Overview

overview

1

Static

static

1

ad/indexad.js

windows7-x64

1

ad/indexad.js

windows10-2004-x64

1

ad/moviead.js

windows7-x64

1

ad/moviead.js

windows10-2004-x64

1

ad/playad.js

windows7-x64

1

ad/playad.js

windows10-2004-x64

1

ad/tonglan.js

windows7-x64

1

ad/tonglan.js

windows10-2004-x64

1

ad/新云软件.url

windows7-x64

1

ad/新云软件.url

windows10-2004-x64

1

admin/Coll...ml.vbs

windows7-x64

1

admin/Coll...ml.vbs

windows10-2004-x64

1

admin/Coll...ax.vbs

windows7-x64

1

admin/Coll...ax.vbs

windows10-2004-x64

1

admin/coll...ng.vbs

windows7-x64

1

admin/coll...ng.vbs

windows10-2004-x64

1

admin/coll...ie.vbs

windows7-x64

1

admin/coll...ie.vbs

windows10-2004-x64

1

admin/coll...ng.vbs

windows7-x64

1

admin/coll...ng.vbs

windows10-2004-x64

1

admin/coll...ing.js

windows7-x64

1

admin/coll...ing.js

windows10-2004-x64

1

admin/coll...on.vbs

windows7-x64

1

admin/coll...on.vbs

windows10-2004-x64

1

admin/coll...pe.vbs

windows7-x64

1

admin/coll...pe.vbs

windows10-2004-x64

1

admin/coll...on.vbs

windows7-x64

1

admin/coll...on.vbs

windows10-2004-x64

1

admin/edit...ct.htm

windows7-x64

1

admin/edit...ct.htm

windows10-2004-x64

1

admin/edit...ct.htm

windows7-x64

1

admin/edit...ct.htm

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    12/03/2024, 18:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    admin/editor/FontFaceSelect.htm

  • Size

    2KB

  • MD5

    10db8afde9326c4fa5016112276121c2

  • SHA1

    02b9e70975637f006603bede9a266254c8a82bb3

  • SHA256

    34b5c13333fe9f29196761080799107441c87cdf8df61c0cace32e503d4ad416

  • SHA512

    2d28f4289a2f81ccf90c6e1384c9138114da533a6af4343c8a74109c97e1cf9258a4bcb22bc571cb2909a66c458c6ccbb329a7e93311fdc5b808a8e524b4b637

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\admin\editor\FontFaceSelect.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1724 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    38376be25ace02b9241ad84f91177634

    SHA1

    8d9ed76d75030f1b3ac6b00a247cf997b12b5838

    SHA256

    8c2512669c28b98c87544c96d5eff4ec11180d28abfe15232eb1d58ac413319a

    SHA512

    88f0d8e186294861e27dbeff697fbe72ae7dc1d4f0b0a3377e6ee379459e84452fb4b93dcf580a280663354a08e02ea62d33b6068d9b6d9aa02173fa051033c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dc92613369b317cb3ac935cf5091900a

    SHA1

    de74ea87b862779e713227dea8bf9312d87910bb

    SHA256

    1fcb5367d44ee224d1061c741c2f4737e2785d5096eb8d716254574ed22673fd

    SHA512

    97091a04dc72d0f14ec849279a840bedd3679242f6481ea17e2320bab9b7a6d4037efb27ac801c56bb531f44d4c2a28c7b5f9c593786fd7c6f864d26d856e56b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    096693dac0f6e4ba852e4efab825e08b

    SHA1

    372e5b42cad06f475c480512b3eb7b5432ec2cc4

    SHA256

    3e9dbd52bea743b521595a3bab1cab1f6861510b5e94c371720f2b78b52bf3c3

    SHA512

    cdb554a96b577a6ec5165a1abf837ba3ed3c1bd33438fe522a42461c4a218d96ea8aee22d0aae73ca61f5f4260b816b276737b3a53a1f496177232d8cb0492ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3927565961ccd814c6de40959a82fe4e

    SHA1

    b04367d72baa0c1058c9e819d46f3ce438b2c01d

    SHA256

    2d704c740d31e8f54ba79eeeb8ba1bc156a0424df836bcc3fc23260064af600b

    SHA512

    1c4a2d984394bdd0a30144c85c2e36f2e58bc33ce4559bf998fed512f5b1676d1d848c00ce7dbec791e850497a863aea5b82837acd87fdc03cca7ef747bddde4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ade33b2cf4da228f366e61f027e840ce

    SHA1

    c0e38d0df6291d88aa42906974cac56dd17a5bc0

    SHA256

    e5ffb772434c8c55846db4330b3eae933b4a0a6eaf4eaca37d43b47884ae4f24

    SHA512

    2f848bd6e51664a83a4f213b052e1b036d3dda2db6aa403afafeca40c3db08295c553b6a9d57787783fdac2a9bdeecb0ed7019b03bf0fa8a9e916d2e5263d828

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7ff0ac2c2c3b60d5b6f3461e256b6754

    SHA1

    7db70bbc3e08c80648e1ef0eaa6cb6bdcd07abd3

    SHA256

    e5d9f8da72668220310cf0c42ab50feb10a202f6225e9c9a337b82c2e17795eb

    SHA512

    b7b02adfc80838ac188107f2c4dc999cc174e4fe9b68eae79fc4d40bfaaadc85e6611749bac96c6fe1ef59f2856e90134d71c3d58959f1678a9e102c79eae616

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    015486722a6c81895d275eee38a72f9c

    SHA1

    f97f71dc4512a61ebac0e2938bb70b20e88317cf

    SHA256

    e366e10431ed131e674b88fdd9c9b23b88e0e8cc452335118d1cd9f74144ac71

    SHA512

    9700bd997320e057fbf7e86b727584cf142dbc0e1c928d0f7eb3d6826530fd9a08728c36a6f2017e61b0e655c9e087e3bb74e7d1dafb836f88fc9a717555854b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8dc554b82df5960b983473512d0434e1

    SHA1

    85ec67c461d261c40ae98f7cd9f8c4c278d7897e

    SHA256

    b8edfac6c66f32f2b46c831be4ae0e8ad3d17f7d5a30208a9f7dc7497cfe504a

    SHA512

    fb57e7fcd951595c86e17fa2cd3d4832421f514b8b7265400de3294e1be730594e10845abd2b45e4c60c56ce366e00d3346fbb63bbc9cc9d5870c567aba7892b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    77e795b82c0bdefad221b4d5489ae448

    SHA1

    0c9d4dd8d9c6ae46a3a89e52f1545f3f6868eddc

    SHA256

    90cc6dcfaf296d9ac700beec91080b4b8f580f15c5f74dcd8b7e2638dbf2a8b3

    SHA512

    6d2773e4dbd33ea1796e16d598c66eaade323bcf33c91e3871f6f4b4d421d2ae72294269a8e72160eb55f84ca60e933a4795909f6d14b3971da966a4c926095d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f4b1eef6955d45aa48c0a8f498e130ed

    SHA1

    0641ca5584b3d600fa972e876d5421efbe2b20b1

    SHA256

    a2d09165e9189f3452b1d4fe7fe5785faec6902d41c889fa99d148573b8e2ae0

    SHA512

    35bd4fac10c738e4049a6e47fe628d71bca78de4a587ca10f8e15464afdd8b90636bde1cd542a744be3fa8158c170c09c3022c7117572841a7306d2e5a641df9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3259.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar384A.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit