Overview

overview

3

Static

static

1

平平留�...n.html

windows7-x64

1

平平留�...n.html

windows10-2004-x64

1

平平留�...nn.vbs

windows7-x64

1

平平留�...nn.vbs

windows10-2004-x64

1

平平留�...n1.vbs

windows7-x64

1

平平留�...n1.vbs

windows10-2004-x64

1

平平留�...ll.vbs

windows7-x64

1

平平留�...ll.vbs

windows10-2004-x64

1

平平留�...e1.vbs

windows7-x64

1

平平留�...e1.vbs

windows10-2004-x64

1

平平留�...el.vbs

windows7-x64

1

平平留�...el.vbs

windows10-2004-x64

1

平平留�...w.html

windows7-x64

1

平平留�...w.html

windows10-2004-x64

1

平平留�...w1.vbs

windows7-x64

1

平平留�...w1.vbs

windows10-2004-x64

1

平平留�...x.html

windows7-x64

1

平平留�...x.html

windows10-2004-x64

1

平平留�...in.vbs

windows7-x64

1

平平留�...in.vbs

windows10-2004-x64

1

平平留�...el.vbs

windows7-x64

1

平平留�...el.vbs

windows10-2004-x64

1

平平留�...ut.asp

windows7-x64

3

平平留�...ut.asp

windows10-2004-x64

3

平平留�...e.html

windows7-x64

1

平平留�...e.html

windows10-2004-x64

1

平平留�...ew.vbs

windows7-x64

1

平平留�...ew.vbs

windows10-2004-x64

1

平平留�...g.html

windows7-x64

1

平平留�...g.html

windows10-2004-x64

1

平平留�...e1.vbs

windows7-x64

1

平平留�...e1.vbs

windows10-2004-x64

1

Analysis

  • max time kernel
    136s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/04/2024, 23:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    平平留言本 v1.01 菜鸟版/admin/passwordchange.html

  • Size

    1021B

  • MD5

    764c71e5b66100de8653e7f63762d810

  • SHA1

    cf0b3d4d3f0104aeb64dd213fe87446f5f5712b0

  • SHA256

    038cfa668fdd419154b3fae964980c5c5c5def2e4ec711591aced7ec9c0edaf6

  • SHA512

    3d407be7e9b0fd785f3c95cf5f48dbb87da63c59238509f6ef6189bfeb3f2b61afa729898cf0a4913eee8a325eaa60e7ee4f1219dc2c7fb32cfcec6a2d578fa3

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\平平留言本 v1.01 菜鸟版\admin\passwordchange.html"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2164

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    b036cd49ea6ee78223918230b263961f

    SHA1

    c7e66a90d1fe3a97096c155a7c162d117c197d86

    SHA256

    578f733a13eb55c864bc0612958785918ca6b65de34961f117cfa7c5b28fbcd5

    SHA512

    5e25edabd5e4bf573dcdfdc09eece0a023a295e99020482b3a6de635ebc76e768afb80cadab59a765fd52c0168b932bbf02ef3c89ab9e9c545f978ca785f7b5d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    c6a121df7a52842c15ed5c0e70fbc33f

    SHA1

    6a7fdd0c2aacc65e9b2fdeed024d19028acd6080

    SHA256

    bcbedbf43c2e4de862387be729b2db589e4dd2a727d676919e8986a98a8bc89e

    SHA512

    691b4f2c9ad3ec8ee8d419490a6d5f38970d119ead491b96dfd3273009e1f54cce9208f923159a4f5a6ff2e29afd4fbb25ef9debc070349151fe463ced251507

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    4e1a82631871092033c1a0ba145a65a7

    SHA1

    62738a31186c896ce1bc84a4c8a2ee39b3bfc9cb

    SHA256

    48f4658f4b3f389d3b3040b886526074976f2156d3abb3d106912ffe7fe60b87

    SHA512

    8287edb349280e82b3e1c8ae8e6dd9ed516517d9c573fed74f837260722ec48557f25611e32080eec944dc1a0d02ab398d49f9efb76329c5f87933d948cd7d0d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    8a95e107fd940b94d0df668e51ac5e20

    SHA1

    12382820451b719277cca47b611f699fcd87aa40

    SHA256

    104a86843547cdb70517ede472b8542712d33a1bccad3014921f66709e08936d

    SHA512

    5956fad1c868573bb8c44a593bb180909c78519fd66aac689fad5b495e011c6f3df9689c564d9ec17f4263772853f53727f22ec88a374c6760377a3abe476f82

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    d2555c6c396addb4164ef53d6a9922ed

    SHA1

    06ea3dc41d9210280d8e620f43e5da64ac55101b

    SHA256

    512a7c6c8f0934aafb20ff644e811a7a8def0407355f3893c922ae8d45598f78

    SHA512

    64aca92ee573811e2d82723fdfee1a88e4ed69ffc3b155dcd6b1e7d78409e0e4b877e69a204d817df62d44ded978a823b792d47bf96ab22c3b2a2ead25ad7151

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    ecde9bf42960dbf992264f0b2f95138d

    SHA1

    5ff768fcd33afaf10fcf7a5dffd4a943a6bdab52

    SHA256

    366ead52dc9d3457acecb3f9595502e1334e72fc4316bb7d6d10d7710d544402

    SHA512

    727ad7b31f0a54022e35e6207145132e07e6302eaa32602f02bba74d2a8b92024c686ec38a1d5485ac10381dbdfed3268973c7fd8d4a7a3b9c6c622566946383

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    b12bb152fbabdec109fb9f91e0221072

    SHA1

    f7216835a88d147b6b4094969724e145523d0984

    SHA256

    8d7a6f79020d09caabdf5b437bd48d93f8cdbde506717d66293113b88708c8de

    SHA512

    286b1e6033c96aa0589f40a428b168c42923a409bb3e8fab4be8b4bbce12205d74870220f2983769a7fb4c86d66f16ebf357aced5976cf46b01c4cad7d32b5e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    d3b9ac18af8c3c19ae42edd1da169975

    SHA1

    cec01ff61671469e7e912f71fdbff9226aad4249

    SHA256

    57658926e7f6fc4c88fde213842e6364b22636ba6e2c17fbf36a8a97881d4e7e

    SHA512

    7cfdd8f6af95d8d4fcc3045e684c8a413f3d5e268102b3aa42c8b91dda33c14edbe37bfd7f4f53a51e2861a37bd52e46659744dce9f5423efd58aaba3a0b2895

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    3afb6a85115ea5972cfc910138744dec

    SHA1

    ae112854eca87a8ae0febe612e3cc3ea733bcade

    SHA256

    fb8cd0e32840f6725625ac8907bf0c7193195832546ae336debda909093bed1e

    SHA512

    ee6e8fb1adf8c4d4245f84aa9ad839224b9907f3edea5aa6e35020fe749f35186b88670ba63fd8f5602dabe8683ce515c35cfc172ea23fa978d39943f21e4558

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    1229248c72e0cc2ea757cc3f07533612

    SHA1

    8a1e64e5d267bf9862ed7b2247a636b11789d847

    SHA256

    5d069ecabfb540b9149e19ff9a8be18b1de29cd60b4712a86510c6cf48032273

    SHA512

    98ae683439a7a61b836b606809bf44651b2f11935badc398fb8c4a97c8424b76394892b84e1e3379c55691a581b2c2af42b8bf6bcad294cdc5abf1cea4337143

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    d54759fd2901790a211923bbe33a3c36

    SHA1

    f97b937abfabb5b5dbbd2bb39862481d6c387773

    SHA256

    9d06f88bf19980fc7807d8114c74687363558ff73cf1f32a184a933fd84fb5dc

    SHA512

    1751f6df7fed0f1007c285207c677667478674956d57201ec2a6caebd76f0ecb558a323a3230fdc632b966b32ec52c9f041506516f62ad691235ced6235059d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    fd734c3fb359aa0eb1f5fdc9a7b76722

    SHA1

    f23fcfc1a503a3f7b83f154c6c586d13dc4c1664

    SHA256

    f508cadfbea01d645923c7089f5d219ce68c4fa92b6fb50a8f1be109d7090dc5

    SHA512

    59bdd581801738ecd787254d660b48907aab76bc3242a8a58d29252e6b6c764336d0cde2bbed320ec4fcacd5f5fd7f2e496ef8175e013cd30928984581b349a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    21d2c1f42fcc86445879441ee4fbcf76

    SHA1

    50bd0f00772ecabe98a2eaacd1c02c0d617e1250

    SHA256

    3ae39787b9980d04bbc7518cfddd0cc04dce03651b95a7e30479152d7c6e8a91

    SHA512

    19e58d628383e810e69730bb1e1e4f32ebd372346d46d4a8dac584fcd9adad7f0937619c617222eafc25ede29a9f13c2fd6b124a12783850ba167c55c662a017

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    5a408446d583fbd94cfcb5859f8bb04a

    SHA1

    f25eeaed771432b714343d53ddf6a4efd1a325c7

    SHA256

    f875197348142be34f996fab1a01ed3c4dd4accd0d5fec147f5377e23048a880

    SHA512

    53400a6e3e53aefe13c353a2d1bc931687131901ff1365b1c70942f3083b73f4670c78e53ea854e5784f82efa5eca7fc84475ad1e54bebc00ad4aa38fef94e7c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    1b981f88bf25d1a2d44c9d6c9fa4134b

    SHA1

    1807dd31652937401c48ed795c85722393c1cbc0

    SHA256

    9b6d25837e13cb595119664a69b90f9e34185bc910ec26a80f8499a9145e5804

    SHA512

    d8f3318d9747cf9dec624904463e15adbcc656505df1ddf84018818fc29bd0f8495a8a08738759afd4e74ececde4b9b20a06018994c6fdc3de2b98a76e722b6d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    50e06a00edbff10a5087fde0f079ee70

    SHA1

    e392f4bc81b200bd6fa8827bf3cc640633ba640b

    SHA256

    244e97bd7d2355a0ce6ef52519eb30eae7bfc635be9aaba6ffbc8f7901eaffc5

    SHA512

    d8d87fbf1da2911caa4b6b701a8afe05cbe14e07e04b501da5140d282c272db3060b2934b30e5fe933026da2083d14f33797dcee4ffa5f94c6e917ba3ec12b8f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    95d203b8da3f03fc40837139d7804851

    SHA1

    872e4d9897f3dc78fa7140aba61b0beb6c2aeeea

    SHA256

    9fc90653465621a9ae4042b8fc07627b6f5e9a225087ee324d5d35f05ce740f1

    SHA512

    250ddf93c7fc59c8f9ac937242de39b80e670bd565bf317b360451478e102b965e8987a139f1420d98d145469d553e375bee9574a83ed95996825d63ab591aac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    6b0aca9386d395862f5af9f345dfd297

    SHA1

    92578e85336991b27671b18e4082613646df7f19

    SHA256

    3e7bb7b148025a4cfb060355395dc37aaba60b4573b067a34037b3087b02106b

    SHA512

    c60e0737fe2ef2448038216dba7784a66dd09445adfd55b1dc7aeea31dc5643fe07001a01ec560b68d9eceadf0cef34a5f4187a17d66da5007a5f7816edda877

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    d6840f94723422bd8f36406128335faf

    SHA1

    529aac85e6f46637e7b7511f3369e102b32c406b

    SHA256

    e04b2d8e8c9e5565484a7be8de6dd8fba798d8ea66161d2c105e058691fca2a2

    SHA512

    011fb6e25eea4e38d33f7246b4c66d11e5a9e85577d1ed606076fa87ca54bdfd3f2df2e2c342b4e891dbb3a6f9f7166b602ec4e1c52bbee8d41227dae79efd27

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA268.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA346.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA37A.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit