Analysis
-
max time kernel
70s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
16-08-2024 12:49
General
-
Target
$APPDATA/seemao/config/map/www.china-pub.com.html
-
Size
3B
-
MD5
37705de0752d1027f8fc3b3f390c448d
-
SHA1
b9a36fe59d4092c1e8363b6dbb80c4325170ebb9
-
SHA256
b8d52dc3f650996a66e32d4fd4f40129f6d5f742a20893615fe1b8dbedac6039
-
SHA512
affe90e227dd7fed7ac0d9dfcd7a01dda8d7abb454e23a4d98fd7c1c4f8f38bcc7f6062cb52cbca3ac7088ee55900a5b85810e2d258b6896528d8cac87dd4709
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$APPDATA\seemao\config\map\www.china-pub.com.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1984 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5d628fb59e1c3a917253263f55b3603df
SHA1caaf9d0659814dbf80e14ba74e0e228cc384bbf5
SHA2565486fc62ac417f21874a1363e570365e2d355d7b1caf8140814a248f0e6a4c5d
SHA5124056f5abfe3c15efcdefa0876d94b27d79217fd6f61afc3748cd2383374786726d961a43d003c3b2d1bf0941efcec609cd16dc148df976325e9b85c5d5a50617
-
Filesize
342B
MD564031d7a08791b6ba24e4691b9303773
SHA17320cad33e8e6fdcaaf6870daab1c97770129d35
SHA25638be50c228ca2868e2064486c0ccbd9db32402e54f37f4b9e6ff310ebf2502ff
SHA512356bbd091ef5ad61547f99a234cb5555aedc6a3d6056c3750bf7f213b9ce56fc2d1eff3be81f2875cc1898f793b08d2446b579b1240092260353e512d5192ee2
-
Filesize
342B
MD516a5538752c45b7b485c10278cd46b52
SHA1c844520e41b86d9f110fae210fb2bf15cd108afa
SHA2566cdbdc67cf525018a842854c0eab3b75fbac0f70ca701558e524ef229935eacb
SHA512d509ee43762986c9c1c14214be605bf5c536e329fe1f6eab458801d0ecc8f9ddeea2b7f674ba188fb92eb4a2d8681aa7a518f82b541838406bc5ec8ca9d2fd88
-
Filesize
342B
MD54e9340ca48a5614168eef4e48502a747
SHA141877d0406b9d5ba4c8103b5c7ad2be7eb36dfec
SHA256523aca5ec9c147f150639cbefdc72001b1ce628aa0d865b7d0afd31b3c1433e7
SHA512b95ab033d983f65ab4fd95b5b613fddcc6d52b744b1570f61e0f7d578cfce1d00934dda2203ee90632583fed23d2537cada7e0fd5c09f8406bba7a31236c5af3
-
Filesize
342B
MD56459bea2f23040ef01906736ce0c0360
SHA10518e48d900f75c134748b22c5812e67a72c122b
SHA256b7a9109ea62ccc57f981cf8932006638c4cd3702ee3e9ad5eaf0eea868dbebda
SHA51268be3006deae3cff8938d8207b0e716f1c008c414a28a71e8ecfd7f69fef4b0d6d826663f3d7df150ed6e204b9a66d0c93a0562ac31da31a855c7187e6866b01
-
Filesize
342B
MD526d5c323a4809d0157bc9e75f96f3ecd
SHA1f5e4a048a358ad987ea4550bf8b7437b345f0614
SHA2560e6b880e3fabbbde93e8ef5f0ddbf47cbdaa05aa905b574211bc47af6ee22c45
SHA5120743fe15c7c2f30765a7884f807149cbfaad22bd024e3b304332330752b171c5ba5950a91a1f976637f563c7065d2bf77348a96642a7a0de0b1c0abc212f8b6b
-
Filesize
342B
MD5de64b63d63cb12ff0c63596e51b709b5
SHA1277644e17a329c4cd109cfd0f9b96d91f6209c1d
SHA25620b4db4249a7b25a33e49c2d117f49e7774cc9b29efdb2c047977e0984bfb100
SHA512263a4d8b4bdbc5de7304875f0aebb415eb1f1399aac566548c9b7383400d37fa1afe3ae9d16f1e3e2f6dd66cbe9418196151e1770a8094f9832f5e1c749655a6
-
Filesize
342B
MD5e5b7f20dc3357d1fdd3ad4b1ffb176f9
SHA14bf827884e034e7848624d6ed23ecec66f3fddc2
SHA2561934a8d43d4cc47e7360a91c186c0926f14d8e829e8701c1d3d0e301c8c53f8d
SHA512c38d0e053a3d20e5013cf53b4f935eff283259daa9bea953932b6cd43fd618c2f058b2114ea3ff11ed3bce76bb6ee2b520026109c615413322a8877e7e51ad3b
-
Filesize
342B
MD54dff1685706c2764ecaaf0644f9f4f99
SHA1a4c72e8518e62a12319ddcd07c11c5e6bdb0a1b6
SHA2561a83eddcdc4e9bcfbe4e37e41fd53e69475014bfe943215035b8ed4b78a6580b
SHA51212ef16c6cd55c3475822d4361e86524681601d1e920c797723d9debca88aa2a0d717707edc9363a1099fbb2393bfeddb25e343c8fe1782ff4b3f2a86adb7b458
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b