Overview

overview

3

Static

static

1

UCenter_Ho...it.ps1

windows7-x64

3

UCenter_Ho...it.ps1

windows10-2004-x64

3

UCenter_Ho...cy.ps1

windows7-x64

3

UCenter_Ho...cy.ps1

windows10-2004-x64

3

UCenter_Ho...up.ps1

windows7-x64

3

UCenter_Ho...up.ps1

windows10-2004-x64

3

UCenter_Ho...ex.htm

windows7-x64

3

UCenter_Ho...ex.htm

windows10-2004-x64

3

UCenter_Ho...ad.htm

windows7-x64

3

UCenter_Ho...ad.htm

windows10-2004-x64

3

UCenter_Ho...um.htm

windows7-x64

3

UCenter_Ho...um.htm

windows10-2004-x64

3

UCenter_Ho...pp.htm

windows7-x64

3

UCenter_Ho...pp.htm

windows10-2004-x64

3

UCenter_Ho...up.htm

windows7-x64

3

UCenter_Ho...up.htm

windows10-2004-x64

3

UCenter_Ho...ck.htm

windows7-x64

3

UCenter_Ho...ck.htm

windows10-2004-x64

3

UCenter_Ho...og.htm

windows7-x64

3

UCenter_Ho...og.htm

windows10-2004-x64

3

UCenter_Ho...he.htm

windows7-x64

3

UCenter_Ho...he.htm

windows10-2004-x64

3

UCenter_Ho...or.htm

windows7-x64

3

UCenter_Ho...or.htm

windows10-2004-x64

3

UCenter_Ho...nt.htm

windows7-x64

3

UCenter_Ho...nt.htm

windows10-2004-x64

3

UCenter_Ho...ig.htm

windows7-x64

3

UCenter_Ho...ig.htm

windows10-2004-x64

3

UCenter_Ho...it.htm

windows7-x64

3

UCenter_Ho...it.htm

windows10-2004-x64

3

UCenter_Ho...on.htm

windows7-x64

3

UCenter_Ho...on.htm

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    31-07-2024 16:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    UCenter_Home_1.5RC1_SC_utf8/upload/admin/tpl/cron.htm

  • Size

    2KB

  • MD5

    d865338692ffe79f533bb0241c03e66b

  • SHA1

    9350b11d68ce2bd0ad4f75a87b2daa94b437c87f

  • SHA256

    42750d79e60cc3c19c97e0df8e6db9591d6fee56bad6b4cba8656e710b4260dd

  • SHA512

    39d9691444926a8e15f5651d744635d35082538b05471052c0b82dca864a86334c3f72af0b41bd77c5ffe5dffe435aa45b8f6cbb4b3ced61211a83aae4f26d3b

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\UCenter_Home_1.5RC1_SC_utf8\upload\admin\tpl\cron.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2744
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2744 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2720

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ed518a2c7ddad23448be27142016df3

    SHA1

    6564a0bf276009e47b7131e5f377d001800ffa5b

    SHA256

    5a565655d782a1d4e0afe1713f5999bddf37b5d6a3290e1403f773c69e16e9e8

    SHA512

    22d28627e241b0ddb5b3e9952da8823d97ea1b28665e1de9772f297528f061ede598644477966bad21957ec1d81780e7a9e7bb6b25b5ac2613b00fac636583c5

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ec7b3b6921b2aaaa71a12b075e5114f

    SHA1

    eadc0dc36af6ba0156b31ec0e54c281055d0b194

    SHA256

    92607b9a8938eb6c009eb2d44e43d85fe5eea39b8378531ae409d57fc89c883e

    SHA512

    03ac1fb91f0f635e7ca8beaf9a072fe94f3a10205b9fee82bec9eb460af72bb713fa32fcebceaee02fa424d242e46262ee7e22736a14b42ba33baedee821a6dd

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    85c7ce4d14746096c5d81193aa35ec90

    SHA1

    2ca07e4ab0be544da15b555fc1d58757ec407e78

    SHA256

    1d34de87374a96cf050f7b85f7be4275e0951c9c9ea4a2099f1cf5860c3437e3

    SHA512

    d54cc3454280144e186e1db01f5c650309af3ecec1d25bc0a0c93d88fbd13aa015ed4dc083104e189e0927435a5cab8b641105ae9ad364cea0e9af33977be82c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    13b6c8dd2eac81db302dd44045f5fdc4

    SHA1

    a097bb661e1aa7266f8221277f3232ae86f8311c

    SHA256

    50daeb0cb1174fc8ee7c294c27284e548e0f3d5c673395bcac904ff34debc715

    SHA512

    67e45cfcb9f03c7fcb73ac30b914dd361d1ea77e51ff8fd23191c24c33dd51d649ac2c80013834fe33b26fb49bd29e7f7c95afd969b12513e4e861f3b981d2c2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    50c95fd33ed7906d4fd03c6ccb8270c6

    SHA1

    065a2ac5a3c58c6268ed3e0f6f4f1a48319d0a7e

    SHA256

    ba52992abede4784eec61a99b0f542c55878d5310c55bdd2a713edb0ce1c5456

    SHA512

    147a5f23de3a914012ca106b8c27b4788988fdf98d7a54ef11b333c119a62e1ab5ddfd49ea938e9ec921b075cf09791dfa9cafe7fe2661d2ce485cbb846efe05

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6332a5917e6fc2f3a3f3493efa6956c2

    SHA1

    8803edcc19e7e8a0125831a06c542d9cf060bee3

    SHA256

    4c904493b32e96a8498df664b2efbd579b232d8d4c7736de131fcf73a16cf197

    SHA512

    b8f70f07a0cff8005f93023abf107f0eb39046384d76a20a18055259314041638824314f52513fd72d1dfc9b1fd9f2112e5e4e822fb538ddbd11f5911a17296f

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab6AA8.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar7729.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit