Overview
overview
7Static
static
302a3142339...18.exe
windows7-x64
702a3142339...18.exe
windows10-2004-x64
7$APPDATA/s...on.dll
windows7-x64
3$APPDATA/s...on.dll
windows10-2004-x64
3$APPDATA/s...k.html
windows7-x64
1$APPDATA/s...k.html
windows10-2004-x64
1$APPDATA/s...k.html
windows7-x64
1$APPDATA/s...k.html
windows10-2004-x64
1$APPDATA/s...x.html
windows7-x64
1$APPDATA/s...x.html
windows10-2004-x64
1$APPDATA/s...m.html
windows7-x64
1$APPDATA/s...m.html
windows10-2004-x64
1$APPDATA/s...n.html
windows7-x64
1$APPDATA/s...n.html
windows10-2004-x64
1$APPDATA/s...m.html
windows7-x64
1$APPDATA/s...m.html
windows10-2004-x64
1$APPDATA/s...m.html
windows7-x64
1$APPDATA/s...m.html
windows10-2004-x64
1$APPDATA/s...m.html
windows7-x64
1$APPDATA/s...m.html
windows10-2004-x64
1$APPDATA/s...n.html
windows7-x64
1$APPDATA/s...n.html
windows10-2004-x64
1$APPDATA/s...m.html
windows7-x64
1$APPDATA/s...m.html
windows10-2004-x64
1$APPDATA/s...m.html
windows7-x64
1$APPDATA/s...m.html
windows10-2004-x64
1$APPDATA/s...m.html
windows7-x64
1$APPDATA/s...m.html
windows10-2004-x64
1$APPDATA/s...n.html
windows7-x64
1$APPDATA/s...n.html
windows10-2004-x64
1$APPDATA/s...n.html
windows7-x64
1$APPDATA/s...n.html
windows10-2004-x64
1Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
20/06/2024, 04:00
Static task
static1
Behavioral task
behavioral1
Sample
02a3142339ecc81fa8b93922e963aab6_JaffaCakes118.exe
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral2
Sample
02a3142339ecc81fa8b93922e963aab6_JaffaCakes118.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$APPDATA/seemao/config/Common.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral4
Sample
$APPDATA/seemao/config/Common.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$APPDATA/seemao/config/Seemao_blank.html
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral6
Sample
$APPDATA/seemao/config/Seemao_blank.html
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$APPDATA/seemao/config/blank.html
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral8
Sample
$APPDATA/seemao/config/blank.html
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$APPDATA/seemao/config/map/index.html
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral10
Sample
$APPDATA/seemao/config/map/index.html
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
$APPDATA/seemao/config/map/www.360buy.com.html
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral12
Sample
$APPDATA/seemao/config/map/www.360buy.com.html
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
$APPDATA/seemao/config/map/www.3dbuy.com.cn.html
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral14
Sample
$APPDATA/seemao/config/map/www.3dbuy.com.cn.html
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
$APPDATA/seemao/config/map/www.7cv.com.html
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral16
Sample
$APPDATA/seemao/config/map/www.7cv.com.html
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
$APPDATA/seemao/config/map/www.99kaoshi.com.html
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral18
Sample
$APPDATA/seemao/config/map/www.99kaoshi.com.html
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
$APPDATA/seemao/config/map/www.99read.com.html
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral20
Sample
$APPDATA/seemao/config/map/www.99read.com.html
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
$APPDATA/seemao/config/map/www.amazon.cn.html
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral22
Sample
$APPDATA/seemao/config/map/www.amazon.cn.html
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
$APPDATA/seemao/config/map/www.bgccbook.com.html
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral24
Sample
$APPDATA/seemao/config/map/www.bgccbook.com.html
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
$APPDATA/seemao/config/map/www.china-pub.com.html
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral26
Sample
$APPDATA/seemao/config/map/www.china-pub.com.html
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
$APPDATA/seemao/config/map/www.dangdang.com.html
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral28
Sample
$APPDATA/seemao/config/map/www.dangdang.com.html
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
$APPDATA/seemao/config/map/www.dazhe.cn.html
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral30
Sample
$APPDATA/seemao/config/map/www.dazhe.cn.html
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
$APPDATA/seemao/config/map/www.huachu.com.cn.html
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral32
Sample
$APPDATA/seemao/config/map/www.huachu.com.cn.html
Resource
win10v2004-20240508-en
windows10-2004-x64
General
-
Target
$APPDATA/seemao/config/map/www.99read.com.html
-
Size
2B
-
MD5
54cafa3a6d69c189cf2df3978fbdd435
-
SHA1
ab34955f0a30619fc4faa49013902031d85ddc46
-
SHA256
e12a7e051731cf1dbeefa2142a8e1abb1eb5898e2cbe4aa522120829a5588dc7
-
SHA512
43e539801d00eb39811341d67327e0e8b7d97677e08c8cd14d501c1276592a80dcc0983306f292c702a7553d34bad9fa768cf9d046059c3a4b2a1a0a892f9410
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000120ff029be258a011e8ab3a5e2ab3488ea485be205ea40e138f3e5d5efb7a38b000000000e8000000002000020000000586b89023de065413e9197d0313eed2ca2f8b28f0b7463b837ec4c87fd2ab72890000000186836fdfffe51ff2b4a2ef8e97453b297c845d465532ca6fbc6d191a2f06995ad1c557264204bbce112961993a6da2d72ed40606fa9cae2c581ce6167c6c14ef1a924ee852dc5251aa66b7eb669a562c13ccc9f66f2536072e2f0f6a6ba452923ed979e00b8ff485c2fc3748c92ce8cb893aa5f937a80d2f3992c69eb1f3a5bd1e9f7b7c9f7a6a569fe8676e564c7e140000000124907e816d3d6c6619b12972ed2e62b4ad61efa08f01fcc3e14a936624694d236724bfb3b7044ddd64b6793c5e6dcd2f578cd83a8fc57e5b5657ad3bbe5b8d5 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AD92D7A1-2EB9-11EF-9B71-FAB46556C0ED} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30bc1282c6c2da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425017939" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000c3ca96fe53a147cf4ee629b5466cd1b34bbf79d76cb2454679f740aee33db7c3000000000e800000000200002000000030c25a941f746709fb77b8ae027d3a824ad22d60c1e98379d6ca4daa7c1e0f362000000037242ab75891f6bee16d97e7d65823479ceba3d969b0ea2b215d3bce6fe40ea340000000dd6c10fa5945026559293f7b9fa7292594f816ac6070a4505e5f053275b9a2ff6673a520a4cad0108f6648f52c2431f66c1452b3481c635bda3f1b9f5f7cfb73 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2416 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2416 iexplore.exe 2416 iexplore.exe 2920 IEXPLORE.EXE 2920 IEXPLORE.EXE 2920 IEXPLORE.EXE 2920 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2416 wrote to memory of 2920 2416 iexplore.exe 28 PID 2416 wrote to memory of 2920 2416 iexplore.exe 28 PID 2416 wrote to memory of 2920 2416 iexplore.exe 28 PID 2416 wrote to memory of 2920 2416 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$APPDATA\seemao\config\map\www.99read.com.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2416 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2416 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2920
-