Overview

overview

3

Static

static

3

xiaof_toup...ass.js

windows7-x64

1

xiaof_toup...ass.js

windows10-2004-x64

1

xiaof_toup...x.html

windows7-x64

1

xiaof_toup...x.html

windows10-2004-x64

1

xiaof_toup...ion.js

windows7-x64

1

xiaof_toup...ion.js

windows10-2004-x64

1

xiaof_toup...x.html

windows7-x64

1

xiaof_toup...x.html

windows10-2004-x64

1

xiaof_toup...ent.js

windows7-x64

1

xiaof_toup...ent.js

windows10-2004-x64

1

xiaof_toup...x.html

windows7-x64

1

xiaof_toup...x.html

windows10-2004-x64

1

xiaof_toup...Var.js

windows7-x64

1

xiaof_toup...Var.js

windows10-2004-x64

1

xiaof_toup...ent.js

windows7-x64

1

xiaof_toup...ent.js

windows10-2004-x64

1

xiaof_toup...x.html

windows7-x64

1

xiaof_toup...x.html

windows10-2004-x64

1

xiaof_toup...er.ps1

windows7-x64

1

xiaof_toup...er.ps1

windows10-2004-x64

1

xiaof_toup...x.html

windows7-x64

1

xiaof_toup...x.html

windows10-2004-x64

1

xiaof_toup...min.js

windows7-x64

1

xiaof_toup...min.js

windows10-2004-x64

1

xiaof_toup...ina.js

windows7-x64

1

xiaof_toup...ina.js

windows10-2004-x64

1

xiaof_toup...min.js

windows7-x64

1

xiaof_toup...min.js

windows10-2004-x64

1

xiaof_toup...min.js

windows7-x64

1

xiaof_toup...min.js

windows10-2004-x64

1

xiaof_toup...min.js

windows7-x64

1

xiaof_toup...min.js

windows10-2004-x64

1

Analysis

  • max time kernel
    143s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    19-03-2024 12:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    xiaof_toupiao/resources/font/index.html

  • Size

    132B

  • MD5

    3f12ace2ae56bce9e8fd32dd80046e45

  • SHA1

    4a50a0a702f2bc7b41ab9f066ca0a6fc43408fb4

  • SHA256

    3a4910e3ed247925e4fb84f312ad1e1ec0a2e45196e75f13c59138ef6f11ade3

  • SHA512

    654483399c2d263cbd6020b5ca73aa2e73d78e310fcb0b5abe21cadddfe5922af88e97f6743c9c4ce5d2f6e7a0e5344c0b94fa0019f5fe8c55aa09861439ffaf

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\xiaof_toupiao\resources\font\index.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2340
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2340 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    cfe0cfbd7a63221b44eb7258042db13e

    SHA1

    ad8a65742f702f958c6d0dc94d2561188b232d55

    SHA256

    a2b08dba905e2b98b86f7d53faac43c061b64dbf8e47368fd9bca77ac2197a72

    SHA512

    b65b6b3b8cf4b09830991bab3baee17c2b4382077d44464bb1fc8d8f2f5f97b78dd223bd32934919092c694cd0245d1dd2c6aa2c0014eea92df65c56e92a3761

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    02b3207213c25530cb63871228f521f1

    SHA1

    6bf526029ab0e4a9fc9e5de71cf6f15063fd3cc8

    SHA256

    531c2840759d9ff3450b5140c868b1fa4b2664225e58b38e8be6ab1a4cd8d800

    SHA512

    cb44d7817d54de61a75636932ec000c6cfbae918b16fe23f8aaec4b0fbe653705caf6aead3dc916b8e1d57dd915de6d5fec5ef969284db16b9bef72988aa7575

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cb1eb976c7c2b011e689245981bde6f1

    SHA1

    09443eac63e88601db4ab917eac7f687ff0c60ab

    SHA256

    43359d91bc4635e598cdcd4517bac1cb219fa70ea50decb7fa4ee41bcaa70b40

    SHA512

    4cebcb0f303ce2eb492c02419bf00431c2521b22c6f46ebd0a97975a230ae764451b0726b1e28675681e8c6bf64ab500dd496d111988a1a7b97908883145f257

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d8657e8f0d786fafcf93d9f9817bc216

    SHA1

    55337c0d361365d5b36da494ce91e0a1c9cab7cb

    SHA256

    30d175acfa0d2c381e65eac089ff22a82e4b208ed919c274a7f9938f8d5626ca

    SHA512

    5da9e5c3a8d7cd50573264782483b28e49eef5524938766367282123324595db64c0aa5c68d8e3d6ab82c1b6938dcfd99c9cc1fda7e421cca4f58b4e14919915

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    99ca14ef53192bbf54727c96b529671d

    SHA1

    dd1c85c1383ab018c8dd2d3d421c1aa235dcd86e

    SHA256

    d68f2396ba0fdba3a74b55aa82b8d1302e75ccf0c957ee02928910b940039c40

    SHA512

    0049977539e83a34c0ba8afc013c2aadd73ffb14675caba7350f2bf6d1e77a05a8af1ef7a534659c0425d89f1d92bc4c5dabc9ea460fef02b567d7196906f430

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    9ccb575a89182fad6c6d8c6501d1c4fd

    SHA1

    dbb0f35ee3c524e21eba2888350e322f75c442db

    SHA256

    a6ef1c74cf7c38c31088ccaf2dbc83bcc7b2db76e11503c670ec605120215c85

    SHA512

    08e68ce7c62d40cdae637d832950f44634b1ac21d23b29688a97910a9d842d161f260e43af53732a19e07d9acef9fa3bc2d65d6819eb6738b31293022039e293

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    f4e00a52287468d41b2428a8725cf99f

    SHA1

    6810397c9c7145fda1cc75a72d0fae72d437becd

    SHA256

    54e205b7a7a1f74437a689985bd2bfee6eeb9d5485f64f74b148cadb308a2ee4

    SHA512

    971df245c085aa4c5575af7f0b55531e3c93ec6dd976db0d577cc45a34bca908d7fe642e1e63f6c7bede125880bf05085020c8e5bff2921b4706651a36dd1c85

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2996.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit