Overview

overview

8

Static

static

3

IDM/!)卸载.bat

windows7-x64

8

IDM/!)卸载.bat

windows10-2004-x64

8

IDM/!)绿化.bat

windows7-x64

8

IDM/!)绿化.bat

windows10-2004-x64

8

IDM/423Down.url

windows7-x64

6

IDM/423Down.url

windows10-2004-x64

3

background.js

windows7-x64

3

background.js

windows10-2004-x64

3

captured.html

windows7-x64

3

captured.html

windows10-2004-x64

3

captured.js

windows7-x64

3

captured.js

windows10-2004-x64

3

content.js

windows7-x64

3

content.js

windows10-2004-x64

3

debug.js

windows7-x64

3

debug.js

windows10-2004-x64

3

document.js

windows7-x64

3

document.js

windows10-2004-x64

3

welcome.html

windows7-x64

3

welcome.html

windows10-2004-x64

3

welcome.js

windows7-x64

3

welcome.js

windows10-2004-x64

3

IDM/IDMFType64.dll

windows7-x64

1

IDM/IDMFType64.dll

windows10-2004-x64

1

background.js

windows7-x64

3

background.js

windows10-2004-x64

3

captured.html

windows7-x64

3

captured.html

windows10-2004-x64

3

captured.js

windows7-x64

3

captured.js

windows10-2004-x64

3

content.js

windows7-x64

3

content.js

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01/10/2024, 12:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    captured.html

  • Size

    1KB

  • MD5

    5062f9d1df3d8e0f7ab6aa60b9ed8559

  • SHA1

    5a3f784811f44fc6c90f05c65f2293e2bb92bcdc

  • SHA256

    2e085475431e6f7e08159fb76f80b37ec1c73c708fb26a60acb581b491cba5c3

  • SHA512

    9b284a33645a8989403bd3676746413be76e0fe2acd84c28acc61beb5b058dc9f70c6bf6929a90281f876caf850032da2ca1b17fe4596c2506cfb0a667d47536

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\captured.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2324
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2324 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2332

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f86a459f7b79758c0e996e035b7b44c

    SHA1

    d38c1a040d6f484aff5d4d8abbbac2ea5e8c2e9e

    SHA256

    8da1f72bcc35963badbb8a41f23aef5dde688a9178119f20d9b139fd0da35d2c

    SHA512

    39f6ae6be18e36c84f477e17b29b94e19c161a3c76c0f754e68717512bfa5e3d35f364bff824d8334b36b167c94f4eaf7e8e337eeb9a438fec49b7c652bdc709

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e3b59cf31f221f6726d25fb25629f5ab

    SHA1

    5931551c304a34854d1259a8d663957946d2f5a4

    SHA256

    d3a357c607589eae01e8b8b8d8894d418c3b950c3f8a7b3177456297a30e7f8f

    SHA512

    e9a36db7306d3fa03aa5b6f109d73cc84edc30daa980c5a2b08c523a4a3c6a143ea4a205519714a4a3284bc68992d15b9540dd7068366e23ce9b44b2afc9a888

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    afd02e949b19fc736b592030c4eaf8e6

    SHA1

    00ff276b510c014219df306c1c5e900228d97518

    SHA256

    0bdd490258eca3579f460d567c1b0014fc52f002fbbca59a6b22ca3f32247d26

    SHA512

    936603ea22ddf3d1518c9b2b0ed287e12ed4842a3fc0bf1d4075dc3b0dcbac4e2d232f68bbb212d5cb06ca5664612367194086236cfcb8235f81a2351c3a4c3e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab1A09.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1A2B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit