Overview

overview

3

Static

static

3

Add-on/Md5Check.exe

windows7-x64

3

Add-on/Md5Check.exe

windows10-2004-x64

3

Add-on/新...��.url

windows7-x64

1

Add-on/新...��.url

windows10-2004-x64

1

upgrade/upgrade3.ps1

windows7-x64

3

upgrade/upgrade3.ps1

windows10-2004-x64

3

upgrade/up...34.ps1

windows7-x64

3

upgrade/up...34.ps1

windows10-2004-x64

3

upgrade/up...40.ps1

windows7-x64

3

upgrade/up...40.ps1

windows10-2004-x64

3

upgrade/upgrade4.ps1

windows7-x64

3

upgrade/upgrade4.ps1

windows10-2004-x64

3

upgrade/up...41.ps1

windows7-x64

3

upgrade/up...41.ps1

windows10-2004-x64

3

upload/api.../uc.js

windows7-x64

3

upload/api.../uc.js

windows10-2004-x64

3

upload/api...x.html

windows7-x64

3

upload/api...x.html

windows10-2004-x64

3

upload/api...g.html

windows7-x64

3

upload/api...g.html

windows10-2004-x64

3

upload/api...ent.js

windows7-x64

3

upload/api...ent.js

windows10-2004-x64

3

upload/api...ex.htm

windows7-x64

3

upload/api...ex.htm

windows10-2004-x64

3

upload/api...ex.htm

windows7-x64

3

upload/api...ex.htm

windows10-2004-x64

3

upload/api...ex.htm

windows7-x64

3

upload/api...ex.htm

windows10-2004-x64

3

upload/api...ex.htm

windows7-x64

3

upload/api...ex.htm

windows10-2004-x64

3

upload/api...ass.js

windows7-x64

3

upload/api...ass.js

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    24-07-2024 23:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    upload/api/passports/ucenter/index.html

  • Size

    1B

  • MD5

    7215ee9c7d9dc229d2921a40e899ec5f

  • SHA1

    b858cb282617fb0956d960215c8e84d1ccf909c6

  • SHA256

    36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

  • SHA512

    f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\upload\api\passports\ucenter\index.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1604
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1604 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2552

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    b8bc9edaeb776d6f68610126e2a1feb4

    SHA1

    bcdbbe02dcedc7156cf2f53aac4ec7a83499a852

    SHA256

    fe6806d040a18d7a26b3240db63c7fa6e370dcfff757c24640b17d39b87197f2

    SHA512

    7d845e78765e92281e471018d6b9b6395af1382856c1bc265465a660e46056f2e82dee05d01d0769b1682bfb00342e4ee9db406fe4587957b2dfd9ce538f53cd

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    5075c6e3011cd5979bee82c60dd162e5

    SHA1

    67193192dcfd3a4164643c4c149d69993999bfdf

    SHA256

    6f4cd85cd1d1fae704bb83bf9c4c653903b45c601b8c20751739292448a21f02

    SHA512

    7d5c57e25d9f7d0d2a890adce98fa07a53201bae87ffb65e6db0b09f8a0111ab3ec28edef60f279a1d95714343b523583d02931481ede7ed5b038d53e9429702

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    d2919e05f0395a379a2417cc27c6ccbb

    SHA1

    83e344a8ede048e9fffa73a8ae1587f9b487d5e4

    SHA256

    5449d27a58e23e032bb3ae428777d429e7969b3b52546fb4a12a13ba72c94e1d

    SHA512

    7d6ee8ca632267e436976df2a8ea2f7c64914b4e19831bc62d6038e646ab1693eed22ac96d3b92be245781167a10c43150c2a793955a7e60a33414fad22f1f79

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    7eca8966a08c5b2e207c23811f44f481

    SHA1

    f6743252bf24ed3d3c005d68fa176aad2bd7c86c

    SHA256

    655512f9a1bbce3a4682f4bccb901a525405d6a1a54bd426940163ff462129b7

    SHA512

    be03667130be9eba9ecb53c16666dcd88276bb1231398e92c2b7ddcaba600342c78c55112df1c46bada44328c12c5b317b67ff8dd6469c92d5a5e651d737882d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    b775be81fe3636a7ab0ce1304d71f227

    SHA1

    86e2fec8cc24a9899b3252f2f2934cb12ee74532

    SHA256

    f8a8ff9458b98ef127c8a02b5cb71c2f7bcb3ef2937f2fcb6e2e1818a03cf5bb

    SHA512

    983c74411bbc5947e643a22eaa34cf02cbc037685db56e953a412ed94ed93f3764eed0f6b30cd6bbaedc2b408b3a8007de3b081b7d94eaeca157ca3a7ff40ab6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    cb6baed1c9f2496d499d244a6ebd2983

    SHA1

    2326a16b2b2fceb3790fecd0a2c3a0d9ab56f865

    SHA256

    20f1bea4ea50794ce43d94cf95dc126fae57769f1b1de96ab4ac54af90e015e9

    SHA512

    4ff0fd9476a00942b4f29b3659272df987d5658f04b758bb6663666968ebefe5492d3ca74a2f2eab3afe10b34a35ffc0cab4c3f96bd1dcab8a92ee1335a6541f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    cae9e3881472431ce0eae8360f8614b2

    SHA1

    cd2bcab67e1223d4bbb0fd7ec0d08c6c93a05fee

    SHA256

    cd22c0e497f2b3f262e12d4dc53e8694e5417a160b181e44240f31e0894f5ef0

    SHA512

    33eaca10afb38a54c401db92af73b191bf4a9ecafd88388cdb6b360191ecf1560e382367be3502933a539cf371e6fb8e90ac6d6e231302bab59c5caecc6916a5

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    d0fe7fbd05775dcf6fad41532fb7398a

    SHA1

    f71508e2c6f18871d7d80b3aa1252ed3aebbe791

    SHA256

    d8d798213fe5ace7385c697a827b765bdd94a5d1c88b6b99380baafe9ec8ea6b

    SHA512

    7520103e7bc3b562a3372b8e7b821bcd0d2e16ddcc26d1b465915783e1148f8d72fa9832b56d0faf0db9308d7f048e1abd0f66edfba580409a50835f83c3a756

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    aa0c1f75d49308cdb79d1527827e3895

    SHA1

    3e30318bb025cbdd6fed753118a6156733129a0c

    SHA256

    57101d2165d49340428d1bbb7470742339b5c705cf9ae9b24f512e1819597df9

    SHA512

    e361dfee8dfa0f17e703800c76fb46c949997597a61c41bcdd9ead85472e0f4cfc60720546502bb1a85596812807e0da740b4218b4c6002d5b2b72b2f703c76c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    7adb4edf36d44eb45e3dbfd2ccb583a9

    SHA1

    86a7085032040834cdb687f538be670aed9e311c

    SHA256

    8b36758936b9858a768969a52475dc2fd0a466d022e93c38898bc7c69e4a27f3

    SHA512

    116fb4d87be8cbc92b2a5dc0d6748acd3abdc81bc8ea3c83a4ffc65d3867ace141c06e137dbeafd4ad865122e16c25dcc5168dae856106d351bd8e6d067b75ee

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    5d6eec5b9cdb2487fea19697dd6ce412

    SHA1

    70eefbb1a20384ce247baafa87b7bfddbefa4e2f

    SHA256

    933d8cd4f62442e1607765d85ed21da4d37bfa3ffd16c0f3d0d8bfa8e804a8a0

    SHA512

    65ad0aad9aee75453fadaaccf36b1f294778d96f7f11c48896dd7f6be280e5704ec4f3c652f978719c96d3d587ef39143a7b8365eb594170d1104d96ff0adf56

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    cb649a90bf34e3d7c43b54d8cc8b9aff

    SHA1

    a96ff550652425bd329a1de71008582a73b055bf

    SHA256

    bb3ebaa752ebf0e40561459cba05c945c9dc2eb86ee449bffb3c9450df60261b

    SHA512

    c8533bede0ef69f1d6965046b465fad5536bf3d0b4a41bbbd84ef55aa43ba794a78bb60b0275cdbfc6cb2cc7e0b47947df59433a1dc9b10ee648136267e5cf21

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    4e90b1ef67554ceb4dfe1c865b0ab4f7

    SHA1

    e303a407ec52fa8e5a2d85de1fc30af112ce67e3

    SHA256

    20e4b42c4a09d42b4d94eaf4292aaebe931e7309c7e8b20cd0d99c69a7cd5eca

    SHA512

    4be4a6945884226394ef4dd37373831c7f55047fdf0579ba38fbb9f5ee5d1b43f5b1a10549b8446b45d7d3b9ed0f4a7ee005de188ae113ea7de81793d1d75e6b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    ce2746fdda7782225cfa14c5cdf744e4

    SHA1

    522cd9b8380d765409c915a38936e2aae79c0b38

    SHA256

    e57fa7748f382bb09cbbfcc5cb6f3b4cf78ab1598ab8b39781116f0bfd7dd6c7

    SHA512

    9cafead930355ae3b2053203840fe6ca03a9ff8cfa38973a8a24b745ec98240b3a7db53a11d1723f47aef3b8df2141483fb6288a110a0161c59399610638db9a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    960008eaf182c182aed1c25babe6af3a

    SHA1

    161ef7b7e200c5591cc8c2b76ab2395ed22cda3f

    SHA256

    d85fe4e479bb0056e598fcede1448c109fc60673320f71b553710b09962bcbd1

    SHA512

    94ce74d586a0150356ab828bb9ddcbc6479c6fcd2ece196be105088fce9bb8b93f6112c495986c34c8505fefadbcb9e928395a7e6cbf0094c082984614783bc5

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    5cf1595480c3938105a27efc10285e18

    SHA1

    177513383736c606213f2b7a04df82bdb505c1ff

    SHA256

    dd68e21ca4c0c308fb9bdfff664a5b09702030bfdca7ac09616da35fc8e13c2c

    SHA512

    33e59ec7804c79c23e0c0fd341457e69bce7f28a3ff66d98c42cf43f2643d73cfb9beff4988a720017752312f7456024e84c1ab7b7b67392c45d8a50078bdd1c

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\CabBE33.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\TarBEE4.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit