Overview

overview

3

Static

static

3

Consolex.exe

windows7-x64

1

Consolex.exe

windows10-2004-x64

1

Plugs/TOPI...eU.dll

windows7-x64

1

Plugs/TOPI...eU.dll

windows10-2004-x64

1

Styles/Office2007.dll

windows7-x64

1

Styles/Office2007.dll

windows10-2004-x64

1

TbMate.exe

windows7-x64

1

TbMate.exe

windows10-2004-x64

1

apsystem.dll

windows7-x64

1

apsystem.dll

windows10-2004-x64

1

fluorinepp.dll

windows7-x64

3

fluorinepp.dll

windows10-2004-x64

3

gtJpeg.dll

windows7-x64

1

gtJpeg.dll

windows10-2004-x64

1

help.html

windows7-x64

1

help.html

windows10-2004-x64

1

msi.dll

windows7-x64

1

msi.dll

windows10-2004-x64

1

xEngine.exe

windows7-x64

1

xEngine.exe

windows10-2004-x64

1

xWeb.dll

windows7-x64

1

xWeb.dll

windows10-2004-x64

1

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14-03-2024 19:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    help.html

  • Size

    3KB

  • MD5

    c16c2a1ec6f20bdd1cd7634a2c96438a

  • SHA1

    cce3e8b33e6576e15e14152942a362c72ee447ad

  • SHA256

    3ddce7540bf066faef6bfd6aeb9e1e95c883fac5902913ec3bf7cc46dc43526c

  • SHA512

    cffeebbe65024956c0b686e01ac4f43870b06b43522b02f435dcae6902e9b142909a9ee546fd66dce0dcb4d78f5d36cb9f41137df1ceaaab150446f5407bb5bd

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\help.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2756
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2888

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f5a3e54ff4d951e2c0eed5cac7d2c62f

    SHA1

    ea32f30ee62ed6eaa713eed17e7be5cb9f624bfe

    SHA256

    7e9ddac72af33d8d7d721879a6195534503e94a1a10711cce5ed60e90afc8e87

    SHA512

    02859b3980be8048744c8688f6c9cbee5a1dfb311a818a5d95ef689c7ce1b96c8404f3b24856460c68d630411a4289e694db812ebb1a4d258611b21849c3a3c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9992d1df89276c2817fb22d1faecb89d

    SHA1

    b4f1e3840cbc4589c81df18d7997f62804ed9180

    SHA256

    420d367700c5233bfda288feef25377d72a118b75203b3c7d14f32f346ecfdf3

    SHA512

    c68dd580c0b41f87c1da1961cc8145ccb73000d3d3a066382a360a9daf348a4a85dd71fbc95685e5b409d58d628398d4abf0a41bcd288f5ed2ee171c9e2d888d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8a94127ee29d072f8c98aeeeb2475b7c

    SHA1

    2219726c41eb38ad25191944d707358382c6676f

    SHA256

    043cc76d5723f717440f59b6b99c521a38d5af8309ee5881394701b230709ef7

    SHA512

    5662e4b27f8c04066dd24daea3630ef2abfb145172464d156b4215fe9b1e43fbbef6fa633fed08b045ea36b6dec2c44c06b6f33cf7da9c87a7b21cce516d7e90

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4f6f96700312da6f491d6b2a13ae8e24

    SHA1

    49e61f327d7b8c0adbaa33801fd0b1626431eafc

    SHA256

    f4f22071a47b8a513be42a31c32355baafb915da694aa4690db136934e73f1ef

    SHA512

    8c1d45857d3950cead447d41b2acd6dc22f06e313bd1cec3a21c6fd0e7df3027ba24a882cead7b0822fe9cb46ce6936a95c2859f3c61ac3cb79b82d412e6c176

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b76c1c4a5b8b8e2362851f0a1457ed5f

    SHA1

    6d8245af44eaa0211b88ed3be622781981a0025d

    SHA256

    e4a2cef144a23fd64c62f0bc0509b4473a7f861d9dd4e963e7ccbf9581a90e83

    SHA512

    d1936faf4b5eb79769158c10176ae6b3f14ecaab6abcca153a936fa0c7dbb2843e0c8b2a8f12a4166a4068517e192e0574863a641a04df373403fdcbe72f1399

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c163c5e75d5383ebc45276590e6066cb

    SHA1

    fecda22167343c6de6ac33c4526a55e360ac8669

    SHA256

    0a7e79f0e353259e337aca9201667a45605b418c46589043c4978974ab441d86

    SHA512

    f1ffa184c0948d282d075ebeaf228555840ddbcb0742b45f1fb8357f1f1f87cc6192f4819ce8a874577e689a9891b1baad38a297222c50fb17795843a4916096

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    583fc5460eb0e5cdd00c4289462cf1f9

    SHA1

    d52d4a52bfb19f760b0d335cf8bd40e332a73a85

    SHA256

    21c5a216248a3ffa679fb9f075ddf755d83675bb001d6d105bc29bcca7efadb5

    SHA512

    f54ab1285f6009085c327be87c0e67127e82e290fb60ff5b32d550dd3d5b77655481a081213542309e578b499b1c0888433524ecceb17a3d4bb93fb87651485c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d6899b7057586b7f0d0a818a1ad263f9

    SHA1

    39cdc494bdc082258da58e196c7845ae4b84d75a

    SHA256

    c9073ffd78a4dde5d12dd873a950a8c73dece58658b57dfafd21f4b41c7460dc

    SHA512

    36689229a2c378ad91c2a25af904e8bd73341454c600be90ec084283ca2a384b84d21b9e2d5ff6cc2cfe5f752c5f3f505a574ae5a13ba1e5038970c6f32b1625

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3ddd62696fcbdd9be72d3e6b8cec7d06

    SHA1

    5e7ba31abc914ef32456a900ba48809520c08d15

    SHA256

    885cdb1b5c60ac1483241115e687890ab5c8c581c75e19cca43c2c3fcf431453

    SHA512

    e5d8c4f99a11947627017b94bd75f6e66b61b9d28f3779c1d969bd166877c23cb4562e8e854207bc85579bf5e7672363785b5712ff392d1a4f5e7735b94305eb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    52fae2350c63116a0d90e4d6f01094e6

    SHA1

    a9a41051f3bcdc21db1ce859288cf26d39260e62

    SHA256

    1ce4e52fbccc8036d1e1324c8fdf892111733092854a65fc7721bddf8dc45657

    SHA512

    3dcaf600444bc0c6259c49732e3eb741407358d5a9b16c012f9cd1f8fd75ef3b8ecdf2a02f0c189dbfa605086bfd9e3f02fc0f9261358d25d4d4a81a441fc76d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e5ef7ba73003c88c8c3ff46e6909b509

    SHA1

    7b6eb542fd6dd092c510cb48c3fce36c4b7a9093

    SHA256

    2fa4a8e1738b0f22acf277569ab1bcc06e5689a52f63bcd0e340515fef809da2

    SHA512

    d9ea4552d097b50fc0c7103a8109f2e511f21b30d8435bd1694f00ae320799a8c7f86cef3da77ff726eb11798dc8b374a15c7476c3f504ea89ab2cb90b24bc32

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eae52eccb232f714f14b12cfb65ec425

    SHA1

    6c3537c3378e3114d9f1826b44c020567affdfdb

    SHA256

    9842c8336e16208ade93ba1aba311e0da7e838023014b799615da652e224d6c2

    SHA512

    587103f17968d347dbd060ac4752e4e6155cc072589594c646e422161d55368359089fb6fd94416e5ff18e8df15e88e25bc755c5b7e32c3568913eb75f15ace6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC591.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC981.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit