Overview

overview

4

Static

static

1

PHP搜索�...��.rtf

windows7-x64

4

PHP搜索�...��.rtf

windows10-2004-x64

1

PHP搜索�...t.html

windows7-x64

3

PHP搜索�...t.html

windows10-2004-x64

3

PHP搜索�...o.html

windows7-x64

3

PHP搜索�...o.html

windows10-2004-x64

1

PHP搜索�...n.html

windows7-x64

3

PHP搜索�...n.html

windows10-2004-x64

3

PHP搜索�...x.html

windows7-x64

3

PHP搜索�...x.html

windows10-2004-x64

3

PHP搜索�...ze.htm

windows7-x64

3

PHP搜索�...ze.htm

windows10-2004-x64

3

PHP搜索�...e.html

windows7-x64

3

PHP搜索�...e.html

windows10-2004-x64

3

PHP搜索�...h.html

windows7-x64

3

PHP搜索�...h.html

windows10-2004-x64

3

PHP搜索�...e.html

windows7-x64

3

PHP搜索�...e.html

windows10-2004-x64

3

PHP搜索�...t.html

windows7-x64

3

PHP搜索�...t.html

windows10-2004-x64

3

PHP搜索�...0.html

windows7-x64

3

PHP搜索�...0.html

windows10-2004-x64

3

PHP搜索�...g.html

windows7-x64

3

PHP搜索�...g.html

windows10-2004-x64

3

PHP搜索�...o.html

windows7-x64

3

PHP搜索�...o.html

windows10-2004-x64

3

PHP搜索�...p.html

windows7-x64

3

PHP搜索�...p.html

windows10-2004-x64

3

PHP搜索�...o.html

windows7-x64

3

PHP搜索�...o.html

windows10-2004-x64

3

PHP搜索�...eDb.js

windows7-x64

3

PHP搜索�...eDb.js

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21/09/2024, 18:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PHP搜索引擎20110614bate版/a/about.html

  • Size

    1KB

  • MD5

    106a375ffa4778639d86cfbbc354d197

  • SHA1

    716afe3b62109293c5cfe8fb40b8ee0a19358bc7

  • SHA256

    1bca375c812648e6c83e8e02172039ca26252a57ac36f466785264c6c4739d26

  • SHA512

    b27cbbed8dda61bc7747cdf4349d909179caccb2897e8d270ac576c4f1c253daba3aac7c692590fad5712f77efbeb8520006b7d515a61ca89caaaba2c3673579

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\PHP搜索引擎20110614bate版\a\about.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2084
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2084 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2668

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2610e3c2d192404a474d6a68e36f8f37

    SHA1

    dd133e45ffc403577547753d2fefad9ffb5dad31

    SHA256

    835227f4147256713ba4681fc1f779b8965205a9c51b7f5c75aa2a696f8d7c63

    SHA512

    32e33345a37b3b7c73f81c4738bd84a5bd07d95d9bca00b9df117e5758b8c6ff2e51466ca1b7fbf96e0a043e0d74d84649ab6c0eef1ca28f69096be50d76a69b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    71171bda36b8bef8589ccaac7ca6b62c

    SHA1

    f4aa8ddc4a7d9a60ee633c1c61ce1d89b9a15193

    SHA256

    8aabc9f8c59dcc3a3c4a70df42225b61b931970e312327a8fce65542faa7b15a

    SHA512

    a701ed87cdc5cb85bca75036ede17a7353f035bef25473d95dc0dbc4ea14da92d5bbdfd2667b382686e8fe9f14a49a8884100906dedae86872c2242b219e6cd0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    974d907896e977d64ba2ce838c7e632d

    SHA1

    0931914a7957417c1d508c1516aacb71d2f1e30b

    SHA256

    1cdb6555206993740a495a6c014f159229f7c3dbebd4dbb4b8f0849529d1a34e

    SHA512

    699209179dc8194d597659936d7637839c36b4b769d8e0e36ca3a8444a608c5032935a083a422ea8eadf78311716c02a8e8e5f9b23bdc411745526d5496379c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bb7c72efd6151eb414e3058f5a595a55

    SHA1

    0a6f947e3778bfb946b8fd842d4c6c164061afe1

    SHA256

    5d81a40e8e152ffbb471d7c3bb2ad0e7e2f77afe709944e52b998c76e036d70b

    SHA512

    f966d9fb31d124fad09ba74f69c894e844035e4aa71622245124c15d8db189b2d7908f1df6fd96abbf44ff36cd089055919e9b477fa028b180295099de74e4af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    653d4bf12c9c342bf666c39ca269f3b1

    SHA1

    d878e4c64047887cbfca258008e0f1a0dcf288c8

    SHA256

    aae56dd503e270778622f850ed68c959570cb8375570fc87fe805b9a25dfa9f7

    SHA512

    cfb9fcad9dd8b5b5924a49c5914ef90d52e37c698a9d989525e7f22078b402e462fd849e9740edbb6ffeb1debf8c8bcef2fcbc4b1a8e92894c242eb155fee79e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    692b018fc12142775e9821fed62967c1

    SHA1

    203cc0d0937436ea85aa7e78b1ff6efce8863fff

    SHA256

    91e9d3b3a823e762451ee4506d97838f534013f767a9172b0e0ad6b5ad66de16

    SHA512

    c1b8e508692a65ec2c3bf37a0b807cd4d5430c0824d5e2256ef741acdc9ea0558d2265dfa4924300f3c2ada3ddbe597d1a27b8b9a5f15688e9e6a9c3579ac2dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    97d120ffa17965ddeb50d30db908d028

    SHA1

    e3b4029fa994b6b7960725a44fc60d42acfc9546

    SHA256

    47cfa9f556053f8589548f9ec3741f30d3dd6d9db5c7d327834f327b3ed7876b

    SHA512

    0e9a6dafe009f199efdda0add9de055ea749216583baa1b1e98d0e3654aefcb64210e5d443619ce637ffb383f43ae74d652a76bccfcaa03ec3901b2c5deb2d8c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    797862f83ac4817ecff0a6ae7f504138

    SHA1

    f84cccf5c5c8b56dbc0c70ea1c03b8dafad3a63d

    SHA256

    27eb2467cdbe8069735f54c2947d4cdb995cb6ddd236d0c41f1953d0456d35ca

    SHA512

    1ccfd089d4ec2c3fe53ad2b46d4c33c2acd04c7e88109be54d1b301164baf572b702402d5d858c4c6ac088331fcda5f36885c5991ca7c504dfa3d1bfcce9a70a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f58dd7d84c6ce53e40790db47aa49720

    SHA1

    ea0b2003d5919afbafe24d8600c4dc7a4b872534

    SHA256

    b10ff441440eeee5610ccccfb7cc41121acd57d264ea92734b0f923b24ba65c2

    SHA512

    e5d8e1605ba924acadf787ed16b79e5d6e8ee283f01da93ed56e53befe7c2b6ca817d97a4632308e9cb6ed8b2210030016814fb0751b8c31b2ca98a660aff13c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9514148736c7fc1604f3cbdb4ea7ee5c

    SHA1

    1e114a1b783505c5b0a18d7468081fd2625bc275

    SHA256

    cb152ea7bb9281873a207c46f368da14c29e73e5792e9e323fe84eeca4a94df4

    SHA512

    3d9ab9922d4f4e0e2374066123fe5fdff44a234c0db8d66ef71d65b19ddaecab222d5abd7fe6bd356e631d907f5ace7d1155d06131e09c09eeee438e2890d116

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ffdfe1926f2a5f1462b4768263e8caea

    SHA1

    0de01ae2552bff0287f8b45fe3af3ee312c6ccfd

    SHA256

    41963c6f3e000011e688d5f65a28034d6bb1791d8eca73246ece4fd97a340c74

    SHA512

    92f8bfc3d31b2bbeca15f8d6fcd326cbacf20488f519131bd6c4bad4db4babfb976496471ac8117db4f6501943b185c02b84201f0eddb7f8a2b49e7d2c8465f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7872a7730b34b7554159be7c9bfa0d9d

    SHA1

    73462a220bf7dee654396a47b66ae70fbaef07d2

    SHA256

    e67b91cf512b905894734d3d99a189f2abef370adb8f12152569a009f5b26939

    SHA512

    05fad734fe76e69c2ff8f28c61afa383e4d9b2e8edb083b618a1d74563e5821fc253e7e814d033486f2a19f4432caafb3edf21dbf353b3650ac412adb62937a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6472ee0719ab721dde906a46181bb114

    SHA1

    28dbb8751aafda29fefc206e2a9584a3a1bb0a47

    SHA256

    8c0b56d7a083c13a60f2411976c5984532926e50d21235f2de430c1b2fe2e0c4

    SHA512

    b059aad9b060080de891545856c28059da56f3c07658ea8352065d88e9a2dc8e5491fb8860eabd9c92c704a24aa45e62fcf2a87102bcb35306d2fe83dccf9719

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3217969e743d3cac47ec156d24cd33c9

    SHA1

    e5994d8f4f7447a4d556c8497b06721bf7c8156c

    SHA256

    2ed482a08715233ba1e12c1b7f6ab0045a250845b03377ddbe384bed8789f7b9

    SHA512

    ba9b62d4c6ed70b2ec1f1a1490049a50610abf50fcba45077eeb6ac97766779bd16ea1eb10e9677c0b8d519b32811f378ea5cd2cfe634b6e5c84755702715afa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f5aec3b66427a3352fb9ae093155bea7

    SHA1

    fc7eb684eaec9be5f6b28e9d2cfda0d32ac79807

    SHA256

    de04c1acdfc1f429a856946e7202481a13c73934240a12d140e7b3aaa307ec7c

    SHA512

    2052cf558a02015f9ee23a64d3aef8e091c2baa7788d5b7fd82782afffe8ed6e1e0f0f08ddcd3c1e710331eebf9302a55fddffa30ebf792234bf84a7886daf4b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    614508708d37d0a7a9dce9ffa97a912d

    SHA1

    337aa4b451c636d9edd006aa76cb0b1b2d5a7043

    SHA256

    b4ccd91f7153c675baba6527bcf7db1ea34384d6c6fb2e73f5361325682e1894

    SHA512

    ea8096ba860fcc5877073e9955a855bd8453d4be1aa5020f22a0bfcb777c894c13a20da1da5c54b7ca46b30442fff4484ad6b6ec0bcf7016fb1565974d8a92ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0f7009c63de680b464ab925f1bf0bc04

    SHA1

    35f8f12744ec013264f70730fea0a16633a73583

    SHA256

    c3b09c8db2ac502051f61759817c7ec59b3ba699e67d62413275c73802456f00

    SHA512

    f7fb35ddad32206c3ab623cc4d08b728c89342f49dbcd030c19ad5b86c15d3148611c0fcf01b3d8f7e02b2b1c4d9a0f82acbf3af348e4cbc6962095cb7d99e45

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    15f8006d2952ef477438068322282298

    SHA1

    557dd4a2fe159408a810fd25715428e00807be10

    SHA256

    e3f01c06ff71dcc2d1c50b4fc0de29611c0e6232eacc79714a0a1d0b0a9f284c

    SHA512

    44a121c6b1ea4b3d184a4654339353e6c784bd336419a790a594a82ce426fb54470bf80a32716713d6f2be737cc69cc23e85b0149c4356e1e8ffd9d3453748be

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab1401.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1471.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit