Overview

overview

6

Static

static

1

admin.ps1

windows7-x64

3

admin.ps1

windows10-2004-x64

3

admin/comment.ps1

windows7-x64

3

admin/comment.ps1

windows10-2004-x64

3

admin/global.js

windows7-x64

3

admin/global.js

windows10-2004-x64

3

admin/list.ps1

windows7-x64

3

admin/list.ps1

windows10-2004-x64

3

admin/module.ps1

windows7-x64

3

admin/module.ps1

windows10-2004-x64

3

admin/mysql.ps1

windows7-x64

3

admin/mysql.ps1

windows10-2004-x64

3

admin/replace.ps1

windows7-x64

6

admin/replace.ps1

windows10-2004-x64

6

admin/sort.ps1

windows7-x64

3

admin/sort.ps1

windows10-2004-x64

3

admin/spsort.ps1

windows7-x64

3

admin/spsort.ps1

windows10-2004-x64

3

admin/temp...ad.htm

windows7-x64

3

admin/temp...ad.htm

windows10-2004-x64

1

admin/temp...ce.htm

windows7-x64

3

admin/temp...ce.htm

windows10-2004-x64

3

admin/temp...ad.htm

windows7-x64

3

admin/temp...ad.htm

windows10-2004-x64

3

admin/temp...ce.htm

windows7-x64

3

admin/temp...ce.htm

windows10-2004-x64

3

admin/temp...nu.htm

windows7-x64

3

admin/temp...nu.htm

windows10-2004-x64

3

admin/temp...et.htm

windows7-x64

3

admin/temp...et.htm

windows10-2004-x64

3

admin/temp...st.htm

windows7-x64

3

admin/temp...st.htm

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    11/08/2024, 01:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    admin/template/ad/menu.htm

  • Size

    458B

  • MD5

    fdd0f7d24916b80f82139d5dc40ad2ed

  • SHA1

    19697c40792f4dc1b8c6993c3b671cf32df5557f

  • SHA256

    1d2e8a2e6839e07a0f87b3fe2b5fb8b35852ab4802f3c2a43cc93c576fa72448

  • SHA512

    945cd5aeef3a84e10f4873e01cdae0398eebf08261ee67c1a9a7f265361dcdd81c8defa70844c38866deed049ec814b8d17cd3331fe7aef0dce6e50769f45c31

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\admin\template\ad\menu.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3024
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3024 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:584

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    30b3ea27990834e251eba1dbf5053cd3

    SHA1

    8be20b093ad15163a60d4b831af611ae615bf979

    SHA256

    90fb0f40162ed9e3b8ffb2226593bf0e9cca48103e131760a956c3619d156a49

    SHA512

    a3881dc85d33c2da646ce92ac42285b721711cdc39e225c80c52a4a797d5e1378f4c03ab4fb2d24901eafb32c90d90f7bb1b19a108f710ef619491ce898ee0f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9f843102809d63eb811b7fd83160c36e

    SHA1

    bd02b762f02289808bddaa57a77d408c40d2ab1e

    SHA256

    5bd82067793be95d176eb56a6cbce41f679905b7977ea6733fd9b250233dc963

    SHA512

    0e3abc7be10705e4b113a7304113fdbd1afb48deba0e040f5815f2b158e5bd27f760a5e82536777867f427394b22bdd6f8f85e690badb133a177753496efad82

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b4fb5117a171c0929f3f694b8bdafd39

    SHA1

    d23cb30e8b4d50ac344aa8e3c688e6f60d3d385a

    SHA256

    9b9a4c2ef80a0a1e8c6a50bd890579b47cf96d5cb205137b833e7957aa128ccd

    SHA512

    08021c9055d4741cc6ce67f4f8c504913b02002e30ac939ac1ba73a9603fd21d1f848e49495f067fdda4d65258cc76fdfeceafd5da1a6657c96fc2f092d9254e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9675d48baaede766e65da69b66d624ab

    SHA1

    e260f4b5cb1c357dccb05c2ce655ad8c2e455ee6

    SHA256

    357d7d3d87066a429d9abfffde299fcb38a2850927e72b31f8fa0c3d1b894fa7

    SHA512

    9ef0609ae4672899e39e43dd8bfd18fcb052979fe12fad03b1b2c1942557c71f7e2e509f4f1fc8e77aaceb0bf9134580020c8e19d7ecbde6c048397b0e9d7143

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    764d09eb737fbb1387adde6e44671f5b

    SHA1

    ff10f0d8198ef3ffda04c7a7868910eeb0604e41

    SHA256

    85f9025235731c772b13fe331ad61b72195ceb8f858206b6d423f0c0d3a7c1af

    SHA512

    f658064b28c10360ada5cd6075ff50e8447064e0f4168d52c6556fbe66265296f62da18b894ca81c242921af081dbbddd54d79d78cc14766eb081db39c8ad07b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    58411b4cecfc631e0466e7395a7182d3

    SHA1

    68569c679c666bad57383a0e9a1e3d7f62af6ad0

    SHA256

    678b866c518a3d853477e9891b284a4106439fafda0fe128027d5c43417cbca5

    SHA512

    05eaf73c7e334cb5e1c537f582fedc167999c609b5ffb039a0371b4ae21eb32aa5536950cc8f1f563e3db0bf17b491fc77df3176f453ae464abd8f234df2cdad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    69c8208d49c9983a16d1f69c1c6c9dee

    SHA1

    834f4b1247a57c6921ab6efde568c8a3b1943e05

    SHA256

    cce0b6a22a6b312a4f068806f801596bbc058dc7000dcd996a5748d91a514577

    SHA512

    7ec018516f829f12f372268ee927dc9ab3ed211d4ffc46e600338bffc32309591c1eb0766e6e25d42f8c294864c321891db8e327e65839b874acc7027471c628

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3695bfb2341bf64893b682a73e5fbcb9

    SHA1

    b4d1265b695fd8f85cf73dfe552e7bbf3261be87

    SHA256

    a96ab549d1157ef5131f1d7eae6bfecb8d3b6d9a24a6034c89535d75ef4be479

    SHA512

    a2c7077a0c039b3d74c7943c880bf6b61b6e062e4c673d0c73c2db77882c1d9506b73fcb00b2729644c2c30c6ed819b0b05dec1a102c6c5e4b2dcdd42fa461da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7fdf7063f12b01a37340f303bfea7dd8

    SHA1

    5242ea609e8cd1151f8af93554e74cef984fa8e7

    SHA256

    655f39b6e4b223b501c37b846d52d46e0078953bdc1a93113d28f9610b314990

    SHA512

    f042961fc4630639acf126906916150c537ae01c20555295e14992299c61837062aeeb443bbea82fdef5b4300be08a4e4d70963a56d726c0b416899dbcc661f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dce122dafe800142956820cf7150e25f

    SHA1

    f2b0a5d5baaac85dc0d5ea8f8635f26e5eafa963

    SHA256

    994d5716ef7ad5f60445fdbaa667cf20bc540588013dcbd4a1cb9343e7878274

    SHA512

    69d7e34c7257e45a88de77567d9b0cf572aff14c76ba6b729545bc6bd05d4e80ded241dc010aea2fd431d439741741fac7f42bb9bd7c284a3ed5d1fd95d5a508

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    78c29ae9851403453ea3554d0363f25e

    SHA1

    9c8c1b4d211d432e59f99c628667afb34f3562cb

    SHA256

    b0e52b62d2e6047fa0547b7f7c1f794c763eba8ceb1cc77eaa5d50ba6cab727b

    SHA512

    81c13f4528271090d5ac5d6b0abd3cb913a80633bf53aedcba17b7b0bbf666f33176d389d533b399bd1a9ff0c65593e7df9ff27e9f784f2192705df67906d24e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fb2ab9273c862201623edd2e08b23ca9

    SHA1

    d1e668fc6916228f263a8b425a2c57470ca3728e

    SHA256

    e29a70043a01c14f121ae5d5cd5d5dbb5d8e8c2f188e210ea0796114c253d749

    SHA512

    2017895b02bbec610aabb59bba525612556136feeb896ddeff5ff277000dd98a4f8f6abfae1e99265cabbf11952cfaea106440f212e153e2c26f03e31a067315

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d2a1847ec5761a1e0e16b792f888d06

    SHA1

    398ffd2226371cb5907f64d79f08cf63ee6bae01

    SHA256

    1845548ba651cf2ef0117515097b060496a30b4e87ee2e141b78e83069f9e2b7

    SHA512

    5ab8d90b28b940143680aed06b1cd7e823352328e67834ea076634433424e4e885192c64ebd72309dec495bd4e1eb48d28e2fd6c840c792e2f612df0cc65cbb1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1bd8628cf3747437ace6b7fa4d710a0f

    SHA1

    3595f3b6a8ae7218f2ebd4744831d4ad72088e6e

    SHA256

    3dab1ddb52d6eaa326ead9d6a8b1a8f6e4e2fbb8da67478e163eb1b9486266e3

    SHA512

    ae73a3591928466996512ce8268e2d13a1c0abe6fe39323cb2a2f027bf1616d5a292e35f2737afd140ed6700af13a945d132f034871f5d88e704f71274974978

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9daf8b4de0e1ffcc604130e3c51f5aca

    SHA1

    3c72ab5b2511f4197a3297222f73a26961e5c170

    SHA256

    cdec6800c3821cc40c72d3c39288ba62e95cbd500765f85de28f4e1e4cd1da96

    SHA512

    b81238b94999bf03fdd99c92b3863c3cdff8411c2163a765004db11d8db72782eb9576f7011cad363f5c1b590019fc7fca0682e9211bf8897bc23e8aaede9f39

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c84f3aabc43bea291151c3a7bebaf155

    SHA1

    d38b142bd4b494d93cc1a5e9ce0393e99b104432

    SHA256

    b3fef17841a69c751049969dd997ada79ec7ba26debc3e0c186dffce7e3bf583

    SHA512

    41281372f85fab3ba6910634ab04363f3880e15eaf3b9d1c0abeb97f7898f153774323aac02b228b316811f77458f3ee105124c09652cb09d446e822a1762dce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    58a43a0deedfe92b9d7402a74748e8fa

    SHA1

    020916c87f7531eeea0677101196f66e9e00a5ab

    SHA256

    ba5c46553983ef1d42dfb190607678a170120ac6f166ffe6d59cae08f4f58808

    SHA512

    2d605e69fab8fe7de4042c8eb0ef8776d024be6142d936edd48c17d714f2d0950b897ea8d245ce13128d0d0043cd9417f276ceba10746cb32ea1f85d6f233cf8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8829c4a41bc7b98b5b26d8dc5fb0ac1d

    SHA1

    2c4c089090ea5a62dec997cf078999e197adce03

    SHA256

    ce893da77097ebc1ae5eee445d05f36d03d404b7673b19778d8e36162c3bad06

    SHA512

    dfc63c70cfb685a1f875d4e4ca8e387bed52efe8940adbda66c0a8e39c5ce037e48e16aeeadae5f03523d4a7e0382abdbff193f51a33961d26d116dca9c29c68

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9958419e8ae30f564fe234cdbac3c507

    SHA1

    e78806fab2e57ba57f122dc75ee82d11bb69001c

    SHA256

    6a2561871443539e5ffa59cb8bd6d4148c4a1942103a49aad9f5411bc73875f1

    SHA512

    5efc374a7a37edade627d69a3748900d7faada3fa780483dcdbbf5ce3a6f1cb53bb438e7f28c7dc71fcfc21880a874caec3cfbcc7358c156080f23acebcc7ba2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabED8B.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarEDFD.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit