Overview
overview
3Static
static
3943474874/Dbt3.dll
windows7-x64
3943474874/Dbt3.dll
windows10-2004-x64
3943474874/...oj.exe
windows7-x64
1943474874/...oj.exe
windows10-2004-x64
1943474874/...on.chm
windows7-x64
1943474874/...on.chm
windows10-2004-x64
1943474874/...st.exe
windows7-x64
1943474874/...st.exe
windows10-2004-x64
1943474874/...ce.bat
windows7-x64
1943474874/...ce.bat
windows10-2004-x64
1943474874/...n.html
windows7-x64
1943474874/...n.html
windows10-2004-x64
1943474874/...r.html
windows7-x64
1943474874/...r.html
windows10-2004-x64
1943474874/...n.html
windows7-x64
1943474874/...n.html
windows10-2004-x64
1Analysis
-
max time kernel
147s -
max time network
187s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
02/01/2024, 15:42
Static task
static1
Behavioral task
behavioral1
Sample
943474874/Dbt3.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral2
Sample
943474874/Dbt3.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
943474874/Dbt3MainProj.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral4
Sample
943474874/Dbt3MainProj.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
943474874/cooltray4.3/CoolTrayIcon.chm
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral6
Sample
943474874/cooltray4.3/CoolTrayIcon.chm
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
943474874/cooltray4.3/CoolTrayTest.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral8
Sample
943474874/cooltray4.3/CoolTrayTest.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
943474874/cooltray4.3/demos/CoolService/CoolTrayService.bat
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral10
Sample
943474874/cooltray4.3/demos/CoolService/CoolTrayService.bat
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
943474874/cooltray4.3/doc/CoolTrayIcon.html
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral12
Sample
943474874/cooltray4.3/doc/CoolTrayIcon.html
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
943474874/cooltray4.3/doc/SimpleTimer.html
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral14
Sample
943474874/cooltray4.3/doc/SimpleTimer.html
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
943474874/cooltray4.3/doc/TextTrayIcon.html
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral16
Sample
943474874/cooltray4.3/doc/TextTrayIcon.html
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
943474874/cooltray4.3/doc/TextTrayIcon.html
-
Size
8KB
-
MD5
18f6f1c267cbec0dbb5b3bd2d33266c3
-
SHA1
237a5aa7aa3e0121ec9d5bc4b8d97fc9ca496e0f
-
SHA256
f7ae11f61f0a2f2fee8e3656a3beaf6040a52d0a1e5272b0d20472bc9ef8423e
-
SHA512
000a0fd1c53402952488417faab1dafb6d8ab22eb1d8954002ae81a9176c6e3e0850b66a62d8bb838dfcf0d50049ec8d649a02e72c172283c83253f9e5282dba
-
SSDEEP
96:dgfx/VDlXweJs8dKZZWP6dpVJOdL8RxzzPK3bKrNKcSUOL+er4vDdveM:6fx9DlXweJDduC3b+KcSUZZvDdD
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2951418577" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31079826" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E6A29FB7-A985-11EE-B6AD-EAB06C7B55B6}.dat = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{E6A29FB5-A985-11EE-B6AD-EAB06C7B55B6} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2951418577" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31079826" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2772 iexplore.exe 2772 iexplore.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2772 wrote to memory of 2176 2772 iexplore.exe 93 PID 2772 wrote to memory of 2176 2772 iexplore.exe 93 PID 2772 wrote to memory of 2176 2772 iexplore.exe 93
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\943474874\cooltray4.3\doc\TextTrayIcon.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2772 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2772 CREDAT:17410 /prefetch:22⤵PID:2176
-