Overview

overview

4

Static

static

1

PHP搜索�...��.rtf

windows7-x64

4

PHP搜索�...��.rtf

windows10-2004-x64

1

PHP搜索�...t.html

windows7-x64

3

PHP搜索�...t.html

windows10-2004-x64

3

PHP搜索�...o.html

windows7-x64

3

PHP搜索�...o.html

windows10-2004-x64

1

PHP搜索�...n.html

windows7-x64

3

PHP搜索�...n.html

windows10-2004-x64

3

PHP搜索�...x.html

windows7-x64

3

PHP搜索�...x.html

windows10-2004-x64

3

PHP搜索�...ze.htm

windows7-x64

3

PHP搜索�...ze.htm

windows10-2004-x64

3

PHP搜索�...e.html

windows7-x64

3

PHP搜索�...e.html

windows10-2004-x64

3

PHP搜索�...h.html

windows7-x64

3

PHP搜索�...h.html

windows10-2004-x64

3

PHP搜索�...e.html

windows7-x64

3

PHP搜索�...e.html

windows10-2004-x64

3

PHP搜索�...t.html

windows7-x64

3

PHP搜索�...t.html

windows10-2004-x64

3

PHP搜索�...0.html

windows7-x64

3

PHP搜索�...0.html

windows10-2004-x64

3

PHP搜索�...g.html

windows7-x64

3

PHP搜索�...g.html

windows10-2004-x64

3

PHP搜索�...o.html

windows7-x64

3

PHP搜索�...o.html

windows10-2004-x64

3

PHP搜索�...p.html

windows7-x64

3

PHP搜索�...p.html

windows10-2004-x64

3

PHP搜索�...o.html

windows7-x64

3

PHP搜索�...o.html

windows10-2004-x64

3

PHP搜索�...eDb.js

windows7-x64

3

PHP搜索�...eDb.js

windows10-2004-x64

3

Analysis

  • max time kernel
    133s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21-09-2024 18:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PHP搜索引擎20110614bate版/a/down.html

  • Size

    1KB

  • MD5

    bad6927cb38a4cee4f523a32c6105c99

  • SHA1

    4d93379f9e86e8855222b454c1be214b9c808ad7

  • SHA256

    78d35197c1baf7293352e487b77c178d2ec9c0aaf35d8e422ec784e0e8daacde

  • SHA512

    77e9b1607ee20798c273499ea05fceb2d43d7a14d6d7a094fd21bf1a8c72dcacf3b07ad33570011dfc976b68ef2a9dc0a1aa8994df3b1a786854e322d7a6eefb

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\PHP搜索引擎20110614bate版\a\down.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2912

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e280b764bc9b64d97adacb63ca62a01c

    SHA1

    ec086a160f2789be5d4af71e5821e9f28d5e57d6

    SHA256

    a27db5de167751f6ddb0333be985e585f0efd68a23b28ec68457b4ec33492125

    SHA512

    853797b634b4eb33476cc36a0795302dc608667a08a0eb0ff49c2c36087e7231d01ea770520e8bbda5ed92edf75e91fad352afb8ee2b85082a13bf535e81b78e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f33d7f500d744bb6653c053c96762f2

    SHA1

    51f9e6f9ad2440260416ab66461cfbafedd9a559

    SHA256

    280fa0aa615aae4b17962f25f4c5495418195709077abd2e8a2b9ddc95f7b496

    SHA512

    429c00aad7ad2aba2876359dad3d4cb2092dd5a05f9bbe93bad0bd86d9a1f31f474062b320e66a4ccee29b9d660b5eccef3b4bede835b955dc9b0267e6860d55

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9d282db1cdd8a32f4db3c2b6f08ff8d1

    SHA1

    25a0ee065f24c0fc72446b54deb83eaab58c7654

    SHA256

    68ecdd6a14a351afe8c94b9ffbe90e099aae5c3eace75ea11c96e5b872c6b5c6

    SHA512

    c3fb4b7bc89e1098cda029d962336aa2828efb27edc5a5190314e2fe134810be64565c7185765ec81933b80cc76251ca710b0bf66740fd9397b92712a49a900a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6e724f7fe9a3eace4588a0d5671b7733

    SHA1

    8151322cdb55b53bf6054ef7b807145774a0aeba

    SHA256

    45c5b4118a44b758a32a5202dee34164c433070037e0d07252474423073dd5f1

    SHA512

    b6a6a5f37518a3b4473c8ac177b00424b2bc92a870b96c590dcf0555fdc4de4adbedfb2b1e9c2ab277bcda5c458a43579148ae1827ec1cf36585ead231fe94dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b787cef835f593d6fecacc8aa4d74e8e

    SHA1

    adf342f9f7ffbd9f43c6aa6bb16d17e769c74a33

    SHA256

    70144f5ca3e186650fa6f879651f7f720e7f60324a9347b1e476279d5e3d810f

    SHA512

    c73cd6be35eacd66e76ad9b65872fa0199b3c6e9a510d3f0d378580855b4c632abdf0613144dd36d8e040368a59bd5c76f338a84f44c39e0afc54ac23d99cec8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    403b0de49ccfe1cf5fdf8c7863b78d63

    SHA1

    0afe908f098c28187729e636e3c7c53ce5b9858d

    SHA256

    6ebb925f5ba034f302264ee6deb3242c560549fa284d8661b1a2ee8c3eecfbc8

    SHA512

    c67f32f07bb84a0ed2c75fa7bcef7ee6e179fe7e95f4d159a575c4c7bbb662cf116828faa7ba578a848edd99865643de8ad24afc145374b3be548de2cbf2b237

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    29703e12ad58abde6837c6a5b5fe7465

    SHA1

    daf393916af4af7c1086b5916c1d667bba4a88f9

    SHA256

    18af8ccc498bd8e17f041c6a720ee5b2eb3cc8f2e397489a7f40043ea08d04c9

    SHA512

    e8d75978b8f5ddba746984171251db381fe9cf5e4b949e03d6ea609c8a2a770467385c63d135013270d96b3029b8bd2e55b053694818bfe2df29f88fe95f8f29

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    99f3af3593988f49dc86b08507406284

    SHA1

    d33c0932edb60f034b0dc070b1daca125c5be7c8

    SHA256

    deef406176a2db2c0aba742d864b6f8db18bb1409424fc7defabed3f86b1ebd7

    SHA512

    0af9d370a88abfb99efefe0037e5cf7a06fe92e4efc2b488ba4b9ba41d579979bd1d467c336d29149a254b3959e3e07f94060441b250c456533e631d8275d989

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d9ecb1709ba2e4c049fefc66cab513f

    SHA1

    bf9b565818e7fb5fafa3337ed5f1efa98b7372c9

    SHA256

    3593d296358ef151cf634525dd50f8c045441b6eec66cf522b26b4aa023b553c

    SHA512

    58220092dac22831902141d42196ed84186a985ae0838516669a538f28ab795568e272afaa604b6ae27e77082c123ec792b4a11a62f3fde022b310ece5035725

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df661263b1288ec0090c1042fb159db9

    SHA1

    81b864ee1142654dc3f0f9a52010e013fbe82bed

    SHA256

    35f3078242c0668369d2361afc1070cfb65e6c753e3f8de7b4b257467531fef6

    SHA512

    a2bc9e02cab5fbce0209e3dbb8bb9d8c6fc1396a21243ee3dd3a379d485ab92e746bd023404a6c64e7223bd220ea0897accf2b13f1dd20b141bdaf9edc2f3245

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    247674c5d51f99081f21620166e37967

    SHA1

    a05eda8a837125c8af84f122eaadf56b4d2d35f3

    SHA256

    c9f0561ede8e962632f658a4d5c8a093ad50fad59020cd228588265818564259

    SHA512

    77925f287e4c05936b9a5d38e3fb3d1a7e0cff4e39bd6e789574742f76fa99511d5499d66633402e2720fae845b6d47ff16b7a1fba5b1572f8bbdf115db873b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    de16e3daccd439e94b4634fbda874c66

    SHA1

    7e198f873e21936081c694f4aab8c001b6eed1a1

    SHA256

    f3f230a9614263114e5c914990be0063605db72b2e259ca75bb42199856e6581

    SHA512

    40eae6b27775a84381f6b7b32ccf0ad04fec9037dcaf384f997248417fef99bb2eeba66685b82766d01de72ddaea1c70d36472f2ce9596ed65de1623c7d94b4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    89e2c7fadfa2366d2a8b7b82302adf9a

    SHA1

    a48f78f75d340995ec354ab6cb5e9a0644a90f9a

    SHA256

    8db1d8b10ccceba993b9edc62b80cee733fa77f04255b483bd47efe74829290e

    SHA512

    d622969cf37a8e607b6ff23877f4da8d0ceb5fe83b256510da0bfbb820f1ae75f88ab32d4bfa5da77d90cca29de9c1b940b4991a5815d9760645439c255ca814

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b31de05e2561330064fd74e14c3dfbb3

    SHA1

    ec99410822e483d393e5464caa34cbdf6d403fb5

    SHA256

    28e55063bff8a0ade95bd369f04f4c7fb14f87eb30e0a4d12cca9fb59e35c358

    SHA512

    c83981a8e60a02b0544d65c59d1c3f457fa5bd9c9ae1d4167e94420be6f4c21facfac1785acf7f813c8acd7cde7041c0a5b4e32f9d8657c22d7528a090118bdb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d1baa9535b30290fc533177596645177

    SHA1

    799c5c18797626ff3c4c3e9b88d5d51141c0a20c

    SHA256

    168cc0b3821204f49fd4601c01b6fd7fc40552ac54d42aec95f9062c55d817d7

    SHA512

    596263dcbaa0c2882f790d36c0b0673459cfc3507e532bdfbf9b0855cb82ae31fb9aa73b6e9ee39551073302e553657e3f46322068f9a9f98a86b5eb70c670cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cb7d4fb6a12c3dcba9880d3b7c46a8ab

    SHA1

    9efb4bd371db4ee2b36f916a1da97fb147fb06b5

    SHA256

    7cb09faeff3aa618276b7aeaa41062251b840e418d02ca432e5ad27d11a5996b

    SHA512

    0f4c8ea10c1cd7d07146d1b6b0ab5ab76dec67ebe80028a20a176eb83ad3320d6af8c2a289a5e4726f9541e155931a48b2959009cb2ec044dcf294bf5740c29a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    464dd5281a32fb91770a2ecd252c98e7

    SHA1

    1249e3fb5bf760520d604796ef1784d4964e7436

    SHA256

    3581be8b1916d22fbb812e3de29671199d9294904395d8922b067860ed6098c0

    SHA512

    7cbd959b7d3e0c4948a1141c9de0c6eaeea07712537891aac64d0e596ec9151f3f0215d3777af126ecfab1a32ecb8a9ac0783a84138732aa40e5cdd5e8c55f8f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fc93b49d8e34846c7bb22c22851ec72e

    SHA1

    62751d8d455ed98ba7f956f9f100b5f6f0005118

    SHA256

    6d780563f39477e1f3a5f68cdc22dea60e9545eb45deb0bfc1fdf441bf905004

    SHA512

    86d1455609d4ec6c48dd45fce6aaec405beaeb0dea408f340f5afaf589810e40c8fe3b86a765afa680c95c489cda7889056a95d46e50d028eb0bbbbae54a1509

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c19ece961f6268256a9d021615601bf1

    SHA1

    1ad9a01ab7a874f3603d8fde491e4e401da83b96

    SHA256

    145a19ec90cfaf677541e2874849324961b8b5cfac37aa9c61cf790f4c5a683b

    SHA512

    43b68c39f88fc2cfe62a314fa655a8bfdafa5e7247c79e4c75800fb522afc7d3b570496336e8be41686137fbe3563d14688ae70b453a64fe7cbaf80a92522632

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5CC.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar64E.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit