Overview

overview

7

Static

static

3

72a641255d...98.exe

windows7-x64

3

72a641255d...98.exe

windows10-2004-x64

3

$PLUGINSDI...st.exe

windows7-x64

1

$PLUGINSDI...st.exe

windows10-2004-x64

1

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

client/error.htm

windows7-x64

1

client/error.htm

windows10-2004-x64

1

client/index.html

windows7-x64

1

client/index.html

windows10-2004-x64

1

client/index1.html

windows7-x64

1

client/index1.html

windows10-2004-x64

1

client/index2.html

windows7-x64

1

client/index2.html

windows10-2004-x64

1

client/ok.htm

windows7-x64

1

client/ok.htm

windows10-2004-x64

1

client/view/list.exe

windows7-x64

1

client/view/list.exe

windows10-2004-x64

1

mpvod.exe

windows7-x64

7

mpvod.exe

windows10-2004-x64

7

readme.htm

windows7-x64

1

readme.htm

windows10-2004-x64

1

register.htm

windows7-x64

1

register.htm

windows10-2004-x64

1

repaire.exe

windows7-x64

1

repaire.exe

windows10-2004-x64

1

skinhelp.htm

windows7-x64

1

skinhelp.htm

windows10-2004-x64

1

vodclient.exe

windows7-x64

1

vodclient.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    133s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    24/01/2024, 17:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    client/ok.htm

  • Size

    1KB

  • MD5

    073f5d80a7eac89f0baa8de7dd1fad83

  • SHA1

    dc915ab293ec8519377b3b78a889d404b60e2dbb

  • SHA256

    4cfde6bfdd629e90acf500a89b15c0f4dc367d0a1a193d56072cb5bd3d399dfc

  • SHA512

    300bede6bdb7a4284154ab3bcd139a9a0eb89ec74c6e3e11896daad61ae7e1a9f537a435531582c879efc4fd74659ffea97cf803e4f5151293c355d7fef47812

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 43 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\client\ok.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2944
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2944 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    fefb1792f4fa13a6cea23d556aee091f

    SHA1

    ed1a19495dea6785a4ba3be455becf8843d1faee

    SHA256

    1fd73ec5b834a9caba57d1c2e524a99a6ef8b253cbc8815c3bbd86736b4d8c97

    SHA512

    34aeab8cab04d4c695b61333528d2614ba4842df1b0600a726396a351db41ff900e79d7bb56df739415552b7cf8cedc86e3a5ad3c68b8a2bd8dd4861fb6328db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0ec191016862e93c7ca1b6b1fba94a03

    SHA1

    abcbf295d7c83bc1dfe595d9815ead7ec402161f

    SHA256

    86aa45be5be7b0bff5c55ad11d524b26e5bcd45e2722506ced8c416659dd2392

    SHA512

    5afb28c978340b6120760e41ef62175017634739fe6f10dbda526e5d6409621136a33f0b2752a59108adfa418d8c9d29448b6e0ab3a82c8750d269e5207401d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2239b235c079a55a4bb4fafd143a6837

    SHA1

    5e7ef5e21d957248d5e45d20b925a08fcb2f27a9

    SHA256

    ffb4f412ce2de5d978b809f345b41fa328f6d7f236f36bfa54e48d55a96777f8

    SHA512

    14c7a94c50864699797791d99cf03061a69ce302f232b22b73ae0e3e66176bc45fae9e491518ef0d078882da8296c599b74cffb812c5c75ef5c40ed84c3b91c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8e4188510a72a8f6e23d3f5da11a502a

    SHA1

    8a2607e408cb73e0cc0ddcb62ffd4f3834a5bb54

    SHA256

    f66df794af68b4a87df32cf6b5e2364637d00ef380c309bc4a8b9a25a458122a

    SHA512

    f64f71708941a3222aca6a01e7799bd87840a9cf3ae4f860a28a31f2db302dd6c45e3d9c8f4347fe48b2e9c8bcfacf4b31ff4ddd7f64bdd798b90ae521310206

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    950a710dc0b6d3147027f649a31cf3bc

    SHA1

    98401b18a4714c920572204e29759285cb1320a2

    SHA256

    51dac11d5f5d20ce33f67646f90c8be5b3713ef8832fe43dbbb3c483b1d344ed

    SHA512

    73de91a5b2af4f8e65f5949f2d97dd40e087d5e87f2f24bd4db379aab89f32a7484f0052fbbae86bf1080a37eb07f3d2978a04c47edaf901fe3a44bcb361915e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    758f162133b8c5abab447c3961f2313d

    SHA1

    748811df66cdf7facd9a3e112fbb30d90edb3ae3

    SHA256

    8b6f67934833a7c691723336602f57759cd2255b290c4b17c79ce7aa2bad230f

    SHA512

    a0d3579aa2694b770b7c1c34e29bb348f83df1ace8764d056d6d88b3adaa1e5f3ea3514db018a71658fa0220d2f6ff44a7bb44736f9e31b5df9e0f1a0cd17ef6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a281dfe112d08b36243924f13da8de45

    SHA1

    3d1fe3b65ff5b575483c205245693894620283fa

    SHA256

    8eda265d85954a499db182bef4c5656ae770567e4ddfd01eb5750d63b89e5188

    SHA512

    db46d5682b5285dd3f391ff96b844c18e0daecab48252507a426fb1e5bc5a8571446e7d33ea3297fbbbba04471ddf6ee7256c27025436b3c54b873a3abe49a39

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    15f0c7cc42601239055d509647adae87

    SHA1

    388c030458bd4f42034f78e0877ae2de6e3323b4

    SHA256

    8201675b0a2b6a3b0a3c1e959871a054b3f456c896706a9e3020bc29831bfa2e

    SHA512

    79945dac16ca86a253e5eb8ae198f6083fed3425599920128eb074a7163a068b227b5a6dc900f1eab4197e989a189302253439997f9309ffcb211119f6096bda

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8a4c40fb13d02efa022ee0927462e6bc

    SHA1

    2d20a3b3527e0dee98d61d18c61920adb999d932

    SHA256

    a7d5646a33de0c3e35bffef6970b4c541270548dadadd834891930e0c12a4bf9

    SHA512

    15b93cf6ba605542e9a3a6084104f4818a53503c5f4e2517c3d9595e2c8f3ef7befdf8b8a68fa81cc2b1ba951ade145a90b4826a2430867326c643b4ac431248

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    982d02380d407dd7aa9d3816f6b9e49b

    SHA1

    be27ecf395fdcbdd7ed117409607856a7a015855

    SHA256

    6818f13b7a1898e68f88c68ef9d8367ac1aaf5a0a5d35092dec0fb4487d91e1c

    SHA512

    31c6cb54549ef4c0a7312e1ca4ecb64ec26d84949788ca2b2c6a02ff5d42af5515ef2718373ce9fb3344a576c4208576fd902d4c4ce417e42f46d47456d94b7a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4dff76eb6440ce6f573b523193477f30

    SHA1

    c490ef9a7c7e1a7239fe468f8772c2d0ad8f4aeb

    SHA256

    1ca7d3771a269139d6a2a1d60e4a7c18c8f758086831da83598d12123103e902

    SHA512

    d87e74f60f245e222289e587a0bff92f3f22234f82b988dc6b899790e6a6d7279cd1329814806a209daaf83d342b20d71ceabe8e9afa4545a2800fd9149de5d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    02c76e1f25d52aee74768ae17e6124ee

    SHA1

    dd403b7db5738993c860b55b3efe4f2419aa794f

    SHA256

    c5a629ac7a0d222de2a9c235b644ccaf8b520a0f3a3ce4b1d819f4269c713407

    SHA512

    8e3de32bb1a6d31a7741b1a69c9e2d4325360274dba90afca94fd684a2ef264b8bd48c70b3ffafe7c0182683cd495c3f7070b8b1e2c46e8c0a6c2553932f4018

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    995b97920547ab3b30ab7d8ccd5073db

    SHA1

    a0cb944d149d7dc74987488658b47c1b23a4382a

    SHA256

    1504ec3cbc0d104a108cf02112e2d9b699231bfe589e346b3e594943ca9d0536

    SHA512

    90ee45d7d9cc1279e8936a76913b1bcc097a74565b7ac6098e6eef7f33d8cdde93e957b98ca68b8ffcd12f02458d618d74c6673c87f87590404d0023fbdb4a54

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ef157df655835a394e007c30dd58448b

    SHA1

    fec529ab6caa5802a34b29b9d717d8b562b6c8b9

    SHA256

    637ca5a816953e5ba17bbc2b7389f15344d9fcbdb4f2251b8145e8c8ed07c829

    SHA512

    4841ca5510e1dc8bd32816c68bd458a9efa119e078c48ceee516b47c8dd1b3fe6875544890f474f4eecbc4fbba21a105f2b4f70522b5a0622b37d7569b7e1315

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    13bfad50a722e5ca71c0c425b34227b4

    SHA1

    66605162ad15587bfb7f335f28628ddf7f8f9557

    SHA256

    be8a7731189a687aed6c750d72b1ddeb5654469ddc22ca9302837e6721e91184

    SHA512

    8140847940245aa4eb4f5aea0d78c14fcdd51cbcfca25192682b59f27e20ca61946391e1b9d8fa2d58c97d6f052b1ddc3facbeae3e0ee88aaa039b1f9e9de648

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e80f4043f6f583b326488ad98aa47fe0

    SHA1

    8682992b5a195e59f60fe66f90b5b220903bc063

    SHA256

    900283a5cd9417b3588317dc34ea9e5afcbee93be3b3a445e8b29916daa78d86

    SHA512

    348bab73e506dee2eb58d773435a8795722c52618c95f6b03f9b7c857eb0b71830fc4fb6efa97c9ee5810b02c9287d07e7c21790a3781b8241735558056470f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    541ff3e1be4eebd97a404364da795fe4

    SHA1

    6f3867908bade137757f95ca21ff3601163cc491

    SHA256

    eeec8f38c8cd0232b2c3c426ad520262f1af15acc99f4865c05a08dc0962b1d5

    SHA512

    b1743f83205efe15bdb625a0a6909469646ae3bedcaf59874dd8a112257ee9286eb447c597cae7d17fa477387b2e0d981c36d8301a169607c4a39bcc04faad9b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bf5da5c9d400e4c03eb1fc0a5341e8c6

    SHA1

    281c7655ec6e3c7f443e66ecdb3d6a0b1b59bc03

    SHA256

    896f2ba7f8257453953f281ec2aaa4878bb3af98a36ff65b1c0a9d71c5d762db

    SHA512

    7aa2a91352f8254c2d7dd4746b9ef1d90a2fe7c31c233fba0071f7d98bde5a1fdf151c01db22e6a52130e53f1f7fbf2d0ba95f58685229af9296285606ef90fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    61570db6958a8633a7d3cb3ef562312d

    SHA1

    e57a61ca059ee426a07c695d7439d3db37a51269

    SHA256

    e58cbf08f355706131295d1764a7001b3b624217484ab794345be9093734c71d

    SHA512

    df49f89498c87b00329417a65e287372945cf40874a018c3fdb849c74ea8b307ea846409b4ced76fe9ac47797815b54b8bbe4f410dcd35f3c7d15938a189e150

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9e2d73151c97bfa99c3484bd6212b7e5

    SHA1

    4c51ef0d0e76061e87879572f8b3f93dd700f25c

    SHA256

    6066b1d1138e0538d8593a9f8372aa89ab23f31c021e47b4649a745befd1dc09

    SHA512

    ee6ab79d2171803713c99d0888a21f60a62c6ca65e289a1b15410510cec721aff88e04cc65fa398ba4c672ad2e618a292e48f5e097ae76d09258a48779924541

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    ae1eb9fa43841c60654af26de446d88b

    SHA1

    af9e9aa237714a7d2fed8b9c0d8f80af4b715fae

    SHA256

    e274f4684f0b3ccab6a1eae727da0426cbef541b3e7dc35c8c89cda5b35d5dbe

    SHA512

    f26077d03c0530bb8625bf92c54f6f36cbedab438bf5633f0955e25fac6f7b385c7bdf30b6a5b83744e650f53a315fc0f789d3ad5e36a537e92b12c0965a1335

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2138.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar22A4.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit