Analysis

  • max time kernel
    146s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11/06/2024, 15:07

General

  • Target

    下载说明.html

  • Size

    2KB

  • MD5

    301199c97ca0dfeea3982a25196bc290

  • SHA1

    a388cda7d6868d51503dd1556ff40b92d530f5a8

  • SHA256

    7d3d10044a954539b79888f4dfa5815adac5297c47767a62735c63a10559b504

  • SHA512

    8fde0a403b9132434e82e5e0c08dd18a81dfed4b23607be66cb71810600f3dacc84b66379ae1e4bd3f6b07a99fd6843453f13433bfec173d26199d94040c273e

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\下载说明.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2792
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1444

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          0b392aed6428292ac51b2053972b3102

          SHA1

          2d47005271634d2a85dee2656c1837f36e82ba23

          SHA256

          a30142a3ce8dae3191b0a13e8fed6fc9d3dd08ee089f0b44940b22fff31d9372

          SHA512

          2e958e5273c09935c3c54e5cfe79123876723d7bd296baefda5ce14d35a66d8f15b52828d7867d2f4d77d07945ad563faf2bec43bf810a99897a893119a7aed3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          838a86bf6281b69fa8f6c2bceb0e7851

          SHA1

          800814d919d7d545633a7a90ff26f0a92082a721

          SHA256

          d64d50b131d435742706a22c9bbc6dab98c30cc3c760004fc69bd9d8c79a9afd

          SHA512

          dfe807cdb77c4c04152ecea1bc1c380c40aed714795a48e785bed1b567bd05901ec793a6613d9130d5b398257dd4c3d1669345e84e2e2da497bf8fdfbe590729

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          669f2992bccbb77448eb9e6b539b942c

          SHA1

          1a522a1813f459fda223468ce1e5ed0613d6744b

          SHA256

          ca5262b8790e969f17032a6e7c8ce7a13af3675eb2bf1ebddf0d35d913075641

          SHA512

          6c8d6dd9cc10ec18e3d7f0e64db513afbcf9113bce95c495dc918694a71551b092f640e180ed981216beb1a2b3f3d3f580f1ae51bebd9cf1bc3800a66792d5b3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b0e1e42a47d2304be2a1db3a78ab4d95

          SHA1

          da8c1ebf605162fd7c567a19cf71742de11080d9

          SHA256

          1f1b6674d6cb94a5392cf66f73f1ecd8dc6bf1c2b4e01256dbba41c87af9d67d

          SHA512

          a66c6a8608c8f717b0ce1560e35cc3cdef75264b0e65497f62a5bf2c2f41656abb0e9211575605378ce866322fecfc31960bb41f2c830b98e0e9035d45316f46

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a979e23b36589244f0197f868a056791

          SHA1

          5a5d8d2876a9ecab35b1918c83675f233264f306

          SHA256

          c44098e638473881dee0b78e9edb9bfd6beccfcc2f51354966dccedb1d1c7aa2

          SHA512

          a06f105d1e35393509f6fa38516be4033fc99481b2e8dda63c978caec0a65cc054837e5e03a64b8cd48cf546f6feb02f8782cbdb47344a4906fa65ca82a35779

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a5a7db75c4c074e07a20d30f224a3f67

          SHA1

          9ce9a2ea0584ec00d45ac69c9440ad507c6c1bf2

          SHA256

          c4cf7a1835dee47b34e223efa32e2ea39923406ee6cefbea81094d72cb282959

          SHA512

          65428ceedb75fe9fb3adb7838f17ad164001dc53bb614cbceae9d2d5acbf8428550c411544eec8249ea6ddd2fbdfbf60fbc866cee1f994724d5930c54eaa2c72

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7f6698970df5db1da19b34fceede32bc

          SHA1

          737ac69e458961578dae0f0496238be9f9e30406

          SHA256

          63af56e287561545b70bdac9857180752d67c2ae3cab8e36d45d4339ed565fc8

          SHA512

          f2a38e1540a68e67fbc99488ad051a3b8036646390f8cdb2bb3248d819b74cc21db96d10cef6cc0c1d75801635fea4c5f26fc470b83e2be287ad8be30090133a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7c95054cd3c54c7fcd04f183117a2643

          SHA1

          08ae6b0459063b3d3d14d9b56888b1e1d75575de

          SHA256

          4132726fafaf7af4cc646a163c913fb40b0facb735315be7f7fb85eac3788f6d

          SHA512

          526057a02d9e533c7d703404d0079fd74442a0f70564f3d443baaffefef246044ba88f47d8e40c77c0f622c42cf20ecadf6115af624a833c6ab6abbae8de8233

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          611aa50d64b30050463b3f1da46ce6c9

          SHA1

          436e41463c7a6ce08fc4983a95977ccfe3d18f16

          SHA256

          02444a9cbd02812b431c901018dd6a1ac39327f6861e25812df9f6171630e2fd

          SHA512

          63ad2ba8dabca3dca8924ef48c256b9da397f53ede3e810396e18083277372e27fbec78388e8215442347eb8479488a832b90d0f840a497fbf6808b8ad3e500d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e9f9a90fb43a74f7d19a0b6d884f8262

          SHA1

          e3c56700c60e9c5c31b775739034b92a4635776a

          SHA256

          0609cc4f0344f905213d81caeb47e80f8d49934c3ca6e5cc1046a9740de3a0a0

          SHA512

          ac30a40d5b4607ea8fa54efc1e1f4644c4f60a5c38a11ac99fb1d15083fb6aa81a753e05c8a5f59422948ab0317d8e14fe4349bfaf85ef0fb1dfb83babb897d6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e38252dcd2a731efaa67edc978efb472

          SHA1

          da61d3e6bc5df9409f0c9f706c01885b04a157f7

          SHA256

          a7c45d0edf16877174682897d10018a8c0535c20956eade1b1b5a22e8348e98b

          SHA512

          d300b2fb7f1e328c1108bb33a081741df291e98c8187e9ab83f1952971932f6d3bbdde93623e2d92eca71c7c4c827e0c63b54d945c22b5b2f3860ef052933ef9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          12a9f527d666ea899eaef7fb27e043a3

          SHA1

          94bd0b3df2f5723bc5f80e7ba9fbdead7ea20292

          SHA256

          40546be543eeaa859f83ff4287f064055f5482552968513a165215e565e3c73c

          SHA512

          861bf723d5281fa901f8b760a1f9594f3d081bfdf779d41e197e9302df5d87148c2be38756783739399d8114e7e09a4c2f1092f294be29c4a19deb17bbe31974

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          ac8eb29648d29c37a07160158800f7cf

          SHA1

          170be5c943cdc7fb8f06dcd2c20698bdb5fee402

          SHA256

          f7aee9c251f102d3a27c0223ff2aa9651254d7672cb4796fdc8ad6e646d28246

          SHA512

          7d2e58e03f4195d67a74659328a0ae73f06ffac05a72ffa5106995e6a4cef7d74d3ad916862eb0e7ad15cd86afb921ab0d7a9d7952747a83f5117f7159666162

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          3c1beab9d2c6a6d3361e9bf32bd7b694

          SHA1

          e3e6b019537b125744388409afe2821dce9dd929

          SHA256

          53222ba6eeb0bb6c10b2f56ae0ca3b280c9913034ed20b6637c1189e6fa44a6d

          SHA512

          5a588b2bde59d6d4aa26c3cd6e1119c7ebe41da3e4787a533773d0a93ad2322721d97e690bc7cb6d0811f0a1e66a55f86896685066b4a0deb9ff483387a8822e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          11e8cd9fee72c47c4ab04781ce78a306

          SHA1

          04023cd891bc79878bd68288145251ca54f834e0

          SHA256

          b16ef8a33967b780b33d22ceb63a3b4eb79025dc8d3c84ca7365b097826e3a21

          SHA512

          ff82ffce3f1ae4a22caccfc3ae368396fc834b0237edbf20781e7a4e53ba51e632f6bf1bdca58a9c8f46db7524f51e3f9fb77e0be068efdc5eb860e7d37d19df

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e97c1cd3baa01fca80716b86e9be242c

          SHA1

          d6fa1cd0b28e226776c08e44414647b791f61623

          SHA256

          587ea77c4e514d6e607a796ec86cd53a74cb5df3d7bd5832b225f5ce5c354879

          SHA512

          f036e383ece5dc69b5bae45f9ca3934425cb93755d2b7e6de02e435e9077390ae7cc9ea6dcac76361518297f0fb8911cc43f1c4605cd74531265168cef481666

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2b472f4162a0df5d61c5c2c25354763a

          SHA1

          a7d9beb853c7f9d9350b4320d659b686221f56eb

          SHA256

          44df7b4b6071f765d58d54cfff3a419966e74f19bfcf3862df5360a601cd0f62

          SHA512

          493ae2409f52ebcf4331b7295cec4a8943a43c1198a38fe628d4945a937a8954b9a7a1137de41e32c3cfd9faad2d2e156d5241d0006db800e759af7027020221

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          0d64c5f4ab5b055c2eb5d0a584e6cbec

          SHA1

          73c1cf51182cd4bc5e23048ec10668b9b009c7ae

          SHA256

          7fdb65997abb126db5a751670d0d6fda16d6152380f9d3e494ba7a37349ad1fa

          SHA512

          3ce4de8143af70b826c8818bb1008b687837f6cd53dc171b74939800bd91b94588ed50c39fa0b9a60ef7b6a44d33d626f42011cdf5d4cf7921e272efebc89504

        • C:\Users\Admin\AppData\Local\Temp\Cab26F2.tmp

          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

        • C:\Users\Admin\AppData\Local\Temp\Tar2804.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b