Analysis
-
max time kernel
122s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
04-12-2024 20:20
General
-
Target
$APPDATA/seemao/config/map/www.dazhe.cn.html
-
Size
1B
-
MD5
c4ca4238a0b923820dcc509a6f75849b
-
SHA1
356a192b7913b04c54574d18c28d46e6395428ab
-
SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
-
SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$APPDATA\seemao\config\map\www.dazhe.cn.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5f105ab1c4db67495da1d681964cc54c3
SHA11dbe77c884d6c47d54fefbac17387ed5818b2d61
SHA256ce278af68ed36df99f765906bfd8ec56f889ba0a1c3ed38ca2bf3a28374f9091
SHA5127fc6ef73da84bfc930dc3db75af852eeb28755196d500a954ead4066e5704ea9cb6372e6756e7acbf28802a031d0620ecc0d6368021dcb46fc561d8fdedf3e4f
-
Filesize
342B
MD566763d1708f99034652661dacb89304e
SHA139e0eb1d1dcb0d5e8867ed7bd2a5fb310cf6fd67
SHA256a7c0708371d9e1f16b2d3dba430539b7ae8de62b2115f2a192ddb42bd8314a64
SHA512355e4d7200f5c680176eb8c5fb4b7a3c0b9dd5d333fd3cb269f7abebdefb5b32a30863e6fd0cb7856690f1bbf0a275d3d4f526dc18538f713be4495820f91d06
-
Filesize
342B
MD521ac1c43a7d17a236fb71841d5ed1586
SHA117c09ce3a0ce2f7aaae10f6215cc01ec2a38171b
SHA256bc5d23bd529cd6ac75f46058e4a040bd253aa35ec2057761005aa1fb7d978ae2
SHA5127a38c11ff218aaa6f7e5bdce435eb108967e406062c06228e034f9011c85a1f04b5b91b5b02bd525f1a65f5cd511e39dec60f12f14fc8c88ee009b7f85a4e9d4
-
Filesize
342B
MD5d719bbcd3dcfb257a7f5a96da324dac9
SHA105e8cf4f98a52ec9fc4035ec0489a5cba29879ea
SHA256d1fd72b58019bfd8698ecb2040da68168e91cef7add62b2d474658ed6390fa3c
SHA512974f6eae5beaea1d358f710be65087f2cacbb21359a8ae1afba9878ae5d9a94197fe7cb132efed4aab12fffe8920a92ddbfff12ade1e937574f9d31085e6269a
-
Filesize
342B
MD5621bc7ffc491fb0882c37bc155759beb
SHA163e12983bf6a4de2cd6c1acbf5736da64dd23acd
SHA2569da500947c8fc1fa4831acc5530e78d95bef4c5fb1cf4f123e8142e92cb98be7
SHA512066ed03fb8f40ecdadf4ec5e7e211eaac0cf47071a0818e6c7729be470c4ed59a388d46846b6a90cf32073c79ed9e66f74be552c64cba5bd7ab25579b199273a
-
Filesize
342B
MD511125e4f1b2a3bda3dc0937b0f5f3a90
SHA10db97184ac84729b8bc7a9bd3f5d876629652725
SHA256afba240e31b3c7bbb2c4a5781a44f6f5595542d904f1b891b6ffe8f1e3977bbb
SHA512865762b052aa3ccd4422098436f7b065581ebd3d2bb15ad6fa716a5aedab7fe8c2752355b1b8e86112f458687d389c82dac5f33abed3e1587469678845f1de1c
-
Filesize
342B
MD51580c998835d633fa3e0ad9544765103
SHA19f7494070cc716618fd38e4b3616ff0771bbfca2
SHA256fc2042de56a98c2cc371830dc6d58035c14d00b439082a5e8d02c07d83af81b7
SHA512bfbff02534477a7e6214e847f0462b9bd920a39500dc5c4c2d067f4ed00c6749b7de207bc4a1cb1389ba30fe458526819d2a8563b5370ade5d622f39170319cd
-
Filesize
342B
MD5e5f64a395989afe3ef100a087d0193e1
SHA1d2c119330e5c2014477743c31e98d9209ce8a284
SHA2569f402ab02d4dec4ad18c9059b04a877c37acb3d8de09cf9142433336d39d8594
SHA51213e1402360528768e915395f4a632cd88b5a7d9e449b1601c192acff56fde48f306c906695ba4e89ff5b525454ffa4e4727043240dbe0eae24f13d8003d3e8fd
-
Filesize
342B
MD5364ec56b9439b0bf781fa931891681a6
SHA18524f76f8169c71680d334c64470194664aa8c63
SHA2568f7eeb714f73fbbd871ba2588c87390b7bcdb1b61b394809f6dafad089ff308f
SHA512e88fb5a5fbde720bfef4cda716c12944fb32add447d5ece4c02e8636e6f076bff591ddbe8d369617349e39f0b23a2d81014c64cae0b531c4fb8375465adc72ae
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b