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    874cda8a07e57fb75bd34a7cfbcc42fe

    SHA1

    f72c6e05baca91f201824fa741746af7cc2abc02

    SHA256

    209a2a3e071796394347f933ed6eeabb9ac974f06d229b471d3bf7b38bb293cb

    SHA512

    5aa5d01a3d30265037208b3268d68199e2d90adb8638f1a3d71a6ac08e9b22ee38fc82083063dde9616658003b29b704c1ee036e8d3344fc47ccb6d2d87ae997

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c7a1f66384e06284938f3076e37264a9

    SHA1

    b0cc8dcff177b4588d8c20ce4594cff0ad96e90d

    SHA256

    594ee571cb518a7572094a7aadec36336abb1c1565f725af7f73e36f2aa74863

    SHA512

    f09bd1c201808db8282c832f6c0a4f229b58525e7e98fdbc9c73042d25c90a4f2b6dd4875d05bec75d88a30a94ae6f319a868a936db8c23350e24cc657235cb6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6005fccf496a3924f586ff1b7cefee1d

    SHA1

    259e2df350801080b70d18aebcd98ab125c87666

    SHA256

    9b7bcb19a94f512fb84d7442e3f15ed2c1541639541ab47e52ca8413597ae78b

    SHA512

    07419f8316b2105a5753ba3a30b234c9b027594e4da21a9e425ecb42e6fd293c72dc0190e105cc610d71e393c939155b53dd4dda2b29f7f0e5972a87ac7a0aba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a3e43527f30dca7e1cabfe2111e1a510

    SHA1

    60fc8b463e4af1a2e63f0dd44624370ccdfd7d46

    SHA256

    d22261a35b2ca6ced0359adb52ff88de38394957562b43261f1afc4302e9e022

    SHA512

    b5a571d2b20b766d873cd2561babb6903ea1ed724a82d61c0fdb22d5b93d14b063202da7bc1655a85275eabbc0f21c6a8ae5752e3328407af70339b7d2a7c6eb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    40752b04f84c5c537d21a729850512d2

    SHA1

    08f0641964a3d7e6c8f0648528a982312cf633d5

    SHA256

    3bfc432c7b62e1c77286b02321c0cab3b7ba9c6c23d033943a505edb62f5a206

    SHA512

    d55431fbf27e0ec0de6db20917e004c5868911c5c937e852169273dda7514dc1fd4f8d5e08e1f013b5f6c744391f263c5c2a369229b80720f0de57da60fe912f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    191e95a9869835329ce05d9f23b49f0c

    SHA1

    ebdf0841f3f30bdb7b533c73ef2b176923fc68ed

    SHA256

    028c4e02bbc0567005faa59c510cc0a1cef143d7649d1bf3932189e543260f93

    SHA512

    2529427a70e27aaa19331c665b6bc66260f68d1bf611849511f7076baabf4374b4586d6d883a1459952133152b8aeda4ddbd4fa2168e01631028eb6263bd344e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    4d74022edfba7ecc370d383530bd032a

    SHA1

    5b854ba9a0959b5261e5ad0d32a862a5c0f6bbe5

    SHA256

    3f7e107c28ba362212f96f60e9f16797a60efb24c574afd63e27770aaab9c2d2

    SHA512

    a5b6f311d4cc3c689421a764fdecf3aca8f2126552d150e2016b5117a7036455d9085afee0a5714ab26fb4a6278657f29e3e395daef9234417e105a8a769de1e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3DF0.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit