Overview

overview

7

Static

static

7

vpnclient/28ip.html

windows7-x64

3

vpnclient/28ip.html

windows10-2004-x64

3

vpnclient/gonggao.htm

windows7-x64

3

vpnclient/gonggao.htm

windows10-2004-x64

3

vpnclient/ip.html

windows7-x64

3

vpnclient/ip.html

windows10-2004-x64

3

vpnclient/ssm.html

windows7-x64

3

vpnclient/ssm.html

windows10-2004-x64

3

vpnclient/top.htm

windows7-x64

3

vpnclient/top.htm

windows10-2004-x64

3

vpnclient/...p.html

windows7-x64

3

vpnclient/...p.html

windows10-2004-x64

3

vpnclient2/28vpn.exe

windows7-x64

7

vpnclient2/28vpn.exe

windows10-2004-x64

7

vpnclient2....0.exe

windows7-x64

7

vpnclient2....0.exe

windows10-2004-x64

vpnclient2....0.exe

windows7-x64

7

vpnclient2....0.exe

windows10-2004-x64

7

vpnclient2...ao.htm

windows7-x64

3

vpnclient2...ao.htm

windows10-2004-x64

3

vpnclient2/top.htm

windows7-x64

3

vpnclient2/top.htm

windows10-2004-x64

3

top.htm

windows7-x64

3

top.htm

windows10-2004-x64

3

vpnclient2...t2.lnk

windows7-x64

3

vpnclient2...t2.lnk

windows10-2004-x64

6

vpnclient2...op.htm

windows7-x64

3

vpnclient2...op.htm

windows10-2004-x64

3

vpnclient2...op.htm

windows7-x64

3

vpnclient2...op.htm

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    13-09-2024 19:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vpnclient/top.htm

  • Size

    937B

  • MD5

    27c4b46d9c6373085d40d9b311f0f92f

  • SHA1

    376ed543d3e71b3277a6ac2585dcd0e3ddc4da23

  • SHA256

    cc141b2bb1ccabead3aab58cb401133399e0cc9c000471cda724908aa759f669

  • SHA512

    997f14b7ecd0f06540d912598ee24dfeb88d252575890e5197442e03d15f27495520a2a2621306092179f35109cdf7b856709b8156a906c50abb950761ec270f

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\vpnclient\top.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2500
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2500 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2452

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a2fc7d7efd6f28d218dd8a2544132882

    SHA1

    0504599f6e2332e3bf74e663e03779bcecb89b03

    SHA256

    d19332e373769b6a0333086372dc2c40b92afadb990c088cbba840ded99f8ed4

    SHA512

    98f3b732b83f2c472c5d3ad30a3571de86321c52869f4892d8f51a820393a56e5e45ad4c833c70b2bcc9bfdd2c8d981a40a0d720725a92a1d104f242eebd2273

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f66d0438bfea439f076c3993d3928c35

    SHA1

    483225a3004515bfbcc044d2ad69b01675830a4f

    SHA256

    c62d2c5aa8b966ab4ca511887c648186c96918907ad881a81cd6eb6fdedb9f9f

    SHA512

    ef1a0f1f1d566365c713da4f3673fb500eee1875f0c88566a75a6a9779885c7bf75872d1c3cb2835be5239cd54f8e9b684d1a91a8e366213dfeb3cb0ef81ac1f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8691aa0eec8a55b0f7754aa6722cc9b5

    SHA1

    d59da2a71a865982cb015ca4aa4ce9af0c460584

    SHA256

    970a456bb15ce36dfefc5a33a1a03eba417151bcfe08faf4f2fa3a2ed0b31b02

    SHA512

    a2bff03a34bd354b59d7c3d31258e93be9812de661dc795d952c98051ebb836a70404bbaa07048ceffc37c71d43b7986fa8485acfbec67d46a852f4b6f56a4a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bf3d07aa6d746d8d1344793d06a1bbbb

    SHA1

    7c0372db95e5f0c9b4437815aa1e1e7d334df576

    SHA256

    d5ca7e29751199a868e2c1c273c3a0f81a0a13b5fc22dc0dbf5d519a40e6b440

    SHA512

    59c706718c6fd163d82350728f575dcf9972f0958d0368e53a1360736c0b2fb206ee7c73257ab77f6f6e132e690ee116af7843f02e36894b766d25c6e6e93137

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2eb561acf4365b4bc8a917331e8033fe

    SHA1

    815a35aa7fbf4e537eeec7b6f145ef2952c8ce0e

    SHA256

    1b2375c49fe1b47501540bb03e1f1ba3de5711255f787837ff7c908a569ac373

    SHA512

    5d0bfffe88aab2c91562b9bd53009a0b4c275294b7ee10c4e3158807a6f90581e0baffd4f3f5cc77d36b6f24f4b71ac79883da09a84c1e3eac1098e1aabd9fac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd6ab7077af8f60806ca623849ac18e9

    SHA1

    71f8139fad6571a2ba46e6da07001cda31f526bb

    SHA256

    7d47c932e23b43056d3d1fc5bb13a24662ae9df4675f07ef626b02b2872d8484

    SHA512

    f75bacb892fb535f1bae877e9fd0f8b90cde5ca1c4f600893327801be31678825e24d175f1d6b247f95991a2c7383bfcd058327a9207bb6bbb280edf47c3b240

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bc3b9df523138b61773c0b4628c795d7

    SHA1

    3bf784c23ff1c609adcf6427cca4deb87bd4984f

    SHA256

    319026bea0e6027ee35414e7a21690929fc2ea84e6324f6bd7a956519182ccf5

    SHA512

    e30a143b9bb28dd7bb6b2241ccff7028112adc247bc48f43d2f728ba151b7ed481716078c353ce575f30711cdb83884564eef191a0b58c8b66085852b2b9661d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    95fe85dc7699b02254007fa365e4400c

    SHA1

    fbdb6770c5e8820027b48f35725a39a9d9d689dd

    SHA256

    b9a5406b1bf913efa2185111a7f8c5c46455f0966f8c2f73d00134f58284c95f

    SHA512

    d94f33bdeed8e6220f4689a5e7a169d2d6d0a948497339066844b19842297cc087cedb0f3ecffc310a5f467506a40de648dee5dcb244f4f92450492fd43b53de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    045cd7b80aa320f1cf085484975aae2c

    SHA1

    24fb5f79aaf82b77d88d4fa83389c97413641b0a

    SHA256

    a2482d22efb9c9aed53f15aba7ce174160688aeb956a27a0f61a31af33837c7b

    SHA512

    2f4ef50ae009c110818ef8a907bf99a13d8492c63fa039d2ac5a389b838d80d1f929218fc41f141114bf1af0c7bf75b6240084ed5a744f058499629cdaeaa917

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2a449025316b403f772a37309b87ce6f

    SHA1

    04ae5b3c9a3279044274f0a82cf2bd4ac7c62a3c

    SHA256

    9e99cbe60fd4e45f876c2703923bc66295c0009b08c0ded628dbe10d6642c8bb

    SHA512

    55895541480b3c417b3b7dfc57fa0971bfe6ff4f012b5c05ec56578c41e45ab52271d804f78cdb8135682aa2dae448c1a8c2bdbf518ebea187570cfd67aaa4b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    136305724a3c63d0345897a9a5163b86

    SHA1

    aea5c6c76d95b9857c6cffafda578eca80d7f43e

    SHA256

    e5aac24cb5a0df8dca1da5871b58d40a443545d859c79bf1ad0c2ca32272c5b4

    SHA512

    c629dccfb174c6bb9317461c367693639874de837cc6909becbd1488e99e0fb6ef7d213dd49e25d885d3239d0e54a66d18d4bda4970e277d4a9027caeb0ea429

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3507296536b78c11603f8a7f4a82c18b

    SHA1

    efb998b88c963ff358d55594b640dc9b2631278d

    SHA256

    f157b5007d5b7fa913a7ba172988ae9b3bc968718cf37a3be69b2252e8df85ac

    SHA512

    a2d5fb134765e7b58737fdc9a1d2ca0f51d87ed019bead3ffcdf78d55dc79014db6df3e7b487067be1ef8c7e456195f2314ebb143ffa4a73f2766bab20e1b38e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1d14e00a6431be89bc2312ccec5a5af9

    SHA1

    0a8a9edfe5304392ccfeffcffae089a0255090b1

    SHA256

    f7d01bf1a2f296fa40678c4235fc104e1f83c5154f523558f261fa9e07c56182

    SHA512

    3c308ad36db26074a45ab673776fac2663f4255255597a8b064ea067041a92eb37c915d1a06e9398ff471373ed6d1d45d40d510ef7949f17701d5720a482f102

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    398a03441ad074cce0427558addddaa8

    SHA1

    2d8b9a7010a26612574feb97cca10673a595ced0

    SHA256

    e05cb429cd38085ba0ab2842784f9542592a51b6141128cd3134e4fe116be74f

    SHA512

    31cd5d6e38cf63b1293b35f883701c1d219abc13a1dd64883f4787a172f2f5cd065f0a16ecec4003a37159d28d803e7029e165e2ce3cf5dd9368196d194696d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    75107071f06dad057ce8fb8dc9057063

    SHA1

    a201875d8f013e0ab443055d3c534eb75b4a01fb

    SHA256

    2d99d195a01064f83391038954d900c4166971c4f24748b4b34941c916c74283

    SHA512

    1edf374e2bc1cfcb42c7234ea5e94dd8e4d4b3d51d55ca87e103465decffce856d49f6104ba204ce44a7b3e92585271c459c854bea685634aaf6e38d12c81b4e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    06e58265aed2512a2a479f4d50ddb101

    SHA1

    243d2c4149965f25fe2cc39f75d946b1a0302e5d

    SHA256

    c2ad39ef63ca0f598bce44d6be6dbc4c128d61b48ac131b36bd43ea5772e5375

    SHA512

    5cec0393e7cc49bc995b689aa42754e44805ed0d59392a691de8063e2dbbb37cc4ec04d03097a0e6f94629055295afd1a6dbfb64cc498d1518f2c0d8e5b1bf99

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2bc3a785883930fc4c6b3c8d7c9889d4

    SHA1

    71a644623ce45c5a2fab25b1f30cc09d8e190019

    SHA256

    4b37365e336565a7bfe1ec07f7711627e5d80d6116067b181ec2a06aaa1e98ee

    SHA512

    a312973ade21729b163bb35b3c38b5a147231dbf37ca20c77cad51aeabe75d6efe498368c64744a1fc0f079d74dd4ffd1ca55e1057c9ea15ad620b7cfb6c8443

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3CE4.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3D65.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit