abbaf0b5ad2c31fb6759e64b9d47d5a7f6561ba7985fe5f6150585bb37c7bd30

Analysis

max time kernel
153s
max time network
164s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 00:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

shop8/电子商务购物网站管理系统/电子商务购物网站管理系统SQL版/admin/SbujectStep2.html
Size

2KB
MD5

748d620425f3d13d2180238531045377
SHA1

e118e63f879ff7eaa6ca2a0aa2f4b0f8ccd6dd25
SHA256

7beee418280f92f4e7a2e9c2d7a5f7bb79acf91830e4f360e3fbe967f713b094
SHA512

a043610b2150f8cd5b1e44e75832495ecd92713173aa46a4aaef4969b4a626b9bd2d20087a1a76de271fe773db3e0b00a7bb506bbd53cba6871edd1bcbfaab83

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000a0085fdc59f422febb47c4f1263cf4cf0378971c1b1c790c9a1a5302d05d62a9000000000e80000000020000200000009a795c621a59091cbe46f834305456c4e094f4add33881b7301b97491b1b40a8200000008eaff421182d4ab604759baaf391e69484412172675656aa54eba2f4f518a780400000005a6d3bbd1f50321931f807c67b30348b962bf3b52b264b9b33855ce2e3088ad3fa42382aa01c9321a0e9434026699418927b0d54e7dc8d2efd86f695cbf80aa2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000ec12a2f728a541d567affd9fb05b7fdff388226831e0c3f2bfa4e01d3fe93cd3000000000e800000000200002000000051aac063edd19663b878d5e8f98768c6fb19b366fce76e24ba61b8a6f1bbd553900000003c8056cd165795c189111d307d79d5ffdd1a31e239fd6378216c9ac109ab0f5ba1e8f1eaa62082ed00f3d2f0f84a2323deba03c8cb9c8f511aeeabb99217001f7afedf2e5941c7b4ec1686a6233fa63ff28d7107a93f32f5e53e06c2655362e791e5cff07afe58ee68e89600fcb97cf83cebc17946aeedb1ac57634e599d6189020a6fa3da1c00caca7195deac92238e4000000019598eb1b41a960fbb29c0b33cbf2b3bc4ec7ef2ef987afd06ddca5e4c9359732dbc1d06605fdf1bade08de42d38524697f33232182869f5425a4bec0864f11b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410570650"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FD0059F1-AB53-11EE-8495-CEEF1DCBEAFA} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c01eabd6603fda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2760	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2760	iexplore.exe
2760	iexplore.exe
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 2700	2760	iexplore.exe	28
PID 2760 wrote to memory of 2700	2760	iexplore.exe	28
PID 2760 wrote to memory of 2700	2760	iexplore.exe	28
PID 2760 wrote to memory of 2700	2760	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\shop8\电子商务购物网站管理系统\电子商务购物网站管理系统SQL版\admin\SbujectStep2.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2760 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
49106a8f573a38f1cc1ff5db26a63ca8

SHA1
18bf3c914b74b8cf15e3c65839d9b1b235466069

SHA256
b23ae2051299ed237b93e2464c3d0e095f24598bcdea9b26bf10dec405e48949

SHA512
f363a5edfbc42cefa5839775fa98d9a451703254c30022dc27b3b7bc44c13a4a7522d638ca5fcc0b825dbe804d56ae3fb04e806045836192f49cf0aa3e9814fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ce32cbead22961a57652488125c3a74

SHA1
63e05e9d2c10c0cefb0a93ee94836ec501192702

SHA256
4c5b552ba00d12a8116bd2a6a33a36e5808083fa2b7bdeff77573ef9603679d9

SHA512
b3237363594f3e73b1944685fd800f4a8d664309a9bbf02f1af137049876f61fd3de604ed8bdae8e14f2297b1ceaae2c11ced10e6feb80c6bd1b4c98ae92ebdd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c97e728b5f09a0d9e3a95ddefbae9bd

SHA1
c2b6e74c9aec0e94c66948ffb736b598b23767de

SHA256
13a753d4c151c600c43f1f1a99e8e77b80f91addc885b46c5ef1c8c4606c0e84

SHA512
2946ebe3bfaffaf77054e7134cf724bcc85a2312d8de7f6ee2cb8f35075620b101728df5c05e770554759ac1db8ed2d3b426d23edfafd30e24ff601b14f323b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef47531b7891a37faab1aa0657059899

SHA1
9821a68de8a9071d4b467f01d4a85b5d7cb66e3a

SHA256
8ada867e8dc43574c6d1fe1145cbee2fc4efb1c33f32689d19fd7966258eea75

SHA512
95ad5f50c471309f99e95a6369e58d70544925e7f52f64935793a83930112245b87d666fbd6f327baea45d581aa13d9c347d42ed09746f141e54061aff429de3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9415c6376f58d3236cfca2405848eb32

SHA1
31d0421784246a56542a5108e72f31b1cab7d659

SHA256
f23111757681f72fd866edc37d84306ead871eb9adecf286d765139caa7f1744

SHA512
3d0d5f7949f286ca84dbf91105ce96e5b60b325bf9589a556e5f036bd03b74ea3ab002a365850762d2cdbbf8a8b70783948f7cf0b3a6b46afeccef06171fc0c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
352e7e087267973c21f310df646aff07

SHA1
60dbbe03d0791f55142052ea0ae309ba741daa66

SHA256
5a901bde5b6d915da3d681752952f8804472255e4e39d069157eecca28af5cd2

SHA512
6faa4c2482e1daf60db89de5601f9f69bf80edac4fb1dc33e68e5d5ac0d29f87bd8b91b92ee794779089e7bd258b1af294a5a9df5cd7e47be2f8d5011c5f428b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d729e3f140ea5a5b971679b739df2d08

SHA1
a3b0aaec30ab039925296f90d1db39ab0cbf13fc

SHA256
56333fe724c4342a73f3609202ef14402f1b4c936714c01954ecf0f122056f59

SHA512
b538f68e587589a8d59e462e264755be0fe772bcdb12ebff3964c32fba81b69d798cd0b441176035164040f03323b1a2938b73031855bc6b7f37eee0858a1f8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d2221b00a2a4b7ee8cf308bd6763cd6

SHA1
15a53492a822377d37687a66b8584d7288ffeb4a

SHA256
17659f7127a0a30674c92f5ce26e09e221ef173efa9cd56b9f8c2c3f06630667

SHA512
bf9c83932ba70060813bc765fff206bd41f96f4a35b2d2aad8d41ce949c43a4b85c6e41fea00d013051002c88dc4791964662e900e128600f1797dcaeb2f4366

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dfed0ad4df8897759e6bfc0784d5e177

SHA1
d2dbe5a63fe2d5a5e00cd44000d9977a80dbf2cb

SHA256
29046e5031672ac0293a19b964301f2424a7cc9a406d421c1ff936f1f08bdf83

SHA512
95aeb30048a0ea05505cd753c1fc27531f031f61b83f810f3fc1fe1a68750f14c5007813f835c15fda18774ed6af19a4c368006d247fcde460c105adcc9b32ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ebae14d21e418b67a74260cbb9f73052

SHA1
bfaba781bf73d06836172f84f849ec6a540c6f1d

SHA256
de72bcd54e07e369e968fefb2ca8de09fb6ec5d15e13e9342d688bc48d89d595

SHA512
2ba147907eeeaf363bdb926c017191254998209f2a6eec4b33b936951648011fb8d0ea4e7800c5d3dd367f8899050c9c8a9eb3e79638fb7210d0d414b35118d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1af8bae99194d666d46fd7786a0f4f34

SHA1
c460eec4deb587d53317852f46541469fb45a569

SHA256
a2265b649266c72b537e307b650258172aa59137d1bb9bd2db8ffeb96fb26afc

SHA512
58f0542eaa36623f75d639246adb9a8e6fa005b248700105d087286ad3735e9f915a2b09faebfa587357b82a951d3cd23df14408507d5e7d0c54357a47dc8abe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34ff997125968469ec5d49b75c6a0892

SHA1
4d11c0ac47b892c8a56eb488aeb684ba97711c4c

SHA256
15acab911f2ac755fc5cca1994c359fc130885a02ffca36ee4095352350d2d36

SHA512
71a377fd60696505d4a427dbb6a739a7fd447668e99c078ba7f9a266777ca095c417251050de3ef179672226fc3fa2f62adc475ffc327a7af2e30063071e7652

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c9c1ec6a7f316eaef02ca390bdf7710d

SHA1
a0da25880a2756abb02c92bf9fa66d1b91840e60

SHA256
b4441aed2c00659ea497cf4897ab40c5be4e5bee72762a5857a4fddf10e7d4e6

SHA512
8108d31d78deb07c2a9fcfabe333387c97a8ff8c4e5aa3366712d33e615aed7c9cd60ee170bfc31d3cd4a511166e77ec214b0be421857a4f957e78d428020463

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC5B0.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCA55.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit