Overview

overview

7

Static

static

3

LEGEND注�...pk.dll

windows7-x64

7

LEGEND注�...pk.dll

windows10-2004-x64

7

cz.htm

windows7-x64

3

cz.htm

windows10-2004-x64

3

js.htm

windows7-x64

3

js.htm

windows10-2004-x64

3

kf.htm

windows7-x64

3

kf.htm

windows10-2004-x64

3

xz.htm

windows7-x64

3

xz.htm

windows10-2004-x64

3

yuantu.htm

windows7-x64

3

yuantu.htm

windows10-2004-x64

3

zb.htm

windows7-x64

3

zb.htm

windows10-2004-x64

3

易模板.url

windows7-x64

1

易模板.url

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25/09/2024, 17:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    yuantu.htm

  • Size

    7KB

  • MD5

    9c23b1bf253e3ad46fece36695a33a53

  • SHA1

    d93cce849f527190ad4d6df4bfb1eb653b13c10d

  • SHA256

    c42488d8fe61f3e07915a29eb51fff98209b349a99bd5bf8d5a689167563bfb9

  • SHA512

    537ad08fcb1fd953ff7a8a32b3a221b3852a1cafeba876377aed7854ca1f288dd94655cfb8b915d7d8f2e2856df1f3495c704810ecad7be4d4eef4574f820497

  • SSDEEP

    96:BOPjVwHXCjOV/Efd2Kx2SDpwN0DIDc1htLB4hNhzv8e1/DMHMCPa1:BGFCV/G3xBpnIQvtLB4hrzp1bKPa1

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\yuantu.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2272
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2272 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2336

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0009ceb5d1e0a70958a6e79e8d7ab44f

    SHA1

    fcf8a137629b7a4a73228b2567183f0d700d723e

    SHA256

    2e4f67a9c7be78990a07491fa2686371d8449c06e1d605afb177e5c559b95c85

    SHA512

    bb285a2c13ef9a73790a499ec0051138d0e664ead9f24a70f3ba272616e5c00ca8ff6ab626b25911c1663365924f254825c411e1b04c504e16461c8bec9eb712

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    25273e23a9b7e03d515ac93f21dc0874

    SHA1

    fb05c9964a382a3079c13adf5ecd1b921c4c55a1

    SHA256

    51f39398592bdff8e71577b8ab95a733f4f39e8afa0fb19087618e9cb6239b66

    SHA512

    fb430ffa7e639f266057d2dfe68b1284cf58afdd25e51b5d9e8932be913e76cfe7846975b8eb674357b12ce79dc2d68e4a548a02edb6f1d5ca1aa677191e2f10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4956024575845920518a3370141710fd

    SHA1

    63120f8ac1134a7d6e6dc6e4dae743b5d0831c7a

    SHA256

    0e3a89558aa25e974fce9f94450277048cd24f3531b71042a7e0e23cbcae2601

    SHA512

    30e0d48e93cad8685dcad4d834ac20c15821494397f04e2722270f4d449797acba1299f0168ed5b97f822d964cf7bff28246e86c122b479e50beec8dcc524ce9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7ddbb832d43fda29019ab03acc32d1bb

    SHA1

    153465ace2047472d3956560b437e70e15c66e61

    SHA256

    99915b06de86b1eafcda16e4a41eb18da8d9585442858aee19ac15f10bc7c7bd

    SHA512

    ad929adbfe35ce32e1d7d1b0743ff8ba64140ebefe707d4a2fba1f2ad76730eeaae0a800473884f8fb9b014694f0a714e6ae3bbee305d8f65e74fc6bb8f62b24

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD3D6.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD501.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit