Overview

overview

4

Static

static

3

046d-uipak...1).exe

windows7-x64

4

046d-uipak...1).exe

windows10-2004-x64

4

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

html/download.html

windows7-x64

1

html/download.html

windows10-2004-x64

1

html/finish.html

windows7-x64

1

html/finish.html

windows10-2004-x64

1

html/welcome.html

windows7-x64

1

html/welcome.html

windows10-2004-x64

1

js/IE9.js

windows7-x64

1

js/IE9.js

windows10-2004-x64

1

js/jquery-...min.js

windows7-x64

1

js/jquery-...min.js

windows10-2004-x64

1

js/jquery....min.js

windows7-x64

1

js/jquery....min.js

windows10-2004-x64

1

js/logi_helper.js

windows7-x64

1

js/logi_helper.js

windows10-2004-x64

1

js/logi_helper.vbs

windows7-x64

1

js/logi_helper.vbs

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21-04-2024 05:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    html/welcome.html

  • Size

    2KB

  • MD5

    cfcb0e546d9a5b527fcbd970d5285bc7

  • SHA1

    d1e7c0e6d01f283d8c6f34b67b5ed004f2a6d1e4

  • SHA256

    2065bcfa62b410ffa2b79afc102b78a5071301cf16f94d2d42c12be8365ab253

  • SHA512

    c9d87c083bca3d1fe33e79431a2cd2178b468d94289415a4bad2141588178824b1984da5c0e58ae084111b5e7b35fd08abe0ecfd3b2045a918eedb86ec721d9d

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\html\welcome.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1184

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ed32e14b1daff69926453d9f286da147

    SHA1

    2b290aa2abc5d9dc7c71a891420cb32133d0cd45

    SHA256

    7b674c9a51f6e7ce298e055dc1313fbe8e8e567fc40167ed23c4061c50ea34c4

    SHA512

    a6ff56b4a78ae836559e9b3718bfd6ee0342acc41fb43b628d6cfc855d5eb57f71efbad2a60433dc4c462eed2583e5308c8a0597fe04e6a6e3862d76e660a4e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c108aa0a4305f4e70a13e8445e35b162

    SHA1

    549d7af650c76a6b2c3fdf0d27d3746af78fed45

    SHA256

    299f848a6cbf0baa6a05598be56b1de7cda21246c46c1465ea4f0fd39335e66c

    SHA512

    77d98fa2051e7a30e6ccb6dae785dda8ebbecd4d40ec67d2d0df103af1c7b318826019fdaf4718c8f538308721017e7c99c225d182a9538d9a799d76aec1a947

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6477f9360b0a9af6fffabc158c7d0dfe

    SHA1

    61efe7bac223aaf14660bb5f4a53bb6278e84faf

    SHA256

    76f854a75b3d05e8da8f14285d2a8d4a69d00b339469f79c08a406ee907aff72

    SHA512

    cd0573e3f1c461b43f1286ce110fb766d2ed774aeb4650ffe195262cc3e152f930d07d0137e33a22bcf2fa6de8cdccdba96749931961942f80796db455781b01

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    75fcf2ea60be32245590f58496423536

    SHA1

    b316669d2c227e6af26786e1749b98054e6bd4ec

    SHA256

    4bf952bb0e88358ba3cb811e6861df360512afb93f96bd761ed10c4bb4c08bc2

    SHA512

    d4a40c9c0deaacdbbe08f2fd5ee025dba2348adbed71a21d2fadbf8009f1912e804fdec4cde7cc45f3ee4bf2552bfa5c870dfbcd3f45e79fe9109532664f0436

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b4e251e1c88f391bc6fff23beb264eb9

    SHA1

    83651d207251c781d531ffc6df23364cbac32c8f

    SHA256

    c29641f38121019514d8468b7a332cd488e595bb4736f26b9715eaeb85404bd4

    SHA512

    f31aa639171064b68f2f24cede54e0c7bd6035419418105c7a41a67c5749c919eb25b000ad63f2303fce8a67137ddd34a09c0fcbec810ef824530abf37438d38

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    79983c5afad8e799f4b44e25f423b958

    SHA1

    2cfbaf57b2c57eb08e9334f726b5a4d41fd325ec

    SHA256

    550dade5c92a91af6546a8cd1d847a42455592bd791e726cf87f10ac47169173

    SHA512

    e5dafeafd3c518b6a6ac246df85bbefb82e08ca781a9f7ccaff018ae208a70c94e6bc15abddd30f400dc4753981e305f98c45647c42d6b3c56075f4447251bf2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9385ae9b0b36b3956bb6ee070cb42e66

    SHA1

    e563ac8a72c4b5d3fb4d07a0dea96dc1a839abc4

    SHA256

    767c59f0b6e5a1c0d01a81fe264f55959051fd15287de893975c06ac8158cfd9

    SHA512

    2fd95887bdfe74b483e2044ce1bf48d00f3ee520e3ed7edf5b578f5c4c67bcd1485cc55418e07843f088b520c7cdba8e8758f47a90e2031744cf6b88bb29bd16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    71f51cbe774a831ebac7d95f3891733b

    SHA1

    ce20a9b1db19f57bbeb45d7c0417c6703403c365

    SHA256

    934d24f8c297db9f3302a76bf2681de247db94aa68bb86a645afef5e941990de

    SHA512

    5d360da75bfd720bc2a6f4c15be1002ab73c537c112346e51d9f3aabb21987d78c78e3dd668674481da5f2cad9c502be018cf090e69418cc11f8436da352c81b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ce7871a98c8e3664dab8e91aad1d7896

    SHA1

    9314cb91ffbabe53c4a074d4db94d31bf05a0d73

    SHA256

    88ad31daefe3b150e48bbf3c72d4dc9dc8c9cc80040563e7f3618f84cc843930

    SHA512

    af81517be01381aef37c9618795fa7cf6d74218930ff9106b3f7dcc24c59701a4c81fbba518fb6a18abcce6122cc8a936412371f3db3b7ec0f1432fe67dea391

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6c8aa06171ac4704047f6248e6f1c0ea

    SHA1

    5c1b32f32d7c725c1c6dee7170d09e6b75849a67

    SHA256

    166ec8568ce5529d80fe20d6777d22781a5a7bd227612e2f7bd733afebcac608

    SHA512

    6ad347e4b1d19a539643aa1a10258299326c78c50a3d9a458b1c3b590bab36ba53525ee8fb9432d77d80bb44346038955b2e6d88a4113eb78096eb665172ee42

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3057.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3196.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit