Overview

overview

7

Static

static

3

LEGEND注�...pk.dll

windows7-x64

7

LEGEND注�...pk.dll

windows10-2004-x64

7

cz.htm

windows7-x64

3

cz.htm

windows10-2004-x64

3

js.htm

windows7-x64

3

js.htm

windows10-2004-x64

3

kf.htm

windows7-x64

3

kf.htm

windows10-2004-x64

3

xz.htm

windows7-x64

3

xz.htm

windows10-2004-x64

3

yuantu.htm

windows7-x64

3

yuantu.htm

windows10-2004-x64

3

zb.htm

windows7-x64

3

zb.htm

windows10-2004-x64

3

易模板.url

windows7-x64

1

易模板.url

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    25-09-2024 17:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cz.htm

  • Size

    5KB

  • MD5

    7f82b6cdb331d93647aaa6e2cf792ffc

  • SHA1

    421ebfbb33656a26ed6a83ce5b7a91d80772a974

  • SHA256

    02566f6158957b9b2561d7ef519173cf514e7d181b7db6c210ca5070dd218a4a

  • SHA512

    ee0b6f963b190f48185ed5022207daac0af9d907ccce7ff87bf802e8a7121ebd87488a5c48460c977ed9c466ff8ed35c56507c50f5d1d450ef8b0f971544d04a

  • SSDEEP

    96:SeuKuMv9XKBQo7ntTuyxF3PAUiAcAcAcAUUmJJk3toSYqEnKv1Oqqs+7MjU:S6xus6KUmnk3OSYLKAqqs+7l

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\cz.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1724 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1856

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    acbf230021d2d7904198bb4649e193ad

    SHA1

    f9f9b194dd1688bb4ecbff186b3fd94ac8329897

    SHA256

    643fd77c0d5c4226ac2eaa85c046146e44587a33ea5a217dcc0ac453b9185e28

    SHA512

    70315a2e9eb9c6d4a47601574cf73a657ad74705e4cd7f03eaa341655ac429cd3749fb8ce60bd269cffd3c591a9261526bb407facc8d8355b5139ff2a286e519

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ec451edc892dcc0f61f52e0470bd616e

    SHA1

    53b31483061e6e6dfd0273713522c9afbd327608

    SHA256

    3d79ff3a6a71a7ec86cf4c927ba7f2c258971540505e38150123d79c542e26cd

    SHA512

    16926179cae21ccb3c3639c4391b21f0a9f988aea5992f972a2afb7fa71c40a2a8b73c0ec61297a0332c890200fd739d36e5e3271e4865d5cd76c7a95b0b3233

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b010bd92469f35400573360ae92f809b

    SHA1

    40eebeb455ebb919e1ac9f917e3f0511e848396c

    SHA256

    3f709d18c8f3470965b07bec7bf7f65017e242d53208a068416da31a2d94b336

    SHA512

    446edf1f644e899658e45997cc3ae06229b0731ac7811aff39b85a3efc8bde67c581d950a894e12abfb4574ce78747b78b29f0fba51b9a12fe6204c43e1cde05

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a5c1302db9710e0b86d7fd6cb3e9485a

    SHA1

    16e06fbd3c7eeb30f0e366a66b87396d0ed99c83

    SHA256

    57d14e47cffda87eb44d648efc6390f9a1fad087f50b8b11f5694658b04a95a5

    SHA512

    3b1f9812335cddb4d3c79233a4110d346290a3b8a201848044ef03216ad181106cda490bb13abf9f0ce26082e9890564e2acfcf6ac00af2d9ef4008b3e65e30f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4b5b5605f817984477488edfd909bed4

    SHA1

    1f6c36d9e6b5a21e3a4884a2e5d24fbebd9f2950

    SHA256

    b743b9df5e4370a5008a981bfef01ffd817f1700c6bd3a6c084c5f8712183ce7

    SHA512

    6bc25258cb67d0f40ccdcc070b6af0785a0f04654cf78a83330b99d5b5a2f40cc4df19da7be7798719fa9d8b5b3b36476ab847ce5c62a1485fc89d01d4e85fca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1f2aef36fc47331f9f7d118f717f635d

    SHA1

    06159a271d834c20a3f98588a93e7b2b6d6361f5

    SHA256

    4c9fa8150b30ae687a9cfb032f52941bec116c670e00a9c2898625f97b6327f9

    SHA512

    c3e4a4fd3a039bbdd8033cbc8040ac96234c9e0b5a6c39fa7976636483b2da3c0b7246f0d9e848236c0bb4857fa4e85a246202308e7484b708582065bddd84e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    408ba1ce36387c6600f3028ccb8d90a4

    SHA1

    096f590c123e2bd1a312a8de95bbae0ebc68f21f

    SHA256

    6100288e8748bc1ee7524bbf5d5e7ec2a477b56874eea636b230cf011749785f

    SHA512

    f04e8f2bb0b1a92b8e1cf5619dacb07c631010946aa37219004be4674dbc6edab255ba7102ed8688621d560e2a20c7d4f4e8f689897180f950c3229d8e4126cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d414aca7e8ad562dd411b8846ee4eacb

    SHA1

    941e44c9306807f351a163e663fff47d17978491

    SHA256

    38935ee0fe33a51f3a42d0d9a28d76ca0299e7c9dc66db537cfea770f158e510

    SHA512

    0bb14c0da334fa160441f8e9ca8f453cd769f6afda31b487f0890cd204370fac6c383897dbf916c1be0e5292fd20848583e8af08e685b5cc504c6499c9168900

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    36ea1c64f3079374c5a9af07f8b0e0dc

    SHA1

    a0208f7f293987b252ded3cab2123959ee75aaa5

    SHA256

    da27d22111a71db12ecc73d773d40fe631d8b1836ffc1c3bf9dc47d070fec406

    SHA512

    2027f676b3269c31b5460efeb4efd1467254022f7964b56d4bc18d599a278aef8b39b72671edc35934d4044191316a99b1ff00ac4ba763ea58236bf799e935eb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f09c34decc03fd53f9a3ae2038e17979

    SHA1

    8bebb835f5f7a1ff52ab7145c24c6fc79b8d7875

    SHA256

    a2fa6eec67f8f4ad1b9a13a8bc331854611ad561a7c6449a6b54512920c2d20d

    SHA512

    e1bc8afde76021ea86e95ab7fff03773690fedcf249aa03ddbd96d69ae3212bc9d602ad5e24389b1c85266edc532e464af50ccbb41970275718392308ffd911f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    68d8d3be24b0db6677c8a8aa447ee268

    SHA1

    95b389efa910998279e26d41526c3f376f054800

    SHA256

    35da07cffe0397a2d6ab4406a815e8d38812a01d12753da11f83cf9c1803e537

    SHA512

    0d049805060c11b1a0c6822035e664a27243af9801238af191279f8ae308007d7ff292f527d41f8cacf61434e4cfb700c4a6c0c460879909672a06dc90b4b150

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e30221936eba2b83b4617357911e3e23

    SHA1

    f02952489ec9033e6f47b4366a43f744b87bfd45

    SHA256

    dd98aa1924f47cdb3473a02b6c1a88e77f5286f66dc0ed2b2b02f914fe71c85b

    SHA512

    022c483371465d6a10cd082b3127744d561cf27db2c29d1abd5a414379d8f8d600405db97faa5c660357220f2d5be88e8f544858eec205764c63310d568cb724

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8810a71143084549b0aeb5abe4e38ad0

    SHA1

    39b36c51330e014d53911f4fdfd6c34814aeb3fb

    SHA256

    628c0afa1cfeab889043d8fa45060ad4c45a29e099b17bedd4c7dbb43eace619

    SHA512

    51544cf34502fea057f57c15971b41c017b335cedb07b03b0f752e45ff49f4a0954f790ba1b0638b8eaff35be834a9f583c89f7b35d5fd4166c4b13cc47170fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ed9a96e9bef788f4ab7432d823bd0b70

    SHA1

    00ab201899b5afb252006b213bf64f2ac291c281

    SHA256

    61c60c4e0c89efc81e3c8e78f69598edb0bad91ee222a7379f97ba9292ebfd56

    SHA512

    44bde7d5b5958c34827a6cd3f5a4e795f11c5a36b8270c1d90bf9ea0c8a628c5f521b8887bef46bdb63d8026ea9affb05b6b6578a6c5e5b0ce6daa0b704b8163

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4b8bced048f9ad197b8cbf2a88b9539c

    SHA1

    4c9fbca4748d7d8918a36b7e324bc15f1be05ae8

    SHA256

    17d8cf0d8aa28227f7a5098c18da967de2123d2498ac0c848085edf0e454fbcb

    SHA512

    14a1acf908539c6c8661713140d19a943d789c5620ecd72aa2c25d2068910b7d5ce91dcac40e3fc348cc89344db8f69bd9d2de20857aec91cc249d4ff35fc04b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    889e2593c78e6c4cd4a9ff94d4fb7af5

    SHA1

    4c70f047cd008531537b0a1999d61a3be36ea829

    SHA256

    9cee8b864bba6bbde547802e183660a002c94948560fd1b60adaa4551902b48d

    SHA512

    dfdba59f2d431ae91d2e90c286e771d89e90b19b68965bc815eac36decf281e016079509c54c191d91f49882fee35a08686d642952859defcf34e96fb5ab806f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB829.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB8E9.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit