Overview

overview

10

Static

static

10

Phpcms2008...�.html

windows7-x64

3

Phpcms2008...�.html

windows10-2004-x64

3

Phpcms2008...�.html

windows7-x64

3

Phpcms2008...�.html

windows10-2004-x64

3

doc/新云软件.url

windows7-x64

1

doc/新云软件.url

windows10-2004-x64

1

phpcms/adm...nc.ps1

windows7-x64

3

phpcms/adm...nc.ps1

windows10-2004-x64

3

phpcms/adm...nc.ps1

windows7-x64

3

phpcms/adm...nc.ps1

windows10-2004-x64

3

phpcms/adm...nc.ps1

windows7-x64

3

phpcms/adm...nc.ps1

windows10-2004-x64

3

phpcms/adm...inc.js

windows7-x64

3

phpcms/adm...inc.js

windows10-2004-x64

3

phpcms/adm...nc.ps1

windows7-x64

3

phpcms/adm...nc.ps1

windows10-2004-x64

3

phpcms/adm...nc.ps1

windows7-x64

3

phpcms/adm...nc.ps1

windows10-2004-x64

3

phpcms/adm...nc.ps1

windows7-x64

3

phpcms/adm...nc.ps1

windows10-2004-x64

3

phpcms/adm...ex.htm

windows7-x64

3

phpcms/adm...ex.htm

windows10-2004-x64

3

phpcms/adm...inc.js

windows7-x64

3

phpcms/adm...inc.js

windows10-2004-x64

3

phpcms/adm...inc.js

windows7-x64

3

phpcms/adm...inc.js

windows10-2004-x64

3

phpcms/adm...nc.ps1

windows7-x64

3

phpcms/adm...nc.ps1

windows10-2004-x64

3

phpcms/adm...nc.ps1

windows7-x64

3

phpcms/adm...nc.ps1

windows10-2004-x64

3

phpcms/adm...inc.js

windows7-x64

3

phpcms/adm...inc.js

windows10-2004-x64

3

Analysis

  • max time kernel
    143s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    11/08/2024, 18:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    phpcms/admin/index.htm

  • Size

    152B

  • MD5

    74a2eac9f7e210cba07b8fb08551fc91

  • SHA1

    08b1ca5df7662a33648ac501e981f2db2e64a0da

  • SHA256

    0f2bde3d82f53c91f604f940a1f987e5c2d4faa02abc33b6a296d260e8cfd919

  • SHA512

    56f7a469c612f94d8112ae7ea5208049fec3d97f5cd2fa84231b6be1b6fde69035f19388e517659506dde8ffba0c758e359716006f17640422695215e33ea83c

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\phpcms\admin\index.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2704
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2704 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd92b9c23e7b6993382f339e7bef65db

    SHA1

    a539909420a6e4d7fd996649dfc54b21f9489069

    SHA256

    1611e366ead1dc5d538e2a8564321b2dbf5ddd1160b0cd24ccb21ea80fbb2ee9

    SHA512

    eb5c4b3a8716c17be6f73eb4a00bd4c03817b14fb3ba65aa41d4b2ddeda66df709763fc56175c5dd28722ce5a69bfb27b5b95ab3664f169ed52ad146f8ce28e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    275bad770056468175fd147e044e71aa

    SHA1

    3ede90774f30ce95180314671aea8e8f3f890847

    SHA256

    43b2aeaa1331cab48f8055080fb43197297987db6cfe86bb55afed5d1ded8479

    SHA512

    a21310a82356bcb0fdbd0f4e4826175b53e44f8571f011fe0a2989ae59b636a138075e9b21179ee5e7289a78cb5f3cd03a67c5feced9a3851661fc692f85e7f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7c9f8a2487118489852cc67871ec6f9f

    SHA1

    fc43cbfacea14f41e517038051d2989d1ed1972c

    SHA256

    e7df0af5fbb27249a333f2383cbdd7265e2a35037d39034b96ee2eeda3082253

    SHA512

    cca5bcc69cd6201bf0ecb543486d4d8a176a492764bfc8bc3ccf332910891ef43fb843561e78cfc78faaab8528c8a7233aad000668ca6a8f65d42bbe1df4b5f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a2d63ce3cd028217cf1cda07f0687290

    SHA1

    18a8b91ab4bad60221053b6e0958a3ce05609706

    SHA256

    811d580abeb15c03205cc04dd7e3f3e12b8aaf1fd0789b81f1b2c92357e5eb69

    SHA512

    cf02f4a41798fcfddf9dd9d6c376edcb52001e32b1d94144ecbfef2a9d8cbf98a038ec563694a63a3f4aabdbd57bc8aa40ef6061291dabf6d64a358f8f513890

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f91d09902b805bc5f42c09e6aa7ac394

    SHA1

    ded1a7b5874701e77c8c6a0ed2cc29b9fb0184cc

    SHA256

    ba7715a07057931857e4d745ca541a27fa7a89b0bcefefceb578c116e4326010

    SHA512

    67f805d385f84b507997edebda8b757296411d4ab620a460fc6d9fb3a077cb107a1fdd629558a5baf6cd1e6390b4bdfc5434c616eff1ab1f58efc5e339cf9cec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d23a1aafab678eb82a415a5cba0f1e5f

    SHA1

    72e3dfc2b53f7410b4959665b15a5ee75c551bcf

    SHA256

    8b6b813e8d8e34c252c75d32fd9e1b099c30c5c0b2701cd8c5508f1ce577e633

    SHA512

    2013224ae99612838bfbe646a5be33455c91518c85ebe9865b35e145270814177b8b047fe0aea1344cd70e3e0a10e18eae8d8058182ed8c059ef46aa730ed011

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    271daee442d7c2e6032c3388367ceae7

    SHA1

    96e5aae6f2fb48d9b12cf155660778162e87868e

    SHA256

    47bb38ed06946c30d95edfb8d90d4d958d4e794185b227a422e439412816d228

    SHA512

    4e957c8a90d6f55d0e7d3ee7ae30a2b46a3fe47a4936c88324b5c6f8d6f42c5e98f64ed1b96fc2a9843499bc42dd1f9ce63f4c6a87a7b6b532fba30aaa49e791

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc23b25675db21c312132abd98bb2d1a

    SHA1

    3ba533cd4303c5ce118f4dbbce8f180b77d4a99b

    SHA256

    a8e969df38d8263216b9d1707a88f17e7ba25c2a15bcfe28c08e57b91f8f4f9d

    SHA512

    409a4391b8cf7b5bf8d91726563c7a3e4e786781e01c0697489ebe5c095adc7a42e7594cbe45a3c683da8629af29d15bf7bbe254074e755d4621bf31c04463d1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1d6d3510c3102a9003905e42f62d13e9

    SHA1

    dca2cf1a6eb41ad2afa4712d0954414dbd9ac537

    SHA256

    a251e5a83d9176ef3aa4a79de9542219fa4e4929d146f1d43b799f820388783e

    SHA512

    f05dbf2e1fc7d07e7bec706c4fde1a510bbe346c46a7c3ff2b84987b9244798df649d53d334077c6c8a3e35749fcb65ada64972d6eb551030f0763bab210cc3d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7df9b21cde863651a6d974397fa0594c

    SHA1

    2c24a7dd7dc30c300e92f8da779a832fdef4acc6

    SHA256

    f45f74bd63e48e1e9bf5f8c9fcbc32a176b5d23684ffc3003063acd620e1e21a

    SHA512

    77704bde1f9910e619ef1571d58e83673f4bb00f950721bc6cdd155fc0aa26f2ad75cddd7dfe4175d4fa51eaa1f4dcf59ac69a09815247c09048b12bc5b42243

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f4753c5b2dce691df9784c4306ba7aa

    SHA1

    7406cc2dffca70130c6b9f557180e3be68aec25e

    SHA256

    6594de5c14cb0467568fb20f124699a7e35956478a2dd6cb6cfec81a5753e21e

    SHA512

    99a9829a69c7f9feab18bd1cf33521be63fee5d0066765c216664184538f91eaed64399350d4fd216cd09ad078657c58787a0ad044c39089b0870f44ec94f069

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    780f6e7427ead42fae6d95f913205cf2

    SHA1

    2b3623234975fe4a83ed302e8ffcefd51b4961b7

    SHA256

    fa4cbadf744e0d20bcdf93f733a1e9e8144241d19d21bd926e5233f3a9a2cfaf

    SHA512

    e22d63da3fdfa244345b41fe275b2de30af05ddb31f51a82448648644cb397cf0622d55856c626c9bac327ab98b09ce7cd9b49995120eca5ea3c2d31b39794a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fc8737ebd3b737fc54ebdef937fd0a97

    SHA1

    2ad0eacbb8b01e3e3c37645d9e8f65e818991df2

    SHA256

    6ab7ed1ed2255c224431c45d52d5f2ee23a084fbf73d188b9e163113ef581cbb

    SHA512

    56436074e55e24eafca795361e9c0c9fe535a44a0b7f92f6942c94652f5c0aa2f602d9b0cb8265fb33cc8b01ec7242d53a3b90daf91ed34aeacf2122e4974fc8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e2042b08f8308c23fee380e58441e39d

    SHA1

    6850344588926da3b60dafee683c96f88a3a8caf

    SHA256

    8fa06c0240c0b7c5413a0fe8dd49bae12f16fdfd4146f6ce0dea0dd1c5180031

    SHA512

    150ae51dd98e1023afa411951b385e7142857e39f7fb2b245121012aea6e362990760b4d81025b7d8f0057d868c4e5ae4c81c59bb36fe02c6ba6156c980ce48e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab71D8.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar725B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit