Overview

overview

3

Static

static

1

windsphoto...t.html

windows7-x64

3

windsphoto...t.html

windows10-2004-x64

3

windsphoto...o.html

windows7-x64

3

windsphoto...o.html

windows10-2004-x64

1

windsphoto...lt.vbs

windows7-x64

1

windsphoto...lt.vbs

windows10-2004-x64

1

windsphoto...fo.vbs

windows7-x64

1

windsphoto...fo.vbs

windows10-2004-x64

1

windsphoto...ss.asp

windows7-x64

3

windsphoto...ss.asp

windows10-2004-x64

3

windsphoto...to.asp

windows7-x64

3

windsphoto...to.asp

windows10-2004-x64

3

windsphoto...LE.vbs

windows7-x64

1

windsphoto...LE.vbs

windows10-2004-x64

1

windsphoto...et.vbs

windows7-x64

1

windsphoto...et.vbs

windows10-2004-x64

1

windsphoto...ti.vbs

windows7-x64

1

windsphoto...ti.vbs

windows10-2004-x64

1

windsphoto...IG.vbs

windows7-x64

1

windsphoto...IG.vbs

windows10-2004-x64

1

windsphoto...FO.vbs

windows7-x64

1

windsphoto...FO.vbs

windows10-2004-x64

1

windsphoto...LE.vbs

windows7-x64

1

windsphoto...LE.vbs

windows10-2004-x64

1

windsphoto...in.asp

windows7-x64

3

windsphoto...in.asp

windows10-2004-x64

3

windsphoto...op.asp

windows7-x64

3

windsphoto...op.asp

windows10-2004-x64

3

windsphoto...pe.vbs

windows7-x64

1

windsphoto...pe.vbs

windows10-2004-x64

1

windsphoto...ck.asp

windows7-x64

3

windsphoto...ck.asp

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    08/09/2024, 15:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    windsphoto1.0/TEMPLATE/photo.html

  • Size

    4KB

  • MD5

    dda952c763924cf3131ac0847ed5278c

  • SHA1

    65a8dfaf4fd1f654cd563862d4ea0ee125431879

  • SHA256

    3bb3bcaee1108cff102cf16375093244b026db7371174214d62108f0fcd1b217

  • SHA512

    6f27f4a5861a492d8ce5fb48bc59de8a13c96823cd56f8af99ef9350d834120c141c50ee9831c4a9eed0185a9151f1e4ce2593e598fa5a1df15abd2fc541247b

  • SSDEEP

    96:p/FWtgaFz3ldz1DJag1wgJTNpyQ86EZuecbyLibOR/Gwik9:pegaRldT785ubOR/Gwiw

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\windsphoto1.0\TEMPLATE\photo.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3052
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3052 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2876

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1d32da28d9de7c3d40946459cb459b2b

    SHA1

    0b79b85d5c30801652c8018512782003f257ebdd

    SHA256

    15617b58fcf1332749e8125fdecc23440b598ed368d4969473ddf140fe5b0679

    SHA512

    a882a740056d5f2d63c3b7d93adff91e6c3dd1faa76870b9d29bfcfb8239ce8a2cfb563712768853e0d2d4cba39e55eb4fb1b8276c9283e126b9c312745b0f1f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    553d80e8837bf3e2208db10e6377ccef

    SHA1

    e58d6522a9f7cebb88ca64d025d2bdb5f4e2a2ea

    SHA256

    0f4b39878516b3d2b1ce7c5708c20db5a21f26a8fd0b307b0ce23e551d30ca0a

    SHA512

    4c35d8e2c7465ce1486eb6be0459259b8554a5fa3815e0485631bce33f75810bb41be003a4ec26829a76c59d62acd1392de22127ca8b72af7ff25a85c3b269db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc25410fe084a31960b2e571f4a9bf2b

    SHA1

    d9d4800d9c27e29badf8ab0af397322d23efb603

    SHA256

    16030862943db11b6aab625e09e3afd92b2932e8fa76c3bc2816f10ca14e6a29

    SHA512

    f46ee58bd75261d2e2563038f01c21c4a206552bb48ba1af518e0037cd8f1bbe11f2f4d2cd01b1040e769b2dceb6107d456a69d9c45944b4c59e823ebf079e50

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e9786447f7eacaa3b37d07e43895f3d2

    SHA1

    2241ed3d4bab5d86f912f3d5276a0bb087417b9c

    SHA256

    c500f99507a1e321f189f4ea137afd20e36481344601e92b4b3a9883188ba8c6

    SHA512

    b07f9acff5c08523d1622e98bcddfc554b4049f42c06b759b50a6b4db56355bf63ebab3767e2371d8fed7036b4c63701ec58a2ebfbb85cfd998bf08085ba9bf1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d0abcf37279f8696f645059c8ed42499

    SHA1

    6bc29e9fcb95ca58a7164cf57da96e234f3c9972

    SHA256

    46bf3a511fba210f02711576ef999635e6586ac3e7de310ed1ac9884b8d267ba

    SHA512

    0b81b680c4624bd267186686513fccba55a29ab015e5b13b71f855453e6d26feef8de12bbd497f9dd0765a06e3292fb5dfbc510f3700ca9cb06190f4a965e00b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2827c12b70ae202502a436909c0d7929

    SHA1

    931743938797b4146ba26e1a3eabde768ec962ce

    SHA256

    49085ce5cfa18cb34bfe5ca95cc4ec44b22bd3300e25893d970bd3ab741384c7

    SHA512

    b1cfc49fadcea1080f71cc0e141037a46d305f4da5a8e4976ce184176192cbd611561355c771604def79e24b311285f282e969dc74bdc8c7f78d5caadb84893a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e44b41451f6b5a164213935091a200c0

    SHA1

    2364ac0cb5256eb9cd8701b898c5a9bb05f47436

    SHA256

    18e5b724174d2c1b48b7c59a2018bd5f619c6a286ed35644d02d4c5ecbdd5579

    SHA512

    8def79be375bb6ed983b7bf67fe3107bcf45777950b6fa2db99af443c62e451f0b87c775171f0d47dfe5769ef060a88493415fa5abc35de2c10d25f9576acd97

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    738be95dd521e002aab9ec0391fbc9a4

    SHA1

    aa50a9f0da1c6f895c101e17bf127521316ecd15

    SHA256

    f7deb805888ee176852e4c654483f5e032f83b115734dbf073ec15fb32d3fdb5

    SHA512

    16b47ec3aa78fcc40a82e9e16a4b2443dba8130e9357b3ebb39f58bbc9a3ad1621f0bf9733df9145a097722b22ff5b9f62dac9cda598153d7c54ffb9025b4a2c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    189aee176880056af233882f262d2944

    SHA1

    f14699e95e9f1de0494f3552f492fd73c5ec7130

    SHA256

    383c72ee243eed5cf394fa7b24885fac6e609bebe1e86c803cac8b2125ad9911

    SHA512

    e1b0bd0ebe3356ee1d56c6421943d15c5a3458ee502ae500cf706dd7883c2ffc5080606d104335d32a33f6e4cfa6358f9fbfac5ea8d5dcdf99f03b96f9383572

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE86D.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE8EE.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit