Overview

overview

10

Static

static

7

cyhxwaigua...ua.exe

windows7-x64

10

cyhxwaigua...ua.exe

windows10-2004-x64

10

cyhxwaigua...��.htm

windows7-x64

3

cyhxwaigua...��.htm

windows10-2004-x64

3

cyhxwaigua...��.url

windows7-x64

1

cyhxwaigua...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    27/09/2024, 21:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cyhxwaigua/必看说明.htm

  • Size

    5KB

  • MD5

    4c5a1df62d9fa491906f01105da24648

  • SHA1

    489883df69e9e78f7fd3ea4909716410495f3020

  • SHA256

    4d61d970fa30d1e7465275a002d020e3cc4659f73c968e235ef703c85c14a4d0

  • SHA512

    e159d47e08470ac0ecc38d1974fe84433c4a1b3c74a7e447afc00ec1eaf49c5a5341999fdac87ab70de5ede9729587c0c44d9dba5a60b7158e05e8e3aa469ecb

  • SSDEEP

    96:eugWlXZktTuDndkYWuokAbVXHISaQN1exgemaQNA5FaQNGmaQNNgA:e3iXFDzeXdxfx2Fx9xP

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\cyhxwaigua\必看说明.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1456
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1456 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2304

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    790ddd924172f70f7fb647dc9e30f3ee

    SHA1

    e9265e780472d4e698dd051163b533228925cd15

    SHA256

    31ac05620e4626b6a9c98e7b63a21c18676963d627b520ec6cb59c513826e5db

    SHA512

    b432a5f513f1328064a9e0e8de0f7f5d028e98accd7ba96da40e8e91ef046e6ac2e1c2dc5e03a53e53a6a210f86f341471cfbddcc120f0f0434974291e74fb95

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    044a8036b45b4ee353af33c51de78186

    SHA1

    91ba685e0727bc15fef37191504cd05898591231

    SHA256

    f4a7f5e4f9000dcdcfa1c2c6b560e4a67e652f1f4af24862ca67f1f897a7d6df

    SHA512

    e7af5348c397f1697418859f0792d1d4c756cdf2aa278c2a98d724efbcd4b43843f35d1467c3279859bc92e0c4e7a75bbdbbbac129bb3b0a40d5057270d26493

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    48996c265d387b3c5dfb9a7b080d65fa

    SHA1

    202832f7bd568f4023b365c6420aff9af381d4d2

    SHA256

    6a85448874a1c1b63a1da16dc7b183ca4952aba312c79184d0c4046e8dfe820f

    SHA512

    3591a315de4bb810e539ac6904e2229e21bf5057a00795cb4baf32ea1a0c49dbf8a2ceecf9275743cc0bbcbfbc040ab5d9c4ec43a7725abda0a75b6789497e68

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ffce9400170d94b2f9e5198b01857c3d

    SHA1

    1bce55618fdf289d1b9d3d10220bbc12f4c5e530

    SHA256

    d1ac09b0bb0a89f2ef437ad322ff7b300ba64d89aa6b0f44f8e685e6563e6e1d

    SHA512

    4068bb86d47c8110fcafda95b447258724e99b86703fff1669a014f98ad9f09c235ddf5bd44195b93c51c653cf184f18ddeb268c72a7cb76e3ac7d98a4b3fcb0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b93b105046f5dbf0bbbdefff8a443bee

    SHA1

    ce9a6bf3cb076fcc17ad37ad2286b3522d468f88

    SHA256

    e81b0e1e254023505ab7966951d66812a4d9044b11dfdaf277501b19eeb180d8

    SHA512

    656bf09738f054573cce1228da2b4c09b470185c2926a19513094715e18ff3dbfcb673435c02c56b29cd5ace3c1d38499c6b00f7044fbac88b0ed027bbfc83e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    77b2e562223225772ae726f7766ce86c

    SHA1

    5e1b5f64c1e5429f4bc91b2c122fbbd4fe870df9

    SHA256

    d6d2ed5d5f7515fc0936f97ef073c5993a8aab8239972987d91f2e953969693a

    SHA512

    2e58a0282691d73c29f87a4f2ced4ed2d8f7a46c719501fd1bdade90ba7b650757c76ca0c556193946cae447b453ad73fe3e96d3b46d455fc48a11aeb701e5e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e62638ade89b989c983bac49cf4f7400

    SHA1

    987d014cfbd706131dde37ba1f24487c92bd98eb

    SHA256

    c3bd495a01dc0859bfaa822ead07d5d68494c2cde9d583a7859873ec50de1a23

    SHA512

    22a688093e2149d09c5d4d48a4d63c7b3b8a2b75a3bc8da0641d45ebafe3ac7a2922781f536df2f97db5388771965f82a962d5ff4ce02ed49ce9783878f5b410

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d391ea79c4cb0c8c75a5e756948a4fbb

    SHA1

    c10a02b76b3a827bc441405745bf5a47d2fc5f8a

    SHA256

    fe0a01c07f3f6b4faba485d9b98e79955e34bc8115dfde5a61bd5d9779e88c61

    SHA512

    c8823c8afbe38b187067198a99ec0d19e41a74a42ac1610d1433e597187d6bb4f8b623d12a9740da0768626d9fea094312419253eedd29ff455938e5432fd262

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fe52fc9871eb7ba9daf967fa5072bb81

    SHA1

    6e71c0b8ac74cd979a14ebb1e055ee4ce9890443

    SHA256

    544661fa2fbdc99c222d561101de1b42af8ab8f45dfd6346e34212b4aa441953

    SHA512

    488676e25d338c348ad223661e4b54c22c724b8dca920fb5afd2a204188c4dfde1abe879e998af8ea3b470d567ed8bffd69502fd45a7dd9c00801f696379ce7d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    de8ec9d241bfe6d7ac86a0124e6b34e3

    SHA1

    06eb917c0bb8323ac3da375d4b23385284053826

    SHA256

    ae812217d0cc302e0fb51b5006b799566aae4603a75386ffc9bf2f4cc3a2b1af

    SHA512

    aa03ea8a14737aec2751d4f4ec484598c4698199414a79a2f5e784b20ef6cf07208630444872b0addf12a7874259fd2bb2373dbd0087536f4029732ff657bd24

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ebb200f2b122092f10c92c54377fb49

    SHA1

    09ac275f8e03ba215270cf697977f322decdf332

    SHA256

    72aed85e3cc6d8e30000899608e383811e8d7f3c66fc28a8597245dd48713a47

    SHA512

    fa6c242fa2fd5367380e3fed0a9c5397b61ca3b223bf7f22949e5d908b235d3afab9c7b26fdd8a3f7139692ce299bb2be1558d5f6669ffd7f3dfc1397400cd95

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b72b10c4e41efc8361d066f5563ece74

    SHA1

    9623ae47a8a92abab2e5998566b3a6d70648f0d1

    SHA256

    d78fe7c89a460088d2348dde59d058de16b9fe3c3cac2aa9a415ad65dd4b1645

    SHA512

    1c22fd1474a89b02ae163f27a81428fda07cfd3818be7fac5b7a5e74dc2f63e83b9d4a87e2ed02a2530d3ef74d458472da3f5e723f46378248a6a3e7fa67b697

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    12467ef84b5e91747dd652ffc69f94ae

    SHA1

    7b209a877d7b286606417ae0fdd2b22c9b84672f

    SHA256

    79ac8bd8260c9e2ee1dc93ee6c07abb817af043a1e5e2a2bdecd6e6f478ebf47

    SHA512

    f35b15a0ce4bf45d08e9fb9342db0b8d14184bf934234716c49c0bd9fe73f301cf68096d323b98f07b5ceef6f1a682839cb84833d8e052052e7c25b8aeb2e61c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2ca5f5d80d6fc5f795878bdd942d7bf2

    SHA1

    9b9f61f59d171991e729a00b977056bb130e02c5

    SHA256

    b49e00f62ea96434ee1f2a5e7c0943eefac5a5905127cec95a19b8d2b521c78e

    SHA512

    4c2415e63d19acf983aa4db85892b391336042ab4e0083cd185dfc79cfb1a232925c5199c68d138deaaa0665a271f9ecec30a52e8bb7028ec12006327cb64898

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bfb494c3312212e06dd47b35633adf08

    SHA1

    bc33b41d41eddb0fb8eb874ba70ceceff44b075d

    SHA256

    96d834339b227fe62019aff1a57e8b0d3065f2faec33983c2971f459c67e2382

    SHA512

    aa52d26fdd62f57dea7a6c29c409ab3401c95fa123b0af749bf607d1f97d806b9801a0ec739ff55c21c1764d30c71f6ef60eede4ce76522bd175ba25bd7dad27

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1f3020c524abf03c06d6cff408984ee0

    SHA1

    36e36a03c3d4b47d5aefcef97d2299c37b1721c4

    SHA256

    c8d227a800ed70451f2a9e009d57f42ebfab405fced2d1f6148225e6a8874279

    SHA512

    effd4bbead5cedb01e516cc58e2a3ac3d9f6e75509d65fed8f0572cac4d604e554100b6bee3783dc241d9b34703f16016b0a3fd84c7c28ad5b87c18934b599d2

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40WV1DY9\count[1].htm
    Filesize

    4KB

    MD5

    2feccc713b174182c2483b643d0dcf28

    SHA1

    8efa35bcefd2b8d9e5a1549fef9ed18f6700cc53

    SHA256

    3470b8344c2e054bf129663d4e159d26d1a0595a15f21bd0f06c2abaed4684fe

    SHA512

    64eb16e2a116851c68cf16a820d817d8bc3735a1fab1c0f444c559fb425d39de4f8b716de2d0d1e16c2d1e87d61a95af4e6312f297ae44c1e971f97024c459a5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4E52.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4EB3.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit