Overview

overview

7

Static

static

7

StarWH.exe

windows7-x64

3

StarWH.exe

windows10-2004-x64

3

data/Metro.htm

windows7-x64

1

data/Metro.htm

windows10-2004-x64

1

data/Phone.htm

windows7-x64

1

data/Phone.htm

windows10-2004-x64

1

data/Timeex.htm

windows7-x64

1

data/Timeex.htm

windows10-2004-x64

1

data/Worlda.htm

windows7-x64

1

data/Worlda.htm

windows10-2004-x64

1

data/新云软件.url

windows7-x64

1

data/新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19-03-2024 18:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    data/Phone.htm

  • Size

    15KB

  • MD5

    995ab369666fa2f33baf93bf7af9590e

  • SHA1

    e244609eda3ed992a0b900f9a489b9a617fb5504

  • SHA256

    abaab8fabb6ba9de1a94946f1336e95917a54c73321c59a9fc26ea57950f5b64

  • SHA512

    eeeca5c737af7b02a1ba50ac4f3341fec11a04b5b2ede21d16ae92ddcc4f5a288de9e46b670db097d3188570dcc86675fec0a766137fd16aef990e274ef23943

  • SSDEEP

    384:A6fuJvrJH4OJ2La4b2Cwv4+2br284pJH8J+49JiqJg4eJxX94CfDK422DNu4fIUs:A2Z8E

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\data\Phone.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2740
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2740 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2388

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    08d9848f390436268139a0b039a58638

    SHA1

    56438e4566479e994385bdab0167d6e631891e90

    SHA256

    7f46c82327d91c1c928db0b3e5096a5607f70a3492af10bf634258a722d23c5a

    SHA512

    71ebc5b30b56047b16086d65c998aab6c94109ce7a1fd5a839884b443daf0a08f33215d0304bd2e6dbec7b05a28bdee5b94b03ad68e686c4b113cb486e3a4773

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6a056ddc5a16b84709bc81b0550ccf30

    SHA1

    cbcf6a9ad1d16f0cf75489aa4e9fb7f6233edb3b

    SHA256

    9146590ab6154a3bbe3b8b57c64525bdc8ddc3665b5001ef8ae4a327a163bf8f

    SHA512

    c65318d1427225655cd1ff9e1a9873319ebe69cd0ad0719976642ccccc7c6483c5ebc5ca77c7ebd18a496631de2a67511f5c74ea4b5e87f5fe1d3b01d44cd0c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    361feb0f8e6f24cb008f974d70a92499

    SHA1

    2ddfb25906fc686115e9b6c5d7d2c13e4ff7f939

    SHA256

    9993adbe2fcabdafb67093ca667c397dd2d6b10c0ff987d17661e7eedd080edb

    SHA512

    fd2db2b7d982d53d830ef9a01fdd1052f58d08a2bb12f0f19bb04af0675b1d24c3ec54afe2636cfc27bfc94d47e1ea3a2a069cc5a69c40d618f4a959a2092761

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dcbffb238401c6c26dd498170d970ab4

    SHA1

    b3413ae69a4a463444e3e6f448bc4966127f7859

    SHA256

    dab9db08dfeb4c15929509362c92280a598c98b2af459a6fbc4bc445f2d0b6a4

    SHA512

    eab5875d15d3395319d3923d3dc32a06ba5f16943ec85ad80510db9cb5767c75d424291628586172091d40eea2f892a010f666e7ae067141a6f9de52f2b1038f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fc67d59f9a03a13aaf1f983db621e3be

    SHA1

    63476ff18ac9d467347ed8c60ea8dd2ffd9e68ce

    SHA256

    5e69d7c5decf5cf6c87cd25e674bf8eb8728e258abe5405d2302c4c1bc5e5520

    SHA512

    5d9aad7c5fe0432de26cab685a6b472c3f7d5406c45cf6d05c7f3acba08924cf8ec1378c01c93f4e991d57284f2bd0dee27dcfd3c922594798b9819e66eb5e32

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3d4813e9439588a67b586612d5ad02fd

    SHA1

    3079333b9da1667c26cbeaf23adf89a0cd3db151

    SHA256

    8d9241061c105554bb07ed4d667b51802ac02a2fc96c442cf294da3b4ab12a71

    SHA512

    940bcc547120ef11132e2280ee763eae66d5847c8f7325dd89f09d1fb13f534db7d3eda3056f0e3652d27282c6bd956e17491674f6a8312e4216e2d33bf63704

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1640c8cc1e8e0e539180067aaef5c4ca

    SHA1

    b01155b1dcaee1e98da9e410d3e79f60bc6863a1

    SHA256

    981a3d00ee26f5974a843f6d15de52140dcfde95da78ed9f05efa3c5826367f2

    SHA512

    51b9d027d84d08620579bd31056cb675a9f001e79f851791297c909cbdbe3953b916a52efd992af2e657a53442d4526fa87fe8ebbd4b76d4ad7c9f58715d5843

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e4fa387b008dd53c0a617fbfc9bfac82

    SHA1

    6af062ac14354257d3a325b3f12c3144b9afb05e

    SHA256

    825255c2ec94e843d0457b0ac4bf21e3d83059ff9be2ff2c134af07c35c3296e

    SHA512

    6d065bb274cca099ed437684c41b17a69f4da3fe2807869aa32c9b5c044e5045c3f7ad9443365f99cc05cea33436c85f825518f5268244e4cc6e38d552e4dd28

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f01cb44f6040a3426a38176592ebbbb2

    SHA1

    0938a363081a213afd695ce2fa0e79a75ea6721d

    SHA256

    72ce15b932264fa03629c4b81fc621efbd97f3ad5928dbe82d13eba8bb30a525

    SHA512

    ca3795f0c8579bf59f4b130ad179be387a02466051019e8f72ace230a73c3808270188eef5185315dac5baa977902537a4eb39e867e222a26f9a7e79c774b3ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    29a2947b3004021dea3d165400a7a684

    SHA1

    0ebb5c123139be60d2774a487864bbb4b57aaa92

    SHA256

    4fff00b8a2d7646163b6e69868ad6ea5b8df576d7d4bb3256825c32e92005ba4

    SHA512

    80296b47a729584f867dfd6c84d1ec9a27eeca106847a7826e44ba5274a8989d27c32f5729025c3de2afcf323b086c3414062df571a57b48793172699695ee2a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    701b8c8173d122bc1f4aa6aee1859f54

    SHA1

    ed5f3fe0b3afc75eb98f7187908f8f4ae343758f

    SHA256

    b19e3e8f5ddab1d1a56a21cb5a2d3a892976bd38ee419b2de0ff188d327ce949

    SHA512

    e785914f8b0403e99e0825782834e6361f788e1e6354c58e42aa29ce4b25ed116ffa58a9fa5d826a55c0ed0286e97961ef8b6afd6ea1f83465453f1436bb059e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4741ff393d47de11d21d9fe754ebcee0

    SHA1

    29094a461874bf429070ec82dacb6a739931e239

    SHA256

    73efdded19ce7ffb0dd9fa47982dc17de4bcc7076f1574d36fc01eb2bbcc66db

    SHA512

    d8c8e1212498d8d8053139aca281cebce8d14bb1189dce7f19137d781d77daf813243fc5cacc04cada59be90e276a4970834e889234cf515355e1811cee4c942

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    128c71d4b5b5781cbde9ef2e25cb4a7e

    SHA1

    26787c23dbc8526ecf1a96a002c6d1df3624375b

    SHA256

    77c26446be387b3c713ab469c01b079a803a1e979828b1bf884fc5cfc2e1bb2e

    SHA512

    7a2d8416e8d08af3a9ea3aa6d7a2c5622bd87d372b78687e9023e576e3c2d305330d5c3abbcf2ccb38ccd1f45ebbbf2fbaef5a3e4d3755e721290c23f4db9920

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3136.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit