Overview

overview

3

Static

static

1

UCenter_Ho...it.ps1

windows7-x64

3

UCenter_Ho...it.ps1

windows10-2004-x64

3

UCenter_Ho...cy.ps1

windows7-x64

3

UCenter_Ho...cy.ps1

windows10-2004-x64

3

UCenter_Ho...up.ps1

windows7-x64

3

UCenter_Ho...up.ps1

windows10-2004-x64

3

UCenter_Ho...ex.htm

windows7-x64

3

UCenter_Ho...ex.htm

windows10-2004-x64

3

UCenter_Ho...ad.htm

windows7-x64

3

UCenter_Ho...ad.htm

windows10-2004-x64

3

UCenter_Ho...um.htm

windows7-x64

3

UCenter_Ho...um.htm

windows10-2004-x64

3

UCenter_Ho...pp.htm

windows7-x64

3

UCenter_Ho...pp.htm

windows10-2004-x64

3

UCenter_Ho...up.htm

windows7-x64

3

UCenter_Ho...up.htm

windows10-2004-x64

3

UCenter_Ho...ck.htm

windows7-x64

3

UCenter_Ho...ck.htm

windows10-2004-x64

3

UCenter_Ho...og.htm

windows7-x64

3

UCenter_Ho...og.htm

windows10-2004-x64

3

UCenter_Ho...he.htm

windows7-x64

3

UCenter_Ho...he.htm

windows10-2004-x64

3

UCenter_Ho...or.htm

windows7-x64

3

UCenter_Ho...or.htm

windows10-2004-x64

3

UCenter_Ho...nt.htm

windows7-x64

3

UCenter_Ho...nt.htm

windows10-2004-x64

3

UCenter_Ho...ig.htm

windows7-x64

3

UCenter_Ho...ig.htm

windows10-2004-x64

3

UCenter_Ho...it.htm

windows7-x64

3

UCenter_Ho...it.htm

windows10-2004-x64

3

UCenter_Ho...on.htm

windows7-x64

3

UCenter_Ho...on.htm

windows10-2004-x64

3

Analysis

  • max time kernel
    144s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    31-07-2024 16:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    UCenter_Home_1.5RC1_SC_utf8/upload/admin/tpl/censor.htm

  • Size

    1KB

  • MD5

    c9e549c79cf0731975a1aabf72428eb2

  • SHA1

    dc87473f0e499d0032c52603cbd6bad9e9e50cd6

  • SHA256

    737c1d7122a569829ec051a5100b804837bc49797dd7043324b3ff521584e0c5

  • SHA512

    adbc46f2a518c7d8e9fd608d546ec9019cc8c1fac86d4bcce0e900e72f6f5fde9db053654403c25807f2ee87e485f14b626528d8e92b1117f6efa0d002dcaf8d

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\UCenter_Home_1.5RC1_SC_utf8\upload\admin\tpl\censor.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2260
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2260 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2044

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    af2d8eb539fc980eb4c8e0826eade914

    SHA1

    c39e475db2bff2199feaf9b1716cfcf621284e20

    SHA256

    af61b658f7d6afae3571b5036ba8f50f6f8f26d6f597478b5201a333fe0bbe3e

    SHA512

    aa8ee09e5ca6a858625036ab51f3228acc9238289fb186f3cead725416fa126d3001b8b28606d24b1e790d8fab75d5b6f66898876dc528d8fbc6384c0f95b819

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca858b43f73dc9bc9b32957f5b651321

    SHA1

    0fc12e999f7cd0a0958a168a84dbce7c7ae81520

    SHA256

    3e81b2926a164c681d70f20887facf4a84868cd698c19dcb35827e8e0b295eea

    SHA512

    ce690462127603a7fa3d2567afb3e25dfe890fa720e6e83d515ecf22dbcffb2de264c60af74273deeab79fd797e90a2f2cf877f0e8d476dc62574168a5829475

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    73aae3537c5efb6bec6a7e5bbfb9d82e

    SHA1

    562c7d5b1f85ce023474378d276a66009508bdc3

    SHA256

    7e4be2731c4f076d5801a9feed284c6df78974d8e0d47525efd7cae57d48e52a

    SHA512

    a1eb5857f98b114ba3ec38d735991cea099d6a68293c25e47129c187d54452b9df55d0791f178f3b3002b936794e872a43c32b87fabbc900cf58ded3970d823c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    45748609bd8fdf2c82b0a31f93d534a8

    SHA1

    29b1a779211bf07a03b13e761ff38a87c0e3b968

    SHA256

    73890db40226f00ee30e68fb8d3094be33fa5ddb3a75ab4c3709e97f62089497

    SHA512

    9842c573d86e477f433ce2171e32050fa6caeb0f5bf39a2aacbb3cc9e74340a74f1acb3970a209200d11bf1acea5869f4966306ea20677ee827725d8d1215a6b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2d033281cee01785e4af08d4d54df936

    SHA1

    a998604817a00da36caaf9b714405d6b789e2718

    SHA256

    a77e6641a4bfeaee60aef918048200bd12281e44d69f4d13d51af386cba5383a

    SHA512

    53e057cd2df98a6466af277726d3e491aff3a3b16bfc9f8db0a38bf7e7bf4fd9c9dacf712867132160797a0ddb6d0b6abe872621df3127f945125d19231328e1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    45da046f267ffd5bd04c8b1a1b8acbb4

    SHA1

    248dd1827c16bdd3922b15aebce0199b05b22c00

    SHA256

    5893094067909d086f4cf5ab57b923b3bac3b884bd892ce12bdd6c3da9cafae9

    SHA512

    16b70e230846f1f1fd810323cec4b852d8156a85c860789e1765a34479640f6e32d810fd6eb303d40eb2ac8724a4bfef4d79972b69cfac400f2b7a6b1337431d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e9100112ed7b8b8a0a0e931ee3c3c09f

    SHA1

    21a2c2b98f0a913e4e737ad86e90e53f8b3d78e0

    SHA256

    54c7ee65c8808b99549e1840160fc126f2f9e72e040e0436ea8dcf16ceac7195

    SHA512

    740f58ecd95442449ecbed40412b2d9f2b5a9b64a3fbcd2487d7f35e6c3ecda3f97342bfe67457401e687a831a52cdb4fdd6a116597ad8696488fe65ac5848d9

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\CabAA84.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\TarAB24.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit