Overview

overview

7

Static

static

3

c640c84fb9...1e.exe

windows7-x64

3

c640c84fb9...1e.exe

windows10-2004-x64

3

$SYSDIR/Ka...er.scr

windows7-x64

1

$SYSDIR/Ka...er.scr

windows10-2004-x64

1

$TEMP/dospop.exe

windows7-x64

7

$TEMP/dospop.exe

windows10-2004-x64

7

tbu03852/dospop.dll

windows7-x64

6

tbu03852/dospop.dll

windows10-2004-x64

6

tbu03852/options.html

windows7-x64

1

tbu03852/options.html

windows10-2004-x64

1

tbu03852/s...g.html

windows7-x64

1

tbu03852/s...g.html

windows10-2004-x64

1

tbu03852/s...b.html

windows7-x64

1

tbu03852/s...b.html

windows10-2004-x64

1

tbu03852/tbhelper.dll

windows7-x64

1

tbu03852/tbhelper.dll

windows10-2004-x64

1

tbu03852/t...091.js

windows7-x64

1

tbu03852/t...091.js

windows10-2004-x64

1

tbu03852/u...ll.exe

windows7-x64

1

tbu03852/u...ll.exe

windows10-2004-x64

1

tbu03852/update.exe

windows7-x64

1

tbu03852/update.exe

windows10-2004-x64

1

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13/03/2024, 15:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tbu03852/options.html

  • Size

    6KB

  • MD5

    adc6e16ce6e97bd1eb19d3a8dad7274f

  • SHA1

    12b55eab3225b2250ba051803f7d791db59a46a1

  • SHA256

    29e525a91d8ac4ec6bb2fa299a404d9f151b45400c7cab09675a23469373435b

  • SHA512

    2c4bc233ae8741fe0a6995845aa88d707b347cfc78745fefac346ce27ddd5b799dd374bbba15516f6e61348f52720be3639cf0cd925a599250a9947a33ab7103

  • SSDEEP

    96:BKQ/O9mOdYCQiLFyzNYs90Yi67mX9gPui39bnLNza7/OBgx4wTn:BFj1cFUYJYnV6Bm8

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\tbu03852\options.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1224
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1224 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2472

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7adb7a42a89305ea784fb3b59edf0bd1

    SHA1

    a0007d516bca0a73b8d8e6665f3bc66c2b0b962f

    SHA256

    81f9d4d99ba20a37bdac786f92b1bc0aeff6310b5bd24ef76c0bbc2e73c7f815

    SHA512

    db5701e7f858867e5f0bc3b7ce8b693b554d442f3ec7903f4adc1e816a5754e71c988811afd81c558ec873ea830d79e10575233cf534fd474021d7095e91bef1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    00e6104c6c8a8b28447d2ff75411fabf

    SHA1

    ba7a68320dbd2a3aad73e21d54c7b42f8273beb4

    SHA256

    1e00d86dc0c51f8e7b08d4a99592ad695e5d61b18b9ac6f48c99dd740106183b

    SHA512

    15fd0945aebf8fce7fbe89e151498a6b2bc877a3fedb434b3db915b8d002dd841f5eaf00c3f6987dc0cdb83c6008ba17dde9b9fbe8e6bbd501743ec41f66c029

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    438b5c880754552f4afb636cbbfc067d

    SHA1

    6390b991adb5272371f5769a4e4122b75b35cdc5

    SHA256

    158522a933ecee19430e0fe13aef54e2993769ae2ad9604f4a0d34b6decd87f4

    SHA512

    ef754f007375bcf3d91377e012daed7dd6364fca87e84efb8080b8c31100b47ff12b749dc0789575f52eef8aca5c58516ff4b7a183c2461a4d8c16b8404a94f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    80aa7f5d6432c06dee8188645110a3df

    SHA1

    3cdb6ea82a4fb6fb1909c8531237feee4957ead5

    SHA256

    d3473b26a01ca23e36c7984de860bcec666db80cfd052f8574e4b85b4ae72904

    SHA512

    88bc85d63da360919a0727d756a11f76b200c07aeb466fde79b159dffe7d044f9b64e8ac3e5fec7204c435a3a016ad86e519b74b69f6cc944a7da2943d28f28f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    99345d2bc80bdc048cb3b8882e9d210a

    SHA1

    5c14ee910d4b72b5be30bf56c240778fd8b37061

    SHA256

    f3c18d65121c2d6743c0e3c4cc0fdd1ba2760d1211f9e64e8e60daf461e39e98

    SHA512

    9c9d1a52f94c3c1033b8c1491dbccd1eb9a0a6b924ca8f381749c34ce69e3acea3eb84ea8842dd61367a9cd5f0265169640b43f78e0da2a3ccc31e301bb23401

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4a70cf7477fba555744c9e895e63c031

    SHA1

    099b514dc5761bec687b5b9099c4484ef7753ae9

    SHA256

    9cf0fea782cdfc6f45ada13ca7e63dcf7fb83b78c82915f8427d8dd8a22c54d8

    SHA512

    ac1526487b465b8a3d116f13b2e24844b41682fe1fada23631a38be15828abd6855f7a3e57e4642f2497490d52faff91f27f6150f1bc663ca3bf49ff14d11507

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6f34a1588b953391bdbf4cac46aacc58

    SHA1

    298d0fcadaddb2ac4c63ebc9e549c5a9c199e339

    SHA256

    b1f747c31165fad6926786233da32a7a9134f83fc631c300c5f9d99431d7c0c4

    SHA512

    a93aa5a6e004b4afd0f561b83383b938705016b45f8c46e3945f2a048b20a977ef7343116cb5b136d6121cecc986cf59e6a20efb80d54c9c2521373b7afa0f77

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cc6de40bf77979796444220d6e21627c

    SHA1

    478a916628210d6de9c8e7aba15ce366991fabf5

    SHA256

    8a79eae9d8819d5563b10f70e4330353ad071453a8fdafaaad1cf612c6dc0fec

    SHA512

    73f9a9cd58efdcf2c644f328c055245c00e252e12d5738e376251eb33228e4352caaecd295c715c9ddf209c3b2c2f72b897a06a7a64bcc488405408e142fe7a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c8557795bb1b0b8110deabd3ae4fbfc4

    SHA1

    bfb7f5b03938cd657b81e4be0189221381a9403a

    SHA256

    dfd3fc15a426326e72bc0531183a4c9d802818f6862c04c3fc160e160016f162

    SHA512

    43e9b1a0f9ae4d9d3af65422ef00ee72a82874e1e94149e8502eab5532ee74f907d27a3057c824e378f36a48c35baa9a766db786cbb33ee3aac6bbcb7a6a43e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e4dd112120c35bdade2d4218341a8a22

    SHA1

    15dcb845942de76ac432b75affc034f86791ed70

    SHA256

    9efd39efdbea891823a743b84d7cb4a7d9e81e26108e94f874b3dfa199caf767

    SHA512

    29f1710f039a141c78eb6fd75a695bb4dc226cd642504e6ad5fbdca8bb5345561e1545ca1ccc0d0b52326272035525df955e5f8bbb272b3963510acd1a04ebd3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8dbda8939dcbc64a7cee2b70ee42fb6e

    SHA1

    76360da0319cbfe27ee2dee0186b271d7d123686

    SHA256

    749e6f84ea2615d92f1d51e61f5222c778ddffbaa59adfc6ac55d94216767f81

    SHA512

    7af11ae492c5c38a960e0c1df69e58c7811a2be6d0aa4b166cd04f887ef38223b3bf4ef408dd8452bf923efc68ad03d60119649a992a405669c6661c25aa79d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    de62f35026d951f749a2a4a85ce3c40f

    SHA1

    cac819b8fa5296d1900de928f859dce8c8170dc9

    SHA256

    3cfc59e451a17f1d2881ada1518792fab3f73ea8fa7b3db5cc3a5b834c507ca1

    SHA512

    780335d7369cdb84c39e58f912a351234d4eae2cd0dbe51905bdfa1aff45b0cd750e3daeaca1029e8ea061605cd58ee0eed57ece1770b39f4cea54dc024fd81a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab58DD.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5AF6.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit