Overview

overview

3

Static

static

1

UCenter_Ho...it.ps1

windows7-x64

3

UCenter_Ho...it.ps1

windows10-2004-x64

3

UCenter_Ho...cy.ps1

windows7-x64

3

UCenter_Ho...cy.ps1

windows10-2004-x64

3

UCenter_Ho...up.ps1

windows7-x64

3

UCenter_Ho...up.ps1

windows10-2004-x64

3

UCenter_Ho...ex.htm

windows7-x64

3

UCenter_Ho...ex.htm

windows10-2004-x64

3

UCenter_Ho...ad.htm

windows7-x64

3

UCenter_Ho...ad.htm

windows10-2004-x64

3

UCenter_Ho...um.htm

windows7-x64

3

UCenter_Ho...um.htm

windows10-2004-x64

3

UCenter_Ho...pp.htm

windows7-x64

3

UCenter_Ho...pp.htm

windows10-2004-x64

3

UCenter_Ho...up.htm

windows7-x64

3

UCenter_Ho...up.htm

windows10-2004-x64

3

UCenter_Ho...ck.htm

windows7-x64

3

UCenter_Ho...ck.htm

windows10-2004-x64

3

UCenter_Ho...og.htm

windows7-x64

3

UCenter_Ho...og.htm

windows10-2004-x64

3

UCenter_Ho...he.htm

windows7-x64

3

UCenter_Ho...he.htm

windows10-2004-x64

3

UCenter_Ho...or.htm

windows7-x64

3

UCenter_Ho...or.htm

windows10-2004-x64

3

UCenter_Ho...nt.htm

windows7-x64

3

UCenter_Ho...nt.htm

windows10-2004-x64

3

UCenter_Ho...ig.htm

windows7-x64

3

UCenter_Ho...ig.htm

windows10-2004-x64

3

UCenter_Ho...it.htm

windows7-x64

3

UCenter_Ho...it.htm

windows10-2004-x64

3

UCenter_Ho...on.htm

windows7-x64

3

UCenter_Ho...on.htm

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    31-07-2024 16:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    UCenter_Home_1.5RC1_SC_utf8/upload/admin/tpl/block.htm

  • Size

    6KB

  • MD5

    42a790b145ee93ecf2e69cdfe25bb649

  • SHA1

    291c9110edf637b01910afa12875c64f9b1c6983

  • SHA256

    95b1581b365c80d30009ad18f3c3cec7e14464532e296c91d5ca73634c43f242

  • SHA512

    df417976adc79ab4abc954255439e44d664e01e57bd173ba724316363674c3c2fa67d5e4e9799961ecc29a5c00a744fcffa9e9742fd157edafdaae36b0db0890

  • SSDEEP

    96:q5lBLzn7Ayl6I9tXmy03nq7LlfPKBGsUPQfp3XCGf9pK2lpNJw:EBP719Uy0yLlfPoUYpKL

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\UCenter_Home_1.5RC1_SC_utf8\upload\admin\tpl\block.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2472

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3564e2b6bc51c2743257bf4e5ba8a175

    SHA1

    4fb050755ec1fbda2189f6680c2945b5a52417b8

    SHA256

    557b7061449712bb94f819cce10924f99cceb0bb2010800b99e395111e4178ce

    SHA512

    f3e7ce23cc4e4cce5e77f996fe73c540e2bf99c2d5ab5350abbf9b91d81d5be9259a99030e89f3c8c449ece72ca1a54fce8c068585fe9b4f11624300b55ece47

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    59364a14953db018490b89b8be7556fa

    SHA1

    458539729cf303c8e5cc409aec2456c4c59bda5a

    SHA256

    c19afb34c1c43db0076a8294e9ca08d66d6ce3433d1fbf6795a62d642959c484

    SHA512

    114de428de98c3342e967b6604bbcef2e4650a345607f7de1e0f3512a7d42a58ef498cecbc349611a45d721056e5e0e143f6c9fbde4b9696df966db7cc660465

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d40b3c3074796637cd6da6eb85c25694

    SHA1

    6f7166319b41ce56380e21b999c21701e7e7e5f2

    SHA256

    d3f4f83ba42cd9ae5caf346b248c4a361fb0b812437539f210747d8d996005bc

    SHA512

    5f0c258162085ec48f4f87205947b475e7563ba99dcf6d6eb749927fcb5c9d3ef127afe74a43b304e0d6c29a98e6d13110e4479a7168973ac966a77d8b7ef78a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f1e6c910c4716b3075faa1f3678f385f

    SHA1

    050ef817bf966e240cfc4d1cbc8b043a5bab51f5

    SHA256

    16b6e35ebe3e34a1d5e4382b4267be92e05e5fae43ca73724b5622a219733194

    SHA512

    d36111c4adbbae2698f6f835012b894aa0d21579b10d85a76cadaea83ffd14b04434c6e8234fec59b45939df549e6d849f300d40bf6a70174c6e1a37e085e23e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8bfecc24422d845fed8e12ec5c5de0f7

    SHA1

    2c37c836c9807f3649da2413066f2725d1214786

    SHA256

    8773ac878c0662361fcec4cf3bae238423aa535130f95ff97909e8ed26d74fb3

    SHA512

    2be760cf05e728bb4113e75707f62deb576181a8f75240123a60e785163fc150158ad195ccaae3e7a74d3d88192340ab8a4832024b82b3ee5077a4612171f2be

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    66e8151c0802345ad5d9fac2c414518a

    SHA1

    54ee3ac51ad42796fdeac8fe314fea6399f911d2

    SHA256

    80a4e7608b917e1244c5ee10bc8ac9ee4c5ca87d3c24728f18f06b50b85881f9

    SHA512

    219c186b2520d7c162c9ad0fa2566614bda6d47cd84cbc30510cafacd61fa8f24817243fefe8d6a017b14ddb09e3ae234902db32f2dab79c98786d49dbedfdbd

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    48621730391649c61035b5411f7960e7

    SHA1

    c5ce13add56fa808303d2686dd6acecb97f14253

    SHA256

    131bd1e386db16a360ca93ac63b8fb484ab23245d9d392d2f1eb32e47525bd15

    SHA512

    bd635d8bb66bfacefd74be99449394a3929e62306497a73978a726b87536920bedd2c7b14e77ab1de779ddc19c427030b4291026d67d8142e41380ce9f4af152

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f10e28451b76d78d23e0cdbf6082f88

    SHA1

    5bdb58e4f23effbecd18ee55c97686b499193d38

    SHA256

    ce58a4e40cc23cac67cc7b537750eaa2673972c820fb97513d6c600fe2f415f9

    SHA512

    e17785a5a3a19132e9de3f9d6f47aca60f1a1ccb46c4468feabcaeaffa8c229068a148214068bd355b27abbbb0fcb39c7121478f77772c2f574e4d2823943dac

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d39722d904928e7fafff72c8edbde68d

    SHA1

    5ef134e578130a58712d0df96a5a3e5cf2d4bffa

    SHA256

    2a68fcf06548e4e79f92744c33e76cd288aae60657428d716457e5c966794960

    SHA512

    8665ec82e43e1da994b3a1e2a5ddb1100bccf3101f0c472cda7c6ee740d147318206f21e729de45ed98ea559310e9f505de983bd7996527e6a639bb4a9b51e7c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e528dc54f7eda8d32d0c0260cf151568

    SHA1

    0902649849286e0a84f238a372b9c30b9edadcae

    SHA256

    27a26d4f731408f8d0f7602bd4cfb7943d3a135f4ad06e9e0e6ecfeb0bdf7c22

    SHA512

    acc0cb9207d7459d3e6ca1d0be4e10e5f1c319f00b7a9edd5167f2a717325e12e295a0120034817b737dbb50b3ae679d79bf3c23962b95e5f850db7606565004

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fdda18b019827118a28be39f43d7e147

    SHA1

    4c4b36b2aa3fc35148dda6d79e7f72f434c21dc3

    SHA256

    fe0c2729bfa8997f7f0072f1d2e3d1df2813f19553fa7281795c6f745598a22d

    SHA512

    9a3dd1333e8ddce31452def408299a12eff557243dec59af22d4d55d150f22cc4297036e6606f47da40c4bab454722fa3056027b705dd709e06949cece9eb410

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0e5e6dd842357764f23f2941d85387aa

    SHA1

    ced51dd8c1842456ab1f34e7da0601200dde54de

    SHA256

    e637daaf81178af33c3efc4d436a6fe3609ba9957bc2cdc194602c1862e9bf2e

    SHA512

    75ccb0f4d59b6e2cd3e936f3eddeedf7081197a68b49136b778ece391c13adf897bdc187a30cbc234f1c6c6848df1346c6b31342247f43b3b6052e36c29880a2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    874a43052f44c8087ed6afc7d4c4717d

    SHA1

    5e01ed30eb55ff97dc13dd15cd4f9eeb2a1ef493

    SHA256

    90ec73c50740c8506c301aa7c380a284ae9aeeaa202f483889a6f6be2bb53a39

    SHA512

    b8e1dfe95ddc0ed2398259a475ef8924807564a0f9cada6660cc384918d4269a20b45d4ae89fdbef42ae5722a573d3c5f02839f31488ed7c9d9ff3d801af272b

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\CabED5E.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\TarEE0E.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit