Overview

overview

3

Static

static

1

Neuro.zip

windows7-x64

1

Neuro.zip

windows10-2004-x64

1

表情/加载.gif

windows7-x64

3

表情/加载.gif

windows10-2004-x64

3

表情/喵喵.gif

windows7-x64

3

表情/喵喵.gif

windows10-2004-x64

3

表情/待机.gif

windows7-x64

3

表情/待机.gif

windows10-2004-x64

3

表情/手写.gif

windows7-x64

3

表情/手写.gif

windows10-2004-x64

3

表情/打字.gif

windows7-x64

3

表情/打字.gif

windows10-2004-x64

3

表情/指.gif

windows7-x64

3

表情/指.gif

windows10-2004-x64

3

表情/无人机.gif

windows7-x64

3

表情/无人机.gif

windows10-2004-x64

3

表情/汗.gif

windows7-x64

3

表情/汗.gif

windows10-2004-x64

3

表情/睡.gif

windows7-x64

3

表情/睡.gif

windows10-2004-x64

3

表情/问号.gif

windows7-x64

3

表情/问号.gif

windows10-2004-x64

3

表情/龟龟.gif

windows7-x64

3

表情/龟龟.gif

windows10-2004-x64

3

鼠标指�...te.ani

windows7-x64

3

鼠标指�...te.ani

windows10-2004-x64

3

鼠标指针/busy.ani

windows7-x64

3

鼠标指针/busy.ani

windows10-2004-x64

鼠标指�...ss.ani

windows7-x64

3

鼠标指�...ss.ani

windows10-2004-x64

3

鼠标指针/dgn1.ani

windows7-x64

3

鼠标指针/dgn1.ani

windows10-2004-x64

3

Analysis

  • max time kernel
    134s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04/09/2024, 19:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    表情/问号.gif

  • Size

    5KB

  • MD5

    52f081553e850de3329948631013e914

  • SHA1

    627e107b94c40ab3d0ca3528a1ca2e38d7b4358d

  • SHA256

    66db6882a520ea7ddf185873a8aa46f2476459efdc676c2a3728fbabf841629a

  • SHA512

    467f003826f64ca70fa9f7bff2e2a2fc4bb2bd79f02aa401fb5c49b95b098c42647597f934ed3fee2a812f8f61d5b093fe15085114bae52030377251ec0fda68

  • SSDEEP

    96:hRILvcz01e0i7LHmupiFGBkW9zgwRC7ulRzIK8Gp0wA1rFH9HL5ZPu:h/WK7LHmfGB9HdUpGpNAzHJ5ZPu

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\表情\问号.gif
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1224
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1224 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2536

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2268025dbaa304b741e89a58ba1ae99b

    SHA1

    8417e43dd733e26ead3f709f7275fd83704ae29b

    SHA256

    fdda32506b6f4b0f6f27dcd5ea05b3855c16c873790bf41c02c93631879e62f5

    SHA512

    496f09c912ddfda9f95be9042880008dc2e830f6a717e26eff3901caeb4b9e8edf8901750afafd83f172f752a26f5dae2d67949026a275eeff02863ef2168d10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0e7420643451a14a1760474d910195da

    SHA1

    21533601917027b9df174f609e78609e67b05b91

    SHA256

    0423b6ee60b1a7facbd86dd7f696dbe976286a205713770530d442369af773e5

    SHA512

    9b287c5a46a9b628eb4ff073316a0a1a426b1673a8b0dd22a32c6e8ea7bc89170abf026a53f2dd7655c1cf6eea910d9ac9ecb8c627338e17d11266c568b19361

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c11f013cbd8c136c03f32b6230531ef1

    SHA1

    a7f92ec2d5308e1feabb4cc50d3d963064209c69

    SHA256

    2f81d82d272b34bae631b04a1ad8c76213215a9d7a6f742c53abce1f8ac39eb3

    SHA512

    5e8f4179424392ad338e5bf4f119e626ce3bc588e415420612c281f7e2c570209bf3ec076368171249fa77464839a1cf01caf9fe3f9d9bb97236da64e080bde2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    95c4060508e74ae659c826177de72a1e

    SHA1

    7fd0d41f4211b44fe335345f67822f0504723141

    SHA256

    32ccd85c6e9313a6b55e50998bb3d2e80ca419b52c01af52e35de0479023e20c

    SHA512

    5f2a6c473e8fff8b80c4fe20aea5a40c280b63c594b1dd79eac3c121356f520505a1e5452f58128f556004186d690dc51bd9321f3aa11afc2088d215c56b9af1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ff312271b17cc3347e81dcd57630c129

    SHA1

    d72afaa27ac8ffc22248fb955c105e86c8364b3d

    SHA256

    2e40b4a894d8e5c00bea6f0ef69c7519cb3542ca8a68c1c6c555cee2e06f3593

    SHA512

    170b31cebb83d57452426377dc1cfc7aafaa7d71a552ac5a281e7df6dd8fd30ab46947bfba20e10833e83d80a0e4de4c941c30beb7568768a8b7cf22530afbf7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1513c7995a7005af536cd3c6efb9a4a4

    SHA1

    dc6149d6101148f0827be84597b09b47899c55e1

    SHA256

    c6ef5144881a67cc73a8dd4035d8ebd7413b1adbc7974a209db371f08bcb61f2

    SHA512

    0bb24c1e1c704d55190da004979a02d3696727fc87eed8479a6da3cc131d71dd83098a9a00599eba00de657beca6570b9d9a866045f432d8c5b5d9b33765dc5e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0f02a658498a58fff8182132874b90dd

    SHA1

    fff5a295a535a5334bb245d30ed4b7d1fa9290e0

    SHA256

    3b6e4e1d2edcdf8b9112300785ce794e075c708985cc8a6f6189da1d22b5efb1

    SHA512

    8258837eecd9cb752d782170956871f06946df71e45a4b466511ca0a0dce6b6fa2806c9599b334243787d2be6f3616378e87c8c802bd94e299897898cae3cd30

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a4aea55aa6a2e7cf4fde5b89bb0c2a66

    SHA1

    1cd3019512be4b6c5a8742b32cda75cc71f7db4d

    SHA256

    41b4ecd084e4556af78cce02a4e8517cdecb6b14fe572f9fa1a8778bab731362

    SHA512

    8320244c6a9d103c623d8a84ffafb859d9af9fd852fcc56717dbdd5565205e406ce54c2180f363075db6c49bffb75f0d2787b2ba692332241e204708af761f66

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5a7307b2326cb1a6a3f28bbc026f49d3

    SHA1

    b6b24ba1738b04dc63db9349f5a957a8152fdd72

    SHA256

    267bbdc370ea3ae878e03ddf8d732fa5df03060b677713a0c91ca22392607c84

    SHA512

    49efd14f9a7733896a950d2498d5c0ea3fef56bba2d423e66f041dc9ffae0b58f91e599d4177b46f45ff5cd7af4a0d30bc489f234e74ba22b81537c4580315e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d73b7ee0310eb57c380f5c1d7f38d34d

    SHA1

    9412c7b58fadde2cc18694e179955607aab36e58

    SHA256

    3c5f7f26e6ff321783cacdf746e16935b12bc92fd3cfa9ae061e1ed3595a9b06

    SHA512

    5b656aaa62ec7ade79916694f3bee3986cd81d13810e3687ec8107b51d744da683b2afe647f26dab15bf328ce12c204972469c2d8044156ca3c3856c81e01169

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b225ddeb17379114d28f18f3f5f5b8ba

    SHA1

    269d79d04a40e85a5bcfc8dfe861dd9e95fcc33f

    SHA256

    6318bab035d68d792a4d70b30d394222bf1f74c544f2ee394b7f4b81342d3147

    SHA512

    c57d5729484e92344d946c83bc22c8572925f23c2f967788b2bdca8339711d7ee2e2e93f8111b3bc80f4bce41ca0c31dd85c0dba21daa1a478d17320767b206e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8f7966b9807ae908db9a7066e1f4f21f

    SHA1

    2b0460f9b607ba7067d1dc89f9c174eb7aa41657

    SHA256

    4904a3528ad9e1706d0c11a75c1a60c80f540fa1442d795adc80525edc38d9b4

    SHA512

    ec2392ad94e1c999ef7b913d73f43a87f0410df015298329813190c20c64bc98860dbc53a04366f07b2511c3087a03c4727fa392018bf6a21304b2a09abc9047

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0970e1fa466983d6ed14949e66eec9e1

    SHA1

    b2a1f2c41ef11015bb2576e1cec83cf5b86c1230

    SHA256

    fb7ca77521c7496ba9ebfb191013e2e4339e9559b8eacdfbd4a2f7d26e1fc117

    SHA512

    cc28a6658f4213c23d2d68fa491fc7a5396bc1bec761bf86a83e329232e8dfe6abf4813e8574909dc06d65bd673cdd7bfc0f706479ac630c773f4fd92b40530f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aec82f29fad3284af587ada1747c8ab4

    SHA1

    fce5dec4eebc871a2fc10e97e1be6605c82b7783

    SHA256

    28f3a38daf524ec5c810ade3164dc68719301cc61a50f40dfdc85f68911c1022

    SHA512

    a152d24df89dc84c478f24a2f9f9a36bcacb2b7223880e9a4ae34c28f72a57d24e2b11ac9ef1218f1ca876fa8ed72632e66c8f9b0ee3ffbe26328d3d8672a905

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    44c36b15f9a6ba80e1a9a453e3a5d6ac

    SHA1

    119db3e128f7ef490417dffe8c4849a713625f1e

    SHA256

    0a6f6ea9a41b2e082fcd45eea536a2b108eae9984619785de47ecc6d7f8cb65d

    SHA512

    32656228b2659713969fcb444441ed979dba2929426e21f29a7fc87c7c6ee0a7833f68656cf31b67abbd0e5d6391eec3df8bf5fc1b26c2e9236a6ae5da75156f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab34D.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar41C.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit