Overview

overview

3

Static

static

3

alixixi.co...息.js

windows7-x64

1

alixixi.co...息.js

windows10-2004-x64

1

alixixi.co...at.exe

windows7-x64

1

alixixi.co...at.exe

windows10-2004-x64

1

alixixi.co...ar.exe

windows7-x64

1

alixixi.co...ar.exe

windows10-2004-x64

1

conn.vbs

windows7-x64

1

conn.vbs

windows10-2004-x64

1

dele.vbs

windows7-x64

1

dele.vbs

windows10-2004-x64

1

deleuser.htm

windows7-x64

1

deleuser.htm

windows10-2004-x64

1

edit.vbs

windows7-x64

1

edit.vbs

windows10-2004-x64

1

index.htm

windows7-x64

1

index.htm

windows10-2004-x64

1

login.vbs

windows7-x64

1

login.vbs

windows10-2004-x64

1

login.htm

windows7-x64

1

login.htm

windows10-2004-x64

1

logout.asp

windows7-x64

3

logout.asp

windows10-2004-x64

3

password.htm

windows7-x64

1

password.htm

windows10-2004-x64

1

px.vbs

windows7-x64

1

px.vbs

windows10-2004-x64

1

reload.htm

windows7-x64

1

reload.htm

windows10-2004-x64

1

update.html

windows7-x64

1

update.html

windows10-2004-x64

1

alixixi.co...es.dll

windows7-x64

1

alixixi.co...es.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 07:41

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    update.html

  • Size

    3KB

  • MD5

    f01653b37862135176916efde3287cbf

  • SHA1

    6d0e55f7415fd5306086a604cd4242b78c0ba189

  • SHA256

    9c7cb268680890b8beed4bbe33cf8354d783e0ae63cf4abd89a6309f1a230024

  • SHA512

    cbc2ae19b1ab39ce7171477afdd643ab2d847ff3587a059748b54ca25b6dcb8a056ca87f6a71bcdaec15936c5a03017e5fad4ac830fead898119bd8845a1f672

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\update.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2112
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2112 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2728

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          aeac298e0d2db83d1aa22b6888219ab2

          SHA1

          f1c5823635619cfba3dc8667bb0d2934ff8f6b8e

          SHA256

          b7ced74c048c9eb083585709ef4f1fa9c321973b48e65a9a2ffb4b6e4da02123

          SHA512

          e596fa90855ad17b217531895e5430ef0a3ce05072e976d6fb86e835ab2257fca8927655f0ba85c34d10765613e8fae8a28cf770df7c9d536d9c5bdcb9f8859b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          ae291cc3289b1a99f0634e46485f7b5f

          SHA1

          e90982074b9540e95c0ad069c4fce5800fdaf4d0

          SHA256

          07d2ae9c0fe9b75249a911ac8d171c871a04e9c6610f54de7e990e7061f26a9b

          SHA512

          0f6ec290ba536269453ee6489a1ea52f9f903c6ac7bfcb67b325917200bf2de70549e8d13f420f92d8a2355f56643e9254318147c47b64b53f37489f63791516

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          80b4313760d19e9161b982b46b3f09ba

          SHA1

          1299ebaf8ae6a79862d7e1bcb970d7471ffa4d99

          SHA256

          cbe6edfadb09a71516155329997a542a0d03073b4c8ab52093d098ff023d46df

          SHA512

          7868678115f45d6cee5baf2e7c9ff76a67d07d4d174bac5f2b9f23fcfd9a75e4d7c69f2b845ca4e24dfaf9e521749927f51723ad216757d9a4662b6889adec27

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          a023df0575d66934b543a27c429744c7

          SHA1

          07f6eefca6c91cb0454e24f230da984c61e2a4f2

          SHA256

          95639f0cb7b406bf84727203fda2886f5965e4465d439e04e8b4d31c10a37cc7

          SHA512

          a27c0e62c8f1a73f37e65fd79981a5de44d9dcd4b0efb02ece17ad26bae5179f0301588fb1e457d8ac24ae56527003e67c37daa6607e16afd40a91ff6aa8f80f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          8f0a71bac7c02e5f847bea5ac3f51a44

          SHA1

          607f0a01a34988928ab04bbb1f9c095c8f76d26b

          SHA256

          601b9f175ee2fd8dd0891ea024a947daa71cf2e704ac0a7fff5464b53f89de49

          SHA512

          7438bbebe175ae8f33b12c2c0cfe32a0cdfb7e245c631567764e70da22bf271648c4dc3fa532b1192ab957f7dc0836a2cfd5dcaffe96a755c4caa57c0b8bfc87

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          c60c85ce7925bad389d232c41a6f8687

          SHA1

          b0c79a3e6b8f33e59726552b72082780823e4c49

          SHA256

          e77cf44b16973ce5b88d67bb187782e84648e9037768943348457ca361c571de

          SHA512

          c6fe411b29c1fe23436e3d30ae14d67401b0dac322e49057ff1970fc7e3f7fa80ad5d8994e507e54c474fedab50daaeb6b37ea123c2ee501ac788e966d5b8ed7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          62e88d802cf65fe76c6102302de19ee7

          SHA1

          c52dda11af47efcfc9ec7e679d6048d1e52635f3

          SHA256

          f1bf8ff7f170360cb7a0b54625af6836ea44e1085b7ff7f3b3236d938b4ee3a2

          SHA512

          f5e677a25cf114d439f32082141372eb76cb9aa9539142fdeaac97edcacb2794388500910ffc744097900f803f0cc7586d3b156655773801857ccde425d05bae

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          7036baef2327a8700531d89c50955531

          SHA1

          a326224b7f1d7bd03d4a36c23401e196c9e1780c

          SHA256

          d5ba215fc6b59c72c7c0fef582d245827dc4309da2f5b22422bac554ebd42120

          SHA512

          a3f66cf28881a21016b0a963b426cd1931dd6bb8d1603388d38a1cb377cf536681e3bf8690adb29150521a31d426168d50540ec75e258a2e8316b4151eba07c1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          ad9edada9314e40d6c4c6f578f3a55d0

          SHA1

          abe3e8b8baf7aaf98b3dbdba22ed089711997cdc

          SHA256

          2dcd93607763717a5b0dc5e4daf2736d27e99fa0d22309fc262fa97738f9398b

          SHA512

          4b1a9d0095cb1ed851c631ea1db2e7c6d0ef444ff3dc88ddd7289551843e520f0192b2f0f22c1de230050b7014e9a54688fac4a243f6eabe8ec7f2ffb1c0f80b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          f6655ce5adb529358f7e42f449fe6612

          SHA1

          618d02142510c2441f18813e74c1caca451e86ed

          SHA256

          c4ab9f69e9cec367ffe37ac500343472e1badc3f3a26571ffc56a6c5048feda2

          SHA512

          f0bc022654df0f29d33c14eede3249b0ac86e430bb564e14992f5bddf07085940cd66a8ad838dc08f14768641d4deebdb8698ce94bf0d6616df7ae24b07b64a1

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabEBD6.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarF740.tmp
          Filesize

          171KB

          MD5

          9c0c641c06238516f27941aa1166d427

          SHA1

          64cd549fb8cf014fcd9312aa7a5b023847b6c977

          SHA256

          4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

          SHA512

          936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

          Download Submit