Overview

overview

3

Static

static

1

网络同�...u.html

windows7-x64

3

网络同�...u.html

windows10-2004-x64

1

网络同�...p.html

windows7-x64

3

网络同�...p.html

windows10-2004-x64

3

网络同�...inc.js

windows7-x64

3

网络同�...inc.js

windows10-2004-x64

3

网络同�...nc.ps1

windows7-x64

3

网络同�...nc.ps1

windows10-2004-x64

3

网络同�...nc.ps1

windows7-x64

3

网络同�...nc.ps1

windows10-2004-x64

3

网络同�...nc.ps1

windows7-x64

3

网络同�...nc.ps1

windows10-2004-x64

3

网络同�...unc.js

windows7-x64

3

网络同�...unc.js

windows10-2004-x64

3

网络同�...nc.ps1

windows7-x64

3

网络同�...nc.ps1

windows10-2004-x64

3

网络同�...ex.htm

windows7-x64

3

网络同�...ex.htm

windows10-2004-x64

3

网络同�...nc.ps1

windows7-x64

3

网络同�...nc.ps1

windows10-2004-x64

3

网络同�...nc.ps1

windows7-x64

3

网络同�...nc.ps1

windows10-2004-x64

3

网络同�...nc.ps1

windows7-x64

3

网络同�...nc.ps1

windows10-2004-x64

3

网络同�...nc.ps1

windows7-x64

3

网络同�...nc.ps1

windows10-2004-x64

3

网络同�...inc.js

windows7-x64

3

网络同�...inc.js

windows10-2004-x64

3

网络同�...inc.js

windows7-x64

3

网络同�...inc.js

windows10-2004-x64

3

网络同�...nc.ps1

windows7-x64

3

网络同�...nc.ps1

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    22-08-2024 22:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    网络同居程序/admin_menu.html

  • Size

    8KB

  • MD5

    2791c2728b453b3a12fbe34b41f36d8b

  • SHA1

    2e94d53277c513d213d4b1f32f3f5162737b27fb

  • SHA256

    068144065d9d7dfc01de357398e21a645ebd9217d64ccb325373fdc3308f4017

  • SHA512

    2c17f794a4d1fd9d9135ae50c70d9b9b35002294d4534d23870c5bda0620cbe59789fbf2e41ddd876e6c2e60be62fa9e5bf3e140410a8f15c0833059cdf6a56f

  • SSDEEP

    192:5R/15DXe2aa4F4BjLpmh0XjFgzaem66bKrlXb:xm

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\网络同居程序\admin_menu.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2548
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2548 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2340

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9aec882a298673f26ebe1acf440431a5

    SHA1

    1d78401cccf72ab6ca56470f283cca9d6ae2a2db

    SHA256

    13dba78813bc951e25d57e47cd5d89b0463515864e73714da8cde906a3a3299f

    SHA512

    349e5318f6c6e95979502ce624b194db0f6027c7acfb2b8619560058af40a1965ecfd024fd2a0cc0e624f11b42487ebbd4c9d8a53da00d0b3c49f61dd4032c9d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d57ed6ac73a649dd69e330c66a0faf56

    SHA1

    4f6d8e6531bab65f99771d2202e8c71483ec3ee1

    SHA256

    a1a565c80c22746a9c14ec83b921a4794a77ebd315d9fda8546a9210836fa853

    SHA512

    ada92fec2a03301f481e175b12a2c037c7a008c545741f9c0a82a6406d3436da5ff4199ac3b2ee1a2195353b07d2084f29cdee6112309590c192024604b315e7

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    73ceb39e7c8caeb11d89dba71e637ed7

    SHA1

    4addd69dec547959a2e08a8732aac0d18a2a04f3

    SHA256

    46cced3051603afb8ae0cc98cfbf3ede19d513878fa8920cb2d49c1e425f5753

    SHA512

    651d920ebfbb4cf719cea17a1fa785a667d0610f4264234fbf582edd0fc96b0b0df8fc57149d2e7f3d0213d63eb17ee0ee656d313b561fbc4549c967714bf3cf

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8541fcc8df09882ac0e8893d0b5d6e80

    SHA1

    e1dd5ab6ca7acdecce6a9b11fae5a7205de33b92

    SHA256

    8b33419c3b739e8aaaa4682d7fb55dd7cfcaaf39f4c2533ba88ce74a5a5abfe0

    SHA512

    5b1c4c0abdd3ec10a3d30017cf2ba7bba13f4acef86a49c7eac5dc7f847762f95b1921c8d1f878c8d3e7f199f7cffae1b587108139cffa947fb63c945f7fed69

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b2c5c8857342ef7d5c8ef2d7f8312293

    SHA1

    8c072252e8ae9eeb17a591206ea655523041c018

    SHA256

    e3e01088e7953a21da199192633c4b176c07cb79f649805807758b5567d0a49a

    SHA512

    5cc5a3be650e090e55d84725d006a21dfae7662e4ffcb80a5a987cbdcd42e91ad3ef691ce9bbcf7757f9309015aef033243b1d03b94d2c6f575c61b08aec898f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dc9365743497215a4e32050c5a32db01

    SHA1

    810dcc19299b4f245721c6a9d3ec523b27a9f225

    SHA256

    72ee7c00f556330d919767ea3863151a794ad40a1e144709e0fff876b7b3d55d

    SHA512

    6d1e0d1b849ad4a506d3a3ed6495e0c4aa46f52d88f8e82d88a4756a4c5cf21753f8cc0af07163b5b6723e5709735d54b4f8b9c98ef31b134b8b028cb43b1184

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f23bcf9b1b8faa473ea214eb3537e4e9

    SHA1

    ed28e238969e1f595cd48ae31ed8b8e16fa25a11

    SHA256

    65910d6fbd9d9f17c54174fc21f760f4751c0fe3b28531ec1795028e71022e9d

    SHA512

    944953271da43ab194be9caf4ddf5c2720ba2d735eef3cbe07f161929d7d193fc2a2aef50e1f2be00e23f7a50fbce7d447a9cb8394f93a60241ae87b18911e27

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b099aec68c3860d85ca1a557d51907ee

    SHA1

    dd3b600f98f5bfa55acd0719c4e6bad2c2671026

    SHA256

    90285916ddc2bdbf0156498f533e87dd5d385e30ea903be9d579541ba79818da

    SHA512

    aa11dce59463b89fa388fb36aeab04d86f1e7b61b96a63432da17eff1586329e731405939fe08b0bfd4ee8f7fb19ad06e565a2e6d06f9c656ebabce3e8e49898

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5ce9fab0499cb70c20bdeaa5fe9f3668

    SHA1

    d7514eca922d241f8272f4e1bd6c5ebd707916a1

    SHA256

    21039065477fa0a335a58ea94add736e6bb8f5163c7d9d499d397434c544528a

    SHA512

    02370262cfaa52d5e34d8605ef5a9d62510f93a8271c8745369a53587c90494075eb9b6c1450b406583ca736eff60d50877c9c1a4b6689845245e94863bfe714

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d4c6e2b7c8bd8a2a4edbc39fabd7b100

    SHA1

    12c94b61fbcb6a71b98b4561d83f7481791e7c2b

    SHA256

    e3967c5dec0baff83238738f6b791d3a224d817ec6f0ce03e7989107eb8ba4ec

    SHA512

    f467c2878f0ef3846f058547180ce940642799c6b6b4db301930db34620c1a57750b23bf78746d3339d1a2e08885fc3cee27c55d27de239998fd1c0be48ac0e4

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    71b36c02348278427c91ee57da62e7e9

    SHA1

    b5081ab753753d80ee7d998a34360d9ce72e9c22

    SHA256

    a1393ae80dc00250f58c96a9744fd5939eaad85aadaa20b2e552c716037c6522

    SHA512

    63bcd3232c374df1cc88c000127442080c2990ac595293d75fe351d848642b2566c9f5d6d78e65cb162ccfcff930e6bb59d5b94678b817db66c52fb0d0c4deea

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    06a4789d0aa0fe9fa2eeb9d09123842b

    SHA1

    08cd8dec76d48bc905e719d753400a2d1791fcda

    SHA256

    68e7a87c012b8b7aeec342fd762a818b20afb5369ffeaa584a6a10ca37671670

    SHA512

    b11feb76a4848e0bd3f94785a0ad1360f0a61048589c749b157dd006fee2572c65e4db02c77b0062e25e68c944980077c0699fe11a2d801efaed61fb13ac2bda

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\CabC3BE.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\TarD407.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit