Overview

overview

3

Static

static

3

万能捆�...es.exe

windows7-x64

1

万能捆�...es.exe

windows10-2004-x64

1

说明.htm

windows7-x64

1

说明.htm

windows10-2004-x64

1

黑白网络.url

windows7-x64

1

黑白网络.url

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31-12-2023 13:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    说明.htm

  • Size

    2KB

  • MD5

    bb2cc67bc9ec0af4db5addadc2c7633b

  • SHA1

    91270b9cafbbf654eefca71fbe7b5613ddf3263e

  • SHA256

    0b569e5b1910c06bbbd756c805f0d1f496fcdc0633b27f5c4c3d62bcee1c3869

  • SHA512

    3cc72d875b0b752ba3a1b50d51e7a8e401fd8a9d44e60d54f767be927fba0a88ed2934c96465cd26c05f0cc04cc687563eecd231b519b5bdf5901e569256be71

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\说明.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1420

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f0d876e6df534794efb1f2dc47952ed1

    SHA1

    87556a8427456833b591896c00f8e53eaf217e65

    SHA256

    dc566d3f2368225324340922fa390f9cf968458b674d3d318c583084e43472d5

    SHA512

    a74341cbf43f2eb443c8e8723f30e7f8798d757a6d695266009cd7cd09b4908c6934a0ced8220851c7fb08d90f901991b9fd675b15fccfa1c26bbc0d7f5b2ae9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4e2e9d9247b52f8432be944c7e965bb5

    SHA1

    df185cd0893d18849c44667be0203d711737d27d

    SHA256

    8197b7851c107d9aec1e8d10118fbbb428aca2bc35067da0de6ab49bd3b7b980

    SHA512

    e6d376d60728895c1e03cca679297ac194b7c38e478a48e8eed8499d6661eac7cea307114fde1278d7d8bbab3cbfdd7f085ec3fd702d54a816dd0a41c074bf4a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4f94aba1ccccb0acad56c114d5f39737

    SHA1

    329e38b9d4935f98420fc27d416a0e8474e08f96

    SHA256

    0391927f938a14aeec86be138f49d1bd1a053ff361910ddd57f3136c968055e4

    SHA512

    290d205358d7de34dd433c45a55170bfc0b65bf6f103979b1e0d0d05099b07a5f8b808d1cff84d79ba67582f59a8e3431836f80e0c8cbb16a97ce9531974a48d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3df0cee64eb96b8f7f811c263e7b2e85

    SHA1

    1813cc9bf5d1582a0317f2cae5c8832e14f87afc

    SHA256

    76d3a230e082db992d05f33462363beb55cd6be5edc55f700052c04b3ba2cd02

    SHA512

    88edeba2de15c32e936df5066c2274b6ed73ad386444aca2971c89c17e6fc6bf74a6740298ba21f46caad4e1fd2148030fceb597b799477c76a8e8ffccde1842

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8a7d195403dbf53e8b1d4cc221154b65

    SHA1

    c96cb61c8fcf4ade216ee97a4c1d9b55e963bc7a

    SHA256

    25086438a88668e261d728a5b53043843b076c6c95d61faa78e07e307939fa76

    SHA512

    9743f5013614a2ac78986f540afe4e78984c88e06155ac90b6a379e4e6acbad42bea35f539500eac22fed47ef929095582297b4338892b3f86b6ca59a82b7cc9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5479.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar549C.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit