Overview

overview

7

Static

static

3

c640c84fb9...1e.exe

windows7-x64

3

c640c84fb9...1e.exe

windows10-2004-x64

3

$SYSDIR/Ka...er.scr

windows7-x64

1

$SYSDIR/Ka...er.scr

windows10-2004-x64

1

$TEMP/dospop.exe

windows7-x64

7

$TEMP/dospop.exe

windows10-2004-x64

7

tbu03852/dospop.dll

windows7-x64

6

tbu03852/dospop.dll

windows10-2004-x64

6

tbu03852/options.html

windows7-x64

1

tbu03852/options.html

windows10-2004-x64

1

tbu03852/s...g.html

windows7-x64

1

tbu03852/s...g.html

windows10-2004-x64

1

tbu03852/s...b.html

windows7-x64

1

tbu03852/s...b.html

windows10-2004-x64

1

tbu03852/tbhelper.dll

windows7-x64

1

tbu03852/tbhelper.dll

windows10-2004-x64

1

tbu03852/t...091.js

windows7-x64

1

tbu03852/t...091.js

windows10-2004-x64

1

tbu03852/u...ll.exe

windows7-x64

1

tbu03852/u...ll.exe

windows10-2004-x64

1

tbu03852/update.exe

windows7-x64

1

tbu03852/update.exe

windows10-2004-x64

1

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13/03/2024, 15:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tbu03852/static_img.html

  • Size

    503B

  • MD5

    2caff3519f5be538757c467d4fec4756

  • SHA1

    7e77344f049d9ee4d216b6f412c01ba28596773c

  • SHA256

    e94503ad0ea2a4f7002ba70f57e12da9daabb5037b6bedc7725d1fc43a487415

  • SHA512

    029814dd117053d03acc6c0cb1af2802256149c6a3588cd41334deeffad6095dc16386887e2053f288b13a5ebd3599cbf9c55c194fde81f3df77045d2609a467

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\tbu03852\static_img.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2112
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2112 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2748

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7a0ef70c2f07c6d95cf15b8b22e5de64

    SHA1

    76606df100ac750e95b265c76d9716cc92d8b7d8

    SHA256

    b7b659d4700a4dc3e440b4aa9b8a5650d571531952368618055b42797d44a67f

    SHA512

    8aa3b9bcde6f995400c49d1048ecac0b2ee888067abdc93068268ff00c002517d29f5af18b66d8dabecf90f20ec5ddd853faa7fc78f96db4d2efda5f5c80ab61

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6e3062078c918f786fd459a239d86846

    SHA1

    ae2e5c04b1e12effe736862fd727ad3749f63fb1

    SHA256

    f25b1883a34bbea54bdf80ba3a960e613f04d16b1436d0f7060c3ab1ff72872c

    SHA512

    7f52af6d376ac8cb00c5c8520690e2d3aebd59331a88df4f91518239af38a59e213e46ad874773363402975b502c2aca8524cffb9382cdd721ac8c1c5311e402

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7df8c8506faa2be4313d38a68ae4ce3e

    SHA1

    23c3f49156b22a62d630de27d6cf8283def92423

    SHA256

    ebddfada0b6e3331f1c3d49b21323185ab9e9cccea88605e7d00857dcd10bc07

    SHA512

    4adf3355d2207f84b13490191be025a7cca1dcf3ee032e64a7f6cf98691c79fb28c28050c6185886f28f2416d2b32e5942d2a2022147037b2260c11421fac86b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d9acb7d5f2e08846a157a6d9fc0346ac

    SHA1

    e300ff02c42504e2e0bdcbfeac83a0c9f54b1744

    SHA256

    7c98a5a9cfc18874f17d93c58a56262b6814ba9cdb6e0f1773c7e298fa380047

    SHA512

    b7af01dd624d680158c22520affd2c411b91c3909cbf81b0015bd0351fd1c24670e6cdf025d8e53110948ea3fe596060adf40ad2dac32c0a9150d2797b519693

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7ab62e1bd1efcedbed65de403debe9ee

    SHA1

    2c1a704e2f1d11a05c391fb80b7866a526970164

    SHA256

    5303154b17c8f14592b4734dac113e56f3aa3b9c9a7fb6f569f317fcca9c0f1c

    SHA512

    35aecc32fa6b2d14ee8ef07242dafa0f735f943acd73a5ceb7f0932347d6c76f4ee73284c3398b1e6f5f1d5cb28218195236fee87bcdc10e7bd526aee8b873e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d92a9fea8ec293977ec41158620702df

    SHA1

    c7c0b9c060e01613713c566ffb31468124cd97a2

    SHA256

    803bb0367937470fa7beb4fab3380fe0e19efa0d16dd89b109a863ef8db1d88b

    SHA512

    41f9a4515964e042b5a875f430a1af0a461be3f4a34a8a8ccfe1a0007310470ae21cefb11a451fde94cf5fe3ed0fe20e874eb3246d8ebfb5b33fbc71ce63b3dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3836a038e4ee9ae4d5431fccfa7749e5

    SHA1

    af0185523b3856eacca7ae977f3d8da755fa9fc6

    SHA256

    56d3fb1823ff3997a936a0b54eb71491f5b42cbbf47c525816de84a19eb1fb20

    SHA512

    219ac4dbb67bf94198808d53870571e426857a257e582b5c79fb3ba9b81ec92287a4040eb880beca5a10effd6b0e9ca188221cc22560803bf3d3c095a7073c29

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cf7d3a526004cdc50435333fbdbec580

    SHA1

    056639674f36ac0a3eaf6d5d0fb14f8b6e90b98d

    SHA256

    3f611a8ffc1ed6370974af521b28bfa700f9bead7141cf85d6566e2d7444f501

    SHA512

    8e2c101271b607923320a0339ef0848eba4bdb0fee6bffbbb85bf44c5b47b8e7ea62aad0eddf3a7de6dfa0484c86862cc49e4f854bb624f97fe834457247aaef

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2702.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3473.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit