Overview

overview

6

Static

static

1

admin.ps1

windows7-x64

3

admin.ps1

windows10-2004-x64

3

admin/comment.ps1

windows7-x64

3

admin/comment.ps1

windows10-2004-x64

3

admin/global.js

windows7-x64

3

admin/global.js

windows10-2004-x64

3

admin/list.ps1

windows7-x64

3

admin/list.ps1

windows10-2004-x64

3

admin/module.ps1

windows7-x64

3

admin/module.ps1

windows10-2004-x64

3

admin/mysql.ps1

windows7-x64

3

admin/mysql.ps1

windows10-2004-x64

3

admin/replace.ps1

windows7-x64

6

admin/replace.ps1

windows10-2004-x64

6

admin/sort.ps1

windows7-x64

3

admin/sort.ps1

windows10-2004-x64

3

admin/spsort.ps1

windows7-x64

3

admin/spsort.ps1

windows10-2004-x64

3

admin/temp...ad.htm

windows7-x64

3

admin/temp...ad.htm

windows10-2004-x64

1

admin/temp...ce.htm

windows7-x64

3

admin/temp...ce.htm

windows10-2004-x64

3

admin/temp...ad.htm

windows7-x64

3

admin/temp...ad.htm

windows10-2004-x64

3

admin/temp...ce.htm

windows7-x64

3

admin/temp...ce.htm

windows10-2004-x64

3

admin/temp...nu.htm

windows7-x64

3

admin/temp...nu.htm

windows10-2004-x64

3

admin/temp...et.htm

windows7-x64

3

admin/temp...et.htm

windows10-2004-x64

3

admin/temp...st.htm

windows7-x64

3

admin/temp...st.htm

windows10-2004-x64

3

Analysis

  • max time kernel
    70s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    11-08-2024 01:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    admin/template/ad/listadplace.htm

  • Size

    1KB

  • MD5

    fb7b7818c22bfce4b030f2818ff43484

  • SHA1

    18698a4f9af96e834dc6aed1fda5019b3d2cd04e

  • SHA256

    7833a1204a01e66a76c4a22eb787671b04a4ee168b36de0184bf584d71968336

  • SHA512

    f1c310ac218cd3d38b9295c14291c6169e40cd97ac425446886e5f293b5cfe36ef0bea868751b6015fdfd2b0d0b2a74a5e9111fcb86f88b0ab958f721134e9c7

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\admin\template\ad\listadplace.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:760
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:760 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1484

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee013e7984424ade4a1fe1760d28be02

    SHA1

    2ba5c2d663f85a9690452308890d04a4e5d4023e

    SHA256

    71fac1660bf5c2518d54d40db10069602d321c1d98c41861fad59239734c6632

    SHA512

    5edddd9efe4e1c0afd34a798408a228fe97fac8aebe36c33aa606bca3338a6fc371a108c63030e15927af55e0c0b59f0ab180946c67589cda6274da8c1de0b1f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    18f91fef6238463100b9f356b020e128

    SHA1

    bd8bd2ba7e3f4a3f30943871e091a6f94afb32fb

    SHA256

    392cd50bbb2e59775803d110649b06e82bd6a1d9eb1f37006d6ecf70ce86fe54

    SHA512

    a1e69e75019a6edd3097a7b0556f1b6b6a7563c32f7bcb7caad98bb6095302cf576b263e68ce83e763414a4666a0538d19a7ccc4654c60b5ce80d86e74c6fa2e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    682b13fac8930b5c01046cfdebab2a21

    SHA1

    8aa9dfe5fae7cd6f3f450eef89ca45fb12954495

    SHA256

    aa75c2e3b1e9b669f8d9762725a4c9af8ef49a1f05de1bbfa44dec1882696833

    SHA512

    07b54a429f683a4c6971349e4be0730aec39b62390f0698081726b8cea1991b9cbe3ae18a8ae15bc5e6ecfca6821397557d0a31d787fae15cd9a87f24187641a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    439f9bfbdcdee0fc016cfd2d0a014266

    SHA1

    53d2574f5e196034f724f79eca2e3159a4749baf

    SHA256

    0083a0847ea2ca706fa4821b3d978b162f389b01637339964102b45fe0835ed8

    SHA512

    b1cebdd93d10942c89c49934c3e282bab45a1c3968f11128f60358ae8f2029612ef8572cc93b3d4c5867209b86144f718fb5d37a4d0cf8ef11f25cd84c810982

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    84131548035a371ff899fda2dbc8244e

    SHA1

    97d161f8d63c96903548944a1200f9045adb0c0f

    SHA256

    6e3d956e6b1c99ffe8fe4e116f3c983c7412411d54ba6e49a96cd6ccf4322933

    SHA512

    fd7d1bd15e56c44e51ed139eaf7f561e7ba1e18a776fec5d0359065e16839077443fd3e73ceb7f202031371e8b24b72a9b16065cde57a8494a9378bc4c592dad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d7213847db5a326a09cfd8003b6d8390

    SHA1

    dafed073bcc4e5f33d598b212d1e87b42d80d7c4

    SHA256

    a925e437f42897d003fc58139af4160bcc81eeb90a54cd19a1347ab566358732

    SHA512

    a3f48904b200ee37448039a4f3fb96320c9a64ad073da164bdd2e7b7b4f2dae3aad932d152e2effe8bf01bba7340a3af7cbb2420aaa0ac9c8eb302faa33c8b51

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a9902a594923607a2b2ae40b5bfd72e7

    SHA1

    0bf7828a27dfc5cca1e5c067eec624255f1daaed

    SHA256

    2e24f613ec690c670f35f1c5dfc5e53f158e306a4a8854a147473bb89bd822a4

    SHA512

    7babf6407dcae98e157700a725c9923e61f475a4d2ea037c457c75c1bae33f5d84f20ed5db8a811188588741f45614ead559775062619d1a43febd00e545d574

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e7f64cd93de38a29063f8dbf2a5ca45d

    SHA1

    c44dd302f2f27e5f078409818ac7590c7a61cdad

    SHA256

    cfa719d62dbc77d41099445c63249adffade0ee981fcc8dbc05f1fe5b0fc5c63

    SHA512

    e9e480c5bb082f8c1953210aa52192c8faca46cbd01911e0d68a5c056fea1bdd349b74cbd19561426b36313efb4aedc024286203b82f96fcae274a149cbace47

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4508d52bf8794d222febbdeff4e83664

    SHA1

    dcd8c9f878971e72ce01d5e524ac80ec3c765b62

    SHA256

    2d57afc5b6e7929ce233fd0aba395b07be0acb9cb44482a562c0dca837f90431

    SHA512

    b7c0862e03fe31482ffb72b10c330395b3c2a9cd0c63e30768a9714d25566db9a1d0b7e215eace12bb4584572ad444e7963c3e3b6397b7b30dc575e2a4ab405b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8fb8511833e5e2a17a400a1c0d8f97a6

    SHA1

    4a368eadc0ba9b35fc0a29c63656c2f6f4946902

    SHA256

    1864f8c0d9b9d20b429bd2ec0de4624c9d77cc7234113196e1cdaddf76f4f3b5

    SHA512

    79ce735442c64911a7af34e6a486d9fb64ff0a6fe638bf94b914c2f62ff748efeb00dccac2d7d2f9bdd7f477b0ee0087ae502e2b9cb4236389a82b7d2d7f1884

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2710cbc49544bd0f8dd986a4cc8ab867

    SHA1

    37cd720e1bc8d34bee811c1282c52bc2cabd1618

    SHA256

    80f96a9d2483e7490fce4f0c51acf9820a4dabe30d57a78ad3698e853007d017

    SHA512

    9ebfbeceb96c5019b8a0ced192b32902c9ab3d36dda6076b32f830ab1db80ac239410310ed1b7d256f2fd86e2a2093c2763584ecd775c25223ec23ed1300e351

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    087b855fcbb1bb6dc9f32eb9a964c859

    SHA1

    5cb5a4c52d22d9e68e2e4e1d8336132b5955bb44

    SHA256

    65c639a69c87103950562dcd2da4b7759d5a0cfc21cc31545c6f4f5236d4fbc5

    SHA512

    11835dbdd05ff65093a6ca7bcb2aa1d8a7bea746b7a7bb0650ec56f94f1d4d2fc1a89fbbecea33c515f3c8aadea5336425c83a25d49031da0db677d76cebafb4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4e45fe75d4ebc776c1aea3d3e41ce642

    SHA1

    a56eac6a95a0bfa1cef6372f3620424f91433ff7

    SHA256

    5be2cf0646ca8dd74152b52751301f757b750d7df11a8768c38752efa6c6aeb2

    SHA512

    42710899db3000418c9afc8e0a5d61a19107d6758c801615c2990a03f385dc9679debfe6dfa898ee5e7d9aa3e487a1d612a31412e8de99dfba1125ab403c6615

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e3b83c7c8e7c381b5da54e47108e1cdb

    SHA1

    70f150e087d53057bec623af9a8cf65ff4f27792

    SHA256

    e41c9f57317353998240b0017b837380eeb225fda13a2563900b71403535b9b9

    SHA512

    2f13bd5a56afc364c478c7c00635c8a9573a46d536aa126dc33cd95fc50928b7afa414e8f110979f02eb1bce1622f1a0163f06ce344882853f866ef9f7003d2c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2e0972b13e52e4d3ec54f2a9192808b8

    SHA1

    6f3c610b9fca2ac1fe9b15508e677d225184b3d2

    SHA256

    2f315de45a461925871b22e014bef71f2dfd992edd1e9828542df9b555c3bde8

    SHA512

    8de2bd9063502c60738d0aef6c90bd76f38502d101b52b6df6e191eeb4a0ac5ecf083f9714b729cfac7083901d9ee51271c067cd6e2b1d6c42e09b9ca8d181e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7ea49ccd0749d6edd26eeb6b09be742d

    SHA1

    5bb1d69b87dbbb28a104be10834d8b26b1c5bce6

    SHA256

    913770b2a459cc21e280814add8a8d6c19d26a0a22acb454172eb7d3f28576c4

    SHA512

    7de3d046ebc0dbed564ac8339d158b7ed31502935c70d0dc18109e4ba404ede19a6f3f9a67c519ef30358365d5d5098d605e2b2cc7d168387ae44b1cb0b0a5c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e3ef6d301495008d890e4a3dbb1f345a

    SHA1

    0a9cb6d98cd8b5b7b8d0cb4e32fbf5800b3bb70d

    SHA256

    70d8ff7c644417ddc8bcb3953c378a0f890840afee810ffa330142f06267e890

    SHA512

    a080709fda99e451afa712af33c9958bf262676b7dbdcf8e9ad83ee0f7555b40860997f2655fac113b5c18a67eb971ed4994abb97673aaae0e850362c2a8d44e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab457C.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4669.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit