Overview

overview

7

Static

static

3

LEGEND注�...pk.dll

windows7-x64

7

LEGEND注�...pk.dll

windows10-2004-x64

7

cz.htm

windows7-x64

3

cz.htm

windows10-2004-x64

3

js.htm

windows7-x64

3

js.htm

windows10-2004-x64

3

kf.htm

windows7-x64

3

kf.htm

windows10-2004-x64

3

xz.htm

windows7-x64

3

xz.htm

windows10-2004-x64

3

yuantu.htm

windows7-x64

3

yuantu.htm

windows10-2004-x64

3

zb.htm

windows7-x64

3

zb.htm

windows10-2004-x64

3

易模板.url

windows7-x64

1

易模板.url

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25/09/2024, 17:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    kf.htm

  • Size

    5KB

  • MD5

    0149ede6417048a3045d1d07cc11e38e

  • SHA1

    f141e74cb0172ff060c2b184fb56d322d93607aa

  • SHA256

    f572e25f8453983bdf7c188f1d1ca448f018b0dee9d741dcd3bb1ec73a2a7739

  • SHA512

    af7ecfe79df0f556aea93dbc600cf9aa5044f7093a41bd10c4cef49b976ad831a7788f23273b61f8db9844fcd7a3a7ff5daa5aeec5aa5296d9696d69f6e87796

  • SSDEEP

    96:SeuKuMv9XKBQo7ntTuyxF3PAUiAcAcAcAUUmJJk3tTSYqEnKvPX6qqs+7MjU:S6xus6KUmnk3lSYLK6qqs+7l

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\kf.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2400
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2400 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    51dcd3e627f4aaba569dc627c888cba4

    SHA1

    b50655cc3ac5277768c277ba2c7dd90ff5b262c3

    SHA256

    508edc14909a95c20e38c518f62174cc4b5235263be3b146eb631c5b65101907

    SHA512

    93dccf213264742f685e391946b32ce7cd124b970246bb0450f78add70d8b77b548df3bb5dcaf7fd8d92d9632ef4a73d846920c2ec05b2a3d4dae2ba8e4f93e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cd64ff359586933bcae49e911a079462

    SHA1

    b4499f63b4fe428b27db6fedffaae576010de4b1

    SHA256

    3b0200758d78fc36b7a35b084475f48922a2a09c2e0e2c8de602cca58fafe184

    SHA512

    a60098872596b6a0ea984d27c8d748a0f4a714897ab4482a3c33a957ea08f08e3db320aa2dae880cbfa8d463f7d38b72e30548f9c0bea06dd588a15abb3899b3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca287030f5795be0c4a3b8ee020802da

    SHA1

    3254d1aa3ffbf953556538ec53da7dcd1fd1519e

    SHA256

    7141c20e0c6eeaaec17ff5ef7af11e9516086a5f471d0a7ba1502412a5f4ab05

    SHA512

    4915078960894f9ad4e2b3693bdfdf471d4a6ddadcd43df82196ca7e07fdbdf2c5e9666858c5cf5115307c94a76a2bc7c423cf7dbf444ef4c07b515d061ea0f6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    988bd0803586244dd1ff3c46a76ae7bc

    SHA1

    07204bd845a6b756c82438b0189872e7668eb90a

    SHA256

    adc3c672fd68135002eaff5d8700699b5066ce4107fa7d9fc162ef66e25cff1f

    SHA512

    06bf2e10db7b94bb20d119ebb4b0d7ab506dd72e3859d080fda98939c60e222d3dc1b7cd83d3650ba5f9ad548ebd62db9a466153b55744c6517368160fea496b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4af2c3284a0452d5abb41db012995333

    SHA1

    948eded68ec56e44d4187dc82f96036e28a17fde

    SHA256

    95068cbad19f8dd83f3b39d21474b0d5b7f063554103bd51ddac12bd3224601f

    SHA512

    f5b1b86ac48722b23cea36b5fb54e50e93ad4355652b92eb1e8f4991b221fad33f040c3640780fe00464dd388f71dfb7e1f532f72d9f7ccbd75a41556f54b424

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fbc6a4fa6def5e8d571aa568119a4338

    SHA1

    cbb7e07fe2e16aede5dc22c3d098ec4fb47ea395

    SHA256

    27816736f1d2ff7d6a44cb4e287a86417821e5dd6bf1c6454092a71da755230b

    SHA512

    8d27558b6b73d7d1aa28c3d1a61d0b2d7cf1aed48d8159004b5c0678a162b6a544a8c7396fd83266ebf4690474317d373792675970414c825bfc80ca8f0f4b4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    16c99cefbeaa538f7f35057abe7ef61e

    SHA1

    f5aadf9fa0e9b74965cd39ff34f47bc441c809c5

    SHA256

    935e97aa210d8ab36914a88f577efcdf31aef6e129c490a1bedab869d22485ea

    SHA512

    bb5a250eb42684a0af0653006ac29cab1fe96b20d579a5ea0f66511c8ab732521583319d7a20031fd23dc653c8ca20d729effc7145fb6f4f64043f054eff2298

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    813eeb01d2b977f78740899652861a77

    SHA1

    526395733fcb14384b3547cea1ce4deb989a99f0

    SHA256

    4a1a8991d8c07dd69528c0cffb61d9cbe17136f5b787e8902cbd9437e7789497

    SHA512

    541be0182167b29894652cd7cb18194472d13f692f1f49f2e407aee79eb07554941eb4fbee6a034ccb349cf8158dd5083135a2426b9840ac95d639a6bdc62a5f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    380cdf4ab466abc92613b917ba4cb698

    SHA1

    13ab1ba3305d8b6af9da09c339f1b81f965b3fe4

    SHA256

    b0339f2951bd2298e70138976d2cfb704190e89254b815577d9a2c15c8b0009a

    SHA512

    78c329ac8ca32e3f4addf4f95bbe32852d163f56a9a9c7d77085fb011d15a7cf6b7ed8e42a9be97b69593d60201a6d1c91f098a4523863ffa573ad8386122c0a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd71f6c8065ce3119943d035e6e9cd67

    SHA1

    689769d13107d45d210ed84880613a04d6d30273

    SHA256

    f83321da53bd726c0df2f8508bf271b29144c65eb53311fe02a7b3c00175e20c

    SHA512

    9a184495c96380922f4ab038ad0f027c9d56319b53278d291433c99d7650633508f5f32cc24af5bbd05210865465cb2253e24cf457a02d3d10d8c8e8e3a0be1b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    80cf169839cc39b08a382a1daef92b6f

    SHA1

    4aff503e58d8476e754bc59cf8390caf356d90ea

    SHA256

    980fd50c3c1d7c0df8a1b480ffa15f123dbe7b72f6cbf1e3bd2caab04a9913fd

    SHA512

    31c040daa1dd638f6d0eee6ccdea709824dc5556954f54b472974e29c3177f983e95ae5a50cb39047ce99e9a79905ffc328c3e64e0d0fdfc289a1a211c972b6a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a4651781a6659d1fc140430a97bb2fee

    SHA1

    a184f6ddfe071a5ecfbec169960dc4941679c908

    SHA256

    c2307247e2b3caff02bb2f294a2cf0e61e1421271627275c579b1522f2513bc1

    SHA512

    69476fce1f1ab34545b6b179ea24cce5f660ee2a0f78cfae689494f59218f1ac57edf665b3461a2e655c9fe71419ba99a827fa3e09094d4db0b09713ad8779f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e15bf11c945e0c9afc68ec774f8e46a9

    SHA1

    3f3c549a496088588756d1659753428ed0031d80

    SHA256

    97d62f62dda48ab12f6421f87c11e903eed98f174429855edea7b0b2b4900d86

    SHA512

    30dc14cdabe01a964e653f6375926be00ce7e6b0bcc7df510b05a0e5fb9b5a8bd8286b90745f0b06e3ad997d567aa8137a7f3cc2c1d06db0b0d92ed4ecd5e9dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    96bd4265a07475a7cc1b748c6d47519b

    SHA1

    e459fcfd91af196517eba0b2e729701e0503e40b

    SHA256

    96ad474bcca54cebf2c9b569b571c2875ee907ef7dbeba3abea155dccd6b8e7f

    SHA512

    c3f83efbfe6e2fcacc31fa26a10c260feae2ed65596c87ae0ae43362d8f8a68469bfaf7902c1538610b4e127bf7d730d1a888e8cc41880b5af41de0750abc307

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9031a63277f4c3da759b08832de9e45c

    SHA1

    bce4cab26cd0a9b0632f6ccd336a79e370d926d6

    SHA256

    2bdc75b37a6fb5c4bac12cbbd60f73de165ba63fec7ff5ccf40ea97cff64abc1

    SHA512

    bdd7ece9f72584ec0da1ea9150da32d83b0aff6e4b0d3681dbf545c8d58a7707190356a423073e57243f921d86d77c67e6c7639b9e1bbc765bc2071864c2c7e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9f626a9aa87d6fcba58d1ce7aafcb0bc

    SHA1

    671a643d31a5ae9a13221cd7f8ffa339cca1a7ac

    SHA256

    ac1b65da54326c94f01c9f2e390e275ae4e8419c84a732c176e376790e35b2e2

    SHA512

    ce31e631f9fa2d03ccf0f1dd795fdbea0357bdc2963b0b0150a1eb6a80c11cd4f575eb052fb76cb9c03eefb05c7439001e1a577e3336b72d69177abeb626373a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF3D3.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF454.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit