Overview

overview

7

Static

static

3

cd109c901e...56.exe

windows7-x64

3

cd109c901e...56.exe

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$SYSDIR/Gw...ni.scr

windows7-x64

1

$SYSDIR/Gw...ni.scr

windows10-2004-x64

1

$TEMP/dospop.exe

windows7-x64

7

$TEMP/dospop.exe

windows10-2004-x64

7

tbu03852/dospop.dll

windows7-x64

6

tbu03852/dospop.dll

windows10-2004-x64

6

tbu03852/options.html

windows7-x64

1

tbu03852/options.html

windows10-2004-x64

1

tbu03852/s...g.html

windows7-x64

1

tbu03852/s...g.html

windows10-2004-x64

1

tbu03852/s...b.html

windows7-x64

1

tbu03852/s...b.html

windows10-2004-x64

1

tbu03852/tbhelper.dll

windows7-x64

1

tbu03852/tbhelper.dll

windows10-2004-x64

1

tbu03852/t...091.js

windows7-x64

1

tbu03852/t...091.js

windows10-2004-x64

1

tbu03852/u...ll.exe

windows7-x64

1

tbu03852/u...ll.exe

windows10-2004-x64

1

tbu03852/update.exe

windows7-x64

1

tbu03852/update.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16/03/2024, 04:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tbu03852/static_img.html

  • Size

    503B

  • MD5

    2caff3519f5be538757c467d4fec4756

  • SHA1

    7e77344f049d9ee4d216b6f412c01ba28596773c

  • SHA256

    e94503ad0ea2a4f7002ba70f57e12da9daabb5037b6bedc7725d1fc43a487415

  • SHA512

    029814dd117053d03acc6c0cb1af2802256149c6a3588cd41334deeffad6095dc16386887e2053f288b13a5ebd3599cbf9c55c194fde81f3df77045d2609a467

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\tbu03852\static_img.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2172
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d761b5474d6fffe46b5b9c6551046c63

    SHA1

    9695305f5c94e0d219712d0eb171a1b8b7b66724

    SHA256

    07a4f0d60e01e70278763cfa7fc80db147225f3d911e4d171fc20f73a931ed90

    SHA512

    247577a269a5059cff5b4b051af523b4c5f90a6b5edcc27bda65d47e3cbd6e18371b7f2aeed905472660ee92480dc24c6492fc0d045fddc5fa97b4aa8b8319d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2145e84daeceefea06f37522a7f46ebf

    SHA1

    c2257d0ca71cfc0eb8eda20529387e4e949ce69d

    SHA256

    317240bcd93b5f629dc7d982506aa794874f1bb43f1e47c99c523480b519a44e

    SHA512

    9de2c2f8bfa486fed8884e707cee8e6fc8c56393f79bf6097d6252edfea76a79d5129571b6d0d704b3c2bedefa1af8eaf5907c397c88ea4bf611ea835422b827

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f603c28274e89659b451171fa04e0251

    SHA1

    ac23bbf05f553f4961567f659ff80a0fa4093e7d

    SHA256

    1d50f1b26a56bbb2de8e7e08b6adbe0324e6b992a27fed5780642c964be8c419

    SHA512

    f13909ca8181d74946e27efd0c7c740f2fe7377ac489e8550263ba88514dea973d295a37bedb141e71c155249a26a0faa2b4706c662ebb6be334354e35018b6e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bdf95b7d9c2b857c1cd886b25308a539

    SHA1

    f08d0be898bc00f1cc2c4d28e75563ff2e273f6d

    SHA256

    71b514ef432e20ff365b7048d119ea497da8ec0faee64d954a2b9632a54fe222

    SHA512

    6ee66df6f403b5eff3b510d97a9b7fd73064f6e1df04b48203f48f75ae49e73dcf890e7af81fd8282254981972d5d42772910b8e5a32590c6017ca44f7f00589

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7ff7a2667954039b94495e3a7d906088

    SHA1

    f94f51e9290415ea79e721a2634851a5897145ba

    SHA256

    8fa916000538a78b2488613f435590d3bf9d595c3c2e98e9909b4145c1fdb915

    SHA512

    4c2a02eaa6f2727cad98c0e189d97ae18e5b034494d4f1a466378caae9b02e2bd9e42331cf9b6e84601961f9f17962cc2e857f91b1da7066f22fcde6cc879157

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    244b82efb8cb18b1df6320d0b64e5992

    SHA1

    c58ad2ac22f60c9d4bf8d690416d00c5d93764dd

    SHA256

    04f29abf80f723a4f768ffb4547f0ff5cb383a50342629521d03960c7478a0e1

    SHA512

    ea6964176d153902bd39fbea16c0ecd3d39ac859201f165cb85431382c6a7460f172e7afff91c712e7bdd7c577621b6ebd8dd6e3a2dc80846248cbb302f5cfe6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    69c3d62e6e7864721a96451428e301b9

    SHA1

    e9324f901e04a1aa5021ad6f975a1b359bb951cb

    SHA256

    7e4520c01c2b8b1ea4f19676b24941849cb50f438a963902f463b92f41170602

    SHA512

    e43b60aa257ab1cb796f6e8aa60cea6b82ee046bf404dc437d832c799fbcfbc9550fce426ce7d4c24269176824b5855a2b07d1e03b5fc5953785a256ef4b4504

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d8a630d1903460e38fa6db751e711471

    SHA1

    1877102947f80865414612c3b53bc62e13f1a654

    SHA256

    5ac114e30c08c787ad290416c16a606686f0f71a02a8f32ef788f01882b75c8c

    SHA512

    535c3d06091373475059af56bdd92d63908c5a6b1eba5339c7af46a6f56e3924bd093d258cb0f709f610b41e868113675eb8d6af70f034e9df68094de1813ee2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    16b1c03c07bb8ed2ae3791ea80d36034

    SHA1

    2b545992830ff648e95bc0f2c7eb71074e0004d2

    SHA256

    9bee957765010b28f64920e697df4b3f9cc5e08ae7af3a3f25a92eb2094a4093

    SHA512

    a96d67a777bfa6cda9fbf0d40e6d49a1865d6c70120fd3c59da7927240fc452fef7a3c64a90abd412a93fef20027e515e70a881f7461434f82899bf4c991d8d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c765bfd4d4e9effa0f68102081400e5b

    SHA1

    cfc1bad2410cb7fbf2fe3dbc237a623ebfce68d1

    SHA256

    63c522c86b9528117b14b8434031f7e80a6b4a8166ad934ae76e02798d01cb45

    SHA512

    55066e2e200228cdcdfa9f1743b139c26f225ad983253ba0d0e4195d69542df29286a7c6726391c5fbc385341102fe895be181fa1520ba4dfdf5c97dbc613228

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5921d5a33c73e17a86082cee72a4ae4d

    SHA1

    75ae315a669803af297a94385f971b6e01585ab1

    SHA256

    ccee196b8e0c7d7e163ed6f498e503a6c969aa482075dd5a180f160700158296

    SHA512

    9d0b30197423bc3a68f09d8780f553f5a79ba7a338c49383ec2f8f3fa2b906a951a927ec9542e7b789411a1057543376d4664b86900e377abacf3d2869d88fde

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f895beb1db905afcab88c138f922bddb

    SHA1

    7452890f21210fceccf4f872086ca0fd326e32ce

    SHA256

    dc5e18bd998d652fc975591c48007a30af20e192fba1fd6380b1d892cc6bd29d

    SHA512

    40dadef2c0e05a81186ffd802d52b63a9a5e2363f4f2015916064bd83af7d85c78dce1bf0d4be629c037034d388c59bea880d13b93277d79051cabc1b15543f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1695079845003bf27ff649bfc3b12d33

    SHA1

    ce47c5ade7cd4ba59a2af31710ce284d99ff7a21

    SHA256

    503fd63530534d2b5e75b3cf87c9e9264662dca9699fc4701e56eef188b65445

    SHA512

    051bc7a68b94d2501ce7beeec7e59a205d7ac077fda35a0e16c5d4eaa4daa047614410d0660719ac279b6afd486d175171cf5b3e805b528db30de5748b262fd0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    526ae0d1f7b8b042ef8057c4e21bee98

    SHA1

    bc74a443db03adaa6d16416e6b1ed6d843855906

    SHA256

    bdaa6be30c0bf9f69dfe589a9b9ff88bb83dc117850cec5acb3255b2cc531945

    SHA512

    ceff12e270535ebcc53147b405f5428dbab41a90ce45fb96892f0ab37525ef966f04d291422bd6d7583c78a4977776054d408faeb13128a62ee45a821b36938f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    db261bc48cb7b0332ab10500234122d1

    SHA1

    c31d1b5365849e2dd3e4235d9563a76675fc5e41

    SHA256

    6f46c2e8e962e36f0af3c0b4b50a2ca168e6d7d3f53e6b132adc5ca4a8039f01

    SHA512

    bfe49e441bf34a5cb4a9e5b17397a0bf434fd7632d37bde669c92aaf505134aad31e3766ef4ea183e58b4c9fc2ecc56eb482dd3d1345e6c1746a47851cc4ab71

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7bb075e50991031db21d94092a8ef13e

    SHA1

    85f9fef435a61a93ba12194a7f2b96226c46f073

    SHA256

    bed7ffe65a14199bffb8e2e01ae5f9cbe58c1712c06962851849698e737fb04e

    SHA512

    9689d0953cfc739dc75ae12c98fad53cb7b349a2cd170cfa2cb03c613adef161dd35cb8ab4f601e364f15eedffd8ec120d209e158db940fea68c2c1f024daa6c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a6b92b7e2e6fab46634f8a05d99f1657

    SHA1

    6d818a833a5ea4a3ff59a8f6638fea469bfb6925

    SHA256

    c6ae55321a140281c3dbe358e84c1875cff8eba28e9d3877b30b1137d94494bb

    SHA512

    7d29ecca6b3636e601f178315ba4a84529903bfa54faf5062952320ede6285b9907b918b02f309f011a63e4a80c5812e6370b2de6c147e6919914ce94af2c3cf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1898050cb1e4046e1a9de3aaa29548ae

    SHA1

    d45032a123f2cc186cb7573b04b0f1e847578e9e

    SHA256

    f94760b122adbd25e544cb1dfb15fd9b9be30cc5b47a42bada6807504caa6ab2

    SHA512

    83f647e68f095a41594cc2e8b0374493a2a19212358e6b3c483c7deb404b1da0ca0ed6af66b33049b9e5b204828bb34a223d6df4698686f0c500b45625fb0491

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5FCD.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar619A.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit