Overview

overview

4

Static

static

1

PHP搜索�...��.rtf

windows7-x64

4

PHP搜索�...��.rtf

windows10-2004-x64

1

PHP搜索�...t.html

windows7-x64

3

PHP搜索�...t.html

windows10-2004-x64

3

PHP搜索�...o.html

windows7-x64

3

PHP搜索�...o.html

windows10-2004-x64

1

PHP搜索�...n.html

windows7-x64

3

PHP搜索�...n.html

windows10-2004-x64

3

PHP搜索�...x.html

windows7-x64

3

PHP搜索�...x.html

windows10-2004-x64

3

PHP搜索�...ze.htm

windows7-x64

3

PHP搜索�...ze.htm

windows10-2004-x64

3

PHP搜索�...e.html

windows7-x64

3

PHP搜索�...e.html

windows10-2004-x64

3

PHP搜索�...h.html

windows7-x64

3

PHP搜索�...h.html

windows10-2004-x64

3

PHP搜索�...e.html

windows7-x64

3

PHP搜索�...e.html

windows10-2004-x64

3

PHP搜索�...t.html

windows7-x64

3

PHP搜索�...t.html

windows10-2004-x64

3

PHP搜索�...0.html

windows7-x64

3

PHP搜索�...0.html

windows10-2004-x64

3

PHP搜索�...g.html

windows7-x64

3

PHP搜索�...g.html

windows10-2004-x64

3

PHP搜索�...o.html

windows7-x64

3

PHP搜索�...o.html

windows10-2004-x64

3

PHP搜索�...p.html

windows7-x64

3

PHP搜索�...p.html

windows10-2004-x64

3

PHP搜索�...o.html

windows7-x64

3

PHP搜索�...o.html

windows10-2004-x64

3

PHP搜索�...eDb.js

windows7-x64

3

PHP搜索�...eDb.js

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21/09/2024, 18:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PHP搜索引擎20110614bate版/a/index.html

  • Size

    11KB

  • MD5

    d746a6a4664a4df92c87867a9bf7e3d1

  • SHA1

    22d0a502ab5728d600e47f71f0c05f5c95d12832

  • SHA256

    3949ea8921153ab0d0d19f9b4b9baeab080aa4c249fe2a9a1b5c181bc026a62c

  • SHA512

    4aac2704daa1b53cb24d5ae36c3ef9195ca98fea0ea6f88528cb03b274b4242c23853fb0016ae37b784e826c849ebb994873f5b5912fc043a954f131a5408f18

  • SSDEEP

    192:PS1kbUc30DKUmhgJjydUi2Gt+Urilwrid18S6YAkRN:Por4jhgSUk+lwrtGAC

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\PHP搜索引擎20110614bate版\a\index.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1964
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1964 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1932

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7d8f904d0e9ff0cc853af8a4e689629e

    SHA1

    2c6db29d4d32a901728356550566f97d68082282

    SHA256

    5effd1f9d2a5c4d17e4fd8731d72d464be7b8f695d5deeb8dae8f026371891a7

    SHA512

    21ef586a9efabf93b72a8f64e19e4690492f9f442e63ef9049c4957a48523836f74672da37158c1b023621bb1d8d9b4c731d1c7a017d528143df7460005f16a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    deffa5242c81e4a9d169021823dfcf83

    SHA1

    5b12e40063276365a9ad731d574bb4f70c0fa8af

    SHA256

    5d9ba1654f0e76bd9d07525e6054270649bf4b0882af75d05592a2d4a56f1988

    SHA512

    8697a8888e6932f0b217ca123513c2414bdd72b1c0fdda607812f6abbc8fd7c4e6c155cb1c8f33974f0bcfd77ad426d933d8a8ea9e3e6981509edcd7279423e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    01598cbb412f9687227c78bd06ca1396

    SHA1

    a947f4d507c7b6fb5821bae9dc9f06dd128051d0

    SHA256

    00d261914d078aba78d493b66524a7239449982b483a376b25dd60185fb1c792

    SHA512

    fbe271197fd25fc6e79fb2afd0a9a58470b79728a4a7a7a7a3ad4bbddec4db30cc3a3aa2ca42fda9cb55613cb4ce995bcc0cb92632c6900bf642ab5dacff86b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    afee4d5b7339403ef940bc25da07f34a

    SHA1

    e7d528fa3bb9a7ac444c84077cd90a4360d27d73

    SHA256

    6ec72ee117d58b13a57dcfc2826068c1816ece2460453666202311998dfb5abe

    SHA512

    55545825f07d88a1ce3bca48e88cf65085f5f442d2cb1003f04280436cb168dd9ac677e8218292717edb4dc9bdd3b841680cb73ed870bd712fae52430d5dc054

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df4a4a64ae88a2a9e35d4a498eb8ac02

    SHA1

    850d54ac233f84fe28e56a5842979dfd560e6dce

    SHA256

    53282660adbf516b2ca33cd2e95b3cf801b17dde7b4ed0e9b8b1b56914e0f447

    SHA512

    306d96c86d77c2ecf452357ccd42e6d9461d95b3dd493b6eebea446be9361b87ac1fd48470cbb9b50b4fe88751eaee09a466e02903259c85af64c38f72235332

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    238bebed3225b3700575be44b35b1d38

    SHA1

    6b05932725b5ce0c9895ac97ab679c525e058f9d

    SHA256

    10d625ca6149ce28ea7ae21022275c2d561911e963cc1130b13f0a6f6240de01

    SHA512

    14946e0ec5b5a533e3faf67409babb828f6760d2e460826b90353f4bce30e7e242e4566e73079dffbccdc3d9fb9f4558471eee97e13d7cc6dca534574abff3d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a482a7a37d2117b0415ff29e07ba6a13

    SHA1

    c2f77c697e7915f8260a3826f74a5560c8a2237e

    SHA256

    8eb0a0306e0a676fd536b72b8734675823228a068e6d0f962359cfb4d2b90435

    SHA512

    6e7f3fdade2a2365ef7d4dbfb3d32f0c242b9deae271e1ab9f145702729f7290cf0eaa0b1d90a2de0f7d3a54494ffe9b8cc6c845ed65d155a5e3328cb71d44e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8402ef994b264c99b846d71a50602fb1

    SHA1

    fc19223fbb334613eadaadb7eebacf0a5cc24a2e

    SHA256

    f8bf476874181f2acbf2f7742cfe1e04fc4777a37330e415c6a82aae9ddf6324

    SHA512

    3b285bc774f826b571789e093458543ab228101e0c4d5ef51b0483c837d72d1a29fa5945f54b09a3907ea57fd2bf36a2e3aa8365f7296d22362d6dd296a9a75d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ad81ac120276633d0dba5288994dbce2

    SHA1

    1f1f72cc6ce935ea44a3bd533584a5b118659d10

    SHA256

    cf6a7c38d69081c4447d1f78d3598203fee79b99fbd66b5622802c42615a45d7

    SHA512

    c524dafec9e68fe24760f5e07fa6168a8638d3b2b0c068c2b515696a0cae55bc8eae696df27c7f2ee22feb3da397c3107855f877bd860fe3008ca760c941723c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4b49a624950e543ae26625cf23eeeb6c

    SHA1

    cc0a848731b306a3a0e029bb567e0ffada555521

    SHA256

    6e2c86d5c8880f373ac7395b4b5f0e4e200715655f61fa831f7542b868a66134

    SHA512

    78aff8960d3c312cd478b5c142cae91c3e49381aca2c9259610e235f587dabfdec1fcf4799ba9f5f9373d230e5e2b1f5d17178648496cc316b9321915a9174ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    725459f23efd3b71f3703ecc825cca5a

    SHA1

    b61d839cfe137614aad20ad0f55e1eecc6b6841f

    SHA256

    875111a06da18683de0e5ed7b5d2b3f5777089e5c1e1ce9ed7d62438d548320c

    SHA512

    0e39a15ad244a3b8cd161ed1cb1d3419d5ab7e75b5545abe7900680c06c629c054f2a9a9c11c3fc96cab13d66fa1c28b426986f06d5d22e229a6952abe2f8720

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0dd2c88a88c39b3d591f0f6dfc0df860

    SHA1

    f0d67fc19be39ff6d6792ae6df3d2b4243b46601

    SHA256

    d3b93d02ba7d33b72a0323e51e92f42dae683947e073bd674a993e54d9bb6170

    SHA512

    c0702b76fc41803a7b9b83c47a36cb000f316d1e3f2460a2fd93466703fa00b90103ecc5df2c10096c8f20ef1ce9cb9e8232ca7508da0d70724e1cc6e67404e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0a71edbdc0505fe8b368dbf48fcdb281

    SHA1

    11dd5510494ca8de6af6ce478d436c85128e1490

    SHA256

    26e6a753e7d1511a680a3f0ecb8a999c63c0aadb31adb947c99b7a5f15a197be

    SHA512

    9aa3a0a97663953bd3c3134a0bd71dc3c4301e9056129bcd17aff9431f92a825a3452b338894b84a1b36a37c63909576bde760b08670d7a1cc3fb9f38d8d9c40

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    282441f98a77935773a835f7e7e90bbe

    SHA1

    dab35706cc53a5ce560dd2039714ddb0dca2907e

    SHA256

    bbe92a69e304720b033ca1cb0b37e45b14aeab4ebeca47f2899142425868c1a1

    SHA512

    206db80eb07e9f5128624d3a9a983561b757d1307f09b9e00a301d679e1bc589365c91232c43c50640fd2d558d019409c303c4dca3daba4f9ee39e2e8f923b81

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    027bb5420a2824eaeaf4771e1dd49189

    SHA1

    b3b3f30ab89a211bd37a9f36d479a66245e0ed92

    SHA256

    95e3de556c7bde0c3dee40606a88e08106e2800f997a939f99bc1fdfe67137f3

    SHA512

    d8d75c1bc64a7e5d4365a81cf6cc0d7709a4551eddc3800c780039c7ddb69807dc6db1c813925ca5855d8140149eea07a2e05d5479104618433a5935fc30f3b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f3c20c924694c703bf957879d46a1875

    SHA1

    7f9fd8e6c85c46020af8bae2d470b33ba297ce24

    SHA256

    55c86cffc4702a0f8838035a13e5c415a1f839cea3464b0f8442bc8b03dfc0b4

    SHA512

    2be6907b7e8cadadbd3dc14f96d1ae0bc78d4ade3f6091c47e3ad9ed73ecb37a4e1e1126ccb6622bae619f82f6a6fe595934ca00bebb8f79512637bb231d25fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    706fdcfe0d2aee4802fcf2fb25d5276e

    SHA1

    251f1f8c40ae53dc2fc79950b1181eaf72a772d5

    SHA256

    b461cd465eb5ed09c189fcdc5ba7ee0b8ef5fd7d1b2e0b496dc00ddd31ad78e9

    SHA512

    d9d01d1ba0903b35fb8b99226856b3070a2e879c3a3e71e0bd299a8aade512596dc99327db8bad06c685196123fcc779dd2a072ebd3df91c8beea14154203510

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    51832671758a219d2d1418b215d7b1b4

    SHA1

    617ede1c1eacaba5611e5503d9d3a3a268bdbedc

    SHA256

    de1c63fef01b00d652348bb196e7c6795e92fbe474630c32fa70b67a8ddba7ae

    SHA512

    c5f42cd65edb7b58a1cec2054e12aab59e892dc856c26056d2002473233fe3403da5e94e590c1fbffce7c08aeb8c2eda5e43728b39db37d10958fa11eff0c970

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c7687a5e80098cf9bc52db673caab89

    SHA1

    5db1c2f33f5ac04657b7d78770d323a4c2af82ee

    SHA256

    0752ce1a2aa847e879da174835e4b163f5ce0719d8439f3ef3c40d827428f40f

    SHA512

    d099125ebf3e5d8a31119ba73d3c7ee0536e924afdab509dcedcb0cb96eba2dd39d053040ca1815bf6a3f938384c34c89810d8c1804b1b73c8467a6b10622de7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFBA0.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFC4F.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit