Overview

overview

3

Static

static

1

doc/动网...��.vbs

windows7-x64

1

doc/动网...��.vbs

windows10-2004-x64

1

doc/技术论坛.url

windows7-x64

1

doc/技术论坛.url

windows10-2004-x64

1

doc/新云软件.url

windows7-x64

1

doc/新云软件.url

windows10-2004-x64

1

doc/网人科技.url

windows7-x64

1

doc/网人科技.url

windows10-2004-x64

1

tools/会�...ent.js

windows7-x64

3

tools/会�...ent.js

windows10-2004-x64

3

tools/会�...ro.vbs

windows7-x64

1

tools/会�...ro.vbs

windows10-2004-x64

1

tools/会�...ex.htm

windows7-x64

3

tools/会�...ex.htm

windows10-2004-x64

3

tools/管�...in.vbs

windows7-x64

1

tools/管�...in.vbs

windows10-2004-x64

1

upload/API...ig.vbs

windows7-x64

1

upload/API...ig.vbs

windows10-2004-x64

1

upload/API...se.asp

windows7-x64

3

upload/API...se.asp

windows10-2004-x64

3

upload/API...PI.vbs

windows7-x64

1

upload/API...PI.vbs

windows10-2004-x64

1

upload/API...ex.vbs

windows7-x64

1

upload/API...ex.vbs

windows10-2004-x64

1

upload/Abo...s.html

windows7-x64

3

upload/Abo...s.html

windows10-2004-x64

1

upload/About/Ads.html

windows7-x64

3

upload/About/Ads.html

windows10-2004-x64

3

upload/Abo...t.html

windows7-x64

3

upload/Abo...t.html

windows10-2004-x64

3

upload/Abo...p.html

windows7-x64

3

upload/Abo...p.html

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19-08-2024 14:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tools/会员同步工具/UserSynchro/index.htm

  • Size

    9KB

  • MD5

    51def64323870d73db57238a5985f735

  • SHA1

    3b0669da5a70f344e021c8cc3c413378e8353f4d

  • SHA256

    bc43ed717cf7e9b3b2b94a0d584f5b4e281a7c4257966678339415a90113bc76

  • SHA512

    275ed7bac05106e048430a984fc097bc08234964b263720fdaa7276356e7767c516c7aa9468c00f09a04f10d71c81af629a5dccf8c712397e6b47d968f8b32f4

  • SSDEEP

    192:SLf9pdUl7jq+IjATwsOA2FxQo1FWgh0aYh:SLffWl7jjEATwsO7xh1FWghV+

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\tools\会员同步工具\UserSynchro\index.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1392
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1392 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2540

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    25177720469b20399b1374da93dc47a4

    SHA1

    a98fc8b71a83aeecffc8e629c46ebc1acbb15dc3

    SHA256

    0afb14ae945462ae043c0f8eed282ba5ab396b9760b1a8af0f8add52909ef138

    SHA512

    0365781c908dd6724137927381f6d378bc7a4b0fc22ebb5c6643d454a51d5e19195397bed1fb083a72b298526be8dd2b0618d04993a1694a16f7fe4d898c4579

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    06846ebb711b8ac67ec349c4cf8aa876

    SHA1

    357833b43c88c2ee9ce943f92a2083dff4e6d618

    SHA256

    a9dc6d6a39f89bba62afb9e65d901933d9c9dc9175876dd5bc080b69fa1cea50

    SHA512

    59857bd2a1505e5d7f4261b77abe019a35bb655f58a22cb80fcf7a9017db6b58744e10c298bfb3f35df3be44aa1e75eee02aef1de1db3dd4d635cda0b0e6f146

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2af96725cf633fcfdd9a24498d1d9662

    SHA1

    c8a5836a358ba60468227c3dc72a40a25ea659c8

    SHA256

    c2a2e3d48ba446b6b0abd199939deaf8d9f191b0f18aaac6ec1df81db22f050f

    SHA512

    93307d721a628340e243676003233e6a0622ec52950742bda25532b169b65acef8f262ee2dc1129a9d58b2818b837e67a2f9670c47a59042df64cbba1e0b5f53

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    66d111c3f163a4c4b85dba7f69320673

    SHA1

    066257d5fba6a783ea5767a60eb2cabd6cfc1070

    SHA256

    4c414d3f532ecdede65c233f06f38b1a7b8daf7c6cd29bcf2e523a092b10e5a4

    SHA512

    d32ed29cf56e068fbe96acac45295906f53661b2bd39fd15afcee18abbe619529dab8d65ef3c1c09c68636d7fd9f7da2dcec8b3bc58ad8508af85dde0e399498

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b61028ed06cb6a6e288c4acd1fcc53fb

    SHA1

    b0443e3c90617e01ffa7d1823e46ba30b1f7a621

    SHA256

    5a0bae2ade76b74ea5d7e1202b32af3ebb9dcde2292e4dcd69326460ff741c0b

    SHA512

    b7a22ce9576586f61c30f0ee9b9c3f4c8877bdedf77b8f752c2826fde2a5f1287ea2b1cb72850f272179a97870b729a77cf23d7521a9c1ea4bf18b365657da32

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    266ad308bcb61eaf98c398c0068b5b8d

    SHA1

    a5b529a75b1c952cd2688eae5602d05e1e468bed

    SHA256

    ac0adb69b02dad3980f4bfbfd5965a145a3a34e933123a9b42f6a5a026059832

    SHA512

    e2122b59c5bfa07e9e149598ce6a339cfaa850d62b3e14171e192ee9630d69a8b93cab53e7683fe709339edd1ee1b5fc84900e0e4158592de91c2d8129582d81

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    646c11a23e0f29a8fe7df22cf8fd71e1

    SHA1

    c3dcdc6e392f3c7e159749dbb4dc9f63a637ce82

    SHA256

    47fcaabdfd84aceea279e66125fdccff2c8ce62eb780b4223c806628646d73c6

    SHA512

    8a7dddabbd04428e85ad92d5f582a3bcc5eb8aa93801368a9ea05cf7740323aa41fa95dba7838da72532b7570fd7b544ac73ce5e20f8480ebe23fe40bde7ec13

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0d6adc297e0076902240a89393c7aa84

    SHA1

    946de3b6cff5e861d73e880454d1f71b7c2e132c

    SHA256

    46896af709d7aa96e28d1af611d3a07b89cc1d8b04997fdbc5a2e8fe632e2b3d

    SHA512

    3de6938941674d8b8432f1994b467d86384add68f2b9c35aa619da39653c7ca4f5fec7ced0ef5fc0d51676d74a0c3c67ad270df15406d4997f55a196ed84b391

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b77d7280d299d927c5efdf21e50303a3

    SHA1

    8aa9e29fcc52c6686577f750b029260aab681aec

    SHA256

    1b1a205ebdcf07976882b7c2e3914561a1c93d787e82d0d100e2f05f3553d113

    SHA512

    b4d8df75c395649f7b02171556a4e67131473e6f79e47afaf1f09df0a835709c5872859762c9919f2bc039420248e9eaeaf684a6dc9932722a15f192b838309e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5bcd4b067800bab29766693fe3bb9b4b

    SHA1

    b58e8a7ea14508407c15dc7d93a9e0770b0d8c31

    SHA256

    c0e4baaf96e2a03b752754c5de89cc5bd9a5e15f3be60ffc9cb174489f0a7b20

    SHA512

    66866ffcb2466b04bc86f7e909470fb3fc81b502b0bbe6be568eef3b28a8da283c7539dd2f3f56059954bcc5fb06c8008a79966bb5007d4d0a5a619b5deb8a8d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5359512e663860d60d0d2bb0a1a1ed6c

    SHA1

    15d818750e14d97e676c5e7efeb4048bb4dad085

    SHA256

    480b326a0d2fa220f259038728ef30c79d3b077b24b0b07304578c3767189a60

    SHA512

    43704ee6e361c4392dde61bc36622ae1577e674c463719a545778ba755bbd584f06041971c061df4262f6acafdd8742e8b9ff50dccfdee81217023e0fd1749c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6f452b2f22a3cf56815c67f5784d67d3

    SHA1

    4b91f83d90e92b5db98359b45217c2392906817b

    SHA256

    d7cd81149dab7f5a98ca15d0c4e79a7c71acd4a9feda3eb4ff3ea3539c935b05

    SHA512

    b4e16542351c59934300fc76d402eaea917667f99fc4b055b9f422b717de51766a979dd60a9d427a470034d4f07f920e5bdba1d628b3f36bbe1a11111d41d929

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f6281a82bf129c5f029bece4c24d3d78

    SHA1

    907f9801a54f43d2fe3071c0540fb6cd88b13b89

    SHA256

    4585ee6dcb867c31dbad7ed4ac8db36da5471d38bb237d1c019199e214703071

    SHA512

    602e08da18919efad214f0f1dffeea10ed4fc95740df98deb74627b0c0981f3416f038808073ce6675f88d4b055b10e3bfba2a1407fcbb18994f742ce5572650

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4d9938f020fdbfdcc8a9539f3c3d60d7

    SHA1

    83e928668c8c5a29f5f48ce8b279778cefd2ac4c

    SHA256

    555f03da60c24ed87c869e4c17611658c155ab2b422be09fe2ac7daa2308a303

    SHA512

    8a70ce926763266099a4623255231b239cab285cd26170ad1aa02e3e1296588322486a1d84243d5802c8bfc9f2ef8f5a910b42feb8913926adff29ed387d6aee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    06fb964cc919ae66a7d06a1546f486e6

    SHA1

    87ccb9ff591af5e0650e83b822c8a3c28ebec430

    SHA256

    5b73dc9208195d562f0f5e6f0538ffed69c7b94ec2246a6e409f43321a4414ef

    SHA512

    4c5ce03c156602a278cd1787e74e1aaef3dc86c82e67cec43906d05acd8e34089ee81e286cd5fa56ed218190373c8ecdf787fe9f0799561bc6ee2d950ae2cd92

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4a12472d49e814ec68937a48b8e21ade

    SHA1

    cf25be92a8cdac71b8a00d96474702168feb93b9

    SHA256

    0ab5491e9e590f39780de285d0f70869b41e06fe3fe51b8bbdab706733d52a5e

    SHA512

    e787482ccb10024d58215b6f88d122c9965ad0bdb7daa6ad02e8b4b3b3e82acbc85cfcca3bfa60a9a3e11a132c2285e5096294adf58e5162a335170dd2337781

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    822de6281b62264c97d30867fc53c4bb

    SHA1

    d02379c9ef47304d3f7eb4337ea14ce534624a80

    SHA256

    a6c6fb0490baea9e267f87d9f2a639eaac645be29589226c6efd51816ed02338

    SHA512

    bb86082fb2009fced91502ac0094338929b29815a3580b616bffccf975b75fb90e089a3a4024f328067862687806914a902573d18f5f54b393e3e6816133f547

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e2ab1c483b96ce1108b44e20a67abc09

    SHA1

    48319c4c70a3b8208d0853661d411af5ae6e4d2d

    SHA256

    b1542efb657503a7e8139143c3d8d4e6b99097b840a80c18fe10838ea5bc272e

    SHA512

    5b76764bd9a9eae1f90b8b9b138d993e40fb9b9511dce37724dcb12d60da56bfa096cd55204e0dd92aea5d12bf7f19713cdf5ae8aae705b1e01073fe7dfe0f48

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1a90a57c6d6ffd177941d39d1bd6840d

    SHA1

    cce61dc0b8b26c045a817b7614a905c1053e289b

    SHA256

    646ad60263237e40719141cb9deeb73bea563839ddf1846a984605579d5547e9

    SHA512

    3bf8ee6e1f0944a0e7552c1aa2853ef3249611b97f7b8801ba8427e042a2a4e4d01bae1d1ce93bbb9ee2ae32392cc1d15b5370dd2870d807a1b07c7c22798f7d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabBACA.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarBB98.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit