Overview

overview

1

Static

static

1

admin/channel.js

windows7-x64

1

admin/channel.js

windows10-2004-x64

1

admin/content.js

windows7-x64

1

admin/content.js

windows10-2004-x64

1

admin/guest.js

windows7-x64

1

admin/guest.js

windows10-2004-x64

1

admin/kind...tor.js

windows7-x64

1

admin/kind...tor.js

windows10-2004-x64

1

admin/kind...o.html

windows7-x64

1

admin/kind...o.html

windows10-2004-x64

1

admin/kind...t.html

windows7-x64

1

admin/kind...t.html

windows10-2004-x64

1

admin/kind...r.html

windows7-x64

1

admin/kind...r.html

windows10-2004-x64

1

admin/kind...ger.js

windows7-x64

1

admin/kind...ger.js

windows10-2004-x64

1

admin/kind...h.html

windows7-x64

1

admin/kind...h.html

windows10-2004-x64

1

admin/kind...e.html

windows7-x64

1

admin/kind...e.html

windows10-2004-x64

1

admin/kind...k.html

windows7-x64

1

admin/kind...k.html

windows10-2004-x64

1

admin/kind...a.html

windows7-x64

1

admin/kind...a.html

windows10-2004-x64

1

admin/kind...e.html

windows7-x64

1

admin/kind...e.html

windows10-2004-x64

1

admin/kind...e.html

windows7-x64

1

admin/kind...e.html

windows10-2004-x64

1

admin/menu.js

windows7-x64

1

admin/menu.js

windows10-2004-x64

1

admin/other.js

windows7-x64

1

admin/other.js

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    09-01-2024 04:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    admin/kindeditor/php/demo.html

  • Size

    663B

  • MD5

    3b865b14b9f580922c40e1da174a9dee

  • SHA1

    1c65928e510e5ba16db335c8890db3462f810c2b

  • SHA256

    0d28d5fb3d6bce1da488b08dc5a0865f4f814320f1bdec2d5dcb79b37357c94c

  • SHA512

    946ccf4cfe6f6077865faf716594d57e66715a315634f78571de843e9e1c48d38754747854c02cafcc0102bffc0213739da1815268c885f7e87373e49f70354f

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\admin\kindeditor\php\demo.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2972 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2216

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    90ca2cf153c51f0f9a218c197805f9fd

    SHA1

    eede83046bea044fb342d4827aa89d5b02e8063a

    SHA256

    cc183729a3fdfd8c749ce915c2b8c9ed30231587fbba9ed153e1705b1b8138c8

    SHA512

    10a922a6ac73f3d2c634c8f153ec1844429dea816b7af4cf6c800e66e59ebd6413142360376d49117cb78103a5fa6b921a01c1f07b4f87712c9a7586fb9ae3ff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    22a591646d081ec83a9a21f7e39b9138

    SHA1

    35d41d1bbcbf757c25458cb0b1d57e13d0a8ae37

    SHA256

    ef85b7a59eeeb95306c321987a73352d8b7f8e0dfa2d469bd09b834a3a042847

    SHA512

    f7e1932599cb1fc4de2d1ce40318d35c6176a10eb10b59fa1c861f3fcc34cb5eb7c5049e6bfee4e3659952fc9b41d73485ae21b169a56c073d63d9d755d1b728

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    18dd1cec1878bc15d4066b7e27b58f8c

    SHA1

    e09336074c34764b3667afca1a6fd126bd899187

    SHA256

    5358cb1e047c319f97858fb41b503e17f9a450dfa403906742e9245eb381285a

    SHA512

    3cf917fbf175f802541b1bfa5ddb711cd54d5212a7824de29211148165766deda0cd4ff22d576944a78d68a5b5824fc438be1076af28be2e20ced971a2ad5dab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c2f6bff6b5ff18de62519ffcc1550c52

    SHA1

    1168cdbfa4d8065ad4b0159ce02dcaa63de50c31

    SHA256

    670d1ff631545d444e02854d56ffd8251a6d468df9ed7a355dfb000566844fa9

    SHA512

    31cf341db5c2efe18ce1ff3d49696792070a29f0d0d8dd7f511498f91a960339731ed0e63d615f370c4840df7886373ee5ebae505366540608b003bdf58b218c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5d29fa97e803f1427e0ba0691811a293

    SHA1

    c89875159a36dd1547d3914ef3424b3795c8fdef

    SHA256

    7d2233cc76c4c767b1781d29d993bb23653e4ae00b82e0e4ff4f1dbed90fbf69

    SHA512

    0326a5279bb580a8a9d89887b8eb1f9d7bf909c62369d7461eca99ffec97d7d7e39b9627e5d458a22b0321714f4d4051ebe175de72c6c1c1150e1bfab8b2977a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eaf893781aae9bc355f1318b9a815d73

    SHA1

    54e1e15ecd58da18c4fccb990db718e47200f3e0

    SHA256

    5043e8fb178beb01e961c8ca7cf4253a58c58f31a03d28a3a4cfa8f13d11a9b9

    SHA512

    5a9bfbd9bb9bd9538115415a51d730e48cfd12a95efc23d6330deb6599bb34f0465437f669d47792e5dd5eb77f0059afd23969e08f1fcb1fcd57d80c146b081b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d91fbefb8c4bd9c4eb44f9dcdb8b91ba

    SHA1

    c45f17e5c960c5d485489580eedb27601dc76cb0

    SHA256

    daeb92a7f40da4ff0eb2c3d8380e563603fac6dd941e631f5a885b1f2df4c8d0

    SHA512

    1b1c093c4a2fe0ac74366597ae4eedc8beaa3e7fcdb1da44666cc13776b05b5a9758d3547c56943642b0c3e5e719c3110d05a8c7e08e314e9bdf1ba7cddffd02

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    826ba5802827100d02e9ba4bd9afabe7

    SHA1

    f5cf4be8f860bada7340e6d91a01940775ad8a8c

    SHA256

    c2c46ca54e271bcb454b3c30473378799c8de65e8830175ebb3da7bfe0ecc6b8

    SHA512

    adc45ddd9abe509b152494efe238702de84f15c3fd2aacff9802af771ec81ef826fb9ce789b04b9095cd871938c6195f6a60b3f26a43a15698400614359ad5be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    33c29acb9e2211874c699ba227c556a9

    SHA1

    7505598193fdd250c9d0a36cdff050ba727f4bf4

    SHA256

    c6c39f696257ba69c7868534c7364088ce9cccfc70bd1482aa24c88d244d8c1d

    SHA512

    2522f9ca593d1132267d99b707b3aa85ada69ad05c680f70547524b0884fd15873a506f70492ed9a5c871a3296f14600ca7a6ed22349dbaaa297decbf4ae76b3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    45a54c37d351dbdf96775a382ea17b27

    SHA1

    d088152c0a93321d7b95f64ce8f73d84dbf49c2e

    SHA256

    b1934bdb8784a8072b5d8f0ba80ef354bfade0680af201eea4a44a354f4adec3

    SHA512

    9d321f63e315d3eeda6f534d586604f4e4d5b28710ea5fc4c3f37dfbaeb1999307bea47452a3a9a64c95537a6b07760e6dd3f9188afe0cc332b2c73183bf6332

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab766A.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7890.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit