Overview
overview
7Static
static
37b857c19b6...2d.exe
windows7-x64
37b857c19b6...2d.exe
windows10-2004-x64
3$SYSDIR/Na...er.scr
windows7-x64
1$SYSDIR/Na...er.scr
windows10-2004-x64
1$TEMP/dospop.exe
windows7-x64
7$TEMP/dospop.exe
windows10-2004-x64
7tbu03852/dospop.dll
windows7-x64
6tbu03852/dospop.dll
windows10-2004-x64
6tbu03852/options.html
windows7-x64
1tbu03852/options.html
windows10-2004-x64
1tbu03852/s...g.html
windows7-x64
1tbu03852/s...g.html
windows10-2004-x64
1tbu03852/s...b.html
windows7-x64
1tbu03852/s...b.html
windows10-2004-x64
1tbu03852/tbhelper.dll
windows7-x64
1tbu03852/tbhelper.dll
windows10-2004-x64
1tbu03852/t...091.js
windows7-x64
1tbu03852/t...091.js
windows10-2004-x64
1tbu03852/u...ll.exe
windows7-x64
1tbu03852/u...ll.exe
windows10-2004-x64
1tbu03852/update.exe
windows7-x64
1tbu03852/update.exe
windows10-2004-x64
1Uninstall.exe
windows7-x64
7Uninstall.exe
windows10-2004-x64
7Analysis
-
max time kernel
141s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
27/01/2024, 23:04
Static task
static1
Behavioral task
behavioral1
Sample
7b857c19b65383476a2450b99f6d6e2d.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral2
Sample
7b857c19b65383476a2450b99f6d6e2d.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$SYSDIR/Natasha_bedingfield_Screensaver.scr
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral4
Sample
$SYSDIR/Natasha_bedingfield_Screensaver.scr
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$TEMP/dospop.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral6
Sample
$TEMP/dospop.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
tbu03852/dospop.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral8
Sample
tbu03852/dospop.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
tbu03852/options.html
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral10
Sample
tbu03852/options.html
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
tbu03852/static_img.html
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral12
Sample
tbu03852/static_img.html
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
tbu03852/static_pub.html
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral14
Sample
tbu03852/static_pub.html
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
tbu03852/tbhelper.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral16
Sample
tbu03852/tbhelper.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
tbu03852/tbs_include_script_008091.js
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral18
Sample
tbu03852/tbs_include_script_008091.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
tbu03852/uninstall.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral20
Sample
tbu03852/uninstall.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
tbu03852/update.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral22
Sample
tbu03852/update.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Uninstall.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral24
Sample
Uninstall.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
tbu03852/static_pub.html
-
Size
599B
-
MD5
0bf3de7de6f6a9ece7674fb245c7e428
-
SHA1
a71d601820676d5741734e825c7347d59570bc98
-
SHA256
29101ddb9fc880b921c78a8aa0952310ccf0fe4eb03479425500fc2e779d4b2b
-
SHA512
30dc0cf67d772a79dec244882f24c4a6ad71a3139b1b92d6e059f1e677ef138596e71c7bf12c2283b591ad64744b9abd15895fa29c4a600f64c784423bc270b2
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a09a5f4f7551da01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "413161666" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1308392256" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c47f1af20644814589e7a32def35942f00000000020000000000106600000001000020000000d18b6b817c3bfd7761af54db041706364a0ec912930476a8a1a2753b0333aa4b000000000e8000000002000020000000404e499e04da17e8aeaf4a5883ef9835a54b1c79f2a830491c582396a170b2fc2000000039c32cd4b06c959c454b6ac4cfee445cc439e0476c586aeb0b35cd3c528837a440000000ec039bb7436727bcdf540bdd735616d10d60c0ad39931e74e4ff3ca02fd7f0c67fa94f714781bad05a73dde3c5d5dd589f4ef88d45af9e59e855070090b4ea90 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31084917" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31084917" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1318706369" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e05b454f7551da01 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1308392256" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c47f1af20644814589e7a32def35942f00000000020000000000106600000001000020000000446bf1eaccb804ba6041a604804816e84c3504394a9afba28087c71a150a808b000000000e80000000020000200000007c5f5ae1d85d0bcd55abad1b754ebf120cdf77a0f412067442599b5bd69c6844200000006aea27acfbbddf3c1ca3fe43117dfbc4ab313e48087c0f91ecd740125ffdf4b54000000020ef8f3bbafd1fd1ee9aa9d0f50d95b52cb9d68285c08542f2effaacb0bd5c0b244f634043def7795cfbbd9ee31c3ab329cd540c6373c14add5672763df7baa4 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{79823A24-BD68-11EE-9A4E-FAD2FAC7202F} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31084917" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3516 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3516 iexplore.exe 3516 iexplore.exe 2224 IEXPLORE.EXE 2224 IEXPLORE.EXE 2224 IEXPLORE.EXE 2224 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3516 wrote to memory of 2224 3516 iexplore.exe 85 PID 3516 wrote to memory of 2224 3516 iexplore.exe 85 PID 3516 wrote to memory of 2224 3516 iexplore.exe 85
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\tbu03852\static_pub.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3516 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3516 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2224
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD555adff48fbcd7763c70a0d51d485d24f
SHA18ba66cb09d8e16d22c35931083d443155d3a04fa
SHA256801c05af90120efdf31e4dfdcc5e7f2b76b9ca0e0746f58fdf12bf99287d8aca
SHA512a3151d562469fd2412c237bb5646bb214a9a9f8664be4eb48fdf704d9710872e41947669f770ac74d9d1eb5d6ea5953e40cc5a85d57e56fc82708341154eee7b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize404B
MD584fa1932f31d49ce0bc06d42967e63e4
SHA1a0436f259ea25435eec523c3ae656f556c8124fc
SHA2562f1ae7e61559e81427d9b6b67accc2b34c0763c3aafdb52299c357c926f11609
SHA512152ccb3b4c58f6ce1efa9f651488e13610e4d4617e831f0a39165fdce858e7c8deda4bf69bee05bceaec0538f9bf74d609f08175775b43603cfc6c09d1d66dea
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee