Overview

overview

4

Static

static

3

房产中�...32.dll

windows7-x64

3

房产中�...32.dll

windows10-2004-x64

3

房产中�...14.htm

windows7-x64

3

房产中�...14.htm

windows10-2004-x64

3

房产中�...17.htm

windows7-x64

3

房产中�...17.htm

windows10-2004-x64

3

房产中�...18.htm

windows7-x64

3

房产中�...18.htm

windows10-2004-x64

3

房产中�...20.htm

windows7-x64

3

房产中�...20.htm

windows10-2004-x64

3

房产中�.../5.htm

windows7-x64

3

房产中�.../5.htm

windows10-2004-x64

3

房产中�.../6.htm

windows7-x64

3

房产中�.../6.htm

windows10-2004-x64

3

房产中�...ex.htm

windows7-x64

3

房产中�...ex.htm

windows10-2004-x64

3

房产中�...��.doc

windows7-x64

4

房产中�...��.doc

windows10-2004-x64

1

房产中�...up.exe

windows7-x64

3

房产中�...up.exe

windows10-2004-x64

3

房产中�...up.exe

windows7-x64

3

房产中�...up.exe

windows10-2004-x64

3

房产中�...��.url

windows7-x64

1

房产中�...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    11/08/2024, 05:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    房产中介安装/help/5.htm

  • Size

    738B

  • MD5

    49b132e65cfd3d3c4227a252f33322dc

  • SHA1

    03eaf7d6d2b32b2c62660bab3c4fa86bc722a77d

  • SHA256

    4dc45d4d7b59e3a2e84cee9a181011d52d9b0151c34ccf2a099018d73fb91ea0

  • SHA512

    739c519db561835c313dffdd8365c6bf6dc1480246ccda0ea8b801dd8d656031d171e9a57149f86c11478c70a0e1341f1d8fcbe8615446b6850d237020ce1864

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\房产中介安装\help\5.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2244
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2244 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2212

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8e3a9f9fa6ae40fb9d4f7a260ceb5fe9

    SHA1

    a8fdb52a08c005c186fcfe3007e3b19b6e59bb90

    SHA256

    55853df5859ac13f4024300df67320c3500740837877d060ee3fd8e77f68abd1

    SHA512

    ed35afe347bee681f7331bc9ce51a68b03eba8fafdee65518f3c98e3f7b86b50c28fbaa7833b5174a749d48d92b88b7fa3ee152ffa25dd1c96f89372524f2c6e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5e93967f2ab64de8f761dc1c69f9f0ed

    SHA1

    39b8bfbff698ede1f88358330e5957279af667a5

    SHA256

    794e92204d6c1907deb2c8ee96883db95f21ebec8247da7c08fa348bb1c850fd

    SHA512

    d818af5b9434e72cc751492211d61083ecb075bb0d1a32736995a3d003817d717051d996f239b6e728e462a4072581e52134938c3112d85ccee63e54bcd846d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bc055959c21a99f64b140f49a349d6c1

    SHA1

    74d70facd1efc1ab6e021737c2da6c30e276d2ab

    SHA256

    5272758d92f48cc3badc262007fc6b31bc9933f6b65882adc36c1ef6eb565c43

    SHA512

    69f6a79688846c00f445a5df77f53c4002df9213a183aa5c84ecdefe7e1e8aa882253027ea3835d387546af8349f0af42da0aaf10b0f1ebb044ecad4b74552e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6128ea2c365834fe9897ee6f66cf955

    SHA1

    400e67313db0230ed1507756d6d04a0d911746ca

    SHA256

    123b5ad68134e87540a51d91cae1d2f215a62b2b2a847d1722c010e15eca7762

    SHA512

    0410225196141bbe8f50ca01ff930e8f7a2a69dafe71bf4e516adf8aa31a65cb5bb856179fdedc4da3a69566802613462c1325ecac93e552d1bc0d3fa6322038

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    07d4f1c5e12f2d5083064cb20420f861

    SHA1

    3ba6405800635c86cc2545adb14b0707a54047c9

    SHA256

    4642828481814999d8b0414f57ace86ff53868db644e85054481c9867b0bb726

    SHA512

    7f8b834f7ae544da399697382c9971f351f8c3b91fe1eb1eebbb775e821a05a11309b6bd43c5891d8193d60897a69720a71b66f736ed2fefaedfeaf1bde16ba4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    253add12db32efd9bd44fe7fbee91bf0

    SHA1

    db3dc4268e613c76f1fcd6bbdbea986f6fd787d9

    SHA256

    5df3254d564d5a650aaf5d6727059cede6a5b7cda5cb93b987068b9fec040c94

    SHA512

    f03ca3640289e2c6b793cebee60d28b40a1f5a2e3b4276d0f3a9b5e22406d0e83ee15c601a09d14e20401420eb0aa614d007c7593f5d8c63b108123a1f3f9ebd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7c456d910945c98b2e08a4b9f13cb2ac

    SHA1

    fc614fd4aba5871e02437c4eb5d551131cd13a46

    SHA256

    07c91bb7372ed08b6283a80090f3e335af38eca98c74dfa2f9d1e0d65b59d8a7

    SHA512

    832f9a51e75192f98e5350b306006c2af20d047e2c5de247c8b97e280d63fd1cda6632d73ab33a64bdc8304ab150d43e8a26f724e737ef29651f816335b55932

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3274a7cb8771131a1a0c71f62740ea11

    SHA1

    4da83250edb8f60e4548b2190ec93c6365e477b5

    SHA256

    f47eba3cae9d67aee805a3731b10df767a7b3bae88fcd39e4ded37da37c0a36f

    SHA512

    de40e03916ddf1fc7ceefc78e98e0fddb7ead0be0efa515d890acadd8808599239568c396a7cfcac48af377b20e04ceabe71c3290f8574e4e6aea1858cf88d5f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e05c131dcfca19e5b0dd4957cf8b5cd1

    SHA1

    c795e0d3e63b1308a316eca0d0d55d49f3e16491

    SHA256

    85c3435d27db4c6f5f8ba9aad0331c228cad71a5bddae29693cd1cf414d6c329

    SHA512

    7b844eb10e9f65b2dfc17e1b2aef0ac4dea5e82054acdbdb7101c6a3ca7f27e81e2b65ce7f324cdd6ae321930f3693413811b5079a51558fd3281910a7fc1136

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7c60233543f0871a085ea2efc557a2a0

    SHA1

    3c2505a5be4eeef553079f6dc67c7897a895029b

    SHA256

    9f5eb0742683e984b8da76be52f11b30bc999101798b1e09c3acd3af2ca44279

    SHA512

    052ba626e0eb9aed7953eb8bdb61f4cd10a2b2f12ab84817ffb5d960168671fc183a8abbefcc3291fb5c0e299299feede8dae49e319c2ae374b8782ecda1200a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a5dcf64ee35cecebd77b956c86d3265

    SHA1

    331bfbc551e962cc720417913bfb2aecaf130340

    SHA256

    60e13daa840e53ee1f4365cbd5dc82e5f6a31eb6dece9dafab7168985977a669

    SHA512

    0ca0051254b4f3c6eb33938263bdfa05b8a5565615fc81842dac0ad657fa2f13cef95a16d0e6116608925e881c62c935f669e840c3d6b22a220d2c8ac8e2d373

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cf59fde10e74984fd12b3d6c336f4a25

    SHA1

    a3a700f53ea9a04c4447f71776b10a82a1150c83

    SHA256

    3185ee21e091e6bc174feeb07865e579a245dfba9f404df381cc41ea285750fc

    SHA512

    c3d0cf227376781cb3e139537b118e80910450cf30675f121f6b11905b29dfd5881795bfd3a6caf47a781fefa4e0abb0815d96dc43bffd4dc9ff58fb979e4077

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    acffa00ca3f46c78959bfbe319bc42e2

    SHA1

    415c4b4e08e7025ad722ac39eef4b8f546ef8b76

    SHA256

    cf9f3c680918f61a66727aafc5795ddf4c7d19dd09ac4d8dbc8fecfec8b1a308

    SHA512

    599bbee194ff99f8cfd0da242aff36824bfe2058fc163205c562ae60c1d6fa8f2fbf06bd4407546161280046ac2dc33a42ad46ea549987a03232982d4d240f70

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6cd9096f329508a92a2f2d09017f3f72

    SHA1

    2f27d041735dfc64e45e64929e2fd1748d5c2492

    SHA256

    901dfbcb4cc6db0d52675ca700e98cda83a2c339dc51d9bcf21d36004f96b544

    SHA512

    db8ca60948888a2ba926c54f5f6af9a5d4c13b7a30e1ea82509c325110c4e32e7ae5d3357115c23e20e55e7161e758671e9645e68f513f97b95dd3e736e89dda

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab8DB2.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar8E51.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit