Overview

overview

1

Static

static

URLScan

urlscan

1

http://tsme.org

windows7-x64

1

http://tsme.org

windows10-2004-x64

1

Analysis

  • max time kernel
    98s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    23/09/2022, 02:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://tsme.org

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://tsme.org
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2024
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2024 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1576
      • C:\Windows\SysWOW64\msdt.exe
        -modal 327964 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\Admin\AppData\Local\Temp\NDF8132.tmp -ep NetworkDiagnosticsWeb
        3⤵
        • Suspicious use of FindShellTrayWindow
        PID:300
  • C:\Windows\SysWOW64\sdiagnhost.exe
    C:\Windows\SysWOW64\sdiagnhost.exe -Embedding
    1⤵
      PID:2040

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\NDF8132.tmp
      Filesize

      3KB

      MD5

      b2faef69b00db9715fefb248f40225d9

      SHA1

      265960873510a1007f86d38ea8a35215f265d869

      SHA256

      a3ceec1497a42ff65cab573d830d31406c8b27819ffccca4cef4431bf5b01a30

      SHA512

      70138e01ca8065edd075e15e132bead00cc30650f49cf3e847456f494a87ce2205c74e0209068608513f5e83974cd5f05471b76cfbce15e7a300372982cd5fa0

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\CBGFUEKC.txt
      Filesize

      595B

      MD5

      6942e15c76d4ae7b29fabd62cc94317d

      SHA1

      f558580dd62fe6e95557e91d39bd1a30be9aae24

      SHA256

      e56acbfe5f849f85db27dfe484787d4cc4a30b16164e00dc7e8a7176c27e1fb0

      SHA512

      a0c50f4e4d971d6f123a5a894d06b3109995ebed4da54eb93217d117043fc4d2edd78226d283142556b9793bf93ae4c6907a772f02e3bd90fc359236936b7582

      Download Submit

    • C:\Windows\TEMP\SDIAG_1ad11940-844f-4231-8dcd-56eb2820644e\NetworkDiagnosticsTroubleshoot.ps1
      Filesize

      23KB

      MD5

      1d192ce36953dbb7dc7ee0d04c57ad8d

      SHA1

      7008e759cb47bf74a4ea4cd911de158ef00ace84

      SHA256

      935a231924ae5d4a017b0c99d4a5f3904ef280cea4b3f727d365283e26e8a756

      SHA512

      e864ac74e9425a6c7f1be2bbc87df9423408e16429cb61fa1de8875356226293aa07558b2fafdd5d0597254474204f5ba181f4e96c2bc754f1f414748f80a129

      Download Submit

    • C:\Windows\TEMP\SDIAG_1ad11940-844f-4231-8dcd-56eb2820644e\UtilityFunctions.ps1
      Filesize

      52KB

      MD5

      2f7c3db0c268cf1cf506fe6e8aecb8a0

      SHA1

      fb35af6b329d60b0ec92e24230eafc8e12b0a9f9

      SHA256

      886a625f71e0c35e5722423ed3aa0f5bff8d120356578ab81a64de2ab73d47f3

      SHA512

      322f2b1404a59ee86c492b58d56b8a6ed6ebc9b844a8c38b7bb0b0675234a3d5cfc9f1d08c38c218070e60ce949aa5322de7a2f87f952e8e653d0ca34ff0de45

      Download Submit

    • C:\Windows\TEMP\SDIAG_1ad11940-844f-4231-8dcd-56eb2820644e\UtilitySetConstants.ps1
      Filesize

      2KB

      MD5

      0c75ae5e75c3e181d13768909c8240ba

      SHA1

      288403fc4bedaacebccf4f74d3073f082ef70eb9

      SHA256

      de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

      SHA512

      8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

      Download Submit

    • C:\Windows\TEMP\SDIAG_1ad11940-844f-4231-8dcd-56eb2820644e\en-US\LocalizationData.psd1
      Filesize

      5KB

      MD5

      dc9be0fdf9a4e01693cfb7d8a0d49054

      SHA1

      74730fd9c9bd4537fd9a353fe4eafce9fcc105e6

      SHA256

      944186cd57d6adc23a9c28fc271ed92dd56efd6f3bb7c9826f7208ea1a1db440

      SHA512

      92ad96fa6b221882a481b36ff2b7114539eb65be46ee9e3139e45b72da80aac49174155483cba6254b10fff31f0119f07cbc529b1b69c45234c7bb61766aad66

      Download Submit

    • memory/300-55-0x0000000075F81000-0x0000000075F83000-memory.dmp

      Filesize

      8KB

      Download

    • memory/300-57-0x0000000070791000-0x0000000070793000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2040-59-0x0000000070110000-0x00000000706BB000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/2040-64-0x0000000070110000-0x00000000706BB000-memory.dmp

      Filesize

      5.7MB

      Download