Overview

overview

7

Static

static

7

EasyWebSvr...vr.exe

windows7-x64

3

EasyWebSvr...vr.exe

windows10-2004-x64

3

EasyWebSvr...o.html

windows7-x64

3

EasyWebSvr...o.html

windows10-2004-x64

3

EasyWebSvr...lo.dll

windows7-x64

7

EasyWebSvr...lo.dll

windows10-2004-x64

7

EasyWebSvr...o.html

windows7-x64

3

EasyWebSvr...o.html

windows10-2004-x64

3

EasyWebSvr...llo.pl

windows7-x64

3

EasyWebSvr...llo.pl

windows10-2004-x64

3

EasyWebSvr...ex.htm

windows7-x64

3

EasyWebSvr...ex.htm

windows10-2004-x64

3

EasyWebSvr...o.html

windows7-x64

3

EasyWebSvr...o.html

windows10-2004-x64

3

EasyWebSvr...sg.exe

windows7-x64

7

EasyWebSvr...sg.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    68s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    29-08-2024 09:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    EasyWebSvr/demo/hello.html

  • Size

    108B

  • MD5

    ff9e55b351e81a0f461a1f1ca5584978

  • SHA1

    701712e8c79173a3dccb82ae10329a25aaf91c29

  • SHA256

    aaa06425984f6c63d1c1820836cec2ce4f961b3104df7b607efc28688a05d372

  • SHA512

    afc1c3528df49bf4f722530c311228be0f7a1edd2243f0bc1fdcaa3496b183cd35504623613857e0749065779700c11d1f2ee0c7bda35de1a033b26d5b0342bc

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\EasyWebSvr\demo\hello.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2296
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2296 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2372

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ea78fe2b95bbad9ed0fc63ba83fdc221

    SHA1

    61818219c62e90dc8fcedf967a4b21eb1afc2708

    SHA256

    c7cebffd214de60a461aa3f19680fcd697e412d8ddbb9ef4cc3d693b5e75958f

    SHA512

    1ad149795fd6623eb18df69ead3da2505d4ebc27db4ec8ab801f7e544baa3512093c8308ee2d29366735ef48663e23c3917fe5b578bb9e249c4ad6ed1687a9d1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    90aaa74ddcc3a6169dc94e9be826d5a9

    SHA1

    3761fd9ef7e8dfd01e691e7b3c6e73d980e8460f

    SHA256

    28a32d24d59b0651b8afcdb071960feff58e9c160d45081d7410a7cf5e87806f

    SHA512

    18985f29f803cdd533958d3e79950bcdde2283c281aa483606a6b08cf73d42a6c918100ad02d89756f316eee6222cb53ebfbda06ade1f2df65f4e61fdc32312e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    03552138dd0a475c0ebd7570a34e1ea4

    SHA1

    7f4814c1a396b283bc3141a7788368111c067ab7

    SHA256

    0a20ecb42fd20cea9b53bcc4bba6db5a45350aeef1a0fbfbacecf44f215794f0

    SHA512

    f91fff9b4bd98a2111e57665d9e2971123d102189f94d7ab741818f6e9c81202ff11c15514d586027f6baa36e2af6fd8ff87d59751e1b5000b0f52dcf720b623

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a0c13f29315f2bd32e43172097a1191

    SHA1

    779d2817a018aa717774834d9a3dd2cf02bf6074

    SHA256

    21efd4e73987d498352eebdd78b3f44672c46a8073c154ba19f14748ae93e4c5

    SHA512

    b26f75c620fdc2e60a4025c967f9d6f78b7c419b977ed3d9054616c23db8ce8355717f16b954ae9fea7efa12c24932be3f1a6f92bd7f056a3609e81945fc32fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c0a5f1aaaf7c8ff01004f0e0bc2984fa

    SHA1

    eebaf68ca6d3af5ccc9b18e5e8ac4f6d99c56765

    SHA256

    7f46920cd964e701fd25252fbd2d2e8d07bbfc537614721373f73f2749ba02b9

    SHA512

    f265394650ecd5b95d90adef97f567651d653ec76c7a42322dc210a6353a3658a01739cf392eaea1a81553c966ba46a482b29d229687e5e659e0055765e091eb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dfccdbd7c807a5011b4ba79165de6568

    SHA1

    bea45601eb81587bae92ce7161acf860f7a07282

    SHA256

    2d6a327d162ab6b3ba1b422f72d4c573ca5ece051c11b7e32dc305bc16d70824

    SHA512

    0774c3eca4df70ac96805684ed170d2185ae29889436e507ab27759f342ac6ffcb829dd4ff3553d217bde48b6ec5e127a213177a8eab72174682c923bec95f40

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    31b962da7c51f2cb82b9211ee753e682

    SHA1

    6ef7bb995790cd0fa6996bfd91f95ba729c013f4

    SHA256

    11f3583a616879955916d6dd61ecdb5f96183cb5b6eb9256c508fd38af7e9bbf

    SHA512

    54a00b0a685d612ad8b328e82da998b545335d308c56517e63b661a97eb641a0e2eca3aa07f2b1fdd4d1447102c0d0b5b56d0a131a09c4fe8914cf46cc21a4c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9f6e3a2bca14805575be99947c9a102e

    SHA1

    2163458f2261d3ded31e59b4239827ae98c2ba2b

    SHA256

    4330339bf9c85be0e6d9916d76ab036663b7875bd24fa63718cb5420ea4bda6f

    SHA512

    e4378146e0c85261bf6ed726f76b974ebdf04c58efc83768693ac9ec32b66d26035369c49a56d525b57139c8b0b3aa1d1e79a68b02dbda2f82ee02969469d748

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b763130b6cb84b2c63f526d6f88e5909

    SHA1

    5b9fae20ff20a9c6c0c7890b2716891470eed3ae

    SHA256

    45d9dc45a7c9ead5457133670ceffc96df6666f20bfa12793a5678eb57a86db2

    SHA512

    c28d4bd9b6d69f2c1c9c2b449e3bc992742ad90abbbb70a9c89d331656098c32d2bf7d63deaf3b62a184ea73436eb4dcac2917f3b1420d56216902c37900f395

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7aa2b3dafc9f4ad0db0035590c8dfc84

    SHA1

    66dd0e36f7a31cf452bffc19caea2e08b2e4bd0e

    SHA256

    a3960d4b3d229aedcafed61aaeaa6a6f7d65c750e56b7e69ce35aee9575cb12b

    SHA512

    9a0b5bb1f1949cc959fdeaf916b64f7adda20aa5a77f24d7170ceb2fa6e4e8dfbfa9dc75a411a26cdd749c92a1ac2f17ae341c62999abbe351fed46ce5e73cad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9038737bb86c341fbde71682715838b6

    SHA1

    9ccad6002a4ab00fe86c7643e0bef306bab98195

    SHA256

    5bb1a6d8df4896e7ed8cbe716ed71fde6f82474bb073addd9cd08b7a0c4c7ce1

    SHA512

    24e82758550a906e5ea4a6f828eccb272daf2d507e0025f3277a8776b486801dd39f09edff4867dd3fc6b4ad7f93c13573a1375481f8aead81bef4fa3f2d1cd4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    26b1ae8c6b0f5c3735d9460e15a3afe6

    SHA1

    cab3ee722f6501548fbf6be8fe506b34716867b4

    SHA256

    e9690bbb01604fcfe4dde180e130ab2bd2f45af51103ec519184026955f1185c

    SHA512

    b3f45b2d727f5b8752ec316ef09202df7dd156d3d133dd51327fc6e9bb92025d8084f7d40e10e6ad9d85672d3ba51b1dc9645a951cd4a6457a1a67fa88805980

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3bb73a89d7850edfe91cf991d22a0f2c

    SHA1

    daa531c3c6a44c58b6f50836e580f1661625aec1

    SHA256

    200a7d0dd92752535d2617ac307ae5cdf34c2b651e06f3b810b01712b4e9de50

    SHA512

    e56aa17a600afbcbeaf91bdfc3e5b30cd7bca2e92786774685988cf4e648d4db837cac269d081e6824d953d57388286d31f9b3ce599505e8a1773628b5ef21cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6f9f2e1c058d05aeddeaec88392769aa

    SHA1

    41a97486d29ec96aeae26a51c2626f0c07aa74a8

    SHA256

    edeeff0f4c63a7a491d382be6d15f8f6d17fb9d3bcc3d182bf31a49fe1813c3d

    SHA512

    19d4820eb25538346db0944c3a18dbae1c39d649551473546f8b219627fccbb0a2da971ebfc12a6c9d4b7a7a1576b5cc64466542a6e86e0d763539dd5d81cb59

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ab8f10fcdeb982d7dc45b32df198dfe3

    SHA1

    bd2315c1a013d0f2815d331caa98b69a2366f643

    SHA256

    facc723e51431081252627f43e4386ab6fb94f3c8b59cc30669bb2c873bde86d

    SHA512

    da2805bfdf292cd2e410803986619a2baaa1790810ab4481fc165ad93a018bda9f4bdf4bdec164702031c59a82c635ee66da07be4a33bffc622b23fb7e2b5021

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e336b08bca21a4e4f58147fd770ff5b3

    SHA1

    291859a18ac53ebe745d42860f535107259d268c

    SHA256

    1819cf77ebe764623b7ae7ce6ad2f9ead25bada2e52b0e22a794c8c03cca281f

    SHA512

    56c4d55d144ed71b68fa319659826062277850542976199382e468542024fe5aa07a070ba12e015c362518ebefbc7348445f6f57f32d3c1a0f4200941f42cde5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c8c9eb6763e295204bbd01fcfdb47491

    SHA1

    02153aaa370e476365be1724d99a75770bcec35e

    SHA256

    befac5bf71ed35018e09eaa15f2ce4c47407ee38997b76e305879867e4c04421

    SHA512

    65881bd5ade38958aa2cd3fe53164bd179525d5b93221f4865d6924d7e7baaf7c29f99fb7c3934e4cc9961d186763ab1b45ff63366df78188cd8837147c01d96

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    06afb18d8691398d27e0917049e4ea30

    SHA1

    f7146b562f71035f6859206779fd421d5f66a0f4

    SHA256

    a407f90d2267c331f64931526e2ec523d13b177d09fa6b385bab4c4ae1f3de50

    SHA512

    b8c03e89ac0a11b64f57004fbbcb03503dda0b2d50375754356488903d3b070fe28de63f23e29386171727d01a4c374425f1b5ab9581305e014c2d6bc8b49e14

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    af4297119837a6f6844009883e24c4a5

    SHA1

    48ae5e854fcd451014a84b26bbe6f3ce6ab82582

    SHA256

    8e08c36bf52554ab7b9a53bafc3bbbe14f1f045f967a616a9ece3e7cd61433d3

    SHA512

    4f72628952cff0c0f66a09028b953fb61a61d84747c5fe64fe0af0e590e8f4f75466365061714a04801cdb5e26814f6e678e3362111752119d6062a4e9095173

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB52F.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB61C.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit