Overview

overview

7

Static

static

7

vpnclient/28ip.html

windows7-x64

3

vpnclient/28ip.html

windows10-2004-x64

3

vpnclient/gonggao.htm

windows7-x64

3

vpnclient/gonggao.htm

windows10-2004-x64

3

vpnclient/ip.html

windows7-x64

3

vpnclient/ip.html

windows10-2004-x64

3

vpnclient/ssm.html

windows7-x64

3

vpnclient/ssm.html

windows10-2004-x64

3

vpnclient/top.htm

windows7-x64

3

vpnclient/top.htm

windows10-2004-x64

3

vpnclient/...p.html

windows7-x64

3

vpnclient/...p.html

windows10-2004-x64

3

vpnclient2/28vpn.exe

windows7-x64

7

vpnclient2/28vpn.exe

windows10-2004-x64

7

vpnclient2....0.exe

windows7-x64

7

vpnclient2....0.exe

windows10-2004-x64

vpnclient2....0.exe

windows7-x64

7

vpnclient2....0.exe

windows10-2004-x64

7

vpnclient2...ao.htm

windows7-x64

3

vpnclient2...ao.htm

windows10-2004-x64

3

vpnclient2/top.htm

windows7-x64

3

vpnclient2/top.htm

windows10-2004-x64

3

top.htm

windows7-x64

3

top.htm

windows10-2004-x64

3

vpnclient2...t2.lnk

windows7-x64

3

vpnclient2...t2.lnk

windows10-2004-x64

6

vpnclient2...op.htm

windows7-x64

3

vpnclient2...op.htm

windows10-2004-x64

3

vpnclient2...op.htm

windows7-x64

3

vpnclient2...op.htm

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13/09/2024, 19:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vpnclient/gonggao.htm

  • Size

    1KB

  • MD5

    141e20590ae0e47f4921b51dadc3143c

  • SHA1

    91b8a92e95147ba90cca66864b959cc7a0d67ac9

  • SHA256

    09a4ba9dd83c8268063689eaf83a1eb9a667eaa1e2ab80a8676b5957d5cef319

  • SHA512

    2cc063c5f62a4c512a1f2ac3a08a4e090105d70235f841090a1367e3697107883c6d9e675441e7fb692a28f91ebc4308ef546b08f76ad90ae102a97a8f110340

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\vpnclient\gonggao.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2644
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2644 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2820

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0f78ac65ab95388e1a8f91a5208482c8

    SHA1

    e287c5a8438cd17866f0aac7cf4cbf65705cf0d4

    SHA256

    a3e331c92154ea672ddd086e7c35bc626ea843bd423729d5150f72c204086989

    SHA512

    430cbc2a3446747494f1c8c9e1eb34e2537945f46ddf7499648263bb1b5c23dfe2808c82b0ef1c61516a2a9e202b625910bcf85b8949ee85ba179d07913fe808

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca719aa0c6c51feded44f87ee84636e9

    SHA1

    4dbf39fd2b33665a4d6894639c7a01f6af15a979

    SHA256

    4186a472b2f936f01201b6a30934b06206f96454d88681cb276f0bc978414bf9

    SHA512

    ce5923bd95ca0596b1e8b6d56afad415618278f2904274c8de37be551a9a05d0dffc8dfd3dc3a2014b5bd35b4aceeb4950ebec707adbc1fd169bdfe4815ab5c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    88e2f1f6d7146d66f16d1082e3303aa8

    SHA1

    4ecb2e8090d2f97225f653509b789333cd74ccab

    SHA256

    0164a765354fbab491b474798e5650c9ce0033efb8b8a79d5315d3ea8fdbd4bb

    SHA512

    83d80bc49a9cf7701e087b74f062b8e50cbcdde491d8026aa07f9fe88c50d7c746a360b1314dd753ea6e3f278b26c9311fbd057eea430cd3175559bd1317bf6d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a3ace56413ae5f72cc1b82cb948b5b02

    SHA1

    6efc6ef3738fed5f972cbb126c7c72b7fb5bc699

    SHA256

    7c55673369049e6824e6005ebc54e33d0f8526e9a3b5d26161fad66fd8e9b039

    SHA512

    7c99b8cfe262d524b090ddf3dc2342e6b9e2101064060b70e0717093fb0b6a937f4df83608af90fc1e98a991107ae764c8aba1ac347231c1b12c153e9d45310e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cb701781983ac8836d2384820ea42d4b

    SHA1

    51b7b67e2986953fb27b1bcf48119f6c36c331c4

    SHA256

    b1ace3873032d2c7ebc1476b510535c81c4745f16bdaa4f863ab194cc51076ba

    SHA512

    66c2ae7ae741aafccde2d6378a97b83c413e27e3315f146a43ba15c5cceb84c1cd8a42815c346f3e4261ac7b24f91209890a95c31af10536e253914b61be0928

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9683f98ed924c11f7e63ec9f1211bcff

    SHA1

    65a10f063908f411825066df4fad13d6b8d81f61

    SHA256

    1446fb0385852ee553cac6930da275e3ca33dcded9f73133950f478af403a549

    SHA512

    872c15d0aa53b2637965a31ca92ee9031b816d1779244d2d385c1e38ccc3a7c9355353b0d6564f9c9aa6f16da5ffcc7a9e30045d54e88c5c31b082b887a0e9fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aba9a886eec8f0ee98ffcedd6e9197ef

    SHA1

    cbf76cb3c3ab05251df1ac41822536d218ebb463

    SHA256

    e9d513da46d8bbd3167388c530c096abe0cc1a8bed79c410362f5b1768a72a79

    SHA512

    7f6afb21d315c4a643df40f15b4de9b136b7ba1677e8d5bf58857b2634120fd06a3340078b2eab05050f9e16fced68bac5904a1a82fe4105f754cb933e6f0a9e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a82fcbe4b7ee99dea057f424047cf153

    SHA1

    07964bfd4c277fec3592f31589996b87787d5feb

    SHA256

    6fdb9498ef0ad761f151925ecd80bb345fa9f292130ff5c6a87d538cd0ab5b7b

    SHA512

    ba5403250517dd89ca0c4b6b3d778789bcc247be3141692235ad59b58348fc7a9ae43ffceb59d9da9ced12a979c4d6d71fe25a967528f164ff992bfd10fb1984

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b040307b1ccf3b40bd44dcbfadc12ad5

    SHA1

    1e77c0675bad269ce5dc7dd537c6ae20d4519015

    SHA256

    da81547c9bb5c75c08c4a541f6f3ddd65db3ab3468d203d35e3198b98fea3b33

    SHA512

    1f873e5ed4618380d744ef75f5a8a2d8ae93bdf78d5412a72ff43f3f4781c4831ec6ffd331d409a321a65eeceb59824b20cfd7fe8fcd376965cf9c4d520a6035

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab11DF.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar124F.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit