Overview

overview

10

Static

static

3

ELTIMASeri...st.exe

windows7-x64

10

ELTIMASeri...st.exe

windows10-2004-x64

10

ELTIMASeri...��.htm

windows7-x64

1

ELTIMASeri...��.htm

windows10-2004-x64

1

ELTIMASeri...�).url

windows7-x64

1

ELTIMASeri...�).url

windows10-2004-x64

1

Analysis

  • max time kernel
    138s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    20-05-2024 01:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ELTIMASerialSplitter/下载说明.htm

  • Size

    3KB

  • MD5

    9bd1ac9ead8eda95e8284f12ddba89e2

  • SHA1

    44ad2b426711da0bc122d500b9117808385bd406

  • SHA256

    54198ae94a082537ca82686954de11084ebb050917b65871fe1639c2c1a308b8

  • SHA512

    e94611639a7396705f684055fa762db261bbaffb2d7b459b1fddbd44d25358b3bb3111ae84a8bc444388f26908193fbfa79c232570f52a38f1c49fb57b322850

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ELTIMASerialSplitter\下载说明.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1412
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1412 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2040

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    020e0fbcca2794223c99ede78f9f899b

    SHA1

    954219a823e2c6db59485228289c02c7871182c5

    SHA256

    65638af5c3e5faa86b25b524e7dc6e6b83ebe71025053acddc478f950572733f

    SHA512

    5c435ca3333cac309372fda54615eb7c71bcd311661b8cee264d552b68c099a62ef76485a99019d50484e9242a6c3edbe06613925e9345d6dd19c99927d2cb9b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3961e5af1ce3f940ecb099a2a8d181a9

    SHA1

    2e520f0d63224d635255c90328252a1fd75a3f1e

    SHA256

    dcb64fab01acf2118360160a07c6be361085c976a623a61e5ac3f2e8fe5ded5e

    SHA512

    2c18343f177ce4dc6240dfb88c765eb490d2099cf7aae7cbc3922f41ed020615740a5e1c0b9ee679147abc8ddfc9b5f2d0fdbcbc1f60054f93907b178ec40c0e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    24941416b599c59e1982dcd3947d50ac

    SHA1

    ab5b73c31951e7e41b022f9f588cbd56052f101e

    SHA256

    67f8ee44d2acd3ddfc5304f3364fd1738bfc1e3042528c1a2f975e377d1ea25c

    SHA512

    fd70da41506a4b984a1afc0db7d4d33ce9f31100ee5956d392292a1703bd58adffa78dccb58edfd9b71a126c4d0b3da03e29263e3a82fc69db940f9f85de7023

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9ee44ff2937e063ae65cdd039a0ef559

    SHA1

    f206169724effb49e7b40d302e99aead7ecb69f1

    SHA256

    6b7624bdd44ab040d8166df7454eb8b7d0da4f135d2e550e912f79c445c635d0

    SHA512

    2270527dac317d3a6c109cf9053a193342b8047cee06afda428eae6de281cf5736a2aba55411789f13aa3f7c695a68fa48c2e6a18f1faa5283126794f86e11b3

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    17f63223fdd50c6e1312987530066881

    SHA1

    b5a01c6e9bc36d591fb05fd68be1c3fbc41aec9e

    SHA256

    cc6b60a1bedb4384bddbe6f20ee4bcf37f262e11b638d88a48803d571a1c528f

    SHA512

    3895f694485f8790a3e1e66201404c1b818f22663d7ec17514413fb95bae7a4f482a88debb6db59cb722c3cd47e29f34d21b2d44f2820db0ea8a8c712a4dc7d1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b451c42de3c2af83a1be0a18db5241cf

    SHA1

    761fb4a3c4e3bdc9522fd0470064881d8ea610cd

    SHA256

    ba6c4ac30174c730308f4f133e501c442bf97bddfb6334390c244aab709eeea4

    SHA512

    ba5ba973784362c2caa997b3a84a9787f2759f8e54874a967ac6d83d7feba078dc6a7a53e7f0b4c601c6f203de7acefdaa95232b7604a14baba245bd7cf6afde

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bd3b833384d6c61aaf2a492e56817c12

    SHA1

    926ad7aa5a287bfe711f9db32ef2518d4dbfa6aa

    SHA256

    37fd54e79a2a005c314a8f75ea324f32e1772bb2221b81fe3315f53a91e0c8af

    SHA512

    404b158b4c81da9bdf6110002dbfc23e0d8d15cecbfc7ffe03915924ff98607cc5f43fd6da57f7f973a20065cb01931ffc64d6f71cd2e0c71023fffc606aa8b1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    af3a61898590ec1d4105b897b5b87a05

    SHA1

    efe221b995e76548d0b3c7b25b62b1464047f71d

    SHA256

    25ff8116e2570ed80b79c1da5f58f4986eb528d95b7d83f054537f43047911cd

    SHA512

    668e3d82e6764fe95dd46151091fca08d560d6c6283330e2c9d504fb425791b360040905cb71657b360a43b214b27dd9f8c23600f41e4ad49e749ab4ffb07a79

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e133d3fcb03a2c87aca13f2d2a954d08

    SHA1

    66645dd90c5ce4c32e6244479344192f2bc5da4e

    SHA256

    dc1cd71e1deb366cdd94cc26f563c0db7c13ab96d944f64ae90086b27556834e

    SHA512

    9a24b2a6ea14ccb0045c3aa178295399a107872b192871a77d0823d2bbbe26212514b4ae7478bab46a323108a9feb15cf4e224fb402511d1d9c470d07d96c555

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b52626796752ed78aa8b3d7f25193c4c

    SHA1

    b0c16bd0966addf7d9a7dbf94e71463cf56e63b1

    SHA256

    cda71d09e3d78dd1d9c6cdd80996e8d4f83bdbda3a828ad453a74738c32cf380

    SHA512

    678c56427d4c2dee3405b5a446211e5e969beb35e8a8aa174feb5f6cb3eb41b82d9aec6bdebcb9e00f2987e47ec3f8ac2c75da5aff4db95b2ceabec93276f0d2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b87f9b86c8ce1bff555ae5fc57c610e2

    SHA1

    9516ae09600a4d08ad075cd358cb7fe52f1c5c81

    SHA256

    d932eee54b74db53d5054ed0b18e3b3c06b903d2cebedccea8afc5a76455f31b

    SHA512

    eb31105485d66bbadb7d2a225ec527a176be6b43aa5cc49d7f4a27347b4295acdeec104509d6a5e3f0f9a341125d8bf3306eede0a9038fd98a6b14118ddec013

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b783dbcdbfddc2c6739610ae9736ff4b

    SHA1

    e36ef58d19375baf6ac920c0d8bbd77b65158bf5

    SHA256

    8f66c2928f52817a6fbc6e9612a8e024d336e16ccc5fd9d07c1b122da881fb61

    SHA512

    fde89dbdd18524e46db37a5bd68dd8e003620dbca9704c5ae769d49cff7a241a6b6329b926b1cf313233cc65dd56680ec32cb1416941ea5826620e612779f04f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b1c733fe5ed802a54d8bbd1aaa0415d8

    SHA1

    b8d615449568d6fda6aabd43fd8347af4695c30a

    SHA256

    50bc5e44f9ad5a8e4808871c52773d02e2d9f437137ba9c051f63731cc86d8f7

    SHA512

    8d479a5346d3b9a9ce41c0593e637d5710d791a789d23d1e48de488cb5d34c1c7fb6cd4e02d7de854cb5ec28fe89dbc3df78e5e7f5e0f347aa1bd55efff8ebdc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f8e53779110162f08b55603d3ae1956a

    SHA1

    1869132121eacf5a9d4982f3d6270e45e7a81b5d

    SHA256

    acda8afb860bc1b87e17b2f0402b86fb8084aa398b22b9fa3cfc7151e46ba60a

    SHA512

    ae4940c8d57526c6f52f8bcb14d71879610462974642703cc4288404c842fb652e2967c7f0c0ebc7161c029e9c0bde1be09f47634ff82b51c2b54ceee9ccdd81

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bcdc593953d2154da7cebf4aee2aa2ff

    SHA1

    578fd7f08b8eab8fdaf820a9d551774f6e987961

    SHA256

    80aedd3ef87b2bcf584490a2ab875ee80dbd4d1df592579d78c55615bfbe6ca0

    SHA512

    39033444310d35c8df05a2ccd1839ed58b3c935177711b2e26d3ddfdb978e62178d1998ab2537e0beb0d97748448518731b2c81c999346d5a84a3f7901c5f8c0

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a4e6d9ce18b5024278c8cec0061a154d

    SHA1

    babcf1b87a13b250cf91bc4a3a1b81d764acc2f4

    SHA256

    bee5f65ca79f35f41292c4e624b13c3ccdf42173b94a8820b284ec5129de5b68

    SHA512

    e769af6ef8682b15a71f4ca402321c5327c51b90dc5119a8bb7dce6142fd677ca49a441001d98c19d81431dbf32c259ce150e3ab903e3adb1f437967ff8d0801

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\CabDDD2.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\CabDEC0.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\TarDF32.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit