Overview

overview

7

Static

static

3

c7b0a4d4dc...99.exe

windows7-x64

3

c7b0a4d4dc...99.exe

windows10-2004-x64

3

$SYSDIR/Ba...er.scr

windows7-x64

1

$SYSDIR/Ba...er.scr

windows10-2004-x64

1

$TEMP/dospop.exe

windows7-x64

7

$TEMP/dospop.exe

windows10-2004-x64

7

tbu03852/dospop.dll

windows7-x64

6

tbu03852/dospop.dll

windows10-2004-x64

6

tbu03852/options.html

windows7-x64

1

tbu03852/options.html

windows10-2004-x64

1

tbu03852/s...g.html

windows7-x64

1

tbu03852/s...g.html

windows10-2004-x64

1

tbu03852/s...b.html

windows7-x64

1

tbu03852/s...b.html

windows10-2004-x64

1

tbu03852/tbhelper.dll

windows7-x64

1

tbu03852/tbhelper.dll

windows10-2004-x64

1

tbu03852/t...091.js

windows7-x64

1

tbu03852/t...091.js

windows10-2004-x64

1

tbu03852/u...ll.exe

windows7-x64

1

tbu03852/u...ll.exe

windows10-2004-x64

1

tbu03852/update.exe

windows7-x64

1

tbu03852/update.exe

windows10-2004-x64

1

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14/03/2024, 04:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tbu03852/static_img.html

  • Size

    503B

  • MD5

    2caff3519f5be538757c467d4fec4756

  • SHA1

    7e77344f049d9ee4d216b6f412c01ba28596773c

  • SHA256

    e94503ad0ea2a4f7002ba70f57e12da9daabb5037b6bedc7725d1fc43a487415

  • SHA512

    029814dd117053d03acc6c0cb1af2802256149c6a3588cd41334deeffad6095dc16386887e2053f288b13a5ebd3599cbf9c55c194fde81f3df77045d2609a467

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\tbu03852\static_img.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2488
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2488 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2548

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    38a3b9a834a416cc38f29918db57b272

    SHA1

    3c624abdf38e8120b5448cb9df1513d3c1223288

    SHA256

    7f32d3623e67636fc86beb50356345148b1a215002992712d6872b9dd7eff8e9

    SHA512

    df9fb1d4c4702dc07b4ccc00968a8faefa84866e7d2d518d810e0d1c62e3174d5125dc101b09e80ea5c8b42df64cae184fd3ed48e118d6cc9fc983e5b472042a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9c138e4df325c696fd6de6eef8dbd6cb

    SHA1

    b940c658cf37863060a7456da86ad18d4c477f7c

    SHA256

    aaf48f3365a35c079250b458af31cbb07e5d6cdb94e43b8f324bac4a212e8d6b

    SHA512

    6462afe13336f4a845abf58b619a982af76e55b28cb189401f492a61805ff949163c6ca8d3efcfba86a264f9b8fc4a3e13d0428935eb20e60874eda09b9343ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    39f8a3fd51da534b5ebc2fddd431c0be

    SHA1

    06b42ac35d5911d7136364705032cfa0f3854f58

    SHA256

    1f1e828925cdeb7dd83166aee98016783f27ca88dedf65573414b0d32b55ff80

    SHA512

    0be792ee0e19309c0dfad1a36999513719a94fc8ee19da508bf4db091fc9e6f11bde461957528503aaf2f5a537d49a0d8420d9bb31e72b120310ddd89ce4b05e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    549388e38a8430062ae7d78705b68fb3

    SHA1

    36bfead129c002f0ce4c380b8cd166e8bc9522e5

    SHA256

    86d6f57f5443e4b02c6cd6dd6ed206977ae9966b87fe872585d7313e3a6bd1c8

    SHA512

    e16f009005a9f3eba7b421a8aa728db3a46f52aaeabdb925c32780442b7e8a3a9516b3ba393120a7674f686cb047cad6bd62705a801fcb2260c0cb87b9154378

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    73d0e7604a810c103a7733c99b1e08e0

    SHA1

    d42c693de0719332307eee63ee42e140cb33f180

    SHA256

    04f1dfeacc29d31f8219a38291b500e41287d3097b169d45c8513337e2f9c2a3

    SHA512

    5d28265aa2003a20f3b285d4005c5f1b8f976221c522b2b7087075b8086af24e9ff324401397b4c7d590b32073f3844e785d32f7edbb4d406a0a53b3a3e1e2cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    abc36aba602c86b634e34bfa823f89cd

    SHA1

    7036219a081252df6b6246d33886acba9ae93bf2

    SHA256

    6b4f8bdb5e71de37b3d8e553c2d0e9b867b88512546db008a09ba4131d1ecf7d

    SHA512

    fe11d338bb964f10b42aee0ad5df58f2e936aa9eb8d7dba474e7bd9bb6b0c3c1a2007376c4ed5b03d742e6e2b92c5a8f4497a0fa44a96ffcc067e63340e76a48

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    558fdccf935397de3e93f3497c0fba6d

    SHA1

    1eaad14d5e5108161a4745b0ac907634e0cad640

    SHA256

    61e691a772106af07505f4a7008dfb0b97d7d2a7d1b5f430b04c9d6385435081

    SHA512

    06d41312c027f3f59d3c6d85fc432ecf621aeefbd5fb0c20720208285276da4c57d5fe9c612bf0a5226f10e0364b055e26f6c113baf2ba6b03eec748d785ab54

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dcc4117d640947eca0c83db683983901

    SHA1

    5afd42a9635338a0fd1c5479fad1b3780f24a139

    SHA256

    0fd343da6ab4d49dfb4198ca7fd52c6308461216d24d283dae8605b32f3a4f7e

    SHA512

    fa1b46f74ef27a452dfedf9bd619d33b302e031665600f57c397b0b6278e079b4d9a958299b22b6347ea08d3509087ed8484740117e1ca08d70248da408ed41b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ec3560c4e81d6053cea523ae929cf8be

    SHA1

    dff8648af8850d71b79b74f9c2c9106261a8879d

    SHA256

    bcb7209671283ae2610f1443d96eba876175703b38b5e3fcd7d9d5ac41cc22ca

    SHA512

    5e004ad80384e710f3300895447fd3c7b2789496ab3322e3efdfc0181f05d0077bdc294486c3bedfd1debcd314e52c15dba5f31c1e334a3f0b5451f085d27c7b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dc34a35a0af5df32c037111ec0099e50

    SHA1

    193cb4537f3ba2673a87190815c7a4096670ba17

    SHA256

    057c94fa3d3c5cf4e0a26aef5b2cb98a990535fdc077b4c954619e38a6c26a76

    SHA512

    dbd473e99321e22d620af87a0da4165d8a9ea050156a89fcd0f77ee6dae063fbbdd52b50cf7fd546d1de4e9ada7a9b8f9cae6b89f4400e2b12803c8bb718fbe7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7A75.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit