757900daef442d310ce62d8bc0b07d91702ab02e49de344711bbbcc8f7eb1c13

Analysis

max time kernel
162s
max time network
154s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-01-2024 14:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

商道货源导航系统特别版V110905SC_0910/JiaDianDianQi.htm
Size

18KB
MD5

7f8bcb1dea4122fe525c86958704b0e8
SHA1

3a6a0144d6d5bd144fb06846c242a20bf4a30453
SHA256

6406d1556a30c1c08ef5ecdd616aec9934d84af690db5fe412eadb77c5c53ae3
SHA512

bb1ce3cb98bf9ed359f039ebd90743eb7b25a3a5558cc63b4c18447445d7d62eef8074f2d0c8d7a3ee24adacd6e68ff8c7df57e745db22117dd036ca5bef60c5
SSDEEP

192:SiSVH26/pHCP78ijfe+gH/b//pyb8uuCLLNqiMmKWKPJnLkcua:SD26RHG78kfe+gHVdaYiMRnLkcua

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9B27C6E1-BC57-11EE-9295-C2500A176F17} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c193000000000020000000000106600000001000020000000cf1bee7b955b89c9ae60638fe3b633d7ca1ec57ce1d650186a2d530e40469225000000000e80000000020000200000006edeb397ae6ffc08e04845fee8e4e6fbe76cf5a001cf8a88fa80c0444fa7917b90000000ffbfb7da183bd1f93895cbbaf73f100b499bddfd76c1ca42f08b98085bb683629dad074ab27b3d8bab69106fe71464f005ec9facae6694bd90f07a8878af7f5502818bac0e74729e2ab0af16b51398657d680e13ae35160a68f310c02348dff8886d9c0b8eeefabca08056f7adc28c12e14c1fdc6c323a784c1e18bd955cc951e37405aa1d810b670ebe2c9b1523cb7b400000004d6df455e7c8a8729affc5bc3e736a08cf35c99112425f49385336087bd1b0375bbb65053ec00aa0a4e352bcb85c32596ec0b310d3329f8e2099cba760e13f45	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412441363"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0c7ce8a6450da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c193000000000020000000000106600000001000020000000586594f86f53e1224e7a2a0bde5ad6f032951fdcfd7a47cbef992eedc2aa88ef000000000e80000000020000200000005c82a7729410503dd786a974df77d8ac00bbe8fd072b222675635ca381f7ca8320000000e3296d95a9b652d565c2ac0a15c8080e3c08c343478e0a0a165d71a180aa124b40000000698587f7326621a3984fc417982d5d1d303204547a74458f48b215c714db54c681ac9f85a6ac9d37274d3242786a3ab03f0bdef41e0f6de0e07875b19b3a5a0f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2788	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2788	iexplore.exe
2788	iexplore.exe
2440	IEXPLORE.EXE
2440	IEXPLORE.EXE
2440	IEXPLORE.EXE
2440	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2788 wrote to memory of 2440	2788	iexplore.exe	28
PID 2788 wrote to memory of 2440	2788	iexplore.exe	28
PID 2788 wrote to memory of 2440	2788	iexplore.exe	28
PID 2788 wrote to memory of 2440	2788	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\商道货源导航系统特别版V110905SC_0910\JiaDianDianQi.htm
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2788 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ed581bd0fddee00ed835855e115129e

SHA1
5fb9c727e85e5f78901f50973a6d1baf5b2c0546

SHA256
0b7acaf18d987e63bc5d253167a7dcd6e82b36d0b35ee29e1182c1abdf483894

SHA512
93b8e307912355ca02cf4733df6606f110d1dd7033cdc93659fb5f5d469e7ab65480cbe3e646d5ee573925f406f2726aa882a154db9053ef671b6b0642101abc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb154362edff1081d3aca1b549c7d2bb

SHA1
dfc3aeea1c3be4cc5ad4254c919ef2cc2dad690f

SHA256
50e5405457851605604f95a9ca3fb99cddf8efb27ad203044dd75a77c886ec21

SHA512
c59c55d8cb273c3df169a7957ae4037c29e59bdb1eef89b13cceed4daed54ccfb765bae0032f0b32e24c7ff69a0ae90472d71c6520d031d2cf2e692fbbba73f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da56e939c9b40340df59ac0fff0aac03

SHA1
06bbfc58504ef54b0f4e768fd6ffdb37fbe78a30

SHA256
6b7f86cdba3c9603be104efa214c9cd3724d4ae4fea03a6a0005560c3f3d73f1

SHA512
0c359657b38644aa85cdaf0a8e0f80ea074d01e895982850b1eeb2fbc12731525f552c409a476606b89a208a7854de7f14ebb200043f749930f8915b7784c9af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32131f912984a8ce31a235764b46a0f0

SHA1
eaccf90658a4da34689b2438a3ef4086d4fb463c

SHA256
a3ae4a5f18b71a8395e0119e3cdfc9c136553ecbdc1a9baa59a1238f4892173f

SHA512
7565507931fa88dcbb6f57d8f8e9dae66f17d1dd3424e83832463fa36c78b33e6dfef11519e25032cc7a1730e34f9d9ce76b4d036f0a5635caa1c7411d39193f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9851c7d8ac5f43c205f84b5f12df4cda

SHA1
d2ebfabf9f528c259196b5d0e951550112faee13

SHA256
2ef805a858248567b97604ef26ec63b89627a241f139fca7ce5b3ee5c8bb9d16

SHA512
60a74fc2aea579a42c91f53c7d79cfe96061cb2c8e4ad5af631287b8db5eed3e489d89a8984c84a03e1af41b93a6d0a4fc53b7b1f408947cefa3f23aa912d150

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f665415c42fe32e48a6cb7397444dcfa

SHA1
f0f4ec548faee949cfb12af8d84565ad2504fb7d

SHA256
bd0f26ca79f77ee281f64cf4cbcb76ed10f2caf8280fdf77c781c94575fa62ce

SHA512
7eb5b643300720f808e665797cab8c5ce1b495769d4d7cc05c5b70a32770d294de82c287f9b3ed6d5c672cb45c9109234872c63f7b0b329bd998da727287ab03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c268cf5f3119f1ab34ab76bd651035c4

SHA1
8e4c27c2c5a4adae14f1380971bc28097fd51dfe

SHA256
7ec30a8fda0d36322470faf25ee9a6e350bb29dd0de547a6abab8521d0ce6afb

SHA512
37c28afd932d11e6966b16e56be2516fe4d738a42748f234fc9795004d2efc543bf9381fe45fb59132314c8f1a01112fdd799616ca1cd2fedfa102f73a1a9de1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
43a20eb37afa791834e9b1aec0c742b4

SHA1
18fbe0e7fdcb6570b92171fa2a4900ec129ae23a

SHA256
9ad625473a289fc9df3e5376a082ad9d6864970a70ff282f402b61a87d40d243

SHA512
59112872256d687a04c2b3969313a53c113e3ad471c6bfa48123f9d852542af8d31ae6ad25d586fbf3b25edcf82076817b558dadd3442d6a05cf227099e227ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
702a0d2faa4c98db1c21f5c70e451537

SHA1
c1f1ee7daa27a777a21b1b541325936df1e14250

SHA256
ff93466d2a651b6d67c1fcf52a68f7716a70b3b4631d058119af57a9941fb06f

SHA512
447ad8b9e39545a3dcb95763442cf91900cc5f966695c99508e6da23579f1724fa324e7efe336ebaff35db0d0bc8d0cf4784812ab3ae0c017e0d34dd499f33a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3014ae6fbc29555a0b652956f29713c2

SHA1
fabef5c7d9dbe1d0ef05ef35c6a1e0d32f8528f4

SHA256
b4468f5bd2d6eed912c480788d300da8f9a41b580817e2964ca39e11b83f5f88

SHA512
34a53d7f58f21971cbce7418f61576e29efaf21dc1fbfd280a46d77fdeba08356ed08297e6b34b3c0bf3e33878ddf7f3cfeae8fbd5b99dbc6d5d6e7a10ad6150

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d2ae43dcd28b78344d63c4a9cee8dc95

SHA1
9c81c7314300054788691826ff8e8ce4428a4c9a

SHA256
7a4b11022155e90a78d756f0d132c751f699b03df208a4196092746cf8dbe41c

SHA512
689390da70486993325397398490c94dda14a67fc3db8dc45162a8e71c6dd87f2e1e0dc748ffbf2216f97a7b46877654a80af9863d2c587c5726b656191c8646

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e710b28e0427118c8597f4c8df8c818

SHA1
139e7fedebdba3e4db563c0627bdc2698a66d9f5

SHA256
b9da360270dd0e05b5f89a8414543c7bad752003c4b371a92229d85b2deeee92

SHA512
2cdfccb11068058ee12bec75422c653160ddaee4393ee1140e373d379e21e7595fb6da481dcda405c43ee20b7b354f35dff01cfdb43ba64758dff0a9c9ccf130

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
659e2080a18401f3af4a73bb2c3c5f70

SHA1
d51dab5ead4db271cb9f175b57509dbe9e94c32b

SHA256
892fd07424c8504acd70709e11e3c9b08ec6e6c0ba50c16d73c98d130be00ce9

SHA512
50ec922d144673537393ad8e20042a6786e7141bad18f3df7b0b36631d4e24c7e9c30eed8704bc3e5f72674474613753ddd4e10cfde1d8468f4de86a7c4b4e72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c3775456a5061130c8b34b6747bdc7bc

SHA1
cd50cdc327cadf8f3d62d326c5bb03c213223491

SHA256
940e8219ab715fbe21643a5105d7c512ce10c8fde5fa283a026469f1cc7fc554

SHA512
03a6ac274b9f1e3c453cb6015859c03b3062e3a90b6ae90822f7999c38dcc1b0d4a26c7d1824a8f2d3ed78ed2fad446acdade39dae06824a979cf3ff48ba20d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
00cdef3b98910e4193fdf3ad8ee2ad05

SHA1
cc780b5dce71ff596754166077fcd70637d2a174

SHA256
8f72ff18accea3157743f183da78da12b8ceaf939e863b131bdc604c01cae2cc

SHA512
92a6c0bbf24375f3bd0f1995a3a22e0e26eed225faf5afe7a8bccef80514793939049edf025201862c64a5fb22fd0e756ceb5fe890f8cd724fc8bda3d7d661f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
06ff90694a007795ee46453e8e54e461

SHA1
c8acb55d5b37e1246935b2c7518267c9d0ad1cf3

SHA256
18857e960caf6b5831eb4bd67469f6bd1f171b68fda99114c76df1056f255a50

SHA512
7267503b0e6dd4f07ab1fd5cf8e009156422f063b52db40e46af32d8ad538363a9790599e890d1fc08e4abb41493794ee73fbc37a72e5569d1491167faf2bc9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
10f38d1558e8066e4366bf419c93039a

SHA1
a3bf3c71e6a733878f03a770d724ba966d7b4d7b

SHA256
7cdb0acf4343ed3a87ba76f44db4f600ec7023d4bad0775e1842e7b0de6db616

SHA512
5e87d0df9e0db8e8019a02363935d82b632331201bacd8c317efa60f0f2b87dac30c38ca2c7b81971ea2458b7741d9d9029aa044940d7827dfc386f9313f95fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6125.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar680C.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit