Overview

overview

6

Static

static

1

admin.ps1

windows7-x64

3

admin.ps1

windows10-2004-x64

3

admin/comment.ps1

windows7-x64

3

admin/comment.ps1

windows10-2004-x64

3

admin/global.js

windows7-x64

3

admin/global.js

windows10-2004-x64

3

admin/list.ps1

windows7-x64

3

admin/list.ps1

windows10-2004-x64

3

admin/module.ps1

windows7-x64

3

admin/module.ps1

windows10-2004-x64

3

admin/mysql.ps1

windows7-x64

3

admin/mysql.ps1

windows10-2004-x64

3

admin/replace.ps1

windows7-x64

6

admin/replace.ps1

windows10-2004-x64

6

admin/sort.ps1

windows7-x64

3

admin/sort.ps1

windows10-2004-x64

3

admin/spsort.ps1

windows7-x64

3

admin/spsort.ps1

windows10-2004-x64

3

admin/temp...ad.htm

windows7-x64

3

admin/temp...ad.htm

windows10-2004-x64

1

admin/temp...ce.htm

windows7-x64

3

admin/temp...ce.htm

windows10-2004-x64

3

admin/temp...ad.htm

windows7-x64

3

admin/temp...ad.htm

windows10-2004-x64

3

admin/temp...ce.htm

windows7-x64

3

admin/temp...ce.htm

windows10-2004-x64

3

admin/temp...nu.htm

windows7-x64

3

admin/temp...nu.htm

windows10-2004-x64

3

admin/temp...et.htm

windows7-x64

3

admin/temp...et.htm

windows10-2004-x64

3

admin/temp...st.htm

windows7-x64

3

admin/temp...st.htm

windows10-2004-x64

3

Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    11-08-2024 01:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    admin/template/ad/addad.htm

  • Size

    3KB

  • MD5

    0fb445ae7e5056b0ee99c3fd25835129

  • SHA1

    60842803d11f18d649b5620e808643e7e6738d23

  • SHA256

    4e24e0a4eeb709956009ecb2179830bf8f689d15d504958f4ff4cb5d12607715

  • SHA512

    ff5570e75d7d0f5e1b62355f6be472b6c7573d37ceae4cbfb24a51d5882c05e81d9274e0ca95292321facdd03d0c71e42601378b9b44c098d6743989eddcccc4

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\admin\template\ad\addad.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2648

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    12845ebb4dd4aa505eb7d4163e08bdbe

    SHA1

    a3d6f5707d792283888162df53a12223e34ea9fb

    SHA256

    4bbee00e55014a3ea23817b091586672564f9254e84894281563b11f6596ce88

    SHA512

    264ab5f50e59de06c218dfe00d0b4a2a3e635e8b3627cb03c3cebcb99085c654db9368caef354772f23e46997b14e585ed67ab8549f777bdeff94e63473e7bfe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c346ca637afec7077e6f49a78e2d4897

    SHA1

    74140459d2e7481e9a834af8a9487238650ca4f0

    SHA256

    b4d1c837a2bf0a6bfb8dd160ec6a3bf2dc6961d9c00e6ae824df59613f0f199d

    SHA512

    5cf93aa433b7e7c7ecbd4309d6f6b15f49df2ce0475ba290ef381828f4a3a6e287050c983d46adfa05f30e294007a9d344233a213cfc2444939202e591f89701

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8af1c554ac327e046e0d60535959ad3b

    SHA1

    4a4c75cbe7d02b2d7e72cce229b4740dcaa778c7

    SHA256

    a4cb98199637d59844d80059917d1a715609c60224ed6927cf70acc12998273b

    SHA512

    202afe99a89dc1bf0191bccbb7fcd12b49480429e92ae902ed7673a5c6756dda95d317cb4c230d95b46f055e1a5eadfba9f0a497cedf61c984a56e6e39725f03

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    286b5ff64e87680fd5e29df1f1e3ce56

    SHA1

    bb7ee2e3b2e0bbf6480c49f4c2ecb07782371533

    SHA256

    fd3e0d623f58721f263086532fed5c3f6989b17886db2c02c233e57a9ec0139c

    SHA512

    04690a2ce5ca87483178a13be91921a53baec6e61d091579fa17dd7190b60f1041794898a1a6338bf5fc9e328301b8a2d0ee33571746128119aab034a1b4fc01

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    abb092b86011d0c68b81348cfd817cf7

    SHA1

    3066fd82404a782b384865894752fa66263028b9

    SHA256

    79f4875e9e8df037b17a8bb0cc135814e569663b5122ed92d1ab157498fd5607

    SHA512

    44163d0d52e5afcaf47ffdab864da32904d6490b966ec315938c6516003ad9066d3a204a1ca1cd5d36b891b9418bdd6da03da0c1732ab2c27c6cda84533b1533

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ffb11b522ff85214ee1a17cb35dc24b2

    SHA1

    d698d66dc3c899b7e275e4cae6d448508bdb6d81

    SHA256

    0c870789d4174a0be7fa391bb07eddaa48fd921b504dd5078e32da46f9bfc18d

    SHA512

    3720fd9a24d89038beed85746780932693cf93a32789090409c8d3347158434856a6e6a078bab20e4c5d818f0b565eaa1007e234d0aa0cd01599ee9ffc34d125

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2d885cccd8a507b8624eb7d4a8b6d646

    SHA1

    e2f72c5ad334da4363a283f65f0766b88de1f139

    SHA256

    a63da9cc8e2924817d6a053c79da5c615482f988f1d5b1cf5f61a972d226a436

    SHA512

    9d91f30dc4836280a11449cbb04e7b42b26354efab2a6131d86f49e0802c75313446c0ca2b3f45c5ea9aba1d317326fc3b60f1010ccb6ae192e95a52265d9ac4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f32b0873e2ecb03b853a376c72f7a15b

    SHA1

    21cd9110bc468587ea2967bbbf94ee8454699692

    SHA256

    f1afe08f5b052d67ee214e6b6d37070f827d42faf777d66fbb1b637c7c1b52a5

    SHA512

    8a7a5748320f82cfc1c4c0f2124f5f0af6a2ab5b6baf32b305cd3e5edbbf067dfa3b4e4cddddd2fd606729cd8c7225d17764cc93f7fa81c7ab9db31909f149ab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6ab8bd92b1497f3fe2d194c51a2fd845

    SHA1

    f0cdb0ea182c1d1bb43bd7e0a9edb739f592e54a

    SHA256

    f961699a4f2eaf2305b70787086157e109e1c2e9366688b52fae217436573c88

    SHA512

    bbad271862cc5c48d361e287952a1574f0c832c292c0762172f4d21e537fb9a51a73ba7bd06253cf29e82803bbcc6065dfb0c986e516d9e884969f2f1959f732

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c6d7f71daa89bfc71c70240dbe0aabda

    SHA1

    432088d6dc8bf0ad84ca51771a295a1080326c77

    SHA256

    1e3c83a070012f171c035fc616899d03c6a124b301f59944d7293d2c34a3e4e3

    SHA512

    06bfb8d529dc1e3aa709e43786939b3937f2e084a5308fb8fe1a46e553140b8a7cf182e4a1e9f6f377d38b2bab90ea89554d56f6fd094ca1e7dedcff5a533b58

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    244532b541a43e10725812d6b9a4d14c

    SHA1

    cfabb5d9bc3fd20a8edff0655192cf8bd1632138

    SHA256

    390a28b20ed6ed8711268604b9f2b48409a689b69b6f04039586f8c8d7814762

    SHA512

    d9791fd64e37b25458287bfde7bb08011f46b891d185903d52e8b592c97a61f84ac28c26b61460a82c7396b43575635f06190c5c87e52959ba020901ec3933fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2b703fdb83de09a6b34eb1633ffe566

    SHA1

    e7ae2d0899ebb34a3af192b1f69448661271b13e

    SHA256

    e2f721a6f5d769618eb7ac2ae3ddf7f257ec2c8962682dd3ed8d8b4bd9a1aa71

    SHA512

    fa40f5ee2c126ab2bb81441f407593e104dff44035beff5c64cb3353e84bd95b9f9ef3acb069546dae41c74339b395363f9872179a7845eca1c2d28f2a3dd4fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    262af707f0a2e87ab78b3019294b3430

    SHA1

    eae30290571688dae2717caa2fd28351248a7163

    SHA256

    b87e402a2a126647824e9c8993fd82f636616cfaf0e05ca2da0e64a37960c773

    SHA512

    32c3923b98baedeffd949fcb9621fecd0a0480415a44a3d7192cdc37a9de92fcc4206fa4fb17c80d10e588f95e3d4ff2ef5ee53baf1006542920e3f2b95a9197

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6183.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar61F4.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit