Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
31-07-2024 16:25
General
-
Target
UCenter_Home_1.5RC1_SC_utf8/upload/admin/tpl/cache.htm
-
Size
2KB
-
MD5
a7cd67d698cb19e62405702207e0b568
-
SHA1
ab0787d2fce5303c642b1359ada3960a243aca9a
-
SHA256
f9fdea7b53ccbb08eb6bcf51076a860f5d043c7439eea44afb4a2106f40c23a6
-
SHA512
276e153935ce1883fe1af1f7b90f363929a1d7f147014cfbc51cdbff6aecc7117cd63e48b5912e8c0820026b221e84ea8b747cffe802d3166b6defd2f48b1709
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\UCenter_Home_1.5RC1_SC_utf8\upload\admin\tpl\cache.htm1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1920 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD59c5a894655059a294bb3a55ed03e110f
SHA13f54ef57a78daec8195aa561dd29f65184e6517b
SHA25692f406d29ffa7fd5632524b4d0ac14c7232e5ea8db58dbbded29f7182db78744
SHA512c584aa5be5f6c7af801f42ef6d69a3dc1ef9b5236040d9bde896661b0b1c75eb415e901ef05789e6de74c8fa2b61351df25350ed9ef55bc72f9054a6b776feb9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD598af762fb43774c3da107a73be38efb2
SHA12a120cb4e6bcb13d278926d0ecaf64761236e03e
SHA256d29c7be4db16d62e02d87bf4b9135b3656ec583be6bce67f8f14471891763e86
SHA51258eb2593f836246099b6753a270ec44eefd9c834bf1e04a9ae385a233862a7d5098ee25d11df03a4d55eb20190bf7641aebb094946f2b3fc19facd7c439a4983
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5e70f32dfe7211a7c2ee0c7c20b15d3c8
SHA191baccf9a3c1b90caac875aaaf0913a5a15c73c7
SHA2566467e2ea9d6ddad1693777b4851eacd79e4e9e0bf1756af6b2738533830acc47
SHA512fad7e752b080fd48e4beb1ab4303980e350869af5a24c495a556c63ddf67e00f529d51ef33f6a1cf8d330f8c32956953e5c933980e80e681323ce67b27175734
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5e5739abc25831fb07933e0ba0906e28e
SHA18493b213c65650db9935d8ad600fabf99295f0c4
SHA256396747b0aba3c295f61765644974f47f434d9d08d31eed14d59b07d1ca10bedf
SHA5129267e291b8f5916f8f0aedd352e47648075ce8fca96104f03045caf3410b84ac3b98147459f596e97e34ae94d7f0c2504da2db31d324f8ed0c269c92fd7f80eb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5a59129c5760484f1b8289880524bdd73
SHA1819db65657a9595eba36620f13d05f73fb3cab38
SHA25669a6ef70010c60242b618f74eb8ed055b0779d9b284ee2e9149da8865507f93a
SHA5127c5b9182154abb6bf9f60c36c52ed0694a863b167d08f58665a2a7bfae05eb7f6b81618e96288c8ddf877324483ced91f3cdb491a6cb2700cb78fa1320d348cb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5889249010909b4bb085ed8e01209b929
SHA18bc2f211bd3bfb01218de2e2d6249b055a35b84f
SHA256e3e3039a147cbfc3223cf9a9aa4d1caabfffa40c38d65b5c35554ddb7f50d996
SHA5125e18c5b95c22b7a1d59e20fd55c83370dd1b03bc03f5ffcfa513a1069f2155da591b43d08d2e3f0614640c898987c23aee9d2eb8c85ee6aeb0e56d1be4186dd6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD565e0131d8a81290cc7fd0ca836e70726
SHA18e7dc8b7616d1c5ae0afe8519f7cf35b1c6608b9
SHA2569fb114c4551213f76d7644c61937b2d5c631fa71359f80d08a9beeeffd246740
SHA51251a5494b8d368b5e9331471bf957ff7d2022eeb76ff6fec9e2e6c3c6be04992fea72239fa170671221bffaef252b0701e1b4d933d68e691f7ab48f827d5eac0e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5d7c8ef0cde50deb41c181ac81dc1c5af
SHA1ffa97f5184d47aa38954ffe85f982a5ca25c99f4
SHA2560f107cb9162ae9836a265fb230cb859e838f8d3581fef078b4e075aa0acf7fc2
SHA51227635595d4f964b2562108c013910f9d67b26bdc1b39795b5f3ca77ea9a54758b8e625fdc01bd622b45f4c64a4d5b8560c76bf6753043f538cda1bd3476dd9e7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015Filesize
342B
MD5b27bcba780158f7607ff46888486eb01
SHA15f4ffded758c42978e7ff1876f542ea1966938d1
SHA2569782cd641cac2ea58e8f2297fea1fb32f278db2307e0990a722a3b701897c497
SHA512e008e48d03ce53ed6414c7962bff1f1398fc23728f5108197b150b0b72b6d3c48efe6a0706b3ba161dd826309cb0d099eaac1b91c8a66207f1de41882e0b60b5
-
C:\Users\Admin\AppData\Local\Temp\CabEDDA.tmpFilesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\Local\Temp\TarFE23.tmpFilesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b