Overview

overview

3

Static

static

3

alixixi.co...息.js

windows7-x64

1

alixixi.co...息.js

windows10-2004-x64

1

alixixi.co...at.exe

windows7-x64

1

alixixi.co...at.exe

windows10-2004-x64

1

alixixi.co...ar.exe

windows7-x64

1

alixixi.co...ar.exe

windows10-2004-x64

1

conn.vbs

windows7-x64

1

conn.vbs

windows10-2004-x64

1

dele.vbs

windows7-x64

1

dele.vbs

windows10-2004-x64

1

deleuser.htm

windows7-x64

1

deleuser.htm

windows10-2004-x64

1

edit.vbs

windows7-x64

1

edit.vbs

windows10-2004-x64

1

index.htm

windows7-x64

1

index.htm

windows10-2004-x64

1

login.vbs

windows7-x64

1

login.vbs

windows10-2004-x64

1

login.htm

windows7-x64

1

login.htm

windows10-2004-x64

1

logout.asp

windows7-x64

3

logout.asp

windows10-2004-x64

3

password.htm

windows7-x64

1

password.htm

windows10-2004-x64

1

px.vbs

windows7-x64

1

px.vbs

windows10-2004-x64

1

reload.htm

windows7-x64

1

reload.htm

windows10-2004-x64

1

update.html

windows7-x64

1

update.html

windows10-2004-x64

1

alixixi.co...es.dll

windows7-x64

1

alixixi.co...es.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    139s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 07:41

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    reload.htm

  • Size

    1KB

  • MD5

    0335f057061c502edc054d5dbc1fdb9f

  • SHA1

    8c5927458a403868ade3613a0b53a37c4d548c2d

  • SHA256

    0302a5503e6370478ad7ef9cb3d3d31e7730041f8c1a8178bbfd606fb93dac78

  • SHA512

    28d80ad29343b4f76722de2cce835011307beb583916c8e1f5e231db109dca54bdcddb7137d09dd8b9522c0d7008c2eba1a7ec04467a2d8e95cbe22ce96ccefe

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\reload.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1992 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6793f386eb01f9ec5b1c516381473ce4

    SHA1

    33d6c0151869d4d46a5fefad9ac7899468a95d54

    SHA256

    496e983b41c83597f0f4137c15f2362f4df97c5fbfb8d8b84eca476d19a0bd49

    SHA512

    7d60643b0fa90001e497b256093cc993adf766d9623facd270bcf90f71cf9ac4ddc73ffc1ebe207b8a8338eb934c27e3e9d597f5d609eb0c113335e13854c6cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fb6222888d0434679769e869e334c89f

    SHA1

    241d9ad3af0ead78c6ce7b31d2897d341cbcb419

    SHA256

    b3ef8c3ba33802b70520144f44c08c37dda834208fd51e0806724f19bf536c4f

    SHA512

    d811e6ccef806c6594c0d57ee651cc59bfe10bf38abf546bfc63247587cefe9b541f4b66f0cccd2baf75aed242762674849de5041e54c097d9daca61dcdd427f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8661c17d8bf9a297163c608ea1b9208e

    SHA1

    9251c7aef10b0372d6a513e4b57f824299114aae

    SHA256

    d4510f081c0a097d534220f7278346208a570f3e3c5cb4a9dba2f5269d5a4ee7

    SHA512

    27deb3348ff8bf4107ac2a5a6441ecda7b2827f811353786493739e6acdc3ca570418b355b9dce9d50548865725cfb717f6989ba4c0868051599a7d4184bff62

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1b2e29afba6347a3f771f356d23c6fdc

    SHA1

    98b8792b186dc9440fcdd7329c397ae320ff1d9e

    SHA256

    373045b4cc734675a80e3e40d199d8db18dd54d1b3aa7dcc4a156b2e2834e6ce

    SHA512

    01c27043b07649bd0e1321d7f67f6fc6e102cb4b13abdcae27fc25001894714ba3cf4e8406139d59170732b98518c04addffcef8c13783e7fadcf2fb58706801

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a60c7d9db176e64b25ac9d584975d839

    SHA1

    f40b6b2033abe5bb7a2b64d97b31ac6519b3b00f

    SHA256

    26056b36111f9765c72d4fac9ee1cb57075f20a780b0022d6228a9bec074a1f5

    SHA512

    572b1578c84fab5dd16b62f7205ed3cda58888cbf0331cb25af4ab9af503335fd9ca79ea3596a61ee948add102f151685352334469d6342ea7bd029ee6fa453d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dbb001774ad7e56c48d2fa3d2d3db7c8

    SHA1

    f822d28e916905b28a7d9803cbd5516f3e9d0f47

    SHA256

    07c7a1b2e45fd526554ab25fd6c8d5fe55d2595a42878f4af42668a81de5fbc9

    SHA512

    5fd9112fb96d0678415e06e5e521f4b5b2f3c23ed9994dd007ff38b8c7dfe33296e40d2daef264394481532a250438f6927a815e1795b9ad6b2cfbe9f19b539f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6c2d055e5a3662be401c5bb9a40fa161

    SHA1

    48b19d654294a81fc56960828bbe6269d64c78c0

    SHA256

    c664c6f09adc0463d7ca530fa4dbe1aec435747c459cff247ccacf0d429e409c

    SHA512

    e550cc0215ce6d44befcb4b9246fbc2b3c2990cacf693f48240d42704668d1a3ba8ec9c830c4df617179ac00b4cfa2d64ed7d7610aba6447be80eecc3887fb5e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1432ad9f9e791cc4dd8125ef2a767300

    SHA1

    89191d0e9f721de725c8d38a35ffdd44f567e063

    SHA256

    c87bfd6328c5d6108adcf0ceccf4dbfa7438e33fed64738d6ab9230379c8bb3e

    SHA512

    99bfe30082443c7ee4752c4dd9774e5189e7e65eb4271c34071107747b5cf034f24784cf829bd40de9363e39adafaa517fae3bce6d658d586eff53a74d7d649c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    94ea0d8c588d5a94949b2b6ec3bd870f

    SHA1

    ccebd832335764f3d00d1b6f7ccf90d2e1376b7a

    SHA256

    bfb56d382591ca422a2ace245c99b11f95483925f1e902c31432f39e890cb82b

    SHA512

    f9e75d6f2bb17958cddccfeb2fe8797229bb493aace52d37b808db51c476a50c3cfa4351a79dabd899d090f31f6d4e7f39267b6d3f9ce4f98d2c54750ffeefb6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7580.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7C95.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit