Overview

overview

3

Static

static

1

网络同�...u.html

windows7-x64

3

网络同�...u.html

windows10-2004-x64

1

网络同�...p.html

windows7-x64

3

网络同�...p.html

windows10-2004-x64

3

网络同�...inc.js

windows7-x64

3

网络同�...inc.js

windows10-2004-x64

3

网络同�...nc.ps1

windows7-x64

3

网络同�...nc.ps1

windows10-2004-x64

3

网络同�...nc.ps1

windows7-x64

3

网络同�...nc.ps1

windows10-2004-x64

3

网络同�...nc.ps1

windows7-x64

3

网络同�...nc.ps1

windows10-2004-x64

3

网络同�...unc.js

windows7-x64

3

网络同�...unc.js

windows10-2004-x64

3

网络同�...nc.ps1

windows7-x64

3

网络同�...nc.ps1

windows10-2004-x64

3

网络同�...ex.htm

windows7-x64

3

网络同�...ex.htm

windows10-2004-x64

3

网络同�...nc.ps1

windows7-x64

3

网络同�...nc.ps1

windows10-2004-x64

3

网络同�...nc.ps1

windows7-x64

3

网络同�...nc.ps1

windows10-2004-x64

3

网络同�...nc.ps1

windows7-x64

3

网络同�...nc.ps1

windows10-2004-x64

3

网络同�...nc.ps1

windows7-x64

3

网络同�...nc.ps1

windows10-2004-x64

3

网络同�...inc.js

windows7-x64

3

网络同�...inc.js

windows10-2004-x64

3

网络同�...inc.js

windows7-x64

3

网络同�...inc.js

windows10-2004-x64

3

网络同�...nc.ps1

windows7-x64

3

网络同�...nc.ps1

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    22-08-2024 22:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    网络同居程序/bbs/admin/index.htm

  • Size

    1B

  • MD5

    7215ee9c7d9dc229d2921a40e899ec5f

  • SHA1

    b858cb282617fb0956d960215c8e84d1ccf909c6

  • SHA256

    36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

  • SHA512

    f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\网络同居程序\bbs\admin\index.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2536
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2536 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2412

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e5e1c836213def964ebb52bd5703fe54

    SHA1

    8dd36904859044e16ccea6e1620953877aec9c79

    SHA256

    0bc1a8ff8d84883818e9eaf711b6f3854dca78ae68cca1339e68c6a0db707e23

    SHA512

    2fda842962bc1d78845a36ae10954269d9968c3774b6b3c64400148e25c18a56c25044ddfd06d160f4d9260bc5e93ba1b21348d8e4eba89d5841e18f53d10a00

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7aa6a4a45272c77fd1aadb1abecad427

    SHA1

    d57b4bc2a2deb4868f0a6d0618e3bf8b3f5035f8

    SHA256

    40da8aaa4e221f118be294e4b0aa47b334f9bfcf3a666ef5431513407131a821

    SHA512

    120e8aa2f825469f13e0a3fbd2e25acc63406b55534a608d5151180a57e7cfee758c206c873083768b0b973ba3ba73e35e7f0fff89134986f273e8cec86c4754

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    804712a192541a6418ca0fa35e791963

    SHA1

    50811f59144e3cc1a7feb44e05376f7ed894e78f

    SHA256

    063f7454a6f7004c7d56d014751584e08bb8c3fb9bac3a09d44a6cbd9b626b99

    SHA512

    13f2e31ef40439eb38a26044ea3a910006e8ca38a2138661d278483f9e852741fe7854be758543f65bbe150f2b3a97fc9da6598e5ed8409d95db8846795847ea

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0faaba3c4782eb410cf15f760cabae27

    SHA1

    58a61f83c24d9a138a6f6676580aa94141947cdd

    SHA256

    43a1369ee2436853ad00439fbabd2b39caea92d9611e529eecaa56c289d7c114

    SHA512

    b5d4b82a2f09ea7aceb03f70302f946e778ffd1f7fce76838ffab63a3ba0c7d844a7bab8607d37559910c0a36eb4969b3dad9a1d0a16fe9dfaf211566247dd6a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2d843451a31fc7242724a0449b7e805

    SHA1

    f502895022a0a0474fc7e5ac46dbcfa778cbd2ba

    SHA256

    5f81fbddcab544f070971e63ebcdd9a068f744dc163f22c36da0f5e98326e7eb

    SHA512

    5bc010725e5bd91f74e04c5f2dcb4ed4287ce288092ad6e778da9c627339d5fb8e72cbf9c47452a48eacaf0351b05c59a0626b30a162692c1936233464d18d40

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    23d877d18a66df3f89a7e10ebe7a47de

    SHA1

    46f831d366d9a87d6b7926134132cdbff9046807

    SHA256

    b34639933d45096c23bf4052f1adfc0d7abf712d104f8d00b63efd94854fbce4

    SHA512

    1a473863e91e6f59e139cd8bcbf850c9c4a67e8420cbc0998b86fbee8ab77f209b0fcc88df7996947db37a4390ad53378c74064f6e4532d3c0a54de7a5d8bf55

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0130d4b165503e561636a175ff59bd8c

    SHA1

    a3f83d726578ec90911a8458bdec52d5111b3a0c

    SHA256

    29792f0887f7ab4075463c7ecc73d0ecf8506ec695b2dfc545a9b15b5ed62321

    SHA512

    14462ea6f05c526db14dfa630070f1fab0b07a4859a398295db6dea8731c23263734118f353a414c91b78da97f541f4cd45bd9399c7f77be5fec4f61333d8651

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3fb94df60d4ad4ef4ef78b22be4ca59c

    SHA1

    b2e12c815ac404c3f734933385976db18d6fcd2a

    SHA256

    fda799dc6fecf8c4ea77ac9ca36c81739bba14f455426b8016aee3a2da8e2ce7

    SHA512

    5a53ddd730c7a11451d3a9e1340de72bab80ba68e270041272d94de02b5db133d8fe26cba8df7f8505e97e9e1fc35838f9ec02347cf1cd9f4d9ae09ff6bcc582

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    79ed6f5d10fe23e921069e7bbdd8e0ff

    SHA1

    3412638cc34393fdcf91d382440cd608c5c45f50

    SHA256

    aebbb0d9a848165eac81dc4d246acb2759a50e8ba77721e1b47329021874ebeb

    SHA512

    71a2cd20a8a4cbe8eb0f583f20d539e4aba960a75194af02e8f32dec552a11a0cda4937acc9d0ea76e58a6575fec502e21c1052fbbcb2b801897a2ef4d2af8a4

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7cbf26c472b33b338bbc054316875b5e

    SHA1

    1dc9cd80ad2dbcea4cee172fb9f8c4b0605701e4

    SHA256

    6701e8a1a4051e08edd44d21113b89f2a3b87cb6cac53a7d221cf069db4e31cb

    SHA512

    fe0c7f9eeb8eacf7ff62bb39775f75a7c6f8cb243ff3ff769e9eec504081de610ee5192823be4d970d0872f59ca36c51a95fbdbf05fe702683c1a685f0022c64

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\CabFBA1.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\TarFC30.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit