Analysis

  • max time kernel
    133s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    22-06-2024 12:43

General

  • Target

    apps/admin/view/default/common/ueditor.html

  • Size

    1KB

  • MD5

    3eec50935b3e31c414c17dad26d6b130

  • SHA1

    89aac376eb6c8e7fcfb5acd65a9b65c9fb29c6ff

  • SHA256

    0ad8e0e617d779f2c91a30cd09038c6ddd5fe7de16d006f65333cbe16a9be869

  • SHA512

    3bbf224c2332e564702e51222b5bf4f631edd01d84732ebde2835e89f62277d7d50abd27b1db44d604edeafd14453b296b783e6db7aa27b97ff1873af00ea4ed

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\apps\admin\view\default\common\ueditor.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2900
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2768

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f941cd143469d13af5a94e2ad5207d7e

    SHA1

    6ae6e666f6f2877a6c6222c9cd21bbf2a3fb5e10

    SHA256

    de49286cbdc2f8bafe716e69b8a774bf8325d8b2b18591ed92248be30d5a9600

    SHA512

    37e78c408b45ae6c17f6daaf1a46af384b408bd3f25dd71db5310ca9621769f37ff7b5ffaa7e16bbfc4bab9aedc191c6a8bd1a9ea0cd9ef68f29d591a01689a9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2b64e5a4ad46d9fc4715178e58f7d901

    SHA1

    4c1dbc1f56e8db329d70f8c2558c1d4be9acf787

    SHA256

    890f965de2008d8d1161f8f63e4b5a875430c6cfee584f26185b74c9f3ad00a8

    SHA512

    acf55267017a7956295ff243c9f0bcb69a70bd83140d6b0af5c63a4494b011ad471dbc0611e9fbad950a6289058f56d46e76f1236f6243bf081891759cc5b7ef

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6590d8a4babf303fc6a8756e7268664a

    SHA1

    62531eca64f115773f651d1572b7749827223f6a

    SHA256

    ec6e5bae1700d0ebb7a2d6754a515d81bb28068e71e6dbcf1a8597e59244edc2

    SHA512

    d17c15cc0659d45c8d394b34bfd941a1050ad78b1fd8381a2083515e61f1c60296778bd732d6776c53d91435764738a19a155cd63fa858ec28f86c9b0be85a10

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    af257469d9ef509c3d9d7942da0fab1c

    SHA1

    3ec8e9d4302a6f55f29b8f1afed1d70b5ffbf2ca

    SHA256

    c0e5bb826bc155298d08579d3782cd3c20521d81322a81b99228b86cac5eabfa

    SHA512

    1b1ac9295988c76b871b5f185000675f9522bc4ffd8fd5949fd88bd8da20d06063458934a2eeba5da19b61696488a17037d686edadafa2e4669c2bff5e023f30

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    23a11087f88576e81868a9851dc1b396

    SHA1

    3a3e326db6540c07eb9f340b10c7b0d24e3c5a97

    SHA256

    f94d6ab421dd3a780b91f45b827548c12e80765479c9c011ec5cb3e0c7b9bdb2

    SHA512

    6195024517eabd110ad7e429aa7e8aec6a64b030308525f5030b94e440bbdf2354fa60564546a05783e0b50e587e49a3900612bca2976686a65c2470a4f0d83e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f66f52eca3a62bbe5da0fa6c653382d2

    SHA1

    c448ef81e821df1c234fd3f5076c9aca4420399f

    SHA256

    ab88b19f7b62d765ad87ad80e62df267fcb0cfdb07128986aab302120c13226d

    SHA512

    9cc7cbc064d26cca7fb54d7c4ec8ea4d6ba7abe3ec5a758c3da009809118c8adf7898ba881633044ac0c9d190dca2ab6f9ffe0c0928b7f819d4cdde9ac2e258a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    47a4330f2176f675cfb60c4d97458e2d

    SHA1

    1bc18706619fcfbf05b248c696e6193219de8858

    SHA256

    6d763916114de23f52a2c669765f28d51cc61052dddce892ee18b2bb13d396e0

    SHA512

    d5daae009a2799c6d8a7f415156ba3f6a63e28b9152e0e50555bda8f8ae51008b51aa6e08b414a58b3ba29e19b522e25e92ec6faba37612274b0e0ba7d9bc9e0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    782ec9dc3dbbe8b5053a23d92947cb35

    SHA1

    46bbce1fcd4170ffda7cffd4d8bc46d98c4c6221

    SHA256

    ce8fd13052e301dec2ad9a77b8384cf113e072ddbc889c026e83214b743cd59d

    SHA512

    e1a9522219652be29320e3fda410ae3ff96097ae10ecede3190fcd9554dffcfe4a5c0b41be74356f03b65160ab2b16f89d7d2de027305ad0089329a91b76ebd0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9678b26e0f75c7d289f77030bd28e82b

    SHA1

    0f9b0cb6401168489b997e5967ec6b801cc14366

    SHA256

    aef542864a7f13dca5eb7426568c64926a0f5c8a6db33c85753660e3723cbdfb

    SHA512

    b47a9cf622472c79da8b5c7fdc8eb5dd331207da6a554d365c4423b091f714cb26109d5bdb4dde85ac2ac3f6c68bd0392cbc233452ce9fcb9575da904c0b4cac

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    dc3b14a17a1c64258e91a79784eaa3d6

    SHA1

    ef14f4fadc10a27198613932f8fcf2955eb3e0a5

    SHA256

    0f8da8e407955a0c1263a4f80facbbc8179b66507cbb831bfbf4abe9dd521097

    SHA512

    218e108dfcb6e394902233211aa8a9f6063df88b8ab45bcd6ba92fb205d997dcc3cb405dfd0db17afae87defcb19102f1a34c93a14dc4a5974f46a06693b8a7a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b5b060da705decb544ec4c96f5abc820

    SHA1

    cb06d07f94d4768f66ae81e33713845b367dec03

    SHA256

    4eebf7bf06578ee06d20725ffdb61ba803730bb7df4786132423e51117e32f08

    SHA512

    6628910fd195df0f7177671df9d10f6fe4240ea2f1c67e0bd9174bdbfc7ec5a5cb3cde05859c76b5ce0cebdc4ced93c0880cc2eee20ab4f6605316b4bc573310

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7671206271e0ac737647b3b997cfacc2

    SHA1

    dc5a6805152b671ad397ef4bb01896a4d35c6f90

    SHA256

    5738a78ccf843c26f51f42c32e9bc8c8a3c5e1c53454add579bf9ad7b98ed22c

    SHA512

    0f6ff94ab76706fbcb4f1a8422a0db741613a7deeefbceb4d890be6d15b9d3cb72886d775bafa19f380f52e0ac363c7468513f4a8cf0805f0560eefa5f4d480d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    892a8b121b2f66f660a9a712524867d0

    SHA1

    42aab08d973d9d3cce1c8fcc2e0c74766fef2db3

    SHA256

    7983af4dc36e556579adfd06c450139c42bd5b3468c1eb055debb75e8b506f14

    SHA512

    7d11bf51d41c19603d34cf2d4ecc3d4f6c452ce0af4a3c9b3c3f5c1ffa5ca94fcb61596571cd9ead7063018438997f8d8e660df3be181081f4a2dbafc135c090

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e05d72e52f6cfabed94e943fd7d18980

    SHA1

    f0efc7993a2debb14b1d34f376dbacbf0437fb86

    SHA256

    6f43ca1330ad6942429c192fb22edf22cc70ec44961b1799dce789ee58e63268

    SHA512

    231fcbad70dcd26d4e8978d6bda0b10048c6bc6dc8fc5cf389f85ad0508fef3943201c1c679844d26539f1c7dc7147f6c0b1b78a7a8efe691d7d5ef766ae03cd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    839fe406aa1c46678489608ddb466723

    SHA1

    d061673ee9d27b91282d3f0e01268f66a56eefa9

    SHA256

    23e51dcae6714944b4c91db4329c2908715ac56c61a814d6991286f681de81fb

    SHA512

    2e67dedbc946a2f71a0dfbe0b9ccd2e9166cdb6b51f4ab31a6aa03115b74c6abfd2997d267266d4c6a933eac57b96e6117609dd601323d41a7e4a9d1606a5413

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b1d9037f7a4fab3f7a293d1315ffc555

    SHA1

    97eee69ec34dbd9f397209bf0d34f64b4aae3546

    SHA256

    69b747ba8507f6eb681919591e14beb942e7d92d59049d3d9811b4b238da678e

    SHA512

    ae5332a43a57c22ac4f5261481e67efeb92371b8e9d493dfa602a4dd7f411158bcf804c23367e3b8c28a5854bdd400815aa27ad16ee1f805e128ea0ee9c798b3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e9088084bef1a85adfb575f614cd210e

    SHA1

    fe0eac472962fd975ed6e229d255a9acc46bfaa8

    SHA256

    5500dc55463b79da76e0f1136d7b2f2fee6c5f8e05c4afcfd5660cc96ae4b6a9

    SHA512

    6c4b55370317ca253deeb4004786c5ef9e9f3912488d07cd35339d5abbef71e4ecee4b9835883cdf6f977d5262f764589f01f1f3ffe3f2025083f0b3e1f3b897

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e28cd301c23238715759b8ba3223f635

    SHA1

    7d5056c93fa4af1b6df3f17311561cee569e85ce

    SHA256

    82a61e5b95c0fd707c7f723162c3fe09b448b49bd880a74d90f6018592b80b05

    SHA512

    a62361b14da56adaec4d7251af300b72313c243a7f37a2e7d25f0272998ad9dc8a7dfbce6760bb97368d845d3d6e46c08ec38a31b9e48adbb88b19d7327a7528

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2b8a3d0846597f2625248b4b25454780

    SHA1

    06cf14cf33c9c820864349d195670fd001d90ab5

    SHA256

    5690c7c127d57c3413d36910d25d593b0a2c82d59f7451f78f51ab349464849d

    SHA512

    e1539d3985988cbfa44cd63635a5fdf20fa5e5020a350e77286d5678cf435c8eea08ae2fffe7142b60a37fcb473f765fd5a3883ce57a4e9245cb2976793d897f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9881e021fc96ba81c531209c732fcb8f

    SHA1

    cd187faae975354ba45df625f3a356ae9c62d023

    SHA256

    1b81e2a9662baaae57ef67d7e516a0bafb8dc152d3fcf7dbd4223f727444539c

    SHA512

    f27dd83659ebfab4ad8cc270b6bfc812bb15d74e4d0a379131c52b93ccfdf5bbc0dfb0f2addffbb8601641750aa47541b60234c3b5299a13106fcf7952bcd328

  • C:\Users\Admin\AppData\Local\Temp\Cab22AF.tmp

    Filesize

    67KB

    MD5

    2d3dcf90f6c99f47e7593ea250c9e749

    SHA1

    51be82be4a272669983313565b4940d4b1385237

    SHA256

    8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

    SHA512

    9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

  • C:\Users\Admin\AppData\Local\Temp\Tar2353.tmp

    Filesize

    160KB

    MD5

    7186ad693b8ad9444401bd9bcd2217c2

    SHA1

    5c28ca10a650f6026b0df4737078fa4197f3bac1

    SHA256

    9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

    SHA512

    135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b