4b8047a399ba8797fac18b325e19f78467b165b45de76296477e3e7598816587

Analysis

max time kernel
120s
max time network
151s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 03:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

力帆影视系统 v5.0 商业版/admin/admin.htm
Size

2KB
MD5

a32a4348922ae895cc3c21289f6f7573
SHA1

c4434dabf9b988f0e25d35f5a246a97e60e5aa5e
SHA256

ae06af9bea09232f95c3758ff30d6957c1765c0d081852f6e6be854ca77d97a9
SHA512

078d6c415dcd5149dfdfca3d362fb2368b6a2fc4c06732ddaa7b2c8418dde09e58e22500d4350a5428daad21891e80c079fd0c8f222eb14c3778e2f8d52673fa

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B6B10041-B0F7-11EE-975F-42DF7B237CB2} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd7691733418900000000020000000000106600000001000020000000876a2c5e6b404c934c536e169caed48d89bcfdbe14beaa3ae7f0a22496c5d242000000000e80000000020000200000009e2696a7d6db13011295ffabecd3aaecd6d13aec362948ec886c81b04e3a0cf020000000df85f0e9b39174a840d9225ddf3e13f1ca7609b3e5c5179a4238fa851379604f40000000f76cb93ffb810ada21d3c38b58d35c45a6b074f367e95794d4ea591678fbcd13cc62dc75c1a136705aaa9e88ddd4ef7d8b63372668f6ebe4e6fb86d59e2f6402	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1033388c0445da01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd76917334189000000000200000000001066000000010000200000009d6411a4f567a0fea1b44d64f85a95933dcedaa0945ab46e8e710be60d0c2cd2000000000e80000000020000200000000111a30bf82a019eecca3f962f19986282365f71d40229ccef95b71c5b9b79ac9000000063125e7cee1a1f083b66ebd699777bde99beea4f34ab40112586ad58c4e065eeb4de1317b914bd7f940847008867879e62f39339a59fe4f9a53f57f53e19da0dd022b69b61dd8c87e493d2aaf7f77991299e4b0f2a32bb2c66b5276ce6e875ee5ea8179d1ec8088be410609b64d1ce195d21e1040663d5b6d5bac00dcc1e27e57fde47d0d62e1fa3f7ab5776ef2e049a40000000084c8ffacaf68053994812a763beefd5ca6ce70c24d8a3466f0e08a11c3ce37bc8433c5a23e73ac1db14770d988efe68d67f858d0cfea2ebb73ad08a50b9e7aa	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411190720"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2372	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2372	iexplore.exe
2372	iexplore.exe
2412	IEXPLORE.EXE
2412	IEXPLORE.EXE
2412	IEXPLORE.EXE
2412	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 2412	2372	iexplore.exe	28
PID 2372 wrote to memory of 2412	2372	iexplore.exe	28
PID 2372 wrote to memory of 2412	2372	iexplore.exe	28
PID 2372 wrote to memory of 2412	2372	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\力帆影视系统 v5.0 商业版\admin\admin.htm"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2372 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
88a11c87bdbaa560b892be02b36c2a4c

SHA1
c503685db9c4f9adba75058293c64b165dd2363b

SHA256
191a7d63c94c0493d111350d4e2851fdea274c44c9ec9dc1d8608d8c14b82b3d

SHA512
8f12447fd99dcd9b286aea7a559c8274a20a1afd07e0ccbd7f8aaceb35b7a1cbf91f336ce5955c36ec0a71513aebbde8bbbd93b065c886fe1ea3fce20006164d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c84036910277f884aeb7eac9fcc8b80

SHA1
cc5ea2c463188ec0a6c1d4bf0c8780ce76c2cdf9

SHA256
d765e19c88a7dffc2c192a2efcf0afd0c5b223285da221eb7e97607214d5dee8

SHA512
92f7d268a442e5a0bb192592bb6b6123f85ba3c48329b36d19409a8151affd7395d2ca78703178100882ae3e62f9fb2c9fa932ba95188d72556508d9bc060a87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b1f8d211c15edf66c88cb54c8583b3d

SHA1
d948a0cbf84d55797c07e8567f9a8f8d0580a529

SHA256
1e9d89963acea37b6a338e893ed3b1aade6b15c9c3d5f4c40c9cbfa7dcae56ff

SHA512
f7fdfc4b0c52ef61c7a8593cebaae9d6168fc8ed196a3e56a565b1b8756da248850676b4a3da5864c7ab026ae84bb249a0554e2b3d38fecc4f7c61d31a2e80a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fab0f2fe6b20d58170ec77bd721e01c0

SHA1
b7c4f4e2347d740bdebe10e99d673ee62976128d

SHA256
b073c5fb30312ab07b93e5eaed70ce14ec5ee3571ede1cd38b93d73882b5d456

SHA512
fff77846f117b0a923afbdfed3cc1b20baf55effe72844c7856a48912b559b42fcdcd2d19ba7bdd5f07559fcf6a4a8087acd82d2bd416011091b9ac90002a10e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e0193f403cb27bbb806f944095932760

SHA1
3d5b07183a33f19bb05e63b8b25bbfefd79795b4

SHA256
61b8cb6ef137a2ccbfc8983be101b14672482df14064696f8d1b722cbf7985d7

SHA512
532e43523a86cd72bf00205f3176d4a61199e878ea90fda5b06fbb26bb5a61c8f6bc90162cbe36a4eeb4fb37558db2f16720925e6d0ec2281ac8d30d3137622e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
310216c2f3c4cfd36fa283cc9d27ab7d

SHA1
e24f6ff7f1ebd902b4a846aa4acf27acc662e33f

SHA256
566a3a384d5359d9a7fcb1d35553034c5662d3cd4d21f4b88bfb25870589fbcc

SHA512
261bbb98fc724fbfe99b655483cefb04cd3f87b63702fcdbc9727f8414e7c941b8814748dd971aeff806be9bc5655276cccca1b973c186bd529162f0b196a21d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c26c79d83ce7ce7d894a8f1fcf04d35

SHA1
b992ae03a79ffd6ee2d6310bd00a5e97f99e1438

SHA256
ce00dcbcf57a980bb67ea709fedba43fa8a75587d3a899b10a03def4236a4319

SHA512
f543647ada90ea47feb4be589037bb85d96bbcdcf7cdfdf62c1c766df0afa42361c1455f9cf14de41b05cea281c60e7de72c00b7ac95d7c9d2939bcc77086fd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd454808c67a61155497d5cfd2c8630a

SHA1
e07867073d0d1156b01e0b0fcf45a41511e773cb

SHA256
b5586ae980bb7e31dd7ddd13929811b82ec0b80bd8f2ecd73ff6a93b732da65a

SHA512
4c0396834c657d2974997738c92b02b150c8e128273a806d5dce1fed14917680a26859db17bce65046306b613c019de0609fe58f20c76065a1407fee224443b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2d3fe186b01f282a37223c3fd716562

SHA1
5274f10fabbff52b2e0790554c7637f08863176c

SHA256
443cf9c2fa5972740b8102a1afb15cad5c25243c70b316da812f2dbbc7efecd4

SHA512
676312f40c5af405bffe0e36cde759adeb7d956bbee5cdb39df48ac22c7363b5d1564621c51ddf6866df170a4623b2f2b4e9013016aed782f266f232e084bff2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
470a82254a9dcd8e1a8fe56bd757289c

SHA1
5124da5b1184eeee513d790bda759c773d73a21f

SHA256
cb060db4882ded03cc6ea9e5ca14089e91b1a4429227f8f3d8ac5aadcd73731f

SHA512
085a59b0af75b34c188d8f16c6ca422242ac8101b869b15049b42f6b35c81d3a542f625f71e3a716657bebb6dba479dcb94ee89fbacec8cc0ffc09df53e779a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
72046742811bfdadc53d6b9feab2182c

SHA1
f5186b15c36f633ef3e151fef4759a1e21041711

SHA256
c4fec1c2760f10aa0d17962c13af705949f593871b7c7a4bd6688a6a62728516

SHA512
c94993728d417bd003a1996a2a810e63989eafe032997d98ae3db1a2129d64d4374f4f3ff612500ea3d4db3bf5a300f3c027930b34a8410e7dce0d2e7594c126

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
66c2f2a6cf3c0256f68267cbe254272a

SHA1
e9ae281c2f6cf17780f39dad781b129b9c5f1a13

SHA256
29d21bc9703ca6a3ccd2c6d901515f64a2d72f8fe268a8770eb5bbd6a9718628

SHA512
4c2b3435a3821da03c7e7a62c8dbb7c7137f5d8d195ecfed5d9d12747518bc35050cc9daf0d87f15623f39c402bf96449284c5d431dd6c7d35c684c395fbb5be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
87c45b10c718ae26f6a8631a3d929947

SHA1
d8b5ed79f34eeb99e6b5c82912adf7d62d88c73d

SHA256
8930787deb70f4d73b3345190aba24bb337ed39f1d3e2eae653bd6a92be7b993

SHA512
93ce8057541603d815bc7a746a59283d39df61b4ebf41289cc857139d704b568ea28220896a5bad0c9f2861fe62b052be1ae3f89fe806994b81332189e1abfbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9cf061cf461645325dfcf239a884cc17

SHA1
ec3f1819844d9060267c18c2295d8957cc0c63b6

SHA256
943187953398a8cfec450431a451a22b6ccd1fc655253bf6a9d9ab0f9690a226

SHA512
880ea4308429e0cdeacc232420eecba0d1433b88b9f9784527aa8acc7e79dbf07a057517fec862be38b9cad497bec2285b24c635fa5017e9cc694a9297079191

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
191ef621ca02307bc262ea4e785b0721

SHA1
d7fc50b7861d3f35d0aa700362624f19cd0c5674

SHA256
31d186ac712df9bc62c5d35a2267022718ddee787d2c0e290ddd7e891d5c698c

SHA512
cb99071d1dcb9a370cd9033f3531def9db07ae1a4490341106eb1fde60f81674d1798eacc40f771d369fbfc8775db60a853cdafdf038a1385ae75a6c2fd1bec4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be0fd25ea4d59188a1b611d27a1ca964

SHA1
8b65fec7a8d81a57c5d44d45a3e49dfaf4cffa59

SHA256
0097d288ed1b2a22c2d55638e8c9bcfb8bd0581bd1f787c8fc5ff1c7dfe54289

SHA512
b3243f2ea9c6b2d5351cfde13c20aea3e245fcd5dd0acdfecbc21fe78c9516cadca3cf6233c39b831fa68ea094b7a2f7e9985873576fec45763f9489ea3c4da6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab933E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar93AE.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit