Overview

overview

3

Static

static

1

UCenter_Ho...it.ps1

windows7-x64

3

UCenter_Ho...it.ps1

windows10-2004-x64

3

UCenter_Ho...cy.ps1

windows7-x64

3

UCenter_Ho...cy.ps1

windows10-2004-x64

3

UCenter_Ho...up.ps1

windows7-x64

3

UCenter_Ho...up.ps1

windows10-2004-x64

3

UCenter_Ho...ex.htm

windows7-x64

3

UCenter_Ho...ex.htm

windows10-2004-x64

3

UCenter_Ho...ad.htm

windows7-x64

3

UCenter_Ho...ad.htm

windows10-2004-x64

3

UCenter_Ho...um.htm

windows7-x64

3

UCenter_Ho...um.htm

windows10-2004-x64

3

UCenter_Ho...pp.htm

windows7-x64

3

UCenter_Ho...pp.htm

windows10-2004-x64

3

UCenter_Ho...up.htm

windows7-x64

3

UCenter_Ho...up.htm

windows10-2004-x64

3

UCenter_Ho...ck.htm

windows7-x64

3

UCenter_Ho...ck.htm

windows10-2004-x64

3

UCenter_Ho...og.htm

windows7-x64

3

UCenter_Ho...og.htm

windows10-2004-x64

3

UCenter_Ho...he.htm

windows7-x64

3

UCenter_Ho...he.htm

windows10-2004-x64

3

UCenter_Ho...or.htm

windows7-x64

3

UCenter_Ho...or.htm

windows10-2004-x64

3

UCenter_Ho...nt.htm

windows7-x64

3

UCenter_Ho...nt.htm

windows10-2004-x64

3

UCenter_Ho...ig.htm

windows7-x64

3

UCenter_Ho...ig.htm

windows10-2004-x64

3

UCenter_Ho...it.htm

windows7-x64

3

UCenter_Ho...it.htm

windows10-2004-x64

3

UCenter_Ho...on.htm

windows7-x64

3

UCenter_Ho...on.htm

windows10-2004-x64

3

Analysis

  • max time kernel
    137s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    31-07-2024 16:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    UCenter_Home_1.5RC1_SC_utf8/upload/admin/tpl/blog.htm

  • Size

    5KB

  • MD5

    e4f16d4121b075977a49cc95dd37bd9a

  • SHA1

    573ffb94b6048e2ff77d7c893e083d7487284de2

  • SHA256

    56e622e13211c71906dd5f24c39ef10c7fa7b0ac0e2dcab75d9fd38ba17ae960

  • SHA512

    5ed2ab93c75328f9bf4e9db707efb37116f65dadf3ef5bf38d33028c155de48427c3ad73471c7e6de499c9f3e753ea5af71a8e6a0f246b1940607aaa523a1342

  • SSDEEP

    48:L2233ZyY6fPZPoKX1Lyg24KjuqPongQZBd8xY5ugrorHRgWDERgxsYnTLPoI1bIO:q28jPZPvXRy7uuOGY5borsUDHwxw

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\UCenter_Home_1.5RC1_SC_utf8\upload\admin\tpl\blog.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2172
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2700

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ebdca0d45d993944ada6339658bc1867

    SHA1

    178ff599cd3773e02ca480c52d845419743cf4be

    SHA256

    34419199ac8d43f5e294d2e7264a261501a2b3fa3370104a8ed6a66089fa64e3

    SHA512

    e03282a5e5179770120b05a6d3ca986688aa578176b3f520d5464e17374b8878bd3712e6b5101f9d4c93e09c2734435988436e5808e8e98e2252736e57ecd910

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2aa22d7ea0730129a6751a0f6c4f85e9

    SHA1

    ebd73b88da7a51da864565698a0ce91249a2db13

    SHA256

    31f83b4147c760b21cdd10a9fa38b6aa89d46192510bdfb653da416426102200

    SHA512

    994507dfecc7a77b15535caf236665f8f1039ce7ef2ed0ae797f98e18980c0c0c80590de2431eee161adaa82d35341fa6543a5f1b59189311d49af4bc43d7701

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3b85cec7058f5643754cdf5d84dedd80

    SHA1

    f1f4c25b65a47bb850c8799130f3ebe3b492e6ff

    SHA256

    da67475729f9d0cd1df2310a6ed5fe69a12a96bfbe5bf13052c9354a569d1007

    SHA512

    2776ab2e0a402eeb9e0e6ae3cfd03843a8aebdf178ca5a394e07c187ae990fe4be26f7d85bd19fea5ed73f332e78294cbadd794e071911e3e9e597f577f0b78d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5fffc1c0e2c9c87f09fbce8a0e39f672

    SHA1

    76893691a751882399a73fa68a3ae6b75dea6a40

    SHA256

    aaa3d462dd8ff823aeda3dbc97972515c37e2054d0c4ddc7a1549e0d4d7c4c3b

    SHA512

    178961efc90156233b9596f6799c325cb20abc3790741a0e93d3d988ad29c34bfd5f493ac55cbc1b54f85558f5ea7a81ab7a4b5095e4b46e8a43bd0ea71ae73f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b1207fcb55a9e030344baef9ce99b8b3

    SHA1

    8a4937e5f87336ced1788ba44525ec6516fad8ad

    SHA256

    ef62df650aeb96908f5195a7c912d4b682c55c43939baaad245bf6255d372dc9

    SHA512

    30c3e952481d400c190e8af494269dfe27648904a24fbe3b8302038597f8690d0bb873673f8752933650add115862521e30002123161610f5aeb8f75594d7ee2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    42f7f7dee3711c1d96124fd30e564f39

    SHA1

    1756cbed94e90845cf9b366a62ad57ae2212456d

    SHA256

    ee1c6800a48d0fcbb1d09327bdb0c6e0938c03c26fbac23a917c678dc90eec3d

    SHA512

    713df9980fe563415ca7865fe3a9c31bdc39a5d0a0909c32917561ee16df65e4b2266b171ad8173c918f8a5e24b4e3acb28ad1e4e35ef39e0261b6b9b756e2f9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    168c5c43b4b8ad01625a0a9ae82caaab

    SHA1

    258cf6fe13107181fa40253818b79447e735d4c8

    SHA256

    f06926c98908c0b052a9de178ffb86bcc45267e9161ea8403c2c112f890bf92c

    SHA512

    47c6cc6cf79bff0ab214d632fbae7a32a22a103b4af58c639cfe9588bcf0ce7d52e94927d1ad1eb37da3278eec5bc737522f1a77f7786118f92ebbababcc8442

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0a37ed0fa0d8bfabc48cf956269d894a

    SHA1

    e0ed8377ef2536b28c1f600ab75908b4705e062a

    SHA256

    3e8d70f9e2d2c88cc0a361809075e72721aca67778e46da93663018caeab6d48

    SHA512

    157fa3cfc5d82f32f415b35e0dae9d870a8d6b61efa13ada00127b5a5d9ac5db5b310d69a383a2ea7b63c18b88c570dbd438d4a75041a71669e85166deaadb17

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8668069633be061782b7b27f3b958309

    SHA1

    6bd877be2132dbd4d3793e6e03804361b2833f06

    SHA256

    44755058cbf7fd7968e46b996365d15eadb0461c8ee83665ac48237ae9661e4a

    SHA512

    d4e0a59db60e27c96f5b6840fb845d4f14a87c821843e17a1bf765354105202c4789a865eed4e1390f436435686671d672ca4b3744b1b2182c15388da9a94e39

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    643d791fdd9f783b45a0824757f6a056

    SHA1

    7108be54a2fa6de74c2a44fa54e97c4f2ff1ead9

    SHA256

    1257876e57e31e66bc144524c85974773ed495175050ee790eacdb31b3f504dd

    SHA512

    72fc2f57f23c6af4508f3880daff207904b84c3cfae5755d8fa01bbf881a6c48cec92e521c4b9a30175b72ce9ba34079db8c0366a03a13b2566ce9d265d6fe44

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3beed64d2636f224f1b4ec11631216f9

    SHA1

    7fbec339875457679e75b97b9428f950e30bfad9

    SHA256

    09ee1dc684429419fc91270cea49326a850f965479078cbb0c39bc24a76270b9

    SHA512

    286d2fcd27e8f79973e4671c902d729ed5afc955c04fedd004e91dfcae4a94bc54d35bf73fc93475ca3e7449135302303aef00be037c23c8c09afa7a126d9914

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7325a795979fb18c0397da9d244b8d2f

    SHA1

    1822d52324eb722f796e927d552cf42fb110aaf9

    SHA256

    dfaf9a008b387f8fcad47bf3eff71c923b356b28c6fb902a3b834f87fa963581

    SHA512

    407971c198b4c569f7fbb52d1a86a73b684645ba4341a3b7d5031a9eaac7aea4a454c805bf47783d14ba9bc8f071a98189968e23c79972570a1c96ce3f5dd8f6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c29de04c301938a6043ce7d1fa0010ed

    SHA1

    05d69ab205e42686411e4724d5d719786fc7803b

    SHA256

    5deb7e6055c3357acc65682185cdd8bc2efe7c4ae487b052df6506254562e670

    SHA512

    89949296599f40bbf31591da2cf10accb0957d9a4897f3c63c90f1069b7d11f783c32e3b31303ed0d83bdb87c04d67a85da01af6dd1db0f7219762a6aaed05d3

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab255.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar303.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit