Overview

overview

3

Static

static

1

0001/Friend.vbs

windows7-x64

1

0001/Friend.vbs

windows10-2004-x64

1

0001/Function.vbs

windows7-x64

1

0001/Function.vbs

windows10-2004-x64

1

0001/HtmlEdit.js

windows7-x64

1

0001/HtmlEdit.js

windows10-2004-x64

1

0001/ProductList.vbs

windows7-x64

1

0001/ProductList.vbs

windows10-2004-x64

1

0001/Safecode.vbs

windows7-x64

1

0001/Safecode.vbs

windows10-2004-x64

1

0001/aboutme.asp

windows7-x64

3

0001/aboutme.asp

windows10-2004-x64

3

0001/admin...log.js

windows7-x64

1

0001/admin...log.js

windows10-2004-x64

1

0001/admin...lp.htm

windows7-x64

1

0001/admin...lp.htm

windows10-2004-x64

1

0001/admin...in.htm

windows7-x64

1

0001/admin...in.htm

windows10-2004-x64

1

0001/admin...op.htm

windows7-x64

1

0001/admin...op.htm

windows10-2004-x64

1

0001/admin...de.vbs

windows7-x64

1

0001/admin...de.vbs

windows10-2004-x64

1

0001/admin...up.asp

windows7-x64

3

0001/admin...up.asp

windows10-2004-x64

3

0001/admin...tor.js

windows7-x64

1

0001/admin...tor.js

windows10-2004-x64

1

0001/admin...d5.vbs

windows7-x64

1

0001/admin...d5.vbs

windows10-2004-x64

1

0001/admin...enu.js

windows7-x64

1

0001/admin...enu.js

windows10-2004-x64

1

0001/admin...ble.js

windows7-x64

1

0001/admin...ble.js

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 00:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0001/admin/Editor/Dialog/help/main.htm

  • Size

    15KB

  • MD5

    c5bf03f599f9620d2fe0ba261dd84ddd

  • SHA1

    eb26082d7a9f0030f35be2f31fa138004e0d26ab

  • SHA256

    719fcf4307715e935c55ea750162414248542f8e22ee4defa4621882ba1b4507

  • SHA512

    29c616bf26ca6f692f4c6acac7b3e2e7275786d902d91d5aae0e8e792c644bf9f9a7b936c4626f073edf863d08a4ad472cbff3aa20d3b2742d1ed329ae4b77f8

  • SSDEEP

    384:V8MkJya54Wt+hrNtmLhwxi1yxX7Fyq5Hk8dFMSw5jNRbDpxqYeXOmHTNmebkqHPj:V8MiX5ztqxgqYPY4K5/37

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0001\admin\Editor\Dialog\help\main.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1800
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1800 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    07bb809ac649dd5fc4cbd00ce5d4a139

    SHA1

    88dbc50926dc7161840c3dcd2336f4b49140188d

    SHA256

    32f2b87e167504ffc74fc0ada5784eae78beda7898e8e69a35c117f834032405

    SHA512

    2634454b4f47e641d498839e22251224c6b8ad233b4cec3e41d4b6cc511e03fc22fd0db313fc81675044335cccd7d0bdfc9f581f1857d4a303ae9c638a015a9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    68dbb3ff696baf378854e7b4b5645da8

    SHA1

    491854cedf6fe8f5570de1b8ac7ac3a9f9dfcfe8

    SHA256

    a2c372c7d0d56b174ea3dc81dead90cf21842b4a921ef3b863996a3d5a1fb748

    SHA512

    969901134f57bc3d15d7be37b3dbf8101b15a6c2c90e04d58744305656fa45bc48de20f95e06e813b845051a9c490c05a250cc05a4019231803421dd22295206

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    86a843f341b7f86d396ff7473009e195

    SHA1

    dd66da6ad75264e5795381bb16ab1535443838c0

    SHA256

    585a24f29c934cdf4270af1e9cfccebc93a5ebdad3f69535bd8ad38c6be8c580

    SHA512

    032e4a5c3df4bd5d9e60809f421e8203156efbff23918e9ef7f1166adbc60f4fdf651c02a39b6531a1a39c0ed564b4d93b9bc3594fe2854d893bbe7dee18b69f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    93374dc4a0bb29b7257422342b43ffee

    SHA1

    75c436526762847423b0519a8bb56d5272941ad0

    SHA256

    393df4a3d2aa9eaaf2fcd718cb86e15fcaaf3cd04bd3117d0e0e7fee3670dbdf

    SHA512

    f8f5b4a1be43878e097ebdc7541359c480da5a2c5be7182a4c185f9baf9adc3fa46c975f746cd58f5013b828b2172ecee892bc917495a346af89904a44f5fec8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    166ca46a3b621a23a381b1da67d5d703

    SHA1

    12a04f62acfe766c429c45d4acecf7d08fb7d186

    SHA256

    5fd97e8f5b28e9303a9682cdbcfcd833d5502abaa8f4b590c38aaa9bfa918f72

    SHA512

    93cd21b8fa94c6c3a6386b5af3f14d18ebf9b7a248f09c067848698fa668b44937a3e55fb5fd771f18f2c2250f3daaab9b5de4c7fb5d5e57e7298b09e9be8dfa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF885.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF898.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit