Overview

overview

3

Static

static

1

adminbiz/e...fo.ps1

windows7-x64

3

adminbiz/e...fo.ps1

windows10-2004-x64

3

adminbiz/�...��.url

windows7-x64

1

adminbiz/�...��.url

windows10-2004-x64

1

ajax/bizcate.ps1

windows7-x64

3

ajax/bizcate.ps1

windows10-2004-x64

3

api/js_dp.ps1

windows7-x64

3

api/js_dp.ps1

windows10-2004-x64

3

bizadmin/s...fo.ps1

windows7-x64

3

bizadmin/s...fo.ps1

windows10-2004-x64

3

cms/search.ps1

windows7-x64

3

cms/search.ps1

windows10-2004-x64

3

flei/search.ps1

windows7-x64

3

flei/search.ps1

windows10-2004-x64

3

flei/viewflinfo.ps1

windows7-x64

3

flei/viewflinfo.ps1

windows10-2004-x64

3

images/35/XM35com.js

windows7-x64

3

images/35/XM35com.js

windows10-2004-x64

3

images/35/...ter.js

windows7-x64

3

images/35/...ter.js

windows10-2004-x64

3

images/35/core.js

windows7-x64

3

images/35/core.js

windows10-2004-x64

3

images/35/counter.js

windows7-x64

3

images/35/counter.js

windows10-2004-x64

3

images/35/...ype.js

windows7-x64

3

images/35/...ype.js

windows10-2004-x64

images/35/stat.htm

windows7-x64

3

images/35/stat.htm

windows10-2004-x64

3

images/35/...02.htm

windows7-x64

3

images/35/...02.htm

windows10-2004-x64

3

images/index.htm

windows7-x64

3

images/index.htm

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    15-09-2024 00:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    images/index.htm

  • Size

    1B

  • MD5

    7215ee9c7d9dc229d2921a40e899ec5f

  • SHA1

    b858cb282617fb0956d960215c8e84d1ccf909c6

  • SHA256

    36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

  • SHA512

    f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\images\index.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3012
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3012 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3020

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    23840e3e9c8eb150d79e72a1655e23ed

    SHA1

    f451da00cc7950191fd9c95b38d7e7dd6ed9ddb1

    SHA256

    b6addff8ab6931afb7e035a2fa2aba984db7ca57e0eeddf134d75d1defe58d15

    SHA512

    a28614d5b73f9384a3512796cc57cd635626d1dd2d6c6b274247953cd6d7090d1e18530ade781ebbab7b9a9a56927133d86721a2ba35feb7e7e406ac70165cf6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    db954e4450b3c4baecb92221bb0d9a58

    SHA1

    2bafab45914ef6408c0ae200b7af322dfabf1ede

    SHA256

    36e3dcd348bd4047513424baa1f95ed1e125a57ce89b6212c7e9ecd2f5855e56

    SHA512

    fc8a20e7aff80a8aadac02a4127db5a2d2386f7f3bd58c018d17334cd08f0ab320080d3957e41f5afc05ca6bc498e87cbb4abde6dc2d4d6e5b67eb639a5ca956

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8940f8cdd6e1e7c9e0d76679e660eff5

    SHA1

    431460ef83a8cd604d20f9b32c854e83fca6d891

    SHA256

    a089f62c0b52518334929a0592d9dca9bea079107ef9fcafbfdea2801469af28

    SHA512

    37493912e0859cf89c475a0f28d24cbd5a95aba3de958b7e1cfb78ca2727fa25c1b4fee5325f72b61cf4c45acc7b74d0d568c2314fbd815d939a9e9afa90172f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    712b3751d2147a8f6df70881d9c520a0

    SHA1

    e7025aab8229d9588a90d083b5734c02cc5444c4

    SHA256

    cc2c386ab9c213e4052058a5335c061d6faa01f7592478c2794c18cae61fc8af

    SHA512

    ffb67797de12d7b6f3c9fcf7a65a84f32dfeda9aae59528368dc910e03458529335d53c599b1c3c0ab2ca32774c6e2bc577891a54253c2c556c3a481d175b4d0

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eb66f55a1052db1823ec1666382ffaea

    SHA1

    3ff82974714e43573aa115015e274a9b78d69b21

    SHA256

    36ff262c1821bc82af9d414a83205b72f4248d5060b21018571383ce2c83277a

    SHA512

    a899d3cc4cc355645e59dc28d06a8c4b6ca1ea9fddaaaaa6332c2a25340fe9542c4b7410ba22bf56da3e883aa3643809994bb84da3b83a9c5aaa2275a30893ad

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e7f84e793fa0b33f15dcd36eed192819

    SHA1

    fae8e1c5cf6d70b6637aa46559a1634f8ab1d350

    SHA256

    da456b3f74a64cdb6941952795c368a8acc734b09173f05d7fabc6a6b5d96318

    SHA512

    d5e7c2e7ae8a7d52e1cbce6f3d0a8a27c92c1bbdbd6cc08fa55a3ba02f92def40a2073513a172f4e867646c9132b2732023d841acfb64e477cb88faa4b92c074

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8c289a6479c05d888bbc30b43ccd7bbc

    SHA1

    ef04596e6fa5880f929e8d23a89787f7554f5e16

    SHA256

    4a72c80b2735155bad77c531679c770c24ad3d023f5acf75f8ad68e759c52ea0

    SHA512

    21e3b585375b4aca3c3a586321c63f64a1653f67c54979be3f1b961720472de601f6e25038b85ec801aed7815e4b0bb3a77618c62cfc0fb1011a34026fb1885d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    79ecc0dd88b4d1f58fe9dfc532cb0c04

    SHA1

    28d015cbe78ecf5ed6de10d5894f2f2e79de1617

    SHA256

    f3f07266ae512f7ff8f0d3ec650b462168121c28f4447593b7092cd9065f8a1c

    SHA512

    9ff6cde38a2fdd1e58258603ee3a7419859f8a410426b5a38e6e7d50ccfd0a234f24ef4df5f51010e5152934571fbec73ce0a1aed30eb157d5c6a3386dd364e6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    00dc55269db889943d9bed787f25a85b

    SHA1

    3d154024449bd94ce9ebe4b60d0d5205dc7a7d84

    SHA256

    058547e1361dd795e5b32a81131de061718fdc68f288089aad69bc29acef0a59

    SHA512

    03c384949ba807ea72cfb3223f84492c146d1839c5ba8bb635a5ad2e48e5ca0693571b8c6db8b7e3f8b1679d9c2abcde6bc1273b1ba24059e13561c883833497

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4101075ae8efad7194becffe56d8f201

    SHA1

    06c1f2094341d31bbbabd2987227354e3fd33384

    SHA256

    70a491907fbe7239676d70fceb21d93c61a11dd1de92f89659676f80d78b733a

    SHA512

    9fbca217b40abf5b39eecde21fd662c3f2f0da4103674684961227fd13e0bbd446cae39d111197ae5f921438c66580238d22d22348f17f76121ae32d36545446

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    69f8405b4d2510e0749592ad82538315

    SHA1

    d5bbfda5b18cd77c4aef8666de3cc05d786b7a05

    SHA256

    2edc90c6d0bb948fa56ea7c3f77df68b75c705b74e5321b370a48bcb17dde12a

    SHA512

    afa3140daba2e333b3268776db25532fe204ae7a65ede3ae8be7f53d2a3997273a83b08bc6ca97ca4c5be4581625e42cd2eda8b1be451f258bc44c80491c4792

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\CabCE39.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\TarCF27.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit