Overview

overview

3

Static

static

1

flash/新�...��.url

windows7-x64

1

flash/新�...��.url

windows10-2004-x64

1

upload/Scr...ent.js

windows7-x64

3

upload/Scr...ent.js

windows10-2004-x64

3

upload/blo...ex.htm

windows7-x64

3

upload/blo...ex.htm

windows10-2004-x64

3

upload/dbq...ex.htm

windows7-x64

3

upload/dbq...ex.htm

windows10-2004-x64

3

upload/dbq...age.js

windows7-x64

3

upload/dbq...age.js

windows10-2004-x64

3

upload/fee...ex.htm

windows7-x64

3

upload/fee...ex.htm

windows10-2004-x64

3

upload/fee...age.js

windows7-x64

3

upload/fee...age.js

windows10-2004-x64

3

upload/por...rt.ps1

windows7-x64

3

upload/por...rt.ps1

windows10-2004-x64

3

upload/por...ass.js

windows7-x64

3

upload/por...ass.js

windows10-2004-x64

3

upload/por...ex.ps1

windows7-x64

3

upload/por...ex.ps1

windows10-2004-x64

3

upload/por...ex.htm

windows7-x64

3

upload/por...ex.htm

windows10-2004-x64

3

upload/por...ent.js

windows7-x64

3

upload/por...ent.js

windows10-2004-x64

3

upload/por...ent.js

windows7-x64

3

upload/por...ent.js

windows10-2004-x64

3

upload/por...eld.js

windows7-x64

3

upload/por...eld.js

windows10-2004-x64

3

upload/por...el.ps1

windows7-x64

3

upload/por...el.ps1

windows10-2004-x64

3

upload/por...age.js

windows7-x64

3

upload/por...age.js

windows10-2004-x64

3

Analysis

  • max time kernel
    134s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    25-07-2024 10:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    upload/feedback/language/index.htm

  • Size

    1B

  • MD5

    7215ee9c7d9dc229d2921a40e899ec5f

  • SHA1

    b858cb282617fb0956d960215c8e84d1ccf909c6

  • SHA256

    36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

  • SHA512

    f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\upload\feedback\language\index.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2068
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2068 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1992

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    cfe5b40588e735e542c7ea133b2f83f5

    SHA1

    aa3fc92ce5395ed4dd4d75d6790242fa59150643

    SHA256

    5f5912c5303b31efe6ca03bff8a12f34a8b02b7d85e900d78b3a2cb78891fcc6

    SHA512

    14d26b6c728467f75cca93eecc5dfbde70cc0b4d4b7ba83c4a7e49af63fe7ce8a603f8e652643b2f722883a118621e84a9a09a0f0930c57425e9276b87547e2b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    55ecbe735938b0dfbfdedde90a274ec5

    SHA1

    d86edc2a7383e3590996b3c79332461216487244

    SHA256

    2f6a8395fc8077fdbdfda19455b3270e6d710f510ec5410d4b43579bce1f7226

    SHA512

    6a20691397df88b6bfc489368c9b4e1796d553b1cff16068ce80b0c0065790b275c58fb74d9a2f25e9d69714ce614a686977071be28dadc2b51d365e4e2defcc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    094ff1ae79fd9a460665f1ca878221b6

    SHA1

    5e20738f358646f2f547cab9e1b6e63727943b33

    SHA256

    58b63cbcf6a136cf00b7db28cc561d253575ad77dd4198abf4163c2bae06d9ed

    SHA512

    b27ce9b381b993a8a6d4ea3f926e75007efa6ae40a146e356c43fba3f2506d89c81278ce131d94f8074e1bec2c1b3e722e5f03c08b57aef4c5a3e2a49e382390

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    8fdc9cb35312583e2d47d62ed5bcc8d7

    SHA1

    e81a0eefe66aefd663061dc09a1fa93cf4ba087b

    SHA256

    ed79679645d0d72a558e47e3cc54e8fed566356b14f3d55d4430aa67e933afe3

    SHA512

    c4f8f9e8b62687d7f0dfd96f34d84b0fbe078ad56f1e769dfdb945eb804e6c0d4729df9f12f71fe35acfa9f94fd667b4d668dda77932330303531c941cbcecef

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    55411611ff8baafeaf2dfe650d9ed0ac

    SHA1

    18413eea48b5a08942cf2b8ee4a7040974754dd5

    SHA256

    8ebbe86b43b219041cac13cba04e3f804434fb8d659aa144d59fe6ddd4acf8b1

    SHA512

    1ea0bdacddef06fb26452fc681c17e183d54117ded2c810d258a222562f5fee5df2193871946ca75d74f7e297b08acc00df6bb24de8acc80b3eca25639e00c36

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    e76db513dc1f9bb378d0dbcf72ed234c

    SHA1

    e82c110084b4ba464a5369656e552c04fa6723ff

    SHA256

    86833dcf63d51c27c7cc1286e9b0848a491f59547cb39e19789e5aa509d8c5a9

    SHA512

    93b3b4be591cf799a513ad170bffe74667d7a6939ef2beb0b7ad233623f44392aa306aa1c77aaea80a725703465004ac383f37d79a0e177eaa14c88092ccb417

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    7d9381383d844a0ad48d7cc5ae0b4fe4

    SHA1

    df6d8e4563ea3aef1702a8c61684f36f73317fe7

    SHA256

    b919a9ca5995a2f96597a55c620f5a94606af914448d1ec77a38c0448e5e1002

    SHA512

    07de876f3096479645c80b9cc9c1593ec6ead0656cd511255081ee76264f7f9905ec4f6a24de2642c4b422207c262ec6bfc56de7af348e6476ac8975653a61d7

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    691ba2ad1677a6d64687f08f1080a79d

    SHA1

    aaf6b9d9627aa21b117310e7e83d3170ae373679

    SHA256

    31d38ce7cda1510374c969ab675e4bdaad277f7d2152bbd19a96660f440358d7

    SHA512

    8db653584ad9ded771918ca1c175453dd5b618c7b7d80e43e0f968acfe6093f90876c8c9aa74b76b4cca70dde0fa6937e8bbe80e6b078c88bf7354febd35ae21

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    93679847b6fb11bd7888ccb496292e81

    SHA1

    4b0ac8f78a8288a5f2ae566fbdf35f90b24c3c58

    SHA256

    bd8efa0956c0b5655be5340004fee97b5dfcac7ba5e49a7eb896b157fcbc34fd

    SHA512

    61d06973c6c1acd7e57ee23990164db6db3a4b1897c132e6cf00ce4477f449a999bee4a31f14f81e2c59dd4fdf83335fa33d8ace985eb2db7cf1dff96e6bb5db

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    2dba58c2027eac42fce1d789ad64cd2b

    SHA1

    b73c234de8b7ec8e99716053d801caf642176d0b

    SHA256

    5723b847d0675e4c21d349d7651554a712528f60ec6227d325bd5a4b26e45256

    SHA512

    82341940e3e17caf1a4946bec2fa99cb6118c2c153e47419bd693c00082389a47e4a3b9de9eb14c4709410ee9c4a033911132f1d72bd17d919694ba017970ac6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    686a153563fcc912d6a4348a7ec42889

    SHA1

    81ad4c88e6534e70cb20c598145da434c7de9d32

    SHA256

    894693bc98045ddf816178c900297814fa693d2aa7fe1171dc06ef862992f17e

    SHA512

    ab8c8b199c9c45dd315b8d75e232222708ad0e7fab8f698a1558733af795358ac249c572fa83dae546508300a706cde55117406d20bb58b30db07758abf2242e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    35867d3191674d95705ea99b8a36bf10

    SHA1

    fe56dbc0872008d89cfebdaeb3ec15107ac50e6a

    SHA256

    7d71ebfd0fd7d59292e1a2d119a34af62132828ecffed31d3b4da881867d8b19

    SHA512

    85f93352dd675e2753a3f90cfa057a4fd4ec0dc977da2574904f0c5c379b31ecd349baec035f752de24de46d072d809743ffef500bdc95eeb2279eda1769faf1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    55c8c3441b0f571caa68828a877d9f3b

    SHA1

    a68e15e13e9c5b6dba4c1a6108fcc6b4b138afaf

    SHA256

    15c48eee3ff9c5dc38e1da7f7903cc6f847f42733eed8116281ee635260c25ab

    SHA512

    67059f4841b8980b08ad7e834194b33781fdf788685449be16fc6a4240fe1a14244b13dd41c78f47901d75f8aa3c034d8200bd5196e5fa45d1d5ddc9af113968

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    623459a340485d60d4a5167bd4d5d4cb

    SHA1

    5ac00a72d6b762ec2a3b773e9d8fff0b7fefb9e9

    SHA256

    da21e7322ce2161e6bfc915391837cdb3814f0ca26026c204b5596a3b8ac1564

    SHA512

    c456bd82e99ab04e720785aae924378a0113246685f0b5d1490f96e569ab1bedf89fa132c5a836dba714bfbe8b4e4c0cc93844e11da1303a0d9e86113f66e103

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    55453670534667a6a78737933edcb669

    SHA1

    8f05dcfe81696f58d5d05905b05e95ba3666aac4

    SHA256

    3addac44a7f29922c67282f4c35d0219288da594733c8a8fb6ab700773056d90

    SHA512

    f2470e10112d5252d482e94bc12b8f0e202d85f9eeda1449bef6d1955a1cc1c0bce97734e25d969be186090b4be7d4146f134103064cc9ba8b31dfcef9701eb6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    035ef61a391ad26e52eccc7378530ad0

    SHA1

    9bea5219f4a088af36c724e1ad254f0e4c010d31

    SHA256

    96c825b55db07f30625874c1f259dd3f1b23488e9e3412b46d2c16a869f50d86

    SHA512

    5f4c5695c46821b462dc2162d617c04ea6fd8da3446d38926b816bd36ac113fa7bd679e3f0e5429017e4efcb1efe692896f8a26c80b222a01a1811db73611b80

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\CabBE72.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\TarC171.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit