Analysis

  • max time kernel
    133s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28-04-2024 15:15

General

  • Target

    apps/admin/view/default/common/ueditor.html

  • Size

    1KB

  • MD5

    3eec50935b3e31c414c17dad26d6b130

  • SHA1

    89aac376eb6c8e7fcfb5acd65a9b65c9fb29c6ff

  • SHA256

    0ad8e0e617d779f2c91a30cd09038c6ddd5fe7de16d006f65333cbe16a9be869

  • SHA512

    3bbf224c2332e564702e51222b5bf4f631edd01d84732ebde2835e89f62277d7d50abd27b1db44d604edeafd14453b296b783e6db7aa27b97ff1873af00ea4ed

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\apps\admin\view\default\common\ueditor.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2128
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2128 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2332

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    062d0a9c6557625b9a51a1e42f894139

    SHA1

    4d238521f28d14d99e7d1bc1b441f2feab29aed4

    SHA256

    f7d22ac1aeba701e4913e62166fda58302f10553b480cefc7b2360f91bd58664

    SHA512

    dedc9b46da5b5eb814fef060a507ada09a388e2860b62116d2fd58ea3177ad63024526a8bc9e3414968bd8e231d17179bdbb98a620a157a9c8014af3a76b7f30

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c2bbd1206189c3133a19b57b208cdd9c

    SHA1

    c7f8e3d4ae65d092e9994c2e883954b7df2d6a09

    SHA256

    9d70957c3d3007fde7824b0861b0ed952bc599ed29b655c3f9a4984be12e185b

    SHA512

    9c45091dcd0d2cc603f03ef1637fb358fcd941b4e384292e2b60e2f74f0edaf5595c56445343d9622a2e07a7dd6a2440ea91500deacf508273a48d59e62d69ba

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3c53276647467644601638aaad4d9788

    SHA1

    9caabf0a2117f00ac83e0e7a0747fc55e12c89fe

    SHA256

    3863eb129df537e98d07bdd6f7476a7279e8476dd3eb156dcbccd0f6c8322675

    SHA512

    bcba839d679d2ffbb3790430d26a44c6911c0c2579c9257c6c51e374bb60c4f9c37c3131221bde3b25b41d0a3fb28938df5080d64e8a177a499792b12d3d939b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    cd8c35f182ac6dffc7ed97e4dff52ba7

    SHA1

    64d4acc68529bb6696fdee58b07d7d1031b61017

    SHA256

    a66aa864d3dba22e39728fe806b464933aa37a1f488e82e8f76647a9e244b6a8

    SHA512

    6a7a0cb5e3ac1a8c414f379d487449142c2286872a111c4c2bcd715c606dafa530acb722dcaa2a5bf8aca5b00c2408d2135f13bdb9aeb2f5cbe9c8558ac54fa6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    33c83451937b34f73383f25d274d88a4

    SHA1

    675fd31200fd63dda614bc5f1c462c8f7faa792a

    SHA256

    c9312bd9403c0b01d137a4623af637f50338ddb6786192240ae757a557f33d0a

    SHA512

    3cce3db3b69bc13b16fdcf817db9bf8496a3489073366d085a0920eaf6c85cb5c154cdf385112761cb7d130930c7e12be0006ddd2d50dec96e11d9d9f641f918

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    480283cba5ff79cfc7a9e18854c70393

    SHA1

    f40676b8ad731751d14cdb4fe1781813fc8fdd8e

    SHA256

    858c30359520bf5376d8e4342dc8bdc6a4bfd1f559275bdba9ca69bf6f77f01f

    SHA512

    8b32d368b045628719b369aeeaf9d03c7b92195d3dc01bcc15ddc16afd1d2f6de67439e73af415b0882c5b12c042b84f7d27f6de1cfe69f7a24defcf3ba3b874

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4d710ef59d10bcf4ff388601a366c148

    SHA1

    da0257bd4ee77279ed976e8ba9cdf1dac2329f89

    SHA256

    dfe8179e32990c4ef9331b0c7cc99c66863bc6d71e885e5d38b51671909e01dd

    SHA512

    ba7de53d43e9f6347416d1ec1931aa8ad3fe929f3793e188579b99212eb6789248afd128770cc261896430bea861e2a2b95038d9f93b12cc15126f142811016d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3f03342b2a4e90cf08f142c9497439a1

    SHA1

    564d03d25914c5914b88c39857aed3b300056638

    SHA256

    1ef2f9d3366512fb181dddb192596e8e2f3f5787846c8e0d113bce5aa65db349

    SHA512

    20f54427b5d0b66a6100bef65c77968e7aeddb7fb6824c59bfd08862d6163248f7975499ae0feffff8290763b30b9898493d3d63f5dae5e35924b941fed7a6f1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    00fd0c3afa6946d2d73febdfae79d5e6

    SHA1

    8a0b794d1bc8fa321a0e45cc76125d48d88d5db4

    SHA256

    bbb88376fc84929c280ba68e0dbb1a577ae5a4ff3a360b28bfab9cc860c4eb6d

    SHA512

    47596890c3b1c5e0676bab5fb66b2e53aef386d7aea3dc37bc24daad09cee9019b4939ffef196d275d3360392856515a1089c7d49e091f7e1e5722c55c22bbaa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ef4102b2d59a68d66fd3a2e99da4d307

    SHA1

    409198e5596a85da71b06484a8d39e401607f093

    SHA256

    e087f8ace06c26949b6222c4a6208dcec8f98f05f7442133d9f4b7afe4c095a2

    SHA512

    46620a43b799a0996bb94366f610ce30bb657ce2937bbe15f3a9a5768e06c0acd7857aeee053b9bb7ab739ae63ebec061bb250b3986b0b49bb1c74201b197d49

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fbc52977208d8f985cdd1d271f427318

    SHA1

    89c8109c25960cf14d68c38d866b1a56495e2a18

    SHA256

    67b4953119761696068a8502a584ca6ddf5d7c5780bd446d6e1f169a946aae26

    SHA512

    a99f494a2b2e79230e13355b19943ae472e2340c0e9b4fde5e5e3b0382e10045f620680691ef300b87073eac4bae2d68793547bcdcadbb83f3ffa7b784fe3255

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f39a4405d80fd0f042d830273ca234f5

    SHA1

    48bc2dee5ee8586313196bb1940897e0d38d94cc

    SHA256

    9abd9fcd6111830737ae8bacabd7e868cac69ffb27cbaac071c5b4df0b186e4b

    SHA512

    cd0d5b24cd27863e8e6af18e1a6dd861eb077c4bebe9cbc66c9c7697ab844b080b60da057faa87d2029a2d507d7780a78b62e64e7040321603c10e2b30b29a01

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0c41a3ae0ba0c6e91f927a8162f14a16

    SHA1

    edaafbe3284df81962714dcfdcdd1975e9c8990c

    SHA256

    edcf41ce065779cf8a3ca263ee0d1bf1e0dca9b213a5852d2a9c4435bf308280

    SHA512

    6f61657f37e03dd7f78e4072754f4a8ee3f0a1a067e85b682cc73700a9230b8597928691e01499b83658db674451eb3fb0be6a0bd776257a0b4b0953ab24a919

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    79f3d2f4c4e1b839c7ed8c5e0812e080

    SHA1

    262fb6f4ce957382f1887d3c5023b7678386c39f

    SHA256

    578208f2a20210674f4a37a49fe0cef19be113b1004c2595940cd84b342304ca

    SHA512

    95b73f7e25e4003531171a15bff1bc1faa016c4821ead98aca045a596b0a939efd05ab212885efec88f2eca2aeab956cc209933672b438a395800f9be69fe948

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    cb090e61fd55f0acfd83085d685f5c55

    SHA1

    3d3dbc20643f492588cf3a8f6964a65f3fbf75c5

    SHA256

    e33d8fa32ef4bce5ea02f12bd9bf5f858dd068d6c956761c326839e700b97778

    SHA512

    4600781766fe9d484db9364cb9c5c6e316066624fbab6bb56a957b806dbe2b647e5d2f4f87f15fc96c4539f09a742df3bdb00bf12ffad715efba79f7e836aed4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    648e6c6979af3ed2accee2cda3d26af3

    SHA1

    579b2cd0519234d90f4b475e3837e5dcba37cc80

    SHA256

    4c475c7f855f44c8be88726784576053b81c6225f2421e4a442d3bcb54e2e3ef

    SHA512

    457de6214a0738f2a9afe6cdfa1e5f0826d52c852ba7ff3dede80f8bf5fa94a0aa18f21fc5df3f44658149a039cd3ed52b2185987dc6debc0aef719dccfe381c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b862375fdbc877de98275fc3469cbb0c

    SHA1

    c7b45f5302a5624f39cdad96c62fb72f41c57dc9

    SHA256

    69addace06909b4c0e169c7d1ab31bfe9a447dc167c84879e183097af768ad2a

    SHA512

    ab52e762c72bc24f9c3ceae3ff9843833aa6555fea397335ffd66feab66ad83c78865e2f520422e4434136bfc26c86649f87312a8df1ddf227143ae5029af991

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    48d150023c44cea7270a7cd2ef3d4939

    SHA1

    0111bc8ae81c129805e2c53b8e1c6442038288fe

    SHA256

    53a0d08efe33ec5c3fee21e82565aa7319a2bb5fdb74d92281f32976586be9d6

    SHA512

    1978d65ead9658346cfa13884675138793bd79f7963bd16ccc749a7c7db7c8292e673d22e302a5434fd00b5686a85b319de50ef244fee642252c725f375dd379

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6cd0655fed09973288ddd5faae37f910

    SHA1

    4fc3df5cdcc9beaafa0f64d8e85dc9a4b42129b4

    SHA256

    8bae71fa1c0b9cb581e24365eaf4d7e8d27fd524c2b44d0438fb952f510dd3cd

    SHA512

    a9ea090ad10136fb9b5fc3f5005c37ddba88b6f05c1bf1d9e6905e5e44e72588c1baf6d9b9834241d2fef881ed2628343fabb7bd85d1169a6d0af55cbe4f65b0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e465c0fc00b361fbac6801f2bb84eb6b

    SHA1

    6b120c2a1f4ce40d5b67c5bc387501de3f1836fc

    SHA256

    7db48b66daee75434206c1fe9116a73a7d3849adb5bb9ae1b457908e585917e6

    SHA512

    4a695d581c2b11a9bf65ffbbecc2af57856e8f2769e7067a71bca60c5d376ca2460d17aabd6532e9db9b76648b5a5ac6da58e484d293212b6db35f3bd532e52e

  • C:\Users\Admin\AppData\Local\Temp\Cab3CC5.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar3D88.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a