Overview

overview

7

Static

static

7

vpnclient/28ip.html

windows7-x64

3

vpnclient/28ip.html

windows10-2004-x64

3

vpnclient/gonggao.htm

windows7-x64

3

vpnclient/gonggao.htm

windows10-2004-x64

3

vpnclient/ip.html

windows7-x64

3

vpnclient/ip.html

windows10-2004-x64

3

vpnclient/ssm.html

windows7-x64

3

vpnclient/ssm.html

windows10-2004-x64

3

vpnclient/top.htm

windows7-x64

3

vpnclient/top.htm

windows10-2004-x64

3

vpnclient/...p.html

windows7-x64

3

vpnclient/...p.html

windows10-2004-x64

3

vpnclient2/28vpn.exe

windows7-x64

7

vpnclient2/28vpn.exe

windows10-2004-x64

7

vpnclient2....0.exe

windows7-x64

7

vpnclient2....0.exe

windows10-2004-x64

vpnclient2....0.exe

windows7-x64

7

vpnclient2....0.exe

windows10-2004-x64

7

vpnclient2...ao.htm

windows7-x64

3

vpnclient2...ao.htm

windows10-2004-x64

3

vpnclient2/top.htm

windows7-x64

3

vpnclient2/top.htm

windows10-2004-x64

3

top.htm

windows7-x64

3

top.htm

windows10-2004-x64

3

vpnclient2...t2.lnk

windows7-x64

3

vpnclient2...t2.lnk

windows10-2004-x64

6

vpnclient2...op.htm

windows7-x64

3

vpnclient2...op.htm

windows10-2004-x64

3

vpnclient2...op.htm

windows7-x64

3

vpnclient2...op.htm

windows10-2004-x64

3

Analysis

  • max time kernel
    144s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13/09/2024, 19:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vpnclient/ssm.html

  • Size

    11KB

  • MD5

    302fee27ca39ed01663fe59ba6c0977b

  • SHA1

    9005bfd0892964adfac2a3916b00ab564d77a182

  • SHA256

    db4c5b22980a984594e7bb7510c33b5d4334fd000f244ed7784d924ca6738983

  • SHA512

    d89f7b7b197ebda1607434cdbba25f188820e88fc8764a8b9a965ad3dbe5fff7bba3decea1d8b3488bff517b2abc6cdb09882a6e2b7ad1d219ca426156434a51

  • SSDEEP

    192:0Vqw69UOVUBUyUu6X6a6F6N6M6a6k626r6e636E676F626yn6p6O6336J6y6F6sn:ClOWiLgZIOx4

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\vpnclient\ssm.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2080 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2348

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c53e02324ebdfec357a9ecea420e31af

    SHA1

    fcc28ca7f8b07053f085d6fac3a66f194cfe774b

    SHA256

    3ac17611a2234189207a1b2b0018c2e08f4ef7fa31150d60a969d60f04658da4

    SHA512

    67af4a377445e12cf1741d5ceb616d60a1adddbb5108e6c04adccc79edf136120e296ff8e3352d26376f8c96a9fcb4c16aa4358f8e48aff2615b459a774a6a9a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    30d55827c379f982190192974b9cf26f

    SHA1

    f4d0b0db0174a3949b575e5764b8dd02614f5075

    SHA256

    074d87929104226e3984eaf7fa31e137b3d7756326ec197cdb055873ff0dc1d6

    SHA512

    fedc8bab1dbb7f367955c8a70084365446c6412440eaa2c436942442d5b0f9b8e536547ef466bf42345083be4d4f21ec7dfbbd949d819475199ac14c57c40b92

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2ac981c10dc580ab5758ddadfcf67e14

    SHA1

    21712bd159a01b8e2c4f61920d8c026dad20b57f

    SHA256

    ae55b4e3e6ead7d3a67b31326e38a5201a40b9ee02a51642e0de42d7a321cf09

    SHA512

    1ab018bc09b6bd3c9f87cc0c2300251fba4a14f54b8639f4e2fe0135358c5b583611dcd7a4a7ebcc68a903124c83223699eb7e0ac7c8c90b72921da7c1c424be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cf0f9a1749608f9ed47ab522abaf83a4

    SHA1

    b14ae2dbbf25010fd1d23defbf6791ede85790af

    SHA256

    7c3b06dda9fcc6753aa100ad241c7aab3c7057c790f5873fff81524ae281167e

    SHA512

    d6892650b451c259b99cb8a994bedf9dc90b4d5f3002c4e6bbea30df3b04a07ab0a6238e1e6d29c55c863d1ff0097dcd068570db8fc4f01dc99a0025fbad39fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6c6b538037ba5c102783711eb48c99a2

    SHA1

    c8a93f53eac636774031278e56cb80b32895ac34

    SHA256

    5a3bc1c3da66d1f7e9bc0bce4174405c25b94028612747bfffa4d717d05d3d5d

    SHA512

    3596f9351a72b84c7396bcf0a24ad99275e2a189e0e9955180d8230b2641c54bbcdc4e1bac46023eb375647e37abdedde3920fef0f15cc76f481490a1d8bf8cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f9c5846adc8c243634a1947535fa9f95

    SHA1

    3b198d003c6aae7098a6e320525e022ac1c25b21

    SHA256

    63e781225ec58ec9ed7a4b66ac877e9ec4061f7a5c04bf35a58b8bfb388f8819

    SHA512

    11b52df3ce8bb5c4e9e3f4b41549c63f1aff1eda5b8e7236a2e3a7ff9e7fc6016e11ef9d8ccdea53bf15588315d716d741e4c765e1a0940ee4d25e2fd9f90212

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD395.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE037.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit