Overview

overview

4

Static

static

3

ChinaFTP/ChinaFTP.chm

windows7-x64

1

ChinaFTP/ChinaFTP.chm

windows10-2004-x64

1

ChinaFTP/ChinaFTP.exe

windows7-x64

4

ChinaFTP/ChinaFTP.exe

windows10-2004-x64

3

ChinaFTP/DBEngine.dll

windows7-x64

3

ChinaFTP/DBEngine.dll

windows10-2004-x64

3

ChinaFTP/ad/1.html

windows7-x64

1

ChinaFTP/ad/1.html

windows10-2004-x64

1

ChinaFTP/a...st.htm

windows7-x64

1

ChinaFTP/a...st.htm

windows10-2004-x64

1

ChinaFTP/http_bl.dll

windows7-x64

3

ChinaFTP/http_bl.dll

windows10-2004-x64

3

ChinaFTP/libeay32.dll

windows7-x64

1

ChinaFTP/libeay32.dll

windows10-2004-x64

1

ChinaFTP/ssleay32.dll

windows7-x64

1

ChinaFTP/ssleay32.dll

windows10-2004-x64

1

ChinaFTP/�...��.url

windows7-x64

1

ChinaFTP/�...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    11/01/2024, 21:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ChinaFTP/ad/1.html

  • Size

    543B

  • MD5

    d166ef64dd6b07d1e528aa844b303e72

  • SHA1

    834ce5fac2e6a722af96a892dfddb8c1cdfb1499

  • SHA256

    bf8044fa3d4e65a8c0dc06b72a736df7055a6289775fdc715c70b27afdb98f82

  • SHA512

    57de4402cbea8a281c1a8ab87c0b923768f38b6dd25ab90f7ddc7f0c3e86e26a6f9d63f8718f838183ef64cb9ff03a5590e0c5f4aa635f991e03570c61e9d69a

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ChinaFTP\ad\1.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2144
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2144 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1340

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0297a94437896f29d31d0dbbec22891e

    SHA1

    992d1eeccb59e27dd70bfe5a4e20f609dbd11c64

    SHA256

    4058c6bfc9a8bf69e9f28149b4432380177edc96bc5a4fcd4569d7ce1cd671b9

    SHA512

    2ea6b52c840e6ed899c671c9ba5ebce09782a22c6dbf63f439c6db94b8945f188b693f71b1db0476226cc1e01e6afe489d055b07b3fbdd1373e9f5569d2fdf18

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a2f6e4219b864dc0bb4f22fc4e623137

    SHA1

    739a10587966b12f3f481ea3249e84b24cdba9b5

    SHA256

    03442150ef4e2fa6ff7d3fe35e034d62de397182accba2fafbae7baffd836028

    SHA512

    e9d6ade107a242902634b0b6a77f6cbe7512f06365eaf1fc3b9dd228b4eb7aae95b9eb2f297f5f5fbb72e1ce7b420e9eee70daf560b09a162f422bf4302ba093

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    644c2ac12ce701031c12f6dc31acab0a

    SHA1

    a093b1bbba8c378547a82b09dfc4e9c5ce78306c

    SHA256

    42f73bd8771b9dbd06ad1e1d668fb4ff5e8b5b031a5314c40495e3ba5bca9af6

    SHA512

    983c4eebd87f5e9991c7c5a78b3f4544646e6ac9cad0810da678c1e4d06bb2b1557b6e7fa492f69acad8f2dfc89b49ed36036af7c356a5146943f5849749abc2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a2314e08e806911437f997940f97d034

    SHA1

    691c84565a5b69344dd818414351e3d94e2fa383

    SHA256

    6457090a044203544d5e93f4c5e993af5e215ba76868810d5ae908d7f9ad59d4

    SHA512

    934dae4ba649192fe31f39182341102de1ff6607c1aeccf69d49a450ec580ec179bc00bdf78cae06dac96178c4747baae2f3ae2a5df6699b978589cbbd41fe6e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f53183010119d627e3cf12a2c6c22db5

    SHA1

    bbbc256eaf1b8008b8d3c79183228b1856e5e903

    SHA256

    fb9fa9f702a8d5b7e8c944616db4c9303f155dbfa43c9130cfccec7ea031125b

    SHA512

    38bf973967b4eb461ca80cedbea301528e059bca6b04ff8667dbaa3d3e2947f02af9cf1f2b98e5893d868998c8897e870b9121589bc3f58fb41d486b0b65ebfc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b6618cb70475a814f30354a7b1165b4b

    SHA1

    a0d2d9174285535e70e9a60043e40616bc12a12b

    SHA256

    d7873b96db4963a1fc641eceda0ffcd937af96c6482388f53a2ce22305dad9e0

    SHA512

    d4af3cffbcd6fb18902fbc50f6a2052e37823e8d686f2b1942eb669fc0339d3470c12cde124a70efd5b563819077981cbea3ec1c0af022ee4c09e38b219439b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bd2f341e1db3f753a5add384c7354243

    SHA1

    1293765767683e813f256b801708276b31e7c853

    SHA256

    0a8e10b494d280e42648ce527bb8b84242d30ccabfcc9bb81b7f78b1a51d0aa1

    SHA512

    925247f1b4c572561c8d15ed4d58865fc64ad262af2046a9ee2cd1909d29c6b69b0000f672e4db01a8fb89d82aaa38c5338f876d5faf7730af1446ab8535bfed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1a1739666886008f7f62368e17dd41c6

    SHA1

    6964d2e12e4fbfced46a090597f12579d7b756ce

    SHA256

    e4d585d3dfd4026d06cbb480eea92657a1cd13fb20d04626760e93ea7a2ffbf0

    SHA512

    db97964e4367ea273c9d095c4945a04d82eb7f101c88923b9459a1059c8349ba6a032245116832fd115d8e238850a1af4503896a90987b1635b80ff40ea7fc2d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    43b840447f3163cbf3d8d0c613efe83d

    SHA1

    479d779afab05ec78040f77a6977f89dbdefbc3c

    SHA256

    9d32264885be47d2783a14ced3598edc7e2b24228dbc3f9d5fda38bc81907d7e

    SHA512

    9ffc2cdc5be3b29595e943822b79d7cd085fc40451fbf0bb88e5bb1ef62986d01080882b82e93c51b2c6540d0fdc61886483733586c67237d9aa8d2c34b52570

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9a8c56a38a0a01e9ca36ab90cbd18f1f

    SHA1

    c6c9bfa64da8ebbbbb8ace2fac0138152fcc12d2

    SHA256

    08e8bd1cd5cdd1c9df6f700d0d2d6f8104fd04688a4c37b5474751bb68c578d3

    SHA512

    81d7b2ed5a89351738a1eeeaad88333607ceff2119e883cfc1388dfae09ec388dbc5314ccdd7f13298c970d8dd64a88da7b6e68688ad1d778ef3c07888e304fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9fc66107e2ae3a6b6240172909a3010b

    SHA1

    f4327b5ed24d14c6245c90c9ab0630117c70837c

    SHA256

    6755f2e1119f555040a389b0a23810034e04f2946c03bcbce401ae61af871013

    SHA512

    5db640fb77bf69c7c8ecbf5fd9e89f791fbb718081368a3b9f7402ae4db9bce79e4dd65152c4bbc24b78291b5ed141fa104567b3de985551e6d731a616ae6d73

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5f9f32323384dc613b32a6df63f832c0

    SHA1

    4d51ed8e41c066055c674aa2281cdcf1159f48c6

    SHA256

    2107749e3abbc7206034c85cd88a8365ae0471e0af8270c928e775aa8be7780e

    SHA512

    f25b0aef928fe11245d4c01ba7652a3a66b4bb9a205d082e1c614299be5c1c0939579c9a2e9fbbff57cd45a8b9e023a17e0022667fdfbe8045cd6daadd649033

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6A1A.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar71AD.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit