Overview

overview

10

Static

static

10

Phpcms2008...�.html

windows7-x64

3

Phpcms2008...�.html

windows10-2004-x64

3

Phpcms2008...�.html

windows7-x64

3

Phpcms2008...�.html

windows10-2004-x64

3

doc/新云软件.url

windows7-x64

1

doc/新云软件.url

windows10-2004-x64

1

phpcms/adm...nc.ps1

windows7-x64

3

phpcms/adm...nc.ps1

windows10-2004-x64

3

phpcms/adm...nc.ps1

windows7-x64

3

phpcms/adm...nc.ps1

windows10-2004-x64

3

phpcms/adm...nc.ps1

windows7-x64

3

phpcms/adm...nc.ps1

windows10-2004-x64

3

phpcms/adm...inc.js

windows7-x64

3

phpcms/adm...inc.js

windows10-2004-x64

3

phpcms/adm...nc.ps1

windows7-x64

3

phpcms/adm...nc.ps1

windows10-2004-x64

3

phpcms/adm...nc.ps1

windows7-x64

3

phpcms/adm...nc.ps1

windows10-2004-x64

3

phpcms/adm...nc.ps1

windows7-x64

3

phpcms/adm...nc.ps1

windows10-2004-x64

3

phpcms/adm...ex.htm

windows7-x64

3

phpcms/adm...ex.htm

windows10-2004-x64

3

phpcms/adm...inc.js

windows7-x64

3

phpcms/adm...inc.js

windows10-2004-x64

3

phpcms/adm...inc.js

windows7-x64

3

phpcms/adm...inc.js

windows10-2004-x64

3

phpcms/adm...nc.ps1

windows7-x64

3

phpcms/adm...nc.ps1

windows10-2004-x64

3

phpcms/adm...nc.ps1

windows7-x64

3

phpcms/adm...nc.ps1

windows10-2004-x64

3

phpcms/adm...inc.js

windows7-x64

3

phpcms/adm...inc.js

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    11-08-2024 18:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Phpcms2008 安装说明.html

  • Size

    2KB

  • MD5

    07fe78e1384e66f7cb5ad3a91df05479

  • SHA1

    6dd82adcfd24de4d950a1d8275f09ef90edc9878

  • SHA256

    8372d4889eaa16f3e82443c7f41aa9fea64e39a9e95e2e2c413f1098b2c5784c

  • SHA512

    9d5f671f7a3afbb732ab3d92691b05542c1c5b0898768b8869848e0b80f4f437d9cbf900d990ccfff9d342f8c70c64c41123d8bc83bcf08336d90f1c376d363a

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Phpcms2008 安装说明.html"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2400
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2400 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2356

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9eb7be4b577b60e3fee86d1ed2c69860

    SHA1

    790241d2765f7d089b41a69e0945224588a2eda5

    SHA256

    3f00b0ce102d07134d9cb3e29551151755db718262ea7fb8a0e2b78b02dc6964

    SHA512

    28a48747b72d8765f7476739d7b354ab0c388566681c94f1bdfd84bbae477dd7e4d5cdd7d0f6a9a1d8b73f5cc1c8c0760095409c03ac1193205fa2a5f396d52f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d2ff699af7b6a08876d6e81de49e0cca

    SHA1

    bbf885ac3c06b1e9cfbcbc8f88fd82191f9ff84d

    SHA256

    bea591d20d8476998eeff00ad934581223624ce0538c3a7899178f0ec81db321

    SHA512

    5452226ef26da02bfa2f3993a34bf991a88300b3b1ae76292ec859e65cb85258d2bbde2d3703fefa05ab89f702f4231360af24099f079e55de5421994ee1d488

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a5468826c3db85c2ec27f1621c812aa0

    SHA1

    61b8cca0f1cbe83166e6602cfaabb69ab247f05e

    SHA256

    002ba95992155bad8a09113e0b544e6c6a21961fc749893482492d8474329820

    SHA512

    c1469da66aaf6aa54408df8b3ad51b527fd69b39efb8e3e582f492e2e3f836adae503ab005ec2c9751fd6d56ece53c5562743452a80585f8aa5196568d9e4601

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    381a4aa9f021bb87c4db272a131343c3

    SHA1

    7cfd7690ecbb6bb1b6fa9ba6f28599b02b232ae5

    SHA256

    175bf426efc3f45221d7050a15ea24c8f5e7439df24e824dd1380a81102d9546

    SHA512

    b23a01d1d51e50c03e8dc6f577752f3ceee3c5d91be4d03298c6feb38ec5fac3274721f6aa982859aee4cd8075a2fa9973479fd9092184fc7b83d11feebf940e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f662710ae5d733c67a4b25a0e15ce597

    SHA1

    20ed3285ad5c204e58cecdc2d7ed69a7c363b184

    SHA256

    a14a20d02612ea8a0bdc06cd37526e9a6fa5a56f8d04917fdf88ea2ec4fa4aff

    SHA512

    c693ef427b2200402ce8793b44553c0229826485638a9b9995d0a9828c114dba46d339f4bc4d956cb617bc73f7db20ee8269770980ed5c4728492f72c45ae7ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    63b8ee0e573ed88c57950c6499371f36

    SHA1

    7412c4aa6fa87b214dc6c5f670352ff69ea5e915

    SHA256

    b93c7144d31ebeb927bf2465e6836ffd347a9d2121876336ce79dd539b68ff8d

    SHA512

    96290f95d4ea618acb0da9e15cb041d5ada2f9052bfeccf3c5f73d32a3116a174ef80e078c702559022bab933718db31b471a726511756ed55b54daaebc5f5ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5735ab9bb2007fd2546a29fc21b7ee3c

    SHA1

    7c4186f9d27703cc4a4e585560dd9c033d9d59f6

    SHA256

    db9599f176bf00690a32f923b2e870252bca09ab9ef5a4fb0c81a104a79f8ace

    SHA512

    761945e55c4780749e9e8fe5fac3532f925ff98ad773caa83db5aaed0ddf1bb3b9db7bd095100f0fa4d8d6415fd2c7085e5ad646ef5be7a5b9b90d1f72f9dc3f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4230c67dcb618a81beabb7b50c0ad52c

    SHA1

    4f8416f22441908a8444e30584c302cf77b48860

    SHA256

    41fdf34516b4859e1384dede21dbb404b69f52244189b2728a45c5fee2c8d42d

    SHA512

    92fb3a51046f26c192cc60862273cab82df5181ec727e995fbecd3582beb09d9c4cfac4d64412f33adfc79ddec354a3ca3ebd466c500031c44b5009cdc67f624

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cb495725e11df13489e00d2cc457b3b8

    SHA1

    a5def4434c04645e0e412e33ccf2014a018b3e7a

    SHA256

    577ebe8bf392072cdaae00b2bcfa8cca28f6455f015717ec892fb3c494d95716

    SHA512

    40b7dee2bdfb434ab6c5947ff2b969465906cf8d54e38e2f439817ab32be4385b3fabc50d79547d0521c8d4c4441775a91056c013111222c5f4c8057583bc198

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cda40d751fdb282e064672dc3dadc5c2

    SHA1

    867a8267090fe04c2fe2f6ab2c3274f16a8999a2

    SHA256

    0b16103409bf1efa8dbf48b31eb5458bc6c1168b92e7dcde26c130a281dfb788

    SHA512

    d42161e17fd58804e9ba145363655cbdd00bedb61f3b43308eba041b92f2d42fa673dfc26d9986c1f36bc4ab06fccad8409f9c8948b04febb057cea146e6b281

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d864bda302cd81a3fe02ff6fa18cf0d6

    SHA1

    d1bc3cae160331ffcf9cf4e79f5f3f006839f6cc

    SHA256

    718ae774dbfd7e1d473b28481a359470bf7215b3edd534c3c55eae983d453e8e

    SHA512

    ef41d7f00fb1ee08f39c6a17c9669e7b40a78da18aa3fe9d3b8f959be8d08b88883d68b452abdcc733c3e606081b6b9a030aba057e6ce70725bd5f4439adaf2c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    81705f0b0b7f026dbcda6b1dde4b15c5

    SHA1

    973708cdd51a6387f0264e7fc87630a6e783d848

    SHA256

    2bcfdf8b4947a1bc03fb1fd5447e194fa95b332918927609d4d28a163420148c

    SHA512

    6f231cba553c293e1542764827271381e3d646eea93563c492f44796b2011d3eaff6446a431d470d14a2fa8f5db6455ea7538db663aaaaef811578543525db93

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc739a338568f887bd497eed7b43c69d

    SHA1

    f7e3a27a990959c68b31fb03d883ac7907289238

    SHA256

    e7547edad64bd12e23421c2bff0b8667ecc2ce1b748aa10f49c6c51e27fe5f4f

    SHA512

    122f7fb32d7bf7048b5242f70e232bcacf1d60d82bd716e06651c810f1be2d0e933e368ea04883f2528d24478bab77f8cd0e5dae68dfff59afc90193d7169b43

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2A3.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar322.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit