Overview

overview

7

Static

static

7

vpnclient/28ip.html

windows7-x64

3

vpnclient/28ip.html

windows10-2004-x64

3

vpnclient/gonggao.htm

windows7-x64

3

vpnclient/gonggao.htm

windows10-2004-x64

3

vpnclient/ip.html

windows7-x64

3

vpnclient/ip.html

windows10-2004-x64

3

vpnclient/ssm.html

windows7-x64

3

vpnclient/ssm.html

windows10-2004-x64

3

vpnclient/top.htm

windows7-x64

3

vpnclient/top.htm

windows10-2004-x64

3

vpnclient/...p.html

windows7-x64

3

vpnclient/...p.html

windows10-2004-x64

3

vpnclient2/28vpn.exe

windows7-x64

7

vpnclient2/28vpn.exe

windows10-2004-x64

7

vpnclient2....0.exe

windows7-x64

7

vpnclient2....0.exe

windows10-2004-x64

vpnclient2....0.exe

windows7-x64

7

vpnclient2....0.exe

windows10-2004-x64

7

vpnclient2...ao.htm

windows7-x64

3

vpnclient2...ao.htm

windows10-2004-x64

3

vpnclient2/top.htm

windows7-x64

3

vpnclient2/top.htm

windows10-2004-x64

3

top.htm

windows7-x64

3

top.htm

windows10-2004-x64

3

vpnclient2...t2.lnk

windows7-x64

3

vpnclient2...t2.lnk

windows10-2004-x64

6

vpnclient2...op.htm

windows7-x64

3

vpnclient2...op.htm

windows10-2004-x64

3

vpnclient2...op.htm

windows7-x64

3

vpnclient2...op.htm

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    13/09/2024, 19:22

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    vpnclient/top.htm

  • Size

    937B

  • MD5

    27c4b46d9c6373085d40d9b311f0f92f

  • SHA1

    376ed543d3e71b3277a6ac2585dcd0e3ddc4da23

  • SHA256

    cc141b2bb1ccabead3aab58cb401133399e0cc9c000471cda724908aa759f669

  • SHA512

    997f14b7ecd0f06540d912598ee24dfeb88d252575890e5197442e03d15f27495520a2a2621306092179f35109cdf7b856709b8156a906c50abb950761ec270f

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\vpnclient\top.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2500
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2500 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2452

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a2fc7d7efd6f28d218dd8a2544132882

          SHA1

          0504599f6e2332e3bf74e663e03779bcecb89b03

          SHA256

          d19332e373769b6a0333086372dc2c40b92afadb990c088cbba840ded99f8ed4

          SHA512

          98f3b732b83f2c472c5d3ad30a3571de86321c52869f4892d8f51a820393a56e5e45ad4c833c70b2bcc9bfdd2c8d981a40a0d720725a92a1d104f242eebd2273

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f66d0438bfea439f076c3993d3928c35

          SHA1

          483225a3004515bfbcc044d2ad69b01675830a4f

          SHA256

          c62d2c5aa8b966ab4ca511887c648186c96918907ad881a81cd6eb6fdedb9f9f

          SHA512

          ef1a0f1f1d566365c713da4f3673fb500eee1875f0c88566a75a6a9779885c7bf75872d1c3cb2835be5239cd54f8e9b684d1a91a8e366213dfeb3cb0ef81ac1f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8691aa0eec8a55b0f7754aa6722cc9b5

          SHA1

          d59da2a71a865982cb015ca4aa4ce9af0c460584

          SHA256

          970a456bb15ce36dfefc5a33a1a03eba417151bcfe08faf4f2fa3a2ed0b31b02

          SHA512

          a2bff03a34bd354b59d7c3d31258e93be9812de661dc795d952c98051ebb836a70404bbaa07048ceffc37c71d43b7986fa8485acfbec67d46a852f4b6f56a4a4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          bf3d07aa6d746d8d1344793d06a1bbbb

          SHA1

          7c0372db95e5f0c9b4437815aa1e1e7d334df576

          SHA256

          d5ca7e29751199a868e2c1c273c3a0f81a0a13b5fc22dc0dbf5d519a40e6b440

          SHA512

          59c706718c6fd163d82350728f575dcf9972f0958d0368e53a1360736c0b2fb206ee7c73257ab77f6f6e132e690ee116af7843f02e36894b766d25c6e6e93137

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          2eb561acf4365b4bc8a917331e8033fe

          SHA1

          815a35aa7fbf4e537eeec7b6f145ef2952c8ce0e

          SHA256

          1b2375c49fe1b47501540bb03e1f1ba3de5711255f787837ff7c908a569ac373

          SHA512

          5d0bfffe88aab2c91562b9bd53009a0b4c275294b7ee10c4e3158807a6f90581e0baffd4f3f5cc77d36b6f24f4b71ac79883da09a84c1e3eac1098e1aabd9fac

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          dd6ab7077af8f60806ca623849ac18e9

          SHA1

          71f8139fad6571a2ba46e6da07001cda31f526bb

          SHA256

          7d47c932e23b43056d3d1fc5bb13a24662ae9df4675f07ef626b02b2872d8484

          SHA512

          f75bacb892fb535f1bae877e9fd0f8b90cde5ca1c4f600893327801be31678825e24d175f1d6b247f95991a2c7383bfcd058327a9207bb6bbb280edf47c3b240

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          bc3b9df523138b61773c0b4628c795d7

          SHA1

          3bf784c23ff1c609adcf6427cca4deb87bd4984f

          SHA256

          319026bea0e6027ee35414e7a21690929fc2ea84e6324f6bd7a956519182ccf5

          SHA512

          e30a143b9bb28dd7bb6b2241ccff7028112adc247bc48f43d2f728ba151b7ed481716078c353ce575f30711cdb83884564eef191a0b58c8b66085852b2b9661d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          95fe85dc7699b02254007fa365e4400c

          SHA1

          fbdb6770c5e8820027b48f35725a39a9d9d689dd

          SHA256

          b9a5406b1bf913efa2185111a7f8c5c46455f0966f8c2f73d00134f58284c95f

          SHA512

          d94f33bdeed8e6220f4689a5e7a169d2d6d0a948497339066844b19842297cc087cedb0f3ecffc310a5f467506a40de648dee5dcb244f4f92450492fd43b53de

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          045cd7b80aa320f1cf085484975aae2c

          SHA1

          24fb5f79aaf82b77d88d4fa83389c97413641b0a

          SHA256

          a2482d22efb9c9aed53f15aba7ce174160688aeb956a27a0f61a31af33837c7b

          SHA512

          2f4ef50ae009c110818ef8a907bf99a13d8492c63fa039d2ac5a389b838d80d1f929218fc41f141114bf1af0c7bf75b6240084ed5a744f058499629cdaeaa917

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          2a449025316b403f772a37309b87ce6f

          SHA1

          04ae5b3c9a3279044274f0a82cf2bd4ac7c62a3c

          SHA256

          9e99cbe60fd4e45f876c2703923bc66295c0009b08c0ded628dbe10d6642c8bb

          SHA512

          55895541480b3c417b3b7dfc57fa0971bfe6ff4f012b5c05ec56578c41e45ab52271d804f78cdb8135682aa2dae448c1a8c2bdbf518ebea187570cfd67aaa4b5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          136305724a3c63d0345897a9a5163b86

          SHA1

          aea5c6c76d95b9857c6cffafda578eca80d7f43e

          SHA256

          e5aac24cb5a0df8dca1da5871b58d40a443545d859c79bf1ad0c2ca32272c5b4

          SHA512

          c629dccfb174c6bb9317461c367693639874de837cc6909becbd1488e99e0fb6ef7d213dd49e25d885d3239d0e54a66d18d4bda4970e277d4a9027caeb0ea429

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3507296536b78c11603f8a7f4a82c18b

          SHA1

          efb998b88c963ff358d55594b640dc9b2631278d

          SHA256

          f157b5007d5b7fa913a7ba172988ae9b3bc968718cf37a3be69b2252e8df85ac

          SHA512

          a2d5fb134765e7b58737fdc9a1d2ca0f51d87ed019bead3ffcdf78d55dc79014db6df3e7b487067be1ef8c7e456195f2314ebb143ffa4a73f2766bab20e1b38e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1d14e00a6431be89bc2312ccec5a5af9

          SHA1

          0a8a9edfe5304392ccfeffcffae089a0255090b1

          SHA256

          f7d01bf1a2f296fa40678c4235fc104e1f83c5154f523558f261fa9e07c56182

          SHA512

          3c308ad36db26074a45ab673776fac2663f4255255597a8b064ea067041a92eb37c915d1a06e9398ff471373ed6d1d45d40d510ef7949f17701d5720a482f102

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          398a03441ad074cce0427558addddaa8

          SHA1

          2d8b9a7010a26612574feb97cca10673a595ced0

          SHA256

          e05cb429cd38085ba0ab2842784f9542592a51b6141128cd3134e4fe116be74f

          SHA512

          31cd5d6e38cf63b1293b35f883701c1d219abc13a1dd64883f4787a172f2f5cd065f0a16ecec4003a37159d28d803e7029e165e2ce3cf5dd9368196d194696d9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          75107071f06dad057ce8fb8dc9057063

          SHA1

          a201875d8f013e0ab443055d3c534eb75b4a01fb

          SHA256

          2d99d195a01064f83391038954d900c4166971c4f24748b4b34941c916c74283

          SHA512

          1edf374e2bc1cfcb42c7234ea5e94dd8e4d4b3d51d55ca87e103465decffce856d49f6104ba204ce44a7b3e92585271c459c854bea685634aaf6e38d12c81b4e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          06e58265aed2512a2a479f4d50ddb101

          SHA1

          243d2c4149965f25fe2cc39f75d946b1a0302e5d

          SHA256

          c2ad39ef63ca0f598bce44d6be6dbc4c128d61b48ac131b36bd43ea5772e5375

          SHA512

          5cec0393e7cc49bc995b689aa42754e44805ed0d59392a691de8063e2dbbb37cc4ec04d03097a0e6f94629055295afd1a6dbfb64cc498d1518f2c0d8e5b1bf99

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          2bc3a785883930fc4c6b3c8d7c9889d4

          SHA1

          71a644623ce45c5a2fab25b1f30cc09d8e190019

          SHA256

          4b37365e336565a7bfe1ec07f7711627e5d80d6116067b181ec2a06aaa1e98ee

          SHA512

          a312973ade21729b163bb35b3c38b5a147231dbf37ca20c77cad51aeabe75d6efe498368c64744a1fc0f079d74dd4ffd1ca55e1057c9ea15ad620b7cfb6c8443

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab3CE4.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar3D65.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit