Overview

overview

7

Static

static

3

cd109c901e...56.exe

windows7-x64

3

cd109c901e...56.exe

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$SYSDIR/Gw...ni.scr

windows7-x64

1

$SYSDIR/Gw...ni.scr

windows10-2004-x64

1

$TEMP/dospop.exe

windows7-x64

7

$TEMP/dospop.exe

windows10-2004-x64

7

tbu03852/dospop.dll

windows7-x64

6

tbu03852/dospop.dll

windows10-2004-x64

6

tbu03852/options.html

windows7-x64

1

tbu03852/options.html

windows10-2004-x64

1

tbu03852/s...g.html

windows7-x64

1

tbu03852/s...g.html

windows10-2004-x64

1

tbu03852/s...b.html

windows7-x64

1

tbu03852/s...b.html

windows10-2004-x64

1

tbu03852/tbhelper.dll

windows7-x64

1

tbu03852/tbhelper.dll

windows10-2004-x64

1

tbu03852/t...091.js

windows7-x64

1

tbu03852/t...091.js

windows10-2004-x64

1

tbu03852/u...ll.exe

windows7-x64

1

tbu03852/u...ll.exe

windows10-2004-x64

1

tbu03852/update.exe

windows7-x64

1

tbu03852/update.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16/03/2024, 04:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tbu03852/options.html

  • Size

    6KB

  • MD5

    adc6e16ce6e97bd1eb19d3a8dad7274f

  • SHA1

    12b55eab3225b2250ba051803f7d791db59a46a1

  • SHA256

    29e525a91d8ac4ec6bb2fa299a404d9f151b45400c7cab09675a23469373435b

  • SHA512

    2c4bc233ae8741fe0a6995845aa88d707b347cfc78745fefac346ce27ddd5b799dd374bbba15516f6e61348f52720be3639cf0cd925a599250a9947a33ab7103

  • SSDEEP

    96:BKQ/O9mOdYCQiLFyzNYs90Yi67mX9gPui39bnLNza7/OBgx4wTn:BFj1cFUYJYnV6Bm8

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\tbu03852\options.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1736 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d2b0f2b892867f483f8f1983d26f89b6

    SHA1

    075f281df1e171e31e7b5701adf13d7c31976179

    SHA256

    74a2dae228432ee7a4ba889ba0d97384556107ea8748c10ca19672efbb18862d

    SHA512

    d4e6926e6f99472976265f2b766ff651b62df793ec422d14308c730e7870d495ca85b5ae77145d287684e96095c236316664df600a097d127e8290d1908392ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d98b76ea5ad043eb97c41f20a1bc74fd

    SHA1

    9a22f37bf423ffc44af6b96de7f235f1c133bb6b

    SHA256

    4b9e4f24018db4b6c4ce2c1d5f7c8b6cbb4fd4a863746e92c91485f7590dceac

    SHA512

    dff0776ec7bc824998947b39a1b9a59d3526c2a2e408db61480afa4bdc6cca37ac3c3d3fa818ab33eafbdf725e589fe164a89aa4e58b3951325b9f3c9b2dbfb2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e12c4cc4188347f04749b6d64daa4ac3

    SHA1

    d7b5ec1ddb3180ac82f93d705db92840e42f11ae

    SHA256

    ebe94f31efb7691a658ec7dc434964e8ca52459e8cde8067daa2c02fecd8082c

    SHA512

    e4d88765f61e24b4d042e192abc83ba95120cf5747067bbeb5f93e337c12af56db3587726a9b51d4513eed54f0475c0030d441a8b2717990ececea9e7c603fa0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5395ca499a3f592ea786635a85bba99c

    SHA1

    f7d8b92a19766a74428c06c7cdd93da91cee26d2

    SHA256

    3fe7455b1489f668c7b7fa039acdde6eed84451e62b666dcb8115a81738feb4c

    SHA512

    3682bae4e311e5d5dc66de3721c62546e7b20f01e185691101380d022d35793581f3d4dc4b00ff2a27ec8cc75e2c0b3c934cdf52aacca8285945bd7927e5d885

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    79243d2455c927b521fea7e5f6da92ac

    SHA1

    3b322f2671ab608aaa98ae097fad1679dbfc4af1

    SHA256

    41b5ea995bc711fa1734e7f6cb08d11394587059b27eef50157e56cccfa0b4f6

    SHA512

    5f3dfffd2c0e532f96c2dcc1290a6267ed61969891a56e202d38138f23167e8df84b6c7fd9b0c25586db8d57196540102ab7a2a0dc34907320cc74db8a751bb8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5b26b2c33e23bb4a447e98a0393cbc78

    SHA1

    d0524a6cee4d8eb9cd34e91645cde33177ae624f

    SHA256

    c93cd06aaea54db5296c9933a7e7dc258719d8543927412f1fb7d90dc92af9b0

    SHA512

    ac416bcbb2011f278da8a111c8948ad9e5a872ffe5bd2ccb4f166cfdd4853a00b42246abc6e18e7465b335ed6ed781ccbb67b2b05e72a059378260086f9d2d6a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    da0092e2ef7cd9a7e04d46263c4fa49d

    SHA1

    e2b1332387e5ab391120498ac83e4615e2f3fa12

    SHA256

    7e29e1e480396371d2fd5781f1b73d00c08dfdc888cd89ac1cf7a4518b997a1e

    SHA512

    c6cc5c9d8993d42122d01b46347ad294a952b42dc076e910524498090099b2c126007b4675d4a5bd21a69f8efd84e41ea0bcf0a03755a499cf2627cd80a97764

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    369d1b1fb9135c5ca7949d58b81e3d31

    SHA1

    325155ae740bde30794465b106e0c65a8f37dff4

    SHA256

    02fccb0f3e53df722e9ce13e9b15834d754d90b283fc2f6f6359d3d7f42fef02

    SHA512

    887e39f3f7a3eddf77b95268aeb8ea8ee39629fe715ce8c2d40d01a1b41a09b9bd4a32b77a7902241dbec7304447c787484bfd4023b0c7e209c231250f275dbe

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5F14.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar60DF.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit