Overview

overview

7

Static

static

7

vpnclient/28ip.html

windows7-x64

3

vpnclient/28ip.html

windows10-2004-x64

3

vpnclient/gonggao.htm

windows7-x64

3

vpnclient/gonggao.htm

windows10-2004-x64

3

vpnclient/ip.html

windows7-x64

3

vpnclient/ip.html

windows10-2004-x64

3

vpnclient/ssm.html

windows7-x64

3

vpnclient/ssm.html

windows10-2004-x64

3

vpnclient/top.htm

windows7-x64

3

vpnclient/top.htm

windows10-2004-x64

3

vpnclient/...p.html

windows7-x64

3

vpnclient/...p.html

windows10-2004-x64

3

vpnclient2/28vpn.exe

windows7-x64

7

vpnclient2/28vpn.exe

windows10-2004-x64

7

vpnclient2....0.exe

windows7-x64

7

vpnclient2....0.exe

windows10-2004-x64

vpnclient2....0.exe

windows7-x64

7

vpnclient2....0.exe

windows10-2004-x64

7

vpnclient2...ao.htm

windows7-x64

3

vpnclient2...ao.htm

windows10-2004-x64

3

vpnclient2/top.htm

windows7-x64

3

vpnclient2/top.htm

windows10-2004-x64

3

top.htm

windows7-x64

3

top.htm

windows10-2004-x64

3

vpnclient2...t2.lnk

windows7-x64

3

vpnclient2...t2.lnk

windows10-2004-x64

6

vpnclient2...op.htm

windows7-x64

3

vpnclient2...op.htm

windows10-2004-x64

3

vpnclient2...op.htm

windows7-x64

3

vpnclient2...op.htm

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13/09/2024, 19:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vpnclient2/top.htm

  • Size

    1KB

  • MD5

    fc85605bbdb570ddb2e5c1e93bfc4c3d

  • SHA1

    7c212911305aaa90294ee3e903c420ca03f86760

  • SHA256

    4d9d10a1a63e1b9d053dcdc1dbdb6bcd5b13484f99eab7ce9727c90889ef3b75

  • SHA512

    763d27090455a4118c5a360fc7db0c798ab5f8bad2d0e552bf348eda26d1364e032980801e57d968eea13fe342847118097a14de24e62f0c9e3f894b0e2d4204

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\vpnclient2\top.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2276
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2276 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    de4bf3f166d814c4e83992fabd3ae5f5

    SHA1

    0c5b3ede83a4152e58a28946f02e83b8f4890194

    SHA256

    205f5b0447c9aa47045918f664c67c85c517f8319bbfc015b3362f5cf09d0aa8

    SHA512

    8d5116d04329b76fff9d4057c9daf44631736f99c9e194c4c1e0ac7d9db5f5b5f65d10270174089d8cbd775a5b8824ead7e24dc64a550fb0bea1d11dbed479e7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e03586db8bef7722a465296c34b306e7

    SHA1

    8731448d5ce080aa52e024842afd5fb86bd6d3e3

    SHA256

    3d942a38b9d39bae117c2ab071fc2bf2e456dddb9cbbcef1466b431a6325da35

    SHA512

    306db0c08c4f2a3eccce4936d0ba80c41db048448425ad7410c1f60804357af7f417b86d09e5a1d3f18b1204dc91a09bd7c01d45e9920cfdad41dc4e1876a87b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f2c1779447ac46469034d10397ba4f46

    SHA1

    1e2c2773696f649ab3042f03863d9267a32253e0

    SHA256

    77da958ce9fbd2c2b1e433e1ea8696637d4b282c19058e29e5f3d8a59b3bf092

    SHA512

    9cb3b4485f9f94235d35cf7587b29dfadad532da2d97a23ea774685e3ccaaef21929d980d1c31226f9a74e82b8241504f600f107d1198e7eedcb81c5d4821648

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9f65774c82dcebebed94862fb71b3b55

    SHA1

    ca36926ba20e89c9b08b2fd2bf7000e2a05a7723

    SHA256

    6e95cab723eb33d4575153adb56c627699785d41fb7253730ab898b703172472

    SHA512

    d3cc88e50737fce5849a89db23413977cbf42913be61495e2c5c21520a288b3766ab0d6512c3c0e57d5f4b988ff5319fac7853b708fd2b0daf3df88f16b35823

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    09be545227ec7d031814bad02fe9b00f

    SHA1

    e678d226eedb05acae47a6cfdec222df73e3fc8b

    SHA256

    c35c0db75e22c7781338d50b31a9d7ef728625a77a2b3d4aa44e08418ddfa65b

    SHA512

    8411731abe22d1581fb7d9a31f16b786765649b22df894ad49b9c063e739e0cabc391c589edb611608a4dfa8d32b8004bda296ef0847fe432328e1b97582cbd3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    41dc0b9c54bce24a7562aeac11442ab7

    SHA1

    199348800de5c9667444ea3edb8602484125b657

    SHA256

    3640d8ba9f171714bed99c8301704dd38512997140d36c5479b145b4c1bc2313

    SHA512

    a338fb62bb64b3cd1398e1177e491708e17a57766abe01f0d0b21d5d40a257632ec4bdd05faff06380d9c1b7e4f6f3c0e4ec4a2a68416653844c40c5e5edad77

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be509d132f893fcca3662a7f01262727

    SHA1

    f8651ffc2f5e75f183daccc355325167bc4213e0

    SHA256

    ee653598c0e3afa06659e702f314d072bb9cf50abaa2c70a1d2bad13fb580557

    SHA512

    3894b6de1ebf84161a4d498add99f0df5436c3caf9a54c0f332fbf5c8acf322d6a9832fbceacf1c1fffff0c661e804e4732d9f6e2ccdb20d5bb46c4650680cfa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d4dada2a9a35a79dbf5d934ffe35e680

    SHA1

    e8db10a5eed62e21e8ce8e397a8ef67a3480c3d5

    SHA256

    44d4b5c077d2525b433c70053da7372f736bae2f9fa6a683bbcddb403b82d190

    SHA512

    569761b9d066c7ca8a75d5c5d56cee9c2949633b538b2510a1e917f5f45b56f8233db50bc936be17f658ebfad61e14a7f8499324fb563f898e236afd5a9c2882

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8b48a007b41921bed8732b62f73d46f4

    SHA1

    2b1b8b3c130b29f218557c502521830c4eb8721f

    SHA256

    e751323cfdb67ef57fb956c3d1fc6f30c9d0cae59acc4d472752216a4de004a8

    SHA512

    63a1e11fbbd634939214fcaa644f584fa8bb2933a75c1c40afbc38ac7d3b1e79c1e6efab3b6a98e333393ab2583304d5009952ecd76b80ca5bfafd184540bba7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab169.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1EA.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit