Overview

overview

3

Static

static

1

flash/新�...��.url

windows7-x64

1

flash/新�...��.url

windows10-2004-x64

1

upload/Scr...ent.js

windows7-x64

3

upload/Scr...ent.js

windows10-2004-x64

3

upload/blo...ex.htm

windows7-x64

3

upload/blo...ex.htm

windows10-2004-x64

3

upload/dbq...ex.htm

windows7-x64

3

upload/dbq...ex.htm

windows10-2004-x64

3

upload/dbq...age.js

windows7-x64

3

upload/dbq...age.js

windows10-2004-x64

3

upload/fee...ex.htm

windows7-x64

3

upload/fee...ex.htm

windows10-2004-x64

3

upload/fee...age.js

windows7-x64

3

upload/fee...age.js

windows10-2004-x64

3

upload/por...rt.ps1

windows7-x64

3

upload/por...rt.ps1

windows10-2004-x64

3

upload/por...ass.js

windows7-x64

3

upload/por...ass.js

windows10-2004-x64

3

upload/por...ex.ps1

windows7-x64

3

upload/por...ex.ps1

windows10-2004-x64

3

upload/por...ex.htm

windows7-x64

3

upload/por...ex.htm

windows10-2004-x64

3

upload/por...ent.js

windows7-x64

3

upload/por...ent.js

windows10-2004-x64

3

upload/por...ent.js

windows7-x64

3

upload/por...ent.js

windows10-2004-x64

3

upload/por...eld.js

windows7-x64

3

upload/por...eld.js

windows10-2004-x64

3

upload/por...el.ps1

windows7-x64

3

upload/por...el.ps1

windows10-2004-x64

3

upload/por...age.js

windows7-x64

3

upload/por...age.js

windows10-2004-x64

3

Analysis

  • max time kernel
    137s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    25-07-2024 10:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    upload/portal/language/index.htm

  • Size

    1B

  • MD5

    7215ee9c7d9dc229d2921a40e899ec5f

  • SHA1

    b858cb282617fb0956d960215c8e84d1ccf909c6

  • SHA256

    36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

  • SHA512

    f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\upload\portal\language\index.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2756
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2116

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    46e146867706dc4155f624202929884e

    SHA1

    9a7f3185386d15b043ae4180a1d0537cda41a2f5

    SHA256

    dc1e90b158a0ebd59632262c7afe70915c94f420635008c81dda3917f6dd81d6

    SHA512

    9b384fccbb8905dbb5496f8c2f45f7d3d6bb0172842568ead1bd46067ef94d29d0aac59aeba0cfdb55271be69e9dab4c45f4686c141290cfc47b11e91dd82e96

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    877508cc4f765cb122ccce340c2a46c3

    SHA1

    7ae8e5e7090b42ba78a95a5646e4917a6ddeaa94

    SHA256

    dfc609198d2a4b123a9f805522b2a56ddfa987c986e1d881ef0c1c777c4e3707

    SHA512

    fb1d91beb9de418c2672842698cf3f1f13e5b937d2236fe67d484738f4d26dbdc550cd647a8ce29aee1c189b2700ca9d9925bf06bd6d235e483e47aa723a93a8

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    82e4e59d7a9593a33f34e368783d57c4

    SHA1

    8ce23d6ff52951aab27cd4da6e129939c02af8b1

    SHA256

    7f0c85a8209863892c2dae55f3599f42a084a6470c5cb27b770cee73422c9f54

    SHA512

    b4d3b4734db3d1a30a751771c8f604ec94df4599a0495c686a1d530fb54e07254ab69a5cbd3658b1ea8340d83193b0f5405ff7732a6e66e7abfc4abce7b737f3

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    834365b88732d0d31fe37d4cbc676fbb

    SHA1

    b20cdc326ac062a4350807dc6e06f69c07ca62a6

    SHA256

    b581f271dce60929315437d44952c7a0a349e0d699fa50c7fbdd44aa502bae94

    SHA512

    140dcce3ed832d527370b71da9b0b63a9f6c5e8f465f478c2f95ed2fab0ddd1b7c65e0dee238c3866d0d6d4ea38aa0f1867dca7e5e8bc3536e98c0f9c79be4f6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0a15033237a7d677a4eb8017d596d929

    SHA1

    4d958e1dc1ab927e6b4168fbeca3bb51ae1eacc7

    SHA256

    ae2d5dfdc781153f2aa4a155a9f61064cd13cd0f6853bb3ec8773d4ea532c945

    SHA512

    c27ceca08aba403307803fcd82ac320cf7f99fe8d162d66f910e1166070e333bce5a6495103412f5f3121324002a6a914d2c022b13128e5839fd7899f39230c5

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6f3b0a9a4d6e62879f1b6db02d94dca2

    SHA1

    37d0ffbb64d8fc720984b2268f40c568a136a050

    SHA256

    a7e952f6d616f8f1304907d05b4d8f735ce32a6bf5b5387007a631fcb2bb155c

    SHA512

    182ff82e68d354231bf6069abc5967f6b14c0308f5b7e3065472e151842b59be27ca5716eb3a29be62fdaf547655d64c452d5a7e0a6077e88ffbc047a7c7e028

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c64454da0af93dc408936b7f6553e60c

    SHA1

    ef885f4b85024ac22c0b2eb5c7b936b786e73741

    SHA256

    1eaee4922d9f0fa272c6224f4885b28dd8c5f96f1b4928d95a206589f5f2fa7a

    SHA512

    a896869c324e326c8b100c37eb2448bac88e6ec6024452b667865d3234efee22325b474c67856929c0aacbf9a772bd7e40361889ed423ca13d768f62b11da0f3

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f053d1df454433acf484721d48ba3b1c

    SHA1

    c3f401b4735621d9b7f4816e73b2c8c51f2f0c85

    SHA256

    34a96858cab3a7068fdd8a24ba5de3cc40382b20f31ed62d6d23f12994021a47

    SHA512

    22859c954115de3d97cbfb50e723e7f5306fd6e4115bc789719456d37e74669052abed3a18f05c7e453cb84be3fea1e5d589f54ef1b4057bf847fcf47e03337c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be8b242aaccc9288bf9164e5c17ea9c8

    SHA1

    9fc7f9db7af71221eb84f46a105af90a838e2461

    SHA256

    1e7de73ff48018d7de222c379ac986b070e1167ef0b4db8143eb283fd62f2896

    SHA512

    cec0bc9f9a900ce9b87b8386ce3e218e2d75ef318a2b9292ba96e4cd24b44c91828bf12547b78f6901e15a96183bc9df1ceca371c029bee9108f5dc2644bc02e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    78dac945b94c9d7a0befa1a8ead96718

    SHA1

    9b027d1b7fbd02609178291439c383e8795781c5

    SHA256

    28564c7e9188d2e9a5ba38d38aa9f0b00612ff48fdef3bd1feee052025ed50c0

    SHA512

    9f7b669cac939dd683ff361ea1ef1c16659d973822390e8ef81a52f7f4db1b1106f57778a58e59d623e51116dd220370a7980f2b5422f6e0ebd5b40090234763

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    334013712c642231a498043c088b99db

    SHA1

    507aff87068393713e7ace14fea0ff40cca5b80d

    SHA256

    8c9c27cd492c4943e7bb9cc4f5c474afa3c802a46dd8fa61f9c4c4cffb664b83

    SHA512

    a1b6ac76b5dfb4c77719aa144e6cd4c731b5c3fdfb9e10d0b00b36354b111298352de57d97759166b2ce7b0eae1dc62fbd9606092e7f432c6ea4d9fa16adc62b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5baff4ae1a63cd51527a2abf1d9a3fa0

    SHA1

    722a56b2838aa006422a88a7d027404ce7f2b97a

    SHA256

    f46a453d1b9520875a06526d42d4e30ec30a3d404bc8793383f0caf278b7dbe9

    SHA512

    c77462926aa922689513a3f0622d24932dbce112a040a4732738db5d4fcda68f2855a3b234b389f1bae7ba626fb3190a79d19d16f1ac94ce79e4785c476ce52a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a5f0d397efbb552a91d7bc30542e842

    SHA1

    9b007c63ac7610b5cd44ee293e44c1a6bcb63ad9

    SHA256

    dd4fce5fc40644ccc05ada0dbb92ba97dcbefaf60fde48e9c59ad589b158bea8

    SHA512

    641d79fd6e5429c6419c2eb41c9c2fc655e21b2e9616ca46525287248ec17e2012e8d90f431f97123c28bce7f92be5359c8c98d21c0f517644a698b4bd283d1d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f3c888d4f350a3b5bed7117cdc10eb91

    SHA1

    5f2135e90c9a56e9d1f32298b2d74c25d6b07246

    SHA256

    c8686a155621729ce3c1da52f3b32470115bcbcc1c468310131c5fdc81a0d187

    SHA512

    27c6ac44eb52d753d8bec513dbb07c67e4f5253b1c0dde78af7e30c7c33cffbe4cf6bc9d78ffbaf809aff8ad766e94a01b19e14b631bbd37fe525521783f6d48

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    af38c7dcb224faa1a40f55256ca364b8

    SHA1

    9b3450d6a4e3cc561f2787888ab07049cecc8d42

    SHA256

    2a956cec5a817cc48be6ccb336d2c9d3d8ea625a86073269c042ceb339eb2a4e

    SHA512

    bcbee877c115731d6b4efbd78357af2d0304b026c8d6b7b669a4b2fe8c09121e9ef8d34a84db3db89b355ecf02007214902d3ffe9675e81651da46c480335344

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    04f2267e2ec48b61e71304803e871dfd

    SHA1

    c729188c4e9647735836905b574050671bca6bb5

    SHA256

    ab6ed6e3c949265d8012252a6e25b2545fedc2ff7ec1dce2fdd50bd230a45c76

    SHA512

    1aa501a3ae3d3665cedfd8e2cf927a3c8d539ef7dd6b94c72f0c3291b00c8c43b023e927ece4301626c33fd9feab6bc97a5d13f8b93a77fceba46e77acb6451e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f2567de7cfc2fb17c5d50a14c860020f

    SHA1

    540f7b04e32bd49fe59f66f18edfb6b29397e93f

    SHA256

    9a53c49a5a392ca9e1b4036ae361c257b904fdb1148fd86033c0dcdf6fa0882c

    SHA512

    fbbe83f51daa30d67353d57778ff49521d9bac43510d619e3348bf39ad7dbb44b82063c61d23e6cdcb7babccf03403c3ad8de67697297ba4ee395d4e114a0159

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\CabA2F.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\TarAB1.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit