UNKNOWN
Tags
| attack-pattern: | Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 697291ff-9223-4c0d-ba9b-96b71b83d044 |
| Fingerprint | 5195e94ef9fecc60 |
| Analysis status | IN_PROGRESS |
| Considered CTI value | 0 |
| Text language | |
| Published | None |
| Added to db | Dec. 19, 2024, 12:20 p.m. |
| Last updated | Dec. 21, 2024, 4:28 a.m. |
| Headline | UNKNOWN |
| Title | UNKNOWN |
| Detected Hints/Tags/Attributes | 10/1/92 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.secrss.com/articles/52941 |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 3 | grant-of-risk-and-hardship-allowance-jcos-or.zip |
|
| Details | Domain | 4 | kcps.edu.in |
|
| Details | Domain | 7 | www.cornerstonebeverly.org |
|
| Details | Domain | 6 | cornerstonebeverly.org |
|
| Details | Domain | 4 | hpuniversity.in |
|
| Details | Domain | 6 | file2.zip |
|
| Details | Domain | 4 | file3.zip |
|
| Details | Domain | 4 | women.zip |
|
| Details | Domain | 4 | survry.zip |
|
| Details | Domain | 5 | software.zip |
|
| Details | Domain | 3 | assignment1.zip |
|
| Details | Domain | 4 | principles.zip |
|
| Details | Domain | 285 | blog.talosintelligence.com |
|
| Details | Domain | 101 | ti.qianxin.com |
|
| Details | Domain | 6752 | 163.com |
|
| Details | File | 3 | grant-of-risk-and-hardship-allowance-jcos-or.zip |
|
| Details | File | 2 | 使用系统的mshta.exe |
|
| Details | File | 1 | 首先将系统credwiz.exe |
|
| Details | File | 1 | 并重命名为crezly.exe |
|
| Details | File | 1 | 并以duser.dll |
|
| Details | File | 1 | 在smitpr目录下释放程序simsre.exe |
|
| Details | File | 1 | 调用释放的crezly.exe |
|
| Details | File | 1 | 程序侧加载恶意duser.dll |
|
| Details | File | 2 | 其功能为通过注册表为crezly.exe |
|
| Details | File | 2 | 不同之处在于会休眠一分钟后直接启动释放的simsre.exe |
|
| Details | File | 2 | 并且注册表添加自启动项的程序也是simsre.exe |
|
| Details | File | 2 | 会在%temp%目录下生成tmplate.txt |
|
| Details | File | 1 | 释放的simsre.exe |
|
| Details | File | 5 | simsre.exe |
|
| Details | File | 39 | duser.dll |
|
| Details | File | 2 | 侧加载的duser.dll |
|
| Details | File | 2 | 加载执行释放的simsre.exe |
|
| Details | File | 2 | 不同的是其最终载荷duser.dll |
|
| Details | File | 6 | file2.zip |
|
| Details | File | 4 | file3.zip |
|
| Details | File | 4 | women.zip |
|
| Details | File | 4 | survry.zip |
|
| Details | File | 5 | software.zip |
|
| Details | File | 3 | assignment1.zip |
|
| Details | File | 4 | principles.zip |
|
| Details | File | 3 | sidecopy.html |
|
| Details | md5 | 3 | 577419F202182F6E933C1CF83EF922EA |
|
| Details | md5 | 3 | 087E366A4BECCBECB7D7CDB5C2F73088 |
|
| Details | md5 | 3 | 3E3D3F78A07BAB5A3342E0414E48D787 |
|
| Details | md5 | 3 | 26E41AF2CA9EA82C244C1AA1EC77654A |
|
| Details | md5 | 3 | FA6C832E22F978B8210C0630DB69E6A2 |
|
| Details | md5 | 3 | EFCC2BF765993711CC9E4E86D2EBB876 |
|
| Details | md5 | 3 | 191C389140293C782D7A2304893151E2 |
|
| Details | md5 | 3 | 6528A9F0AF30DF7F4211EF8B341ACC2E |
|
| Details | md5 | 3 | 0725318B4F5C312EEAF5EC9795A7E919 |
|
| Details | md5 | 3 | AB11B91F97D7672DA1C5B42C9ECC6D2E |
|
| Details | md5 | 3 | CBAA7FC86E4F1A30A155F60323FDB72A |
|
| Details | md5 | 3 | 036DA574B5967C71951F4E14D000398C |
|
| Details | md5 | 3 | 2E19B7A2BBDC8082024D259E27E86911 |
|
| Details | md5 | 3 | 3F22B345ED1F9E244DB034F9AF49E707 |
|
| Details | md5 | 3 | EDE163036A1754C71D6FF11B266B91CE |
|
| Details | md5 | 3 | 5BE4E4884F4E021BA975CBED0A7E9C25 |
|
| Details | md5 | 3 | F7D1E515CB84F6DC2D0349AB93BD4E05 |
|
| Details | md5 | 3 | 63789CACECC1ABD9669344516ADB4120 |
|
| Details | md5 | 3 | 9B06472E5ACF2311D0AF62D638A8E51A |
|
| Details | md5 | 3 | D129B81C1D40C34AC628835E144A4740 |
|
| Details | md5 | 3 | BA2ADA448B8471789C0EF3B3345597FE |
|
| Details | md5 | 3 | 6B3F45F7A6758D198A317DE43D51E669 |
|
| Details | md5 | 3 | A65EB385C9019C712EA513E4C5C25152 |
|
| Details | md5 | 3 | 1A1C8C0F5CAFB7DF661086BCB804154C |
|
| Details | md5 | 3 | 0C44DA9103FB26DAFC710E83E95AD1C2 |
|
| Details | md5 | 3 | 61427F7A200D7A21C1CF38FFE2FD4EE5 |
|
| Details | md5 | 3 | 441F580A36757CF20493029B055F581E |
|
| Details | IPv4 | 9 | 185.229.119.60 |
|
| Details | IPv4 | 14 | 144.91.72.17 |
|
| Details | IPv4 | 5 | 89.117.63.146 |
|
| Details | Url | 2 | https://kcps.edu.in/css/fonts/files/docs/graentsodocumentso/ganeshostwoso/snbtoolswires.hta下载一段js代码回来执行 |
|
| Details | Url | 4 | https://kcps.edu.in/css/fonts/files/avena |
|
| Details | Url | 94 | https://sandbox.ti.qianxin.com/sandbox/page |
|
| Details | Url | 3 | https://kcps.edu.in/css/fonts/files/docs/graentsodocumentso/ganeshostwoso/snbtoolswires.hta |
|
| Details | Url | 4 | https://kcps.edu.in/css/fonts/files/ntsfonts |
|
| Details | Url | 4 | https://kcps.edu.in/css/fonts/files/jquery |
|
| Details | Url | 6 | https://www.cornerstonebeverly.org/js/files/docufentososo/doecumentosoneso/pantomime.hta |
|
| Details | Url | 4 | https://cornerstonebeverly.org/js/files/ntfonts/avena |
|
| Details | Url | 4 | https://cornerstonebeverly.org/js/files/ntfonts |
|
| Details | Url | 3 | https://hpuniversity.in/uploads/files/women/start |
|
| Details | Url | 4 | https://hpuniversity.in/uploadsssss/files/file2/file2.zip |
|
| Details | Url | 4 | https://hpuniversity.in/uploadsssss/files/file3/file3.zip |
|
| Details | Url | 4 | https://hpuniversity.in/uploadsssss/files/women/women.zip |
|
| Details | Url | 4 | https://hpuniversity.in/uploadsssss/files/survey/survry.zip |
|
| Details | Url | 4 | http://hpuniversity.in/filessss/software/software.zip |
|
| Details | Url | 4 | https://hpuniversity.in/documents/women/women.zip |
|
| Details | Url | 3 | https://hpuniversity.in |
|
| Details | Url | 4 | https://hpuniversity.in/filessss/principles/principles.zip |
|
| Details | Url | 4 | https://hpuniversity.in/documents/survey/start/2.hta |
|
| Details | Url | 3 | https://blog.talosintelligence.com/2021/07/sidecopy.html |
|
| Details | Url | 5 | https://ti.qianxin.com/blog/articles/sidecopy-dual-platform-weapon |