d6c2048d1222781aa28fa8cd44bb07944fa534b0cddbdf5162cd4c9b0d23937b

Analysis

max time kernel
0s
max time network
130s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
23/01/2024, 18:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VB程序太平洋.exe
Size

24KB
MD5

a2b0dd7a490c19aca773579858a8d460
SHA1

e39a91ebfddfe0bfa34147eb976a53c013cd39e9
SHA256

9e39a64ddf585f6ace211eb5cdbf43318faee82429479390eb6cb900c53caf6e
SHA512

9f74a23472f215ee6305cbad95cd39cdc617f0ee4fdfd29e95774fd5934eca8030aa288670ba8a6bf2c5bcd28885d27138b8752f07fdaff62349165c5fcec7e7
SSDEEP

96:/lx8Q/KUtRmNuOtJyg4DAfNBmVwq4ehCGsHDhRaeZXSKJEHOtJyg4DAfJtRmN:/TX/bmBKDArQwq3h2CIEuKDAJm

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{64EB0111-BA21-11EE-8A73-D2C28B9FE739} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2736	VB程序太平洋.exe
2556	iexplore.exe
2556	iexplore.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 1692	2736	VB程序太平洋.exe	18
PID 2736 wrote to memory of 1692	2736	VB程序太平洋.exe	18
PID 2736 wrote to memory of 1692	2736	VB程序太平洋.exe	18
PID 2736 wrote to memory of 1692	2736	VB程序太平洋.exe	18
PID 2380 wrote to memory of 2556	2380	explorer.exe	23
PID 2380 wrote to memory of 2556	2380	explorer.exe	23
PID 2380 wrote to memory of 2556	2380	explorer.exe	23
PID 2556 wrote to memory of 2680	2556	iexplore.exe	24
PID 2556 wrote to memory of 2680	2556	iexplore.exe	24
PID 2556 wrote to memory of 2680	2556	iexplore.exe	24
PID 2556 wrote to memory of 2680	2556	iexplore.exe	24

C:\Users\Admin\AppData\Local\Temp\VB程序太平洋.exe
"C:\Users\Admin\AppData\Local\Temp\VB程序太平洋.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2736
- C:\Windows\SysWOW64\explorer.exe
  explorer.exe http://www.dapha.net/vb
  2⤵
  PID:1692

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.dapha.net/vb
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2556
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2556 CREDAT:275457 /prefetch:2
    3⤵
    PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
19KB

MD5
a3dd38c706e30ce0975a4b625fcb8c6f

SHA1
8b690108b5b5c64dee8ce7beb1e36d6f35b83a8b

SHA256
78609a072b429aad6fb22139da800e1aa46b9d0e40ebf1b1a69c88ea04f956ca

SHA512
805d61bab166585995b0e079e85c95a6f1903b407105625a24c98ffc82a5fc4dd8993b2af9f5eb9445a5f3d7dc6837f477352676de3eabb0b45ce1a680b34328

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
4cfd53a01f735a27ad6a88f097ee33f2

SHA1
6497cde02612d35fa4d4606f644a1ccbbe7b8ccc

SHA256
3558f86c7fec32a9bc5a28979bafb7feba24f17203985b9e9ede0207d0841cd9

SHA512
a29fa256f6e36e71baeed2f5c21a14ba043369a13184460e27fec94cb0c833c870f604bfa9843f85f961589890d0d2d05d516a5c94b59f1bfa9750f8b31b3927

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
43a56e6e70a9b0aa65211abea68ad2cc

SHA1
291e1f1e724499c5b26eb5dc3683fcc51d80f958

SHA256
e58a3c4971418bd30bbb4b865e3c33424db9ed260b75f0fe1d3502f0f92e4df9

SHA512
62432b778a9ff5f723a56c0d84168df8583f67fd16c641ead6a02cf11d90f324ca64c82076e1624b0586111ea2eb35733787b93557fb1855a60f8adae8aa6f32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a3ddd5f20abbdf7a15dfdb05689bf725

SHA1
e5ecfefc32350602e73ed385794309523339c60e

SHA256
00f5cc3c692adbfe186f99de270fe4b3bee33bce213894e47dd343dc1a9a6ec1

SHA512
6a4847857e8010b7c5e31c0727499c6829121336cd191b69409f3bdea1a67abde74413ee97e0337ccf1aeff8bfc90691cb17c81c7cc26041e62a52c1386e8fdc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
684810f24208d3de5f4f81b774b4fb65

SHA1
ab192e5a3061df2c060c6c50c0615ce8f2816a22

SHA256
c47d3d00a51a6999b29d50e63725ed93e8a2c45ab1554d9d3210441cb9cb883b

SHA512
8f3389cdb00f46adf338e75415e748bb15c0bc022f043d619e30c811645770845868b04a95ebe96db722300e803cab006370b2256e6635aca86942ff196e5da5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aa57ea207ae56694713a0a2db8b300ea

SHA1
289b6992d71f2aa28bc2c46f47dc009860450153

SHA256
6a440240cbe149543c382ce97b27be889f73209b28159be6c3b1f432f41b0be6

SHA512
57be6e5fc77fbe98059297af9a0dd253022662b2015f374bb55461af145c637cf3e271c7f30c2532aa4faeb3ce47f81dd3082297624eb25c4386eca1091da478

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f524d41e24b7edca0b63510fdc6b919

SHA1
d2080c3c7b0ae86ce73eea15ec8a71741a98e440

SHA256
92015396b223ec50dece847a61a51dafe3add01fdc85a240917c202d880c52da

SHA512
f866477f7522f5ab77f020ea9a78da813eabe19677e4c8a6eeaaf74e8b93d60b1edb4b7b55e7b5868240affaca4ca98b691193af8e0efc717f058e8a7da2034a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bdd90b68fa53c4d71aa2f947b47cf173

SHA1
ee98969dd9d6b86dd11b39c78e9a08238f6ce76c

SHA256
a75ca28206fdd2f301549e3af21a65dda54019464b7cbe5386a87ab687dc2c97

SHA512
ab9fe7c63bd2f42bd3f3bf18f7b742ff41b77be6d599bb250a36e8d4a4dba9c40a9614a0515c634bd86216465d0a0e1a90a88995ca2fdeada4be1d63c218384e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a3787c8493eca2450cd8404f2a0e2b44

SHA1
5fd1e03bdf3962b845c097eda5724813965499a4

SHA256
d36e297585ab7a21627dde53fd1d39683fea89ea11980d86a7cdb944dae070f0

SHA512
edbaa136673a74e62b943ccce7817d71e6d33e55e409575aed11e41335489da5e52694ddd740710808472a0737bc8949fd452f5a3d8ed9b61b65ee4fe05afc27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc56a33f08fae5085db8d922e17bfd64

SHA1
a01bb753fdf6f40782395745989bdca4a647632d

SHA256
58933440b60c6011a5b5dfb45c09518c62c5bcc86474c89148313176cd318801

SHA512
3f6f05bcb5ace800eababa83fd6cc194a4324ee580e016588925096337883a11a6ad72d85a4bfdc0a7a4198ee4e14e07bb17463ab951b83c0e63e8309cbd0986

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
580f204e332a54414b280fe69a5ca6c6

SHA1
b31ce949f7b77f827b48d04ab39ccf8d1de2209b

SHA256
9bfe2c4592e45e48793239ed594d2e1cbb5024eb182573085e0eac236a5457c0

SHA512
d654023a7ac149b849678c413bccef6f1aad0cfd752134460d4c1726ee401b23a22769f9ce6548ea8ccca3e10c1f9366b6e7912dc781cc2712ee9fef6f8be505

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b62cada82d4b2047f0f66263a5be1aa5

SHA1
3cf4dc38cd425d1b553cbd0890737eb2b99183d8

SHA256
83108ba792db2e8e2cefc2d928250c0f47a1c0baad91f8804458eaec9b7961b3

SHA512
fdea2f0b370d7033d90b326231c90787bbea82516f4a0e3af4473347d778784f25f0d5683f04e134e45272fbaf1d2aeddb0543208e2101438c4e3dbe29e5cf87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1a92f34e63510536abd549a422072cbf

SHA1
d9d68d2e31f3bb0538409ffcc4160d3385bd9a1f

SHA256
eee4d08c8beeb7f921c8b1c4df80f5a1c63b7a700904dff67d47a53c2e846a97

SHA512
1d0b5307d87e20fbc2aadb472626e086fa10b74e8ff31e1a74e4a12f7d77ccd8a6da69fd583968162dc945ac2d6e76f40d25b11dedf93f46ef0777ea773327fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a3b401e7df28888de1ae4571a5c67203

SHA1
93c9689a1cc90fe6c5552295b57b4cf5adbedc41

SHA256
557f977daf7e0e1d3922d083f7a55ed7e2d1c2edb9426d749cf1c4e7daaf8bde

SHA512
5d68578af49252c88f85e29b63cf977f1c82c398461e0112c236b5861385749a8071423e1f9f3856993ee2867527fe9a749bb81cf32b46d3e3df7da0564d6baa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9632425a8f535bb94a4d7e494484bcbd

SHA1
34054831ea988a9f695bb1cd31cc1d4b13630605

SHA256
e9cd1cfef935335d524ca920855f184c958011148626c6c6ff2888883896861f

SHA512
1695ea6c8bee751f302416ee1fb97910ee4298e276075f8d1e10f7c0dce775e671fb2020278bc3c8db0aaa9d605ffb7594514b855682a97f73cbc712682ee4c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f107b28293993c39d0986e63c25ac17

SHA1
61dc7d939e011f8fbe90923d703d143d25528e17

SHA256
ea644f402e40cd760171978e9cd3ae07f513992a8050ee2c36ce29beb415c04c

SHA512
b04a4c307a99d53eee51690ecf2b582b1b0044762215a4c78d506b2a58eca0b17b261fd237eefef6f5580a8ba29a3f5ae684e42fbdabc683f83db07c00d924e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
06b47ece8731db75e9a35369933cd785

SHA1
8c6f5bde8a77d1e8120bbc549cbd5d0d2a28dca3

SHA256
dd9e322945f9ce4790f9d380eff2b633c2cf585604a36fdcfab8278ae02b5ba7

SHA512
83efdad123104e434b03d817811a425e96dc0abbda27de892820eb782ce6e0c454ee3f6749c6f40cba72088265acb19026dff1062cd0b7b9cffca5eed25f324f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
18873721735acba54f78daaeb18ab97e

SHA1
51f4f3a1832a843f8191a981937d8b1265535770

SHA256
6ed769c1b1e74b136f0fb509da1aecccb3d78c6ba28194244b7f959520165f5a

SHA512
89bd3636da62d3bd3b1431fd50421658be7b3e23ca9eed096cd616fae581871f6975ff446b7ee79d85ddc1639d53118a324258dd33f66daf6b8c3b693b9e2663

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9baca49aaf8688c84236fa7d9ed69e4b

SHA1
752d24019d4d8dd185b4bcba34e171ce4e87c239

SHA256
ba1f428c23d736bf67f003afc9ebfbf7a90f54ac4438b14fd1410c38ee0c7199

SHA512
ca517d56711d5fcbb4c46d784159eb93c3bdd8dc71c98048ece2422254ffdf53441582a96eebdfa1881a5539e49835dfddd1369f33e9f86ef81ff5e041f389a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf888319e0ec47c1157e640c5c5bab61

SHA1
648d3d6d7621b93a7a8d99609b05420344a0625f

SHA256
44ad5a9e140102363a7866dc694cd3c08c6a07f0705e55284c213d7350afe833

SHA512
dfda9e8ce7eded90d1105536c9de2f961b17b62f02ce721dcea3facb8b78388a7d9686ec412e9c76402c9fe7fc9512993f2c3430b869d1b34684a18e6aee64d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d9743e537ee50fbbc0af5f253a83b2a

SHA1
45211bbbf70fe74231da73cdde1f2a561daba3c3

SHA256
6e9a147586458f297f3b824542e15fe6a0ad3c1b7ae4bb92b2887b2776a77ecb

SHA512
76463bd86ec00599f5416c536564118d94fedcb10af35b56b7fe4fdd86b224e8365f2e1dff24e5682574188f9f42c736e36e4b8a5019ded87b119b0f3a31f7d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
a984bfeb507d5cacc2ab87a539174ec1

SHA1
454e6203326e0e7955d7a95251feae9b3b15eb27

SHA256
d4754ec408c17a57130b13b09fcb23eb7f6e4ca941fe00c52e518f3d6dacf592

SHA512
875c6c23ece9335080bea158f9d5c5ca3838dda1cdfbc73c69e61fafef929ae1c80b1009efef3263880bbcf0be45439b6f8fad8d7a86a712d4b9e5106817a090

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar25CF.tmp

Filesize
1KB

MD5
fa527dcd6b5eb05e72fc51570a2a6608

SHA1
3380c5ef74408265fba2f67e790636d0ad0a51cc

SHA256
4dc7a4a6cb3be2c334a27a49df89f18f8f91749fe6aa1cf28d548e0e0c75ce3d

SHA512
05c0e217c433949cab210102a26ca7f6a765515b228b217e25c7409408fc167b5a59a8494e1181284e9ec72849c90288f3a066faa284e29d871097ec76291a5a

Download Submit