Overview

overview

4

Static

static

1

PHP搜索�...��.rtf

windows7-x64

4

PHP搜索�...��.rtf

windows10-2004-x64

1

PHP搜索�...t.html

windows7-x64

3

PHP搜索�...t.html

windows10-2004-x64

3

PHP搜索�...o.html

windows7-x64

3

PHP搜索�...o.html

windows10-2004-x64

1

PHP搜索�...n.html

windows7-x64

3

PHP搜索�...n.html

windows10-2004-x64

3

PHP搜索�...x.html

windows7-x64

3

PHP搜索�...x.html

windows10-2004-x64

3

PHP搜索�...ze.htm

windows7-x64

3

PHP搜索�...ze.htm

windows10-2004-x64

3

PHP搜索�...e.html

windows7-x64

3

PHP搜索�...e.html

windows10-2004-x64

3

PHP搜索�...h.html

windows7-x64

3

PHP搜索�...h.html

windows10-2004-x64

3

PHP搜索�...e.html

windows7-x64

3

PHP搜索�...e.html

windows10-2004-x64

3

PHP搜索�...t.html

windows7-x64

3

PHP搜索�...t.html

windows10-2004-x64

3

PHP搜索�...0.html

windows7-x64

3

PHP搜索�...0.html

windows10-2004-x64

3

PHP搜索�...g.html

windows7-x64

3

PHP搜索�...g.html

windows10-2004-x64

3

PHP搜索�...o.html

windows7-x64

3

PHP搜索�...o.html

windows10-2004-x64

3

PHP搜索�...p.html

windows7-x64

3

PHP搜索�...p.html

windows10-2004-x64

3

PHP搜索�...o.html

windows7-x64

3

PHP搜索�...o.html

windows10-2004-x64

3

PHP搜索�...eDb.js

windows7-x64

3

PHP搜索�...eDb.js

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21/09/2024, 18:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PHP搜索引擎20110614bate版/a/youdao.html

  • Size

    1KB

  • MD5

    8344ec91d039e20884ec6caa5244de36

  • SHA1

    7bd3f9bc5cbda74080e259b86d71cc2f6b20a2a1

  • SHA256

    28d9a2e97fdfc7ce52afa1330a1f969c6a6d0c3b4ec503333c616fb6bfbe02b4

  • SHA512

    c9c27192bf6d2bc8dc46257270dca699de1589f02867b2cefa6ddb7d071ab75d336062393bf5390c8cc411eea3dca7ebddf8fd2e38ac0d0c21299a71facb0c9b

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\PHP搜索引擎20110614bate版\a\youdao.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2288
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2288 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2236

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    786c8220966164fe43a8ca77cc41687d

    SHA1

    f587e1eab6c1e044623af0daf06287b3ba446a3b

    SHA256

    a1162d628e630b42fbe89cab81a8a2ec0071142a85c552b98f0cefa5ba535f73

    SHA512

    5fb9ba07113d08454f72347058676d4d64a7d7f37b5c1f102b20d1882c71b78fa6688a7121658b7bde4fa4aee5d95000126007038cbbd31092061807f83c2986

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    641e9339207dfa5dd83696f39f0887c6

    SHA1

    3c485a8e0c7eb4c03f92c340e9c73190ecab7fae

    SHA256

    25f8930b06c9f0ef5c980ef38e7575c313dd55718d182f9e0dda430d4807af75

    SHA512

    298de8ad01b8cc33674527afd3514e526720d06009886cc136d41623511343eb6bfaf388f31397df20bf2f8864da5fbb93c90518caada269c55d9265a41e2913

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1ea8447568eaf28e02914b5a895243c2

    SHA1

    13b9181ba6fdca96f61f31948dc1e72093479ba0

    SHA256

    8f7a3add3e104e9df4d37c120b24c5f07935c078aac74190dd4b8b891131b53a

    SHA512

    4b3373858641fe5a01695fe4241caf7f8820342d5413f804ca0f49f9f1949906aee8e4ef97cd7bd9caf7aafe9d61e42c022134880281dcaa8d91cf3142407c3d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bd5cfc7da431e9a4851c06ee7bfc9fd0

    SHA1

    5cd43063c712a6b4229a5509a7b27f784122a897

    SHA256

    95310b9b2905b7373322818912907243b1dd227c173b7f6c591895791699914a

    SHA512

    5fc1b033e346866ad205ed16d32c1bd33d81594f40c6d39c70756157037690cceb1ef83db4a93a39cdc97673e708d851f551632dd6709911cdaa4647dd7bee69

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    78b5c21dea8011ff098efe5f3ee47804

    SHA1

    5176f61a96af7fa15255a5ec547c15e6541a3029

    SHA256

    be274268600cde64e8b52ae59c2a218dd90aa5242e43cfb1f0669d495e783b6b

    SHA512

    618b9e8fa98f99a58ac902bf6490ea9b0c0dbfe74622b3cc5afd7b0350b1dad8c9fb5be1ef9db650b68643d6cc24c1381230c1a4ff6cf98d9548f967bd1f0c80

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1d1d69dd82820b85bce9b1a74649d355

    SHA1

    2ce02d80b544e244474112d5c5b73aecd7d156bc

    SHA256

    d863150c13ca90a17ae994c4db54989e299816197f73a22a2382b3630ab84f8f

    SHA512

    39650808a24a4e39190f3c93255d0889a80f29b8e7dfc69e2d40627654c8a0f62ec5a721e18bd5aa35eb8c3d40e0ec7c1f901531472a92356138848d03e7eabb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    73a90ee9d120762eaa896698ac7cd3df

    SHA1

    ef3b8911d05ff86d7b5a208d1ad36c4473d3beea

    SHA256

    e203599d91a5bf49e8855095de9d27d0e282f552d865313912c03f77f4d022cc

    SHA512

    ba7d152129a471011e9439a209fa13735f3554849fbd94f4b9d943704cfb52f3226b4beb8a0ae6f4f5af689761294db44a358af0b96576f348c11d3556d45754

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ade9db06dc97abc3f10605805f64418d

    SHA1

    3a3b82c3791407a67edb39218ea66f6543a13a4d

    SHA256

    0c01bbb17d973103b7466559b02650c075a9a889d098d5b7c5b6f872f6863edf

    SHA512

    00fe834e6300dd9c894a0888ac8e8a05f9f6d73fa953030c275dcb4e9f6aa3c524e03fd8324cec7a00e1461ee316cbea102a23c328e4490cb78ea079a81938f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ec67de7758f1cf394658a7e5259a0bda

    SHA1

    47aa03b12899f020fa0e8306914663ec47a59f6b

    SHA256

    29e589ec7c48cd3663aca3723551f54377e137869e03d876941f390e253f3011

    SHA512

    320f9ae09d150348d064e1c0d446ece8f5241f1c69ae6107b5caa1f10a43ae760a38b70a4bd6143b90604dd4a5d5d6f23053772e33b90b5b13b059754087ec7d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    492bd3c56fa3189ee224872a032afeb7

    SHA1

    3f0a3c690c1c502fcbbcb0f0f2603ca0be852bda

    SHA256

    edad23321a8b25ec63395f9243afd66b48e36dad5795a1bb7f50ffa9b24f773c

    SHA512

    a73710bced408b5685f1806d7c52586786758263c2aa5ade98cdaac29d890b74241bc9bbadcee7a0d7e58a94d69a13f48c78521a0d297560f171565fe07bfa47

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    11ac69e953b77e29f463272e3cbe16c2

    SHA1

    ff1bd79f64c11f97d00eef18b7fa9eba08bd49a6

    SHA256

    1dfffcb672c29c8d85432ad8d867922236c78d392d7cd4dcb02e0ee19de40258

    SHA512

    291fdc0da0e6b12875c99c2158e92711f96608a442034aa78ec789c32b9da507cb987ab63a053500f611c376612b3204816134cb661d4ef66f2b02ddcf29145e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    def8e1b6c7c0eadc368fb8822ec4d01b

    SHA1

    44f8713a559187565cc9ff7f13305ac99bbfcfa5

    SHA256

    03ec8dd45b4f699d5911183be765ab2c836811cff464ae5a5702d409cbaf18ce

    SHA512

    5756428f8c05a84766a628639eb3807a6033c7bc92795c11f86ade743c11e3bf315b337d5b27cbcef51797802cafe2e67a0e2af8f851c7a6d231144cd2cc7d8a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    67847dc6ea5a7e8b4098e800d8102a61

    SHA1

    2634083faa8a09cf190bd36e043788f7aeac4412

    SHA256

    a244e5b9a98dcb8e06328e8030c320002566624bdb13b8e74850015136710034

    SHA512

    2a3d79e45f79ddf2d59de4a808ca5d655633307788260e9745a464d5c4f10d2dddde22e3e2f18f9c8d6bcb2336048730dcd05da334ccf03226a25e7e4ce53438

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d479d4538cf8ff867f93ea6a9f9a1842

    SHA1

    4dcba110907829c554369cac5a01863a6349dad8

    SHA256

    11c45e46940b821dc1327caadba30b3427a354c52c702b19c9caff7ddf8c7f9b

    SHA512

    88cb030ac6da3ae8d9f2812f334df627b712bf72fedb7fc59028bede9dfae1499eefdb9490e93c73f2523bd5a19b0d52200413001a0147e8b652412cb724c883

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7b1b1b549e46edea9f52f726f5279b5f

    SHA1

    829bab8ebaf8c5d11d50dae7b0c90b6a96b8f27d

    SHA256

    d062cc49f7cababe0628e37e0e8ae6409a08baa1b1a1e995bd10fc750e7e2e59

    SHA512

    f398b5b6aef301ffd72ad1b1ad84a290a36991ccfcd111dd32af5c2493d8de91890953ec7c1814770cf5c8744caee614a4e241269730bab20ce408e56e3a13e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f101c3a85237bab7b4f5e2137c6fcddc

    SHA1

    bbcc53901c983781f4b33c50f3edf6dcaa0a6c03

    SHA256

    8ea5f9b5f943dceda4c5995ea7f5daf24f8d6d448a641ad1ae883af94d2d2ab5

    SHA512

    8aa28239fe4572bb56e30e425b5e581bc55b1f1c211d424c4dfde80683788f2cd674ec4f8af2cd8f4139620ed973ae70c8ab77fa632ad07bea090e5946774fd1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9ef0f7162b83bb0176b619bf40fec130

    SHA1

    92430bcab0d56593221ca45feff0964b8369503d

    SHA256

    dc1643457da46c1d8618055f52891c3aee1c7f8c769d0b26b417ac608a513e92

    SHA512

    39f4bdca7bad2bf20f02b096563360aaf95a202da990f7d083a981196c135a8d8f02f815f5aec7809339d5bc702d99a44c0bcf35d6b94b869ebfdcd91a9363e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    94aa4c073b24ccf56e44b07efafa9b42

    SHA1

    57451fa9a289ca13c7fb5cda997606ef570e8bc9

    SHA256

    cf662cccbfda40a16e6288fd6cdc514a948c94feaa0cc5951794cd94b20a3693

    SHA512

    16b68cdd90c2f657054b35dcd49225f9ff4eb2c55bbdb22fd0c5ec619008bd128c85228e29203faae7e80a0a39b4199861b7ad639ae8b452642e0b81b4d569ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9920d3c28f62a8fb33eb89874bcc9ee8

    SHA1

    c620a81345c7f3cf2c9ecad2ac066ecc4a05c743

    SHA256

    8ef897dc6d32bca39b42dc1793d71b7f8fecf7cfbd131717f9dd8fa974d90a0d

    SHA512

    7ba5345d208970bebbfea646fded0475a9d67292a652fdc65d85e7dac852effa9d299adc56a9c0821049b19048a419cfb5075e22ff9259f30653fe988f21f40c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD33A.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD3AA.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit