Overview

overview

3

Static

static

3

Add-on/Md5Check.exe

windows7-x64

3

Add-on/Md5Check.exe

windows10-2004-x64

3

Add-on/新...��.url

windows7-x64

1

Add-on/新...��.url

windows10-2004-x64

1

upgrade/upgrade3.ps1

windows7-x64

3

upgrade/upgrade3.ps1

windows10-2004-x64

3

upgrade/up...34.ps1

windows7-x64

3

upgrade/up...34.ps1

windows10-2004-x64

3

upgrade/up...40.ps1

windows7-x64

3

upgrade/up...40.ps1

windows10-2004-x64

3

upgrade/upgrade4.ps1

windows7-x64

3

upgrade/upgrade4.ps1

windows10-2004-x64

3

upgrade/up...41.ps1

windows7-x64

3

upgrade/up...41.ps1

windows10-2004-x64

3

upload/api.../uc.js

windows7-x64

3

upload/api.../uc.js

windows10-2004-x64

3

upload/api...x.html

windows7-x64

3

upload/api...x.html

windows10-2004-x64

3

upload/api...g.html

windows7-x64

3

upload/api...g.html

windows10-2004-x64

3

upload/api...ent.js

windows7-x64

3

upload/api...ent.js

windows10-2004-x64

3

upload/api...ex.htm

windows7-x64

3

upload/api...ex.htm

windows10-2004-x64

3

upload/api...ex.htm

windows7-x64

3

upload/api...ex.htm

windows10-2004-x64

3

upload/api...ex.htm

windows7-x64

3

upload/api...ex.htm

windows10-2004-x64

3

upload/api...ex.htm

windows7-x64

3

upload/api...ex.htm

windows10-2004-x64

3

upload/api...ass.js

windows7-x64

3

upload/api...ass.js

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    24-07-2024 23:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    upload/api/passports/ucenter/template/setting.html

  • Size

    6KB

  • MD5

    6f29274c028d40a5a97aec6ac3dfa4f6

  • SHA1

    4e67fb75adbde7ece1a1c792d55959f36999b3d1

  • SHA256

    27a15901ae1237c0ab82471dc3eae3aaf0c922cffab0386e72a7f1784c8f2117

  • SHA512

    e79ece2c899f6b8d5107be6ea699266ae0cf07eedebbfe2234436d21360dcc7008c714b8ccbdf5609ca33d7779615d98e60bc90c612418e6ce652ad05499eece

  • SSDEEP

    48:jxevT5wPnByONhDhdIdcsykJ7zEfaX9cNMh293xmxyIgxp3DZMfSw4hp:jYbaPB/Ndhd+dHDtcNZdxmxmxZDLX

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\upload\api\passports\ucenter\template\setting.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2144
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2144 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1952

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5978ff4b5a28957968ac3680e8cb3dfb

    SHA1

    e43579c298c6756c7c2f19be2d544a28ff47a22c

    SHA256

    2b60ade12c1e56ee00dbe77014ad8de687ba54e6734aee6515fe9b2798404ce6

    SHA512

    7bc585d8d1b6f0bc4f4cdef9081c423036eaa1d5ba262eca9052f5b47a1467cc740c85917d670b19d63d58ac76098a0a2d0def158bcaf7cd84a512aa5d2f8594

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5ffa257a735ed3ec3062972a5c628371

    SHA1

    af0af049519a80010fda9d6f13b76ac02e027aca

    SHA256

    191c35943135fa7043f8da161604edcf3e1edd2b6a0ac96a8709a6d9b85219f2

    SHA512

    0c50a88c44a8e732fbfca38f70b4da5fa27ecc3d903cbb8cc740a969bf10a60721fde11afa880772bbf86b413cb47c0d85af5f199d6154328f10b35d3c57ed7a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ad44e66ecf234026db655d6d2940a954

    SHA1

    1eb845ea37f16b5b6ddfe9b4dfde436752ad331a

    SHA256

    91b24e5dae5acb8015c0a25bc54ad004878cfade93364b8b11cd5a427056a80c

    SHA512

    4bc7082f7efb5e4d4e5bdd94e1754288c71c045775cbf162c8e0105e8f5c764d80dae384fff304fc7ca4e7af535de0f576fec8a7ac76809d6d3565bb9910f925

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2137ae7e04c11ec7a56132057c0bb59

    SHA1

    2c49b1d9fd24b5032a93492093b1a40881dc1495

    SHA256

    c657f22053ce955295f3ef3f8068d800870bbecc46cabf4929e9342a917882c7

    SHA512

    538058654b415e6782cbbc5621a4b3c18e93e0e79aefac0f928516d2601c149d9bc239852699b80a44bbb5028a809ed9366c3b402ad7eb595cb87ec7bae22df2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f6adaacb1858fa0aee3c5d7b9e7217e8

    SHA1

    a713cb914f580b71ae2cc4a8785d0f109da90aff

    SHA256

    b19b53e957f0c9e07fd4bd3bd095d3c84e7acb10ebc227aeea0422daf7237ae8

    SHA512

    44962f913c6c100de67a4af1152b4d0a27bcb61d31e17ea1501b26a3080725b66941f59470394c8e16327ff8bd41f6ca04673c045cf7383f6e6aa1b13aecd2ae

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c636dfb3442ce034ba420ff441f5be5d

    SHA1

    c69db5e04407d05774cd4f5c1cf2f4dfc3e3b5f4

    SHA256

    6fc60764663a3f544fd6a8c9ec8144b1a011dc0dd2c8a632d779d61e157e9ebe

    SHA512

    2edc4644f8424bf47658f61fd5a6f45c418ef98dd318f6e10a07fbfebc74d79610b41db99fd4cfdddb1326779496b7f5ed2e55e7dd0c18bedf716840bf6e753d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0528f635dce4b7639797caae72f683c9

    SHA1

    bdf18435ecebbaa9de10b62aa2ade0823ea0f827

    SHA256

    8622145436e256f29f55a25627cb4b01e5f04bf237927b5a151ed9c10ea105dc

    SHA512

    4d6b1f5f2b674619e9f919c9a96f1ccff928bea0d843e6d4c6a91411d51f5758d19d89d283dcf2f1e0c78e7a300444e2f59aaac810d12ec4eed99882b4aefb7c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8fadcb1b53a3ca8178b1a8caa656ab1f

    SHA1

    ea16a32c9fffc24b261c62c6926071c0b2f3a91f

    SHA256

    53fd8e5269d679f8d4bfbd176adcfd00e84dc7c45c7154f04ae15b6c595f6c22

    SHA512

    676706c22fbd0632a27926f8b5e97e9a5d251baef1224e73a663cdfee91e003a81380640b5c1190bd12ed93337429a1f49d4f4c323704cfe3930aff84379abef

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    448c903812633f253c8fca86046bf815

    SHA1

    564160fa76ebe5ab61c07911b708dd792091640b

    SHA256

    18d4e2a5e05f26880d134e6dfd6118b76d8e7433d245a586c2b58b185d13c412

    SHA512

    cf849c4120fcab6a4789d4a5370362f40b37984d0cb9fa6ac03bcb1052db6ec68643a7c298222dd1845d0bed0522aaad0fd2fc0e4281b83d799745c9ea974e28

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8cbeaa661eaff125acbed82496d54a15

    SHA1

    c9118ff387645cc794d2d3a2392792f298d3f1aa

    SHA256

    9a248db31cd98d75d155149b3ae3601155cf136539c72a99fd74e2f40165f974

    SHA512

    adfd1c881754d9f609a73e067e944163c4cc716d891f070fbbe15c89681aa6c090703c939bcbf0fc45250dfa7a52199148880e1f06e1df56ba3a559cf24b5faf

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    362b60c28496ae23640e00092a38db61

    SHA1

    6cfe750e642dd34f120f0e2ee1734a3fcda3782d

    SHA256

    9f1367a7f39cb518aeb21478ab68ceaaa1d4897c68c8718afddc7ba0c9745bd5

    SHA512

    fa2568de3b24f1e91e1fd4311a8e184b9d587f55a44449fe51b5fffc2d65919d617319ec412702f6d44944c2819e7440205b79f13311923835749a5141433ded

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6bcc77a0085632f74ae6815baf51960b

    SHA1

    c31247d3815f26ed96b6d5567e52e3968eb33916

    SHA256

    176a864a5913e4248a88696ffd4715b51796d082d1867af47ec03c2ccf55bfdc

    SHA512

    20a8b5cc79618bbfdc1cdf57435001b45e2c0c33f55e203a889d6c6558f4aec22f25cde3355ecfa16d84e562dccc4f1447ebb30fa2416fbd12c20d4235f16b71

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    80ad500b33dd6614fe97a1ee74a270cb

    SHA1

    67a76a447b78caf4ca0a482af07a4ff176583ed9

    SHA256

    1813f1e8232fcf76b6150fff2b4638c5b7936179de248d75b6a9da3cd0c14e00

    SHA512

    49f0c7115fccac4936408e67bbac33370e83e170c6b0e8d2cbe08b3c50f9a4b523f8b26c1e55386643755dcc6a77d03eea625c3f4fade1cf2a211030fe3be607

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    836868ac78d631bbff0b5376367e8d06

    SHA1

    cdaeb710ae93bd3354a411de18b478e5e4a96381

    SHA256

    a3158897fec1d9dfd1e979fee16ab374903f8db00cdcffde2b7065a76aef76c6

    SHA512

    2b41b917d4b2399e90be3644f7ed92bbb609c8ac9927d6b3782de08ca910d9b22e01003e4f09697e6ee9b48655934c44f90ed827c9a8778598678677e0042044

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    72b5b9f2a9f72ab7604b73c6b09e5549

    SHA1

    b3d82d91474615438ddab200a7d300977b8a5348

    SHA256

    57dbad1e171c3c6806e01e0ad431e5c73a27d00d7a3a100c0b9475232714c0cf

    SHA512

    1178012fd1c6ed1a5847bd5c83d3c4dbad2a208181947bd67b4af5a014c7bc429a638508abcfd270fb80ae96b09eb97652a311eb5efe3afe60a2a60041bc5028

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8cc3ee5a52f55999993a37e6104cb3bf

    SHA1

    5a227e5db928d40c163c267bd7ab2a4bbafbb624

    SHA256

    fedc221912b0d2eca51b05faf188be20b8387399e6d39e1db14794cefac04cfc

    SHA512

    d7f80a1b722c65e0f382939c269600622b593fc766586868ed21b0e77590119f1d961187abe6fb7bec3644bffc076cb8177d545cc55a292f573aef3224b52f0d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1693e7f8c38f69c66497317f86261aa5

    SHA1

    25622f63659298d796c69b67c4b108e6ed18741b

    SHA256

    6129ed225b700059811c65b1320ff5d5ab04835d179003ddcd2e061e91a8dbff

    SHA512

    60e499cd78ce5a93cc6c0b169137af25731a518cdf9d5744d91b7347e61b0922c8a10516957dca1ba20993de9060cc6ec6ef85435a889b23469805c3be00318b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fbab4526866f1e212486106d5061000b

    SHA1

    14e227d1e9b7cb30b937ba18487427192cdda12e

    SHA256

    8cba1bf20125a7a038aad66524802509dee10f1e18dbcce958d1bb070d58e99e

    SHA512

    6bcd6d28be9ac03f43ac7e8afd95b0cc87d737001cc562e3f594314735d88d499896d45d4a71e2c28cca60f3ce94422e80ea876c788c325652dd52cc3b1d8320

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    937017ee42fadb1a2b3a5fd658da0d3d

    SHA1

    e48195768dbd03029aed6a2b79ce9be9219efa93

    SHA256

    9061cd9628f6d6c96e67d35e410f61357020f9917c15cb6b8c97f3f8722c2498

    SHA512

    786854ce8bfaff7d69c8eb84e128eba8439691df31f7dc18d7db687f91ce29e7bb998197772fd343a9ebe996e81c2aedbc46d2e7506bc29bd7de4b71b95da255

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\CabEC25.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\TarECB6.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit