Overview

overview

7

Static

static

7

vpnclient/28ip.html

windows7-x64

3

vpnclient/28ip.html

windows10-2004-x64

3

vpnclient/gonggao.htm

windows7-x64

3

vpnclient/gonggao.htm

windows10-2004-x64

3

vpnclient/ip.html

windows7-x64

3

vpnclient/ip.html

windows10-2004-x64

3

vpnclient/ssm.html

windows7-x64

3

vpnclient/ssm.html

windows10-2004-x64

3

vpnclient/top.htm

windows7-x64

3

vpnclient/top.htm

windows10-2004-x64

3

vpnclient/...p.html

windows7-x64

3

vpnclient/...p.html

windows10-2004-x64

3

vpnclient2/28vpn.exe

windows7-x64

7

vpnclient2/28vpn.exe

windows10-2004-x64

7

vpnclient2....0.exe

windows7-x64

7

vpnclient2....0.exe

windows10-2004-x64

vpnclient2....0.exe

windows7-x64

7

vpnclient2....0.exe

windows10-2004-x64

7

vpnclient2...ao.htm

windows7-x64

3

vpnclient2...ao.htm

windows10-2004-x64

3

vpnclient2/top.htm

windows7-x64

3

vpnclient2/top.htm

windows10-2004-x64

3

top.htm

windows7-x64

3

top.htm

windows10-2004-x64

3

vpnclient2...t2.lnk

windows7-x64

3

vpnclient2...t2.lnk

windows10-2004-x64

6

vpnclient2...op.htm

windows7-x64

3

vpnclient2...op.htm

windows10-2004-x64

3

vpnclient2...op.htm

windows7-x64

3

vpnclient2...op.htm

windows10-2004-x64

3

Analysis

  • max time kernel
    76s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13-09-2024 19:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vpnclient2/gonggao.htm

  • Size

    1KB

  • MD5

    141e20590ae0e47f4921b51dadc3143c

  • SHA1

    91b8a92e95147ba90cca66864b959cc7a0d67ac9

  • SHA256

    09a4ba9dd83c8268063689eaf83a1eb9a667eaa1e2ab80a8676b5957d5cef319

  • SHA512

    2cc063c5f62a4c512a1f2ac3a08a4e090105d70235f841090a1367e3697107883c6d9e675441e7fb692a28f91ebc4308ef546b08f76ad90ae102a97a8f110340

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\vpnclient2\gonggao.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1756
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1756 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:536

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    466695f758f4af21fd07988d5de0dc83

    SHA1

    15c2d1a134cb552fb92a1842fa45010c09641e9f

    SHA256

    8fa5fa4772eb350e5815627dc9f284632c5ddafacad3feb50c15928d00609645

    SHA512

    90d59ed076b13e0a4597050ca09dc2cde4fdbea03c8e5e24fed6620a399ac033b15d63f8e13a0eb0aa0b1860352a434da723191b0aa3a3ec8b13163ba9ee4d66

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    656f9cf919ab6726a4517094636d83c3

    SHA1

    b5133166260d144e448db54cb4a08dcd7e839dcf

    SHA256

    1f69b39306ad44f79d89481ee22d102d5306e72a2cdf72a79c15621b7f9f5d59

    SHA512

    002e11f29e128cf5e22cb87d87aa8565f0123219e6543c3685abb452acb2307108ac25aeb7adedb62714c9776f7e67385894d8ee3b72b7423ec9f5fd8c82043d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    54e2b832c8d1e6c9f468c274ac08b061

    SHA1

    b377eb83ace34156df3ceed550d9d745833724e7

    SHA256

    9ab124a5ee5fe28f3696d33498fc9b8050931d99d296baabac097f34905ed3c7

    SHA512

    241ed02e917ceeb7a6a3424ee8175690b10882d875371578b4d6e66462ab23228f4020f14330a66526a988322802d9ad4a9878f1c2d5ff641591259fd80bdd86

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fb00a83118cb47aab96a4f4515787684

    SHA1

    50d5d340cef74a2ad96872cfb6e8e80f5e6ca839

    SHA256

    40f5ff8dfa5d3ae42aa633c584c4ef02e9ca1c6e61f379637825ad3bcb38acab

    SHA512

    4a463c7b9f44c629e83b9693306719adefc6bae9333b69f5ae0e95b5a254900394127900c1426994d6823fde5b60c2fba1b4fb2a42f8eb2c617febc15145db41

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6eeb6d8f59507ac53d6364e66e301e15

    SHA1

    b6bb13800d570717e1888fc7f88b5d7a5a6b0d6b

    SHA256

    a3fd986b8eea170589f7755e5a3c95d1929e624a51cf48e9e638e0ba991bf508

    SHA512

    693dc7824a3f2a634e55007e0c7b7886383cf165c5da5fb4a878f959cde56143febc68c32dc5a85a64cd8df343472a4e3e9798a88d954f79f23d178d6a4c7799

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    68c81966ae25b16ce0390601d5a11aff

    SHA1

    ad14ab2b356c6e8538d16cc6e4773d7ca64d59b5

    SHA256

    8400280fe42cb7bfb3e651f8487180200ad773e7d55f8c2e8546ea6bf5dcd4d8

    SHA512

    c853681637b4bf980b81a8aef4b3fedeffdbd4d758e101260deab649d422edb144451b776b2e3094bdc26de4bdf49298a0eef189e7ee28f9759d2a6cee9daac0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab30A4.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3163.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit