Analysis

  • max time kernel
    134s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    18-09-2024 21:19

General

  • Target

    $APPDATA/seemao/config/map/www.360buy.com.html

  • Size

    2B

  • MD5

    9b35dd1fd8fb2e8ba4a972122aca50b4

  • SHA1

    3e7f8dfde6fdfbe8ac9722e701cef405a9236330

  • SHA256

    eef2eae2699d81c58d176a9a58d4bf183df2acb6844b9eebf1cc60ae460ec50d

  • SHA512

    dc7fb0400a439e7de8f851e28c48951459483089398ce3be6596f0abb8545f27b0b35eb901e9a3ccb7177e70fbb19276d4f885258089e8b4ddfa2e10facc3c1d

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$APPDATA\seemao\config\map\www.360buy.com.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1924
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1924 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2108

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    12e6ce95601d89398b0ce2d31810201b

    SHA1

    d7663537434b71f77f6a7b2143e5bc5180b81917

    SHA256

    cbac027a6ca0f1ce2a53caa387edf428a859eaa299d2932a210ee0794d00df8e

    SHA512

    3e6b36ef7a5e98fd462ae3fd3b923921db16b099fbded786ec41ce71a14c6fb979ed54f24adaceda7349d00d9a1cc387119c71e22c5c0f50fd61bd56e75e9385

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b1c787e7a842129ce1a9e1aa53bd5f78

    SHA1

    b6258c895f762032ba5b00feeeb22124756f1b62

    SHA256

    24c62d1d335a0652cb694a2e0c64a7bb752fbf54d66a14b86d09590435f4ac4c

    SHA512

    c854948add3220746c623575e8c42c3367ee5f65f8e1ddb79348788ef5874150e053af400ffe7d607cd77e57a538ce2d2650a164efb0ed7460c3a1b0ae880e47

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    104f1844597744181bc35d17cdce6c1e

    SHA1

    fe9aeca89379fae6222dacb9e87269d2366a1b47

    SHA256

    8b7184c4d42b62f2bd28ca5035dc06a1a92c610e470d3b7667d6aefa9ae78010

    SHA512

    986e5381dd8cdca1ecf39c411c675da805c1d48fbd13ce6c8d48cf7de2c0054abf5445eae215ae4a85c385a305ceadf3047a9b8976cf374ae4f1abf1463fd15d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5a7afee56941538c7c34139133ad4fc5

    SHA1

    37381cd0fe0054eeaddfd47def803c28ceac22d6

    SHA256

    2763acd8626f49023afceef3cd0dfca9f0ceec6e3b25c7c73ec984dae3431f61

    SHA512

    c047bb04ea0a5eeeba3cdd5c13407d6e1d86d96eb48b99b73e3f2295b62defb05c95aeeb039c644453f0616aaa860938131e588cdf65b5790a9d3f8fdcd03623

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    624903bde3e2bb6bc61210e849583d58

    SHA1

    a7ca37cd5294b79b15abd2c5911bbf3a43501531

    SHA256

    2a9d508227a008c74c326de06cf7f7bbb5d1b99c3aba2ab6e680238424230d63

    SHA512

    6847489bf7b19f20aa4026bac2b86e9d556a271c9fdb23057a4dfec042ab6b354e1911824fbd98b07368426e2a0e8c858bdd608c4adb41513dec141816d6d895

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    30f8cb95d2cf4a7359e9f1bf4b6cbb32

    SHA1

    5e2d978a3da875c6d92d9bc4c81885c3582c4188

    SHA256

    d4f9f2b67338db6f20ddf3d612681a4f8b209f44376e08eaebcfea3b1c60b3cb

    SHA512

    73efc7fe0e5ef78ee2f924dbbb90748579460dec55308013ef5b8d9986ad9099a35142591c18160fd4832e0fe00d58a81f0f361b2aac712b23a51ab02f413db3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    19325ad099a6a0e8b08153fdb71034b5

    SHA1

    cf011fcbdfbbfa939813eaf28d6d97474666ac8e

    SHA256

    168730349ec6809f849b4d0b74fdf37391dde336fd69f2827820e42490c2d51a

    SHA512

    79adbd0d5350f087d3fe7484085a9068e887aa50fc562dfb78592da75314dbda9104a8b4a3d0973db81d747fa7c5ef37c9564f08d1d896cd3f89684d347229d6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6301b69aea416b3eb035fa46d069bca8

    SHA1

    f3ba0b783384717228f6280b147be6e2495fc78c

    SHA256

    09c86676684f7b2338868d6d6a58ba1842e3dbfd7ed252ed1881228b20bcda1f

    SHA512

    80bb66f215922a381d0aef9828bb9c059e1b5f0ead262c0c2e829128f538cb182c870696fe5448d317d25c298fe5f3372482467a9538d6e54bb43d84134794e2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b04fe64201f4bec25e6fcb3e1733b619

    SHA1

    844ef3cd8482acba6c308d2ab31c18b6407bb063

    SHA256

    bd79cf948dcaa183bf80894159c95d2f7a99b3e65268baee39ff53af0b8ff76c

    SHA512

    9e728933f19d0cba909012b08d3620c0949e137b59994f131771e7054830cc7b86871124c01af590709c2723d8c4d4509c5f21baafc622a30416f77f445b32e8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    32b7b05f3dbd9e4cfad59587aebb9fde

    SHA1

    1fe0ba7df401c1645d39ba86be90fc58629090cc

    SHA256

    e161f5b8d907ef86c8800c7d3b982bc6aa45c60b635d25b4745c22c371f5263e

    SHA512

    4382a5257a60f9e1e63a2d1970b0eabb365768b0165e1ab855a3f974b7c18d5bbdf31f0847d6cf7d0c5adc0a5ea68b960a68132e1dba7c85eba7cd35c93230ea

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    df7405bdb8bca43de434b8d77710bc92

    SHA1

    e2a6529afc13b21dc380e04ee889e64577774065

    SHA256

    9bed7e65845be796fab6d9ae09fbec5076497ee4d2f302789086f7233451a61a

    SHA512

    00c9fd1eaa51f4a40d09d63efbf553b3ff5c14546cf1bdcabe628ebe645815aaf9e7dd6ac0b47bdaeb8ccf267b1428cd1fe87492da05292e2873717d5ed73a2f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4f282cdc739d720cd1e8b002796e01c1

    SHA1

    3f083fe2df3e3c5b4b26d5ba771109c727f285af

    SHA256

    09095cd9ee0784f8e57a366766de52caaa643b692ca2459452acf6b0b52b2d12

    SHA512

    1f297ad9c72dd791803acef5df9bc51c1de4c3e5047e80c524873972b9934a11e6bba772798d95104ad46539141168d0ecaf7d01ac710e6df35d1df78c4a031d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f3254e432ae214e9cd43dc28d4754087

    SHA1

    81ab4af5f4cbeac48c93a868b118c9ea6718f5dc

    SHA256

    1fb57aa3fdaa1cfc24ee01a44ee2f353c41db862e7fc21295e44268a01472e26

    SHA512

    ad45a6c05d267c1ed8254d9b37935482da3cd1d5b1215156c2c62139109ff64c207acc2b1ee8d9683bb952c94f0bc70144c49165ab975673d7ce1d59e340715a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    695167ebf8288638d56b808cabcc7257

    SHA1

    370a8f3a3398bf1cae79356e1b8ef223b756326e

    SHA256

    e447156c98d16bddf86fac7ed1cfa7befba36fb78bb8b7fb07cb3cadfd57d172

    SHA512

    bda9e8fd0ffcea44f08fc2c1cf3786ce365962a48817c32d3220249e754070620a22c3c7c9017406a0fe76dd60bcd12aeb69ec959904c001e03e3da86a7a3388

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    21228f01704bce8b933ce797077fe946

    SHA1

    78b0914fc1c9ce957a1047a58369b6f68a2d2972

    SHA256

    2cc58e4f7138f95c676cd66da014c79a00df66abc9e0d81c614f587505ca4e2e

    SHA512

    c59fedab2da6f50aea87d638904cb39525b0a18ad3a58a378a67d6f7d2deedaa2356953d004e7ab0160c893fd4aa8db356d0bac1442377a62787c6b72073382a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b8dad56e105b45a419ffab0e9e48d687

    SHA1

    753352cd1d4de8cb5d7c3e7546f96a4ca1500af8

    SHA256

    8ba387bd7a188b36ff1cc7ac2ea1aa5ba3875b0bf7fa7eef36c7d1dd631cee45

    SHA512

    7d1cddad2154195a50414481d9757aff937c27acc6cc5f2e119d7ece646457dd289fbfbf1c917895e35d2284271177e40841b0fcb445acf4ebeb425c1aa68793

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a263126ab697c4fb7e3f5d2da19741eb

    SHA1

    79d4bd3ab938b5b157d837bfe01b8bd366d4f7ba

    SHA256

    312f25352ddca58ba33b5f040ac6a9d7b6c59603d56e8fc7439171b8637fcc5a

    SHA512

    c82fc5a80f114543f2f28a309551249dc362bd91d23999149adc223e08967344f070618b29c8f9ba05df4a2cfed89b2d6fb9e97d4939ebd3f24f13c75b5c23fc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    37b1618322b6febb1b12db9b22253968

    SHA1

    4d5b62874966a9f696ab54aa89df4a53ec0914b7

    SHA256

    4b5ee084f1f7aac329bddb2f2f7bd1a244be074b0eab95b03add82680e0532cc

    SHA512

    1cc0c1317ad5bc7f8533a9604e0e78de03d38ffd8a6f75adfa60b288ad59dba7e1a80063e0ea1a2bb75ba890c11e922d2adf248be10464657414c97be90b7ab0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    55e52e173613b586c22d066a41b09f9f

    SHA1

    07715d6716c0187c4f793cbd4a8d48e2f0da2b72

    SHA256

    1f1b213ba13100467f33e5d483ee50e0a8c6623db3902a363d964aacf4c352e0

    SHA512

    efa84511df942a691b00ddfc47d4c4e1a50ccd134c587a67381874391f6c59a999ac41a5d768534160ceb71e847ca8bc186fc36fe7cb6be59c2bfe8c6f9ffcb2

  • C:\Users\Admin\AppData\Local\Temp\CabD403.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarD4B3.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b