Overview

overview

7

Static

static

3

c439cc4195...18.exe

windows7-x64

7

c439cc4195...18.exe

windows10-2004-x64

7

$APPDATA/s...k.html

windows7-x64

3

$APPDATA/s...k.html

windows10-2004-x64

3

$APPDATA/s...k.html

windows7-x64

3

$APPDATA/s...k.html

windows10-2004-x64

3

$APPDATA/s...x.html

windows7-x64

3

$APPDATA/s...x.html

windows10-2004-x64

3

$APPDATA/s...m.html

windows7-x64

3

$APPDATA/s...m.html

windows10-2004-x64

3

$APPDATA/s...n.html

windows7-x64

3

$APPDATA/s...n.html

windows10-2004-x64

3

$APPDATA/s...m.html

windows7-x64

3

$APPDATA/s...m.html

windows10-2004-x64

3

$APPDATA/s...m.html

windows7-x64

3

$APPDATA/s...m.html

windows10-2004-x64

3

$APPDATA/s...m.html

windows7-x64

3

$APPDATA/s...m.html

windows10-2004-x64

3

$APPDATA/s...n.html

windows7-x64

3

$APPDATA/s...n.html

windows10-2004-x64

3

$APPDATA/s...m.html

windows7-x64

3

$APPDATA/s...m.html

windows10-2004-x64

3

$APPDATA/s...m.html

windows7-x64

3

$APPDATA/s...m.html

windows10-2004-x64

3

$APPDATA/s...m.html

windows7-x64

3

$APPDATA/s...m.html

windows10-2004-x64

3

$APPDATA/s...n.html

windows7-x64

3

$APPDATA/s...n.html

windows10-2004-x64

3

$APPDATA/s...n.html

windows7-x64

3

$APPDATA/s...n.html

windows10-2004-x64

3

$APPDATA/s...m.html

windows7-x64

3

$APPDATA/s...m.html

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04-12-2024 20:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $APPDATA/seemao/config/map/www.china-pub.com.html

  • Size

    3B

  • MD5

    37705de0752d1027f8fc3b3f390c448d

  • SHA1

    b9a36fe59d4092c1e8363b6dbb80c4325170ebb9

  • SHA256

    b8d52dc3f650996a66e32d4fd4f40129f6d5f742a20893615fe1b8dbedac6039

  • SHA512

    affe90e227dd7fed7ac0d9dfcd7a01dda8d7abb454e23a4d98fd7c1c4f8f38bcc7f6062cb52cbca3ac7088ee55900a5b85810e2d258b6896528d8cac87dd4709

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$APPDATA\seemao\config\map\www.china-pub.com.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2008
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2008 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ce4bc7084941a26fb12805046707615d

    SHA1

    053ae5a991a8fb4fe4943c3a59f802da9c2fa346

    SHA256

    5d22849ee84f41d68723aa99d6a98ed0ae09a2874d0f937ed9a9b3ec33fbe4ad

    SHA512

    cd22d2853a092ea5916fa2a8057f4f70c20e7b10f8ca9248fb2ab4328181695bacd9c60b3cb86283403dfeb7667d18e756710addc724296e7b93e6e3f2d5e9ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    61fa6388d40d4849c81267301f9b2c3e

    SHA1

    73078f2bd986594682efb459315205be0e9ce149

    SHA256

    511732d59a5dcf44c720b006de9276b392ba3af4255c2832ad26798c8306198f

    SHA512

    61e883fccccfc947ac578c4aceeff0b15597f443b3161cc25bebf79521ba6dfe0680f1c8f7a3f1dbe301d9b49084d41ae7f5e04457ef41f6a9f1ccc4b0f17c83

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1812aca259c505fa9d8cedc228862732

    SHA1

    46ad4a304915532c8f23e1047d1eda10afe8dd0b

    SHA256

    56dc7e313a250d8575e33392d7f45990933ca765109e521bc7a4feb014f81f71

    SHA512

    5ca1bc63999caa5d18dbfc761299e07315e82ca849b7b0d5b663a78ec1b368451e71785f6131fad7c836ddf74f63e5c8e2ceb42db44f95d8ef96fa589317ca8b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dc36d8dbccf8274f4f4d8e7d06a056cc

    SHA1

    69629a60af505dbf988a0e7e67553de3a1b3a615

    SHA256

    5349d873412d4666de4b46f8b42e90aafc14948fed5399a67c72df1c78cb0a5c

    SHA512

    5414967ec324d3147a274f2823954ddb34e97bc9d6b53d6aab6d5e79e4305df7c036d85d1e56418327b5402e1e3e7d72698ce90612f1519aeab283297d1e79fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4a8814dd97824e2ab9ea67b82bec7842

    SHA1

    603e07ad4fbed5e5f8d6f431ebd5f1c28f8d6bc5

    SHA256

    33cae3b98b4957edccb18bb3362cc938ac1d78c54a7426b9a8409beb599f949a

    SHA512

    c0fc12cc630f566a3a1006b07bf98c7aad5d98f27907ea2f3049573194fc4d5d852ba0924c7f2d9e292d1f3bb0c5304562d22c784f1db82d2abd0bd516f4dd29

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a3424b0f953757a8ddab10a940ffbd3c

    SHA1

    5973c9445b9af17dc7c3358f5d706cdb8294b725

    SHA256

    85cbe32be03ca4a88487abc63c93d0b8b9d8eb17373b98c70e13327fc2b8954c

    SHA512

    09b7edae4a1ce52886b9f56977e4e9b5bd495f9cd60b344f4fe63427cd49dcfdbbc92bed2f55313e343bd0ea04e99efb68e64f9f7a240a1f961378f9797d74df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ead5012c54577a57415ca752d1e8bee

    SHA1

    1c44f82296f3cd16145f408693bd6762dc3e67bd

    SHA256

    1cacef56a4620250eaf9c43d7dca602a88d73710139997ee11361adf65450104

    SHA512

    a352277011626264482901b93d4f79ced89891a271ff5eb42aab976b3979650524a3d8f8d4dd4797e109909f433805d7945b4edc45814a5ee6928f9b6fd8b307

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0affa267db406afc7ef1df2af467d239

    SHA1

    6523f636de6afff307ca9cbfe36505fa2efe1bf0

    SHA256

    abae5b46d34f258e128b216d66cc3628ff9082a7d3c6df02caafcd807551398b

    SHA512

    40a1321d9545956932da1b2b1ba66eccad62b2d559071031da77ff68d4e903c57b0a3e9bb0ab0c51f0372e907db772a3eabc7517bcd1ac439a69159b2f07449c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b0004931afb1f3b24ed7a7c77603164e

    SHA1

    2a1b00d4b8bdd13e47a666944d83688a34c3ea9e

    SHA256

    fcf1372db51e10c65ab2656307a05d472736e95b38f59607c11dbdae2393d8b4

    SHA512

    e532c67d5773dcb924e1513f9403903ee65146ee62567c7a65df312a6b86baa01d4a4c084aac0461e6ad906b072ba6bd098026fd7eb43822a3d0b521f8b1c4e7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7045b753b18cb11b25134f6c15f5c660

    SHA1

    41a8d4020c39ac215bd0e66333f1516e7238644e

    SHA256

    b3e81c2918dddf9d919f846798fb125eaf93c05c16e6d83ef9276e48acaf1c3a

    SHA512

    5db0147de2bec1f8f4ee3ce1b63bdc5b396a68d59e8f8c0ef014be06dfcb7e8cf850c00e061ba00b37ebc598265828e1d7cebad8ff9478287f4f5db561a2fc4c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    52758b9750a2fae91e2b7121cd564ec6

    SHA1

    922329019212472780e3f5e80d95cb146fa5a6e4

    SHA256

    2922455eecd6ba4b3ca08ec77545f55d18184a1e90bff75dee31c4d3b140e348

    SHA512

    8fee3ef2d1117a7a772d1ecefa6ec4d1668d5a64af620a6dabba4e5ac324eeb1179beb862c4dcf759a13a6d3e6358c8e0cb4a4a91d5b23ec07b477240d762753

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4d473368ef20512e4c23967f6857c8bc

    SHA1

    699c94af7d50eb35c29b0f373e81e88793512d4a

    SHA256

    7192c54fa0adb15f0b61d7a9803757356286fb103fa94bf5170672320e32f4e2

    SHA512

    fb440a88f613395fd89726e9517207c6f40a25fdeacd6aaad1d2194eaa419470c0ae7bd6d83a140081763ea57a70b5298e27972fada67cf093163c5d97e1b9f6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2012448a5fa392b6a5b909e6ec25819

    SHA1

    5c521a4ca0a901d9c25d05f6fcd743cdd9ce778d

    SHA256

    d5ca9ce407e42417a90d8904b88d00076306b947a720fc04b15b01e35ba3dd55

    SHA512

    0a25d621537b7210cb26187dd96a7373ba6c40c975ee5101237f58ef715a765beb723014ed6ba7944e62849dcca1eee5b6979a70d994aecf2f960a8a6e26c42e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cea464bdf26523b9843f11d5a509cf9f

    SHA1

    f25e405314e13a18cf16022a43f25bcbf41b7064

    SHA256

    92c8fb8a9187685043dc2d04a3389c999af2d8efff00a5b61b6d67aef1a5b614

    SHA512

    7be32747c439cc9190d81f5c66c6064395b3bde6e9fc0c4176c4a0507450453a491c44f4a1c727dd9f8cf73feab1e3aaf054538c4ddd643fb85988ac68355130

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    106b6f3c2ebbfea594edddd4ac9c33ab

    SHA1

    86b7b94429e2472e5319277a5204c32a129aca87

    SHA256

    530f6f30cc82d7ca4db3bdb1aeb0d8874cce7722bab04df8e6683115fa34896f

    SHA512

    3d45ae92453a8702a56afd125d74c8ee14494c66a476c77a4afc06456a093ec2e042d9787fd5c84fbd091c494519fb13b3572f014b54aa36d09b2cc744802929

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8591f06f7a9ec5beccd2e49973130fe1

    SHA1

    eebfaa77e109a48514286020ce23f42ddeb250e8

    SHA256

    d0e927818c957039f66c6a6bb85f0cdb54d651b0ed9fb9842db4f4b04babf8a6

    SHA512

    083e6e9172c2e3ca9b311e0061a1e88bc5b7656ff4a59748e35fc3d5036bdfc110651eb179b7470fb6799b2b73bf89e112bb377e82598f502247d137de7a8815

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fa0433db7e5ce35f111132996ef310bb

    SHA1

    8d2a6e4d66cc290c14ebe16f1d65e73314095f90

    SHA256

    1f3fe57655214c319c89930ca053fb7c266579a427fec030fb82e9c062b5ac9d

    SHA512

    4a1e9feaf9be871a66919a06e6ef1d7105c6ba036212a2dd0ad0b2978d57effde0d74a339cbf4899d9f8f06115c1e275f626205b9dd9091103822afdbaabeea9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a91383e5ffedcedc8de2f488fc572a54

    SHA1

    5e6e2dfc9fcff350cdee14753a58d60e57bdb375

    SHA256

    065be919ab13384cf06003c83f64868e6e57534c8806af410e5cfead65935897

    SHA512

    7a59997cd2030fa356082a181b688c2852daa78a622d049a62cdd0f7cfa64427d549b20ee04c2ea21acdb65f5a27de442acb60273ff750e189ee11ef17c4cb4a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA9CA.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarAA49.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit