Overview

overview

7

Static

static

3

LEGEND注�...pk.dll

windows7-x64

7

LEGEND注�...pk.dll

windows10-2004-x64

7

cz.htm

windows7-x64

3

cz.htm

windows10-2004-x64

3

js.htm

windows7-x64

3

js.htm

windows10-2004-x64

3

kf.htm

windows7-x64

3

kf.htm

windows10-2004-x64

3

xz.htm

windows7-x64

3

xz.htm

windows10-2004-x64

3

yuantu.htm

windows7-x64

3

yuantu.htm

windows10-2004-x64

3

zb.htm

windows7-x64

3

zb.htm

windows10-2004-x64

3

易模板.url

windows7-x64

1

易模板.url

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    25/09/2024, 17:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    zb.htm

  • Size

    13KB

  • MD5

    8ab418e56b02d3f15404728639a8d6a1

  • SHA1

    357aa754702099b56364d8d5eddb32c01c192149

  • SHA256

    6d0c5c9e335330031b048df4019b1203740f78925ad880ef065e74bb2a09c537

  • SHA512

    658fa2d0e2369cb224834d70633e2247d10ffdcba2bbf029cd6bb758237a62e41152a4e6840950e3453d5e1b831b4ee140b75c8ce167b31d04f24570e83bacac

  • SSDEEP

    384:SCvfHpRgccuyy1kcgccuyy1kcgccuyy1kcgccuyy1kcgccuyy1kcgccuyy1kcgce:SiBRNvNvNvNvNvNvNvNvN2

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\zb.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3032
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3032 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1884

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e0c23665a6355cde8be592b2d5aa4db3

    SHA1

    f54d8a1d4d0a36ae698392d1ab1eab1159f4d617

    SHA256

    ffecfb425a9162f8b4b7842330e6f5011f2f956b75647ad719c91cdad2ff37f4

    SHA512

    0692c1e146e44570ea9389c8bcfc3d305aa721d4f7f4dae9567ea5bb2e9374bb9787bd278ab23eab023917e37a4c0ff24cabc9beeb37cd851ba51b996ff07381

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f057136fdbe0bd87e23ceb3618481adb

    SHA1

    088b4fd707f04798a22da8d7062b0e099aadee54

    SHA256

    c3e75ca80aa63a5fa2e8c9b99a56dbd6d3a46408376ebe0c8bb51890f6d9a7d2

    SHA512

    6638418d50835ca43c64575c8b79eb8c8fa74715da732ea15ecf0f8950ad5f651f45d96e6336b374f93cd9cde3642d5eca438f76f016b9186363a3951e4e003f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b61a64260bac34b16bd7c5eadb3c71e2

    SHA1

    712c80c8f7d555292a8de58e63bb87f05e8f28be

    SHA256

    0553ca6ecd5b92af53740ba71f51056b3c6d0811e35422abc64bd837c701a716

    SHA512

    ade2377ca1149d560517f7bc7276bfea79073bbfa2a56fb4c54a06c50b195493ab7cb261cd1c9da40227ddc3a6f4597902d9f836047c11d95e6286ca15a1dafa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cc2998c2769e0199fd2876c8300c712b

    SHA1

    aca967742828939368ba9c3a16e679a14904ef80

    SHA256

    0a7c85686728ba63c767f4c0f5890e404e616e0105f3612de0cd23677a5e694d

    SHA512

    87b4f239ecde1ad6b196191c91acc9be94fe0ebeb24a3d47a54eb3e163fe361422358a8ab4854e2e446636e74e3708ad7aec21055f100c3ad644ee703f252eda

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8eb61851357dafaa16187cf007bb9aa0

    SHA1

    2fe9e9f12bbbfbadfa209561244f8c4d47898a44

    SHA256

    7c8e9e6654b0f3b24403b4ac5b37a6c5ebc9e1f6ae0edcdeca32d98de53ff62c

    SHA512

    dbc3db7eb2868a5647f15aa82ece0564edc2e1e9bcbaa1dfde7f85321fb4ff2f291f0777692fc2d1398e67537c725faa83cd235a98047f0529b1b63e14e05d89

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    911f3c254873439d1565eab03d5aeefb

    SHA1

    7742562e4c74371bf644c6fed22ef0ed637309f2

    SHA256

    e0893f1c73d815446ff875f3b95e5cb12a3db8116b14f1b22d49609b4757e737

    SHA512

    6f9ff0ac262134739647c33591123ef7b343579925e987c30fcf5f522b1ddd2108f0132eca3197e7236e2d973e75ef24e9b8608be8074b192bfef31f118c727f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f90126a1d7caab5d74fbfaf16fdfc8a9

    SHA1

    35526dcb1ac8c3c7ffcfe8ba7718a40de59e308a

    SHA256

    228adbb7b1a61b2145578a338e28a8ca9448582c7d62d1c0d124d4da31cd2d6a

    SHA512

    306f76ec8a426fb0d2a95f0d78f446f78323461d12808aacacbe343022837854d0763a7d01a2323b0cbc221f68ba3ef252b4189bcae5eae253d899b2786c8491

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c48c9c0fd41536d179eab032fc40017

    SHA1

    ea7aff71dab6cb1a017a11941452f7cc57ddceff

    SHA256

    67ee01e7249f3e8ea490013d76ec89b78d0d9f4a67d75abfa4815e28af0f3756

    SHA512

    398acf45ddecb097911b52b08f5d7f2ca3a75ded618e3545b1888fe7e116c304bf3cc28993e16cbf05f2681d4ae16af30692698af251ff839ad8b235f557e900

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1a8cb24fc4db44f295be8106b4a6c093

    SHA1

    f9113d4b03b057396f5154cf49a245d0c9495d2f

    SHA256

    ae2d2e6d16e271343d4555a6fbf6687751ccf9dac4d233eb712c74b7505429ba

    SHA512

    e1658e2250f1b6b3b7c4559a47a9f9f4753cbc4e07a36cd0d33376a64cfe2adfbeee15e89415702700c990eb4b07f904ead303fea16859901019e91fc8fe2c37

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9bf458a4733c93ab2da25e639fd1f4d4

    SHA1

    fe95cc4253122fd23afdfe364b4416ffe98f3b56

    SHA256

    e5a104f64c1b57925afc64c0f2e0eafb2c08fdcea78c8b02669ca837ebb83079

    SHA512

    21b39cbcffe0a9982291c55600dca034605955e6abde832e223c9124ec5771bb536ad224c235a8a5cb1f53783b267b0fd7c22ca2f8df79b46beb19d527891f6d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabBA7.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC56.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit