Overview

overview

3

Static

static

3

老宫在�...1.html

windows7-x64

1

老宫在�...1.html

windows10-2004-x64

1

老宫在�...2.html

windows7-x64

1

老宫在�...2.html

windows10-2004-x64

1

老宫在�...00.htm

windows7-x64

1

老宫在�...00.htm

windows10-2004-x64

1

老宫在�...04.htm

windows7-x64

1

老宫在�...04.htm

windows10-2004-x64

1

老宫在�...00.htm

windows7-x64

1

老宫在�...00.htm

windows10-2004-x64

1

老宫在�...ad.vbs

windows7-x64

1

老宫在�...ad.vbs

windows10-2004-x64

1

老宫在�...r.html

windows7-x64

1

老宫在�...r.html

windows10-2004-x64

1

老宫在�...it.asp

windows7-x64

3

老宫在�...it.asp

windows10-2004-x64

3

老宫在�...on.htm

windows7-x64

1

老宫在�...on.htm

windows10-2004-x64

1

老宫在�...n1.htm

windows7-x64

1

老宫在�...n1.htm

windows10-2004-x64

1

老宫在�...n2.htm

windows7-x64

1

老宫在�...n2.htm

windows10-2004-x64

1

老宫在�...er.htm

windows7-x64

1

老宫在�...er.htm

windows10-2004-x64

1

老宫在�...ay.htm

windows7-x64

1

老宫在�...ay.htm

windows10-2004-x64

1

老宫在�...sh.htm

windows7-x64

1

老宫在�...sh.htm

windows10-2004-x64

1

老宫在�...e.html

windows7-x64

1

老宫在�...e.html

windows10-2004-x64

1

老宫在�...ss.vbs

windows7-x64

1

老宫在�...ss.vbs

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 21:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    老宫在线整站修复版/old/HTMLEdit/inc/flash.htm

  • Size

    1KB

  • MD5

    6346f09abc38136882aefbed0dc622c3

  • SHA1

    a2d58fc622181e794d6ccb29269854c26539cf2a

  • SHA256

    cb473a0ec7e598a9fb6b47f69d44d768e1dc2d04ab896137e9b4e1ec2ae5e74a

  • SHA512

    a2eb856f3815a580d45b1e45f214848244f12ede61d3115d66310a0ae5f929c6bef1608cd3559e5530efa6fcd5996f7092128422b511f76511a6edb8f2c2e853

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\老宫在线整站修复版\old\HTMLEdit\inc\flash.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2320
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2320 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2428

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b60b36c04f718f6636ed9d0e32b6bf93

    SHA1

    8183f33e30abb8a4fd4fb834c6e81bc5f4573077

    SHA256

    c760fe58b9b72ff4e4584fe8b610cc38877dddbb2c7c56ff9c785404b9b0c9fd

    SHA512

    6605fcbb359158e56f2e6a78f49709491bb93148ea60cf37b73b62ece06c7372b97426ad743cb593071c68ce7b9d2766cdf7b26e99f03275223e9f433dc80631

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bfdf795e8809863f7a5944202deafaf9

    SHA1

    56ba42b8deca9f4cf55a8d8eff5ab965266427f3

    SHA256

    99e873cc85ca1aee63b973f1f9bc359d95f91287247674cb001978ad5f1b71ca

    SHA512

    812c6c925512fa148d79be4bc2a632794f60a7d2d4fcc83473b16cb3d7a359b8dd067a141a4e1ead34a3297b838551f65050512a35c5cf1ae45a516ef64d8152

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a82fae19cbe5732d493efeb3129761f4

    SHA1

    abcd01f7c17cd9cc0330fd99bd7be93a4a2ebbcb

    SHA256

    b0b9dc2814bc69f478738b06975d3c3283871f603b5ce6957c4338db3cc9c394

    SHA512

    0f2dcc42be9e636c80cb1fce45c00febe489a5e3d20c982d356c0f1ad58238274e91367e7b5f4ec9f06313fa1b57ce904d281e434a5e4b82218adab85b6adf07

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1137a8536351a4dd84ec89bd78049419

    SHA1

    4379d1e88a876a3e328e0d2fa9e2ef399a7e50aa

    SHA256

    7e090c88133da0b90d853e6e5abd7c955ec94d450b23e0c8105fa33fff08b8a3

    SHA512

    08f1a9c2b472b667d391fb7b728fade1482f31e4d8cb8641c87c40e26fc0512be894deb1c48a83c3a1dd4a6b3c38821af200e8adff69b2f6993a6c3cfcce219a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3e599e913a8a699a9b437de01f076432

    SHA1

    dbe09964937eba022f325c021decea645b44b0b0

    SHA256

    99e19bf4a5ef44ef7c78f6ee8973dffc6c2ab1253d845a64c1fa6fd7ac119cc2

    SHA512

    61f3709e80e911cc4e5036a7c1bfbdf7ff9e9a689309f694064ab1eba99750d8ea145b31d8f444877e53a51ebca4041364db740f57849add7fe494834a139640

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    09051b9c08623fa4ff8c44cd89333224

    SHA1

    1b3150ca7f3d420b7b57f881d4f6cd42a4279312

    SHA256

    a2c3d60ca86acf51d655726d13a5ad536c25c8a1a5d6b0d2a6236bc89c2695f8

    SHA512

    880c0ca0f78ada06e00d861d06d793578f227670a1253fdf026bf966371135d8bcef444afe3e49eb8f34e5d10c0ed6097b75b7f59dcd82159c8d107e2c69488b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c60dbd555a8b2d56f993cce144e7424a

    SHA1

    83723ec68251b23f756cae7232cffe373355159a

    SHA256

    a86d8f582394d16c55cae5e0f15edf6dd6de322cdce6c32cd0b3bb21564bfcc1

    SHA512

    0ecd2b58a91ef4e3608ad9d897d6cbb83d36b3fe6148b31ed3cbe91c781094662dce95add62c026f6a7230f2181ad4e96b01b226f9193e5d58ad43982ac4d508

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    183f96f1df2e1d015517d27d48d06b54

    SHA1

    24fdd183813ca8fa1d2ca4215c6c4bf91ceb76db

    SHA256

    9be6dcd1ae81e31a1cbd74b414c9e98afb5ca77c9660a0566605b7f6b014d462

    SHA512

    af734137adc8d62b5a38863e145a2355167f271c396104651db6e992681617b4032ef9746d43d736697c12edf856cc0de0d316810e5ca89147300642d96b8d23

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1d1f3f6db8a7eadcd2899ef49cabcdef

    SHA1

    5067a2b8ad3e8532105ace5c8566445182febd99

    SHA256

    7a2a687b353c4b8b27892d169342430594d0ca8bff95e2a387dea9be42e2bd74

    SHA512

    1223c93e37a521c2f996abba189a0bc8bbfa08cd6666806df3b80aeba4a526768b7fd55d20ea90a4b34a8d1258c007fa74cbf361760ecdc3b69034862a7df751

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a9d1cc409eb3110886559edfe6e56450

    SHA1

    01183416466508d3306089f04847164a0ec97a19

    SHA256

    01f6901da2de98558b260414859bdf03e62e15e8c0bc6a9aeff0b41ed6986993

    SHA512

    0855c8593fb0db8436f4df49a658e768da857f0503a2b372894291a6130cf913a00a9fda2c84bc4bd403ea5a4ba52246190f31fa617fafec78a84e7d90eef46c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ce81cc7383a291edc97520155c82064a

    SHA1

    4574f5b8de7b2e5ab7ed7b45295085992e28cc43

    SHA256

    d9fd4371402f619950f976ddda8230fe083abbd1e0b01c935b668c0d595afd08

    SHA512

    ba7ca3ed0c3caf9f40c73f8feeda6dc5d58d559c676415384f149901650f4b0d82b2633beea3e9c53d90a681a1eddb23f49f70e62b5bcf0cdb2bee1198c76c4d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab8079.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar808B.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit