Overview

overview

7

Static

static

7

wwwroot/GetCode.asp

windows7-x64

3

wwwroot/GetCode.asp

windows10-2004-x64

3

wwwroot/bottom.asp

windows7-x64

3

wwwroot/bottom.asp

windows10-2004-x64

3

wwwroot/ch...pe.asp

windows7-x64

3

wwwroot/ch...pe.asp

windows10-2004-x64

3

wwwroot/ch...te.asp

windows7-x64

3

wwwroot/ch...te.asp

windows10-2004-x64

3

wwwroot/client.asp

windows7-x64

3

wwwroot/client.asp

windows10-2004-x64

3

wwwroot/crm/1.html

windows7-x64

3

wwwroot/crm/1.html

windows10-2004-x64

3

wwwroot/cr...er.asp

windows7-x64

3

wwwroot/cr...er.asp

windows10-2004-x64

3

wwwroot/cr...nt.asp

windows7-x64

3

wwwroot/cr...nt.asp

windows10-2004-x64

3

wwwroot/cr...xe.asp

windows7-x64

3

wwwroot/cr...xe.asp

windows10-2004-x64

3

wwwroot/cr...st.asp

windows7-x64

3

wwwroot/cr...st.asp

windows10-2004-x64

3

wwwroot/cr...nd.asp

windows7-x64

3

wwwroot/cr...nd.asp

windows10-2004-x64

3

wwwroot/cr...se.vbs

windows7-x64

1

wwwroot/cr...se.vbs

windows10-2004-x64

1

wwwroot/cr...ig.asp

windows7-x64

3

wwwroot/cr...ig.asp

windows10-2004-x64

3

wwwroot/cr.../i.vbs

windows7-x64

1

wwwroot/cr.../i.vbs

windows10-2004-x64

1

wwwroot/cr...ss.vbs

windows7-x64

1

wwwroot/cr...ss.vbs

windows10-2004-x64

1

wwwroot/cr...ad.vbs

windows7-x64

1

wwwroot/cr...ad.vbs

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    13/08/2024, 20:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    wwwroot/crm/1.html

  • Size

    18KB

  • MD5

    825946fd46cfdc5eea7ee923f0753500

  • SHA1

    1ff8b01892bfb43a13e8f7efb2392052e0020dd2

  • SHA256

    f4dcd1e0ee7a7d2fff5627d12cebe9e55fc2e31189dce8e49cb9a1c2f8e380e6

  • SHA512

    5f5575c2402ddb9031724184c63941867b9a50abf72e54e52c8af64d5e8a404883bb5592cf825337e4b179423230975e07bae1b27c0320c27746c6e6299e77f3

  • SSDEEP

    192:XztjMBI7BOHyaNbAs8s9UsVORJO5lVBD81QGEm6X5BScEwFClf8YCDZMIH8LoX8t:jt86OHtNBDRGE7BScE2Z7ZMs8UX89dpb

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\wwwroot\crm\1.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2880

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    51dc903cad0c46c94a4da49ff407d80d

    SHA1

    168cb88658ff3ffb9d8e8f78e7592b22234e1ce7

    SHA256

    f19207e339d2a76cefab4a80eb05f75196687c58d0c6f7cd3f2b2095855fae8a

    SHA512

    92a0055a03137a304567c13e33f1ff46bd11a1a19f4d7a4fc1f8135215c9017bc223c3e8405c9e32273ebea7d6f2d5be55dde020cd450e147c2227c6af8f580e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b5aa65b304b7402e3bcbbe6f2f74dae7

    SHA1

    b1042f307e1bfcc0261f74b9675c741c115899f5

    SHA256

    df719f962e33b15b510d69e8ba87091c117ec41580f43d56236c669e8b64fe75

    SHA512

    54253d7a5a297f81d304d348096c81bcbdb2633d0a017e9b99580f8374ee963a9a7880b0adcd786b594d3e383a27b6bb213306ed46338c1f8bd667881cb2b95a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3707901e9cbd40cdc9a295dced07eac8

    SHA1

    e3a916b7d2f37aa57329f97eead3f8500ebe4964

    SHA256

    da1461325dd340996dbe45ef94392203ba66f9954fa88a3b8a596441ba403a7b

    SHA512

    22648646750eca52fab65af07a8bf16992742ea807852d8fb0022aefa841a64ca59bbce65e2a9a735926113f88ad06544c716ce322eed5dab69d15cd883034c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5826ddafaa86a53673541768d927d139

    SHA1

    6f750845df03078c9cd592cb0e3a7e5425dbf893

    SHA256

    f898dd27ee756f2c999a573e2e480b29c9a032a519819e8e9ef1acaeb252eb49

    SHA512

    8b5a0e1f8adeeaee30a8dc2aa2da5fe81ad47009c707bececa9105392e5ab6591253b4b9a034da53f58a01dfef12207388af7dec0784161b5feff30e578e7149

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cbea9924145ad338a768ea71f40e2823

    SHA1

    a78363fe7b79d891cd821984f00445e773fc6e16

    SHA256

    76fbd32ef44439db56f588753e799c7682ae4342313b018c53d893fa0f279be9

    SHA512

    242c539ec3d7413257ddcd97ca14b126428acd763a08924710297e874ef98c457979efac87de0f7d91230dc1e3cad2122dabb113b56da525e601157852f2bffc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8c1bc0ba0be64af299c71e6bacf09529

    SHA1

    3c69cfaf385e8c37ead44c7c9762ad8c45725299

    SHA256

    5c0bcb472ff9a848a55c2dd71147ec4597659aa5dc3c25538026d1c2a9809290

    SHA512

    2da6d7159f4fedabe77d898953b485b6627473c0124faac148b998a71c88e980bf3c58a7e1b5189546c7cdf5cab6e051a8ed41a76e98892eb8f4f3a86e6d8707

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    972a949acaa705f2b97058a31452c213

    SHA1

    88b4114993240b24c0ff34b7a2efb52708a76c4c

    SHA256

    1eea875742ff37eca95903d0c7db5b835c3309ac7baee02175b887cf9d133c3d

    SHA512

    b174e188fceba0eee6cea9eb36ab22b94e6856fb800b622c6fe21ea478ce35b148c3d30ba572f946ba9cd2ca383fe703f5ad896b9f4647fa0b8f137d7b51e03e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    84ec21e75555b95f3a0e3d4c526462c8

    SHA1

    0b7c84660f77fa3eee400c99369dcea9fb9417f9

    SHA256

    961a6f188c61d4f25e0c181339ff15e65b3033bc095868bfab392c87e907f1ac

    SHA512

    154a0c72075f2c2a1eb2bafdbe50fc922e1299036f88b14b70a393220f652432350b5e34364e1379d907529ff658262ac5741cbf11fb89afb61e0b8a94c866e1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab75B0.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7787.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit