Overview

overview

7

Static

static

7

vpnclient/28ip.html

windows7-x64

3

vpnclient/28ip.html

windows10-2004-x64

3

vpnclient/gonggao.htm

windows7-x64

3

vpnclient/gonggao.htm

windows10-2004-x64

3

vpnclient/ip.html

windows7-x64

3

vpnclient/ip.html

windows10-2004-x64

3

vpnclient/ssm.html

windows7-x64

3

vpnclient/ssm.html

windows10-2004-x64

3

vpnclient/top.htm

windows7-x64

3

vpnclient/top.htm

windows10-2004-x64

3

vpnclient/...p.html

windows7-x64

3

vpnclient/...p.html

windows10-2004-x64

3

vpnclient2/28vpn.exe

windows7-x64

7

vpnclient2/28vpn.exe

windows10-2004-x64

7

vpnclient2....0.exe

windows7-x64

7

vpnclient2....0.exe

windows10-2004-x64

vpnclient2....0.exe

windows7-x64

7

vpnclient2....0.exe

windows10-2004-x64

7

vpnclient2...ao.htm

windows7-x64

3

vpnclient2...ao.htm

windows10-2004-x64

3

vpnclient2/top.htm

windows7-x64

3

vpnclient2/top.htm

windows10-2004-x64

3

top.htm

windows7-x64

3

top.htm

windows10-2004-x64

3

vpnclient2...t2.lnk

windows7-x64

3

vpnclient2...t2.lnk

windows10-2004-x64

6

vpnclient2...op.htm

windows7-x64

3

vpnclient2...op.htm

windows10-2004-x64

3

vpnclient2...op.htm

windows7-x64

3

vpnclient2...op.htm

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    13-09-2024 19:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vpnclient/28ip.html

  • Size

    12KB

  • MD5

    c444d4fa82566b610f7b04a51dde4940

  • SHA1

    c8f342b6a9c031966e90de16fc2420830fbd609f

  • SHA256

    06c52b77402f8c62ccf7f5c41e66c602c89cfb56d3a562656b1541d274a35bff

  • SHA512

    3b14b98e3abc2cbc3640184dcfcd6b4d7222de7b9082679931c2778ff5629c0d1e0d06de16821156f48a0f8354d7b78d30f2fe2b10a930446e018aa5318dd01b

  • SSDEEP

    192:VfhLd2I/gvdCAoDtuJTMM8M97rglXZPooFja1TxqgK:Dr/PDtHwoidS

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\vpnclient\28ip.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3024
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3024 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1884

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d6432e87b207ba80d4e4b79131cd0f0d

    SHA1

    7ff455441ed925675bbc5106794c579c282a5a63

    SHA256

    ee652cfc846eecca1ff598c3809a8c693fb171bd5eca743b188d3955d47cb629

    SHA512

    d125c37a5af5c9b32d955dc34b4d8a7c1bad091074fe99ad4632141e55b8a0dd2e8144a996a062630081da67b55888aefb6fd3ede3ff5a903cb5ac357500b676

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    43bc32bf05f856eec511b23fdae8b548

    SHA1

    30e0adcbcc703b3430dfec08d1b034b8705b5969

    SHA256

    5e20ec9f39a78a600dbbbf54bc8bef7d8a524883954ba8a9173920cdfe17ade9

    SHA512

    cb0551fd9e4ece5f00473641f9ff04a86d7aea9ff953a2f289dac0d651d6316bfdb91e0d61fab0d1722e49e4c66e897e433fcd688e01da705d5ef4f033d2f0d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    525fe8809d0c029677200e5d9c8b96f2

    SHA1

    cb27af80d71def354af2a5319172e53586e51366

    SHA256

    3089907db93a13a7117cea88f37f9f0ef7eb174d9eec453220259edd7a79b691

    SHA512

    1278a059ce08f135c185bdcbf63b86fe89eda6515593c8ec2fec0060fb092d635e6e45a217a5574c25de95bed67b147806570448579d0ad6011303f60ceff51d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    08f3927066da2fe7bdd6b371fb5e49bc

    SHA1

    fdac134fd114c4a6f14bc494a1a607c13c6b9aab

    SHA256

    4fc00dc82e96ddb021623336a4379bdb031df32499f4ecb6466a1adfcae4bd6a

    SHA512

    2547475c56ec91b58c921cb9890f04df6a210f5fc992e5fe57e392b50478bd052bda495cc6e6f4ff4bdde464603c40ce7c77169c65e7cf8f08357d385cc9adc7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    16614349e3a76e825b2e1f0c9ad2b378

    SHA1

    e44bdddf35c9e04066078e448219edc214e84889

    SHA256

    64ebcd3d21ab1ec93b99ecf5e21ba3d155b132fb60bfce7ff2a547f2a8b51d18

    SHA512

    d9232b85d968c88df81f97991119c3f047767623a7ce751929d99d2a3f0062b8fe1db1b1c79e10dd5fd736d528e094e9eb2482f9f5a4867a050932c9ed570aa1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d9468a1e62321584588dc1177835923f

    SHA1

    65501e602f22c718420e71d560c796f624a68b93

    SHA256

    4cd419c1f306af5d71b25bf85c97a6dce3a69ec0f8633587c41ddac3b9fcda16

    SHA512

    dc2f85a15024fd983f666cb2fb6339235660b9fe11211b1cb7c0b595960189874528b989a5272e926bbb6e55d1f66a70983275de6edfebed9411ab7ab279d016

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c70fbced88d9d245179dcd736c3e8944

    SHA1

    d332295b0d47118376cc6013618d425e76f35819

    SHA256

    63a2a2ffee1167a0a9635282460a74eb6d4946aefed17afa3beed55e648d7486

    SHA512

    ec49733b089773054358217c896485a41399b571c826d8220e116bbf69d39843da2c53c55615bd5b40e9ab6350adf6998b528e5183a77cd249d2b1a7f587bd5c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    503b2cd980917c6751491a6499618931

    SHA1

    159ca643a2e09dfb4d535280500eee40add38554

    SHA256

    10a7246cd81b6ae6528d335c38aeb59abb8dad29677389a5ae3c892cd5d9c211

    SHA512

    8958732feb00a3c46c5f08ce0e17a842998249f75dfb512dc0340e15a334f593c411ec2b604bba16f432c6def9670d24d54b00cb1f0423fda4183bb49352114a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f614f55313252200919d0666387a94ce

    SHA1

    98eb2576567f3aaf9193118dde4832aef27c3663

    SHA256

    62fb27fd7f51568479517c4a2027dccbea25973d72411d972aad1ace01836834

    SHA512

    91ae0e210584cd3aa3a95749b3027ecbd64f4e9212019def462222b09d0029b613760fe451adcac9010d54763ddef59d6e59b75ef66fb14ae42d61515d8bb6ec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    43c3901d1ece2249d1a9678e1d93abfd

    SHA1

    aff506e139d7155f1d8bc9872062764ce127a0ce

    SHA256

    f75d3738de3b358ce5e8cdcac6cc789b5f5ea5bc3ff1c93714af9a6140a6b5bb

    SHA512

    4083116a77a0d50f2fedc2616084c378823fef18cfddbcb61d7582d7ec88d410a970617800d71b50725f5ad7629fdb6079688a3b8aafc783c8d2391f2e12a571

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d5d5a274b5bf3109956d478143436a36

    SHA1

    6c53d32f901a157d836f6d322d741c9c2d65cca5

    SHA256

    66d53f26607eddb76462d36671eb076d04d1e433b9e06cd1f6f57facfedd1bdb

    SHA512

    72d03f02097676bc797bf5f1d22ff2bd4e70b380d5e70ad4a40fd66d390434c1e65ad8178ce70f1b1dbe6a40c2908ea252c2665c8cd45afd13f700d01457a9d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    92d0cfc331b6b4934c6450956dad35e0

    SHA1

    6f8343567a626486a45eb57a01f206229422dd89

    SHA256

    26ef518f24247d16eacdbbbd8ae761c6f4465c5df9be9363f817e320e59f45dc

    SHA512

    8ad0b4e10789ee56cbb4b8a0715108354e53d5f1f10fd310733c8970f25ef4cb6ef4bdecdc89efcf5a5b91f589bdf316f459edb1fe16141767f9ec6787a58c79

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9A5.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA72.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit