Overview

overview

7

Static

static

3

f05005c565...18.exe

windows7-x64

3

f05005c565...18.exe

windows10-2004-x64

3

$SYSDIR/La...er.scr

windows7-x64

1

$SYSDIR/La...er.scr

windows10-2004-x64

1

$TEMP/dospop.exe

windows7-x64

7

$TEMP/dospop.exe

windows10-2004-x64

7

tbu03852/dospop.dll

windows7-x64

6

tbu03852/dospop.dll

windows10-2004-x64

6

tbu03852/options.html

windows7-x64

1

tbu03852/options.html

windows10-2004-x64

1

tbu03852/s...g.html

windows7-x64

1

tbu03852/s...g.html

windows10-2004-x64

1

tbu03852/s...b.html

windows7-x64

1

tbu03852/s...b.html

windows10-2004-x64

1

tbu03852/tbhelper.dll

windows7-x64

1

tbu03852/tbhelper.dll

windows10-2004-x64

1

tbu03852/t...091.js

windows7-x64

1

tbu03852/t...091.js

windows10-2004-x64

1

tbu03852/u...ll.exe

windows7-x64

1

tbu03852/u...ll.exe

windows10-2004-x64

1

tbu03852/update.exe

windows7-x64

1

tbu03852/update.exe

windows10-2004-x64

1

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15/04/2024, 04:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tbu03852/options.html

  • Size

    6KB

  • MD5

    adc6e16ce6e97bd1eb19d3a8dad7274f

  • SHA1

    12b55eab3225b2250ba051803f7d791db59a46a1

  • SHA256

    29e525a91d8ac4ec6bb2fa299a404d9f151b45400c7cab09675a23469373435b

  • SHA512

    2c4bc233ae8741fe0a6995845aa88d707b347cfc78745fefac346ce27ddd5b799dd374bbba15516f6e61348f52720be3639cf0cd925a599250a9947a33ab7103

  • SSDEEP

    96:BKQ/O9mOdYCQiLFyzNYs90Yi67mX9gPui39bnLNza7/OBgx4wTn:BFj1cFUYJYnV6Bm8

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\tbu03852\options.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2884
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    27e470b3740b9b8939c1520fe07b75dd

    SHA1

    b5bea1eb0849896d07efcf5a56a6e50b42001b39

    SHA256

    fa94d36276c1e3c2dfc9aaf447473f40368fadb838ae08e5bb205437403f36a1

    SHA512

    3b94c1ada9facb69e43aa0443c8d96de7a077e507c3686c53dce9e8dc416c5629ebb2e995f546ef9b8c3bb55cd565f2ec30129ed02458def79b2e65e42d4fbc8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7ad0183a30190d5c91d52d1f7369ed08

    SHA1

    bc20198be4b3cc73b56e70841f62309d317a26b7

    SHA256

    2c9d39becf37b9a1f4284096454ef70b9aa68c23d50fe1718e2a24a1a0b8307e

    SHA512

    8e035890491445639a3b83f1bc0d06a2cef440cbe36197d635bb6003088c28d59bbb7ac5fb461d02d5d3297a866e8ee009d4954470f76b6653d803d18c8c479c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5584e3f98f692e745650f42454f18b69

    SHA1

    1e5550f9e1ecb991b418b498291084e34667b194

    SHA256

    efd71ccc88cd5234c88445e1847f004e5121c60faa881f9ce8d5261b6b7f0e20

    SHA512

    9acf25afeaca1a0b610a6774a610be7a85e490dbb2e5fe2e01aac883cd0555f2495fa2fb980065741a42900fedb7c439c458e1240f96cad7baf7434d555222e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9729a835c44f2789500dabb9fa7dc7a1

    SHA1

    50c75aa19e2d64e665777fb7078ce2f332da496e

    SHA256

    8af43d124046d8adb24a9998fcc4e242d2b19bc8fb71d5e35a7fda5d3c5666e8

    SHA512

    d57f9ff2309da29f0517ee35fdb3b77d1f714242d5aa99b37b0ee92e6a2a7faffece0aaedd685beca22575208cc363d74e201e4b4bfcbce7c49dbdec12274052

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8779f270ae32974641c9680d6ba409fd

    SHA1

    a31a0f21e0699f0e766567fffec26b61d01e03e2

    SHA256

    8d6a9fb8c76710e3942b6f37882b29dd4e8e7cc48226fe848f2676680bdf99bf

    SHA512

    0d1310ab6612219988de3fc38232c2e9f1f8504072501eed7e7121c6fe54465c05cd662c88956f4eef7ebf85d00a24cf4f0c87e1c7e66daba81a9c206d321f5e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    55b4a4e36cb11d6e2c9dff444cb25d13

    SHA1

    e5e1cfe127e35e5fe91e5955ca1ae6174218eb33

    SHA256

    7336e3c4c1e0ce65911a1c3f9ca1b1895c6dcb2d69bb8d25b3f1d297fb778368

    SHA512

    9168774ed5ffa0a84c3fba43d69db16e884de30f829c5b6cb61341e4a4fe6327acd3572f14497072dfce4b8c376a65ba8ae368d20171499bac950751f94bc583

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    899eee620e33116261faf77d6f1c698a

    SHA1

    d382b1fc798f6c89fa1f2fa76d4aec52a2928503

    SHA256

    ac164f1f549ee6d0c140060a59b309ef6372d3ae0dd83395eca5d27f6b3393ce

    SHA512

    1693caac45dec2119173b02e9e2d5c67da591a21a03d51657ba67c82ecd0156c8725802ff607c3d52f9397b399f19de7479dbe4f6a3f481ba024bfe929cfbae4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8cd0a1a6e06991af431d90748a9a6bb6

    SHA1

    9f1a9d59a431679bcd55849b3ab3f462fe088378

    SHA256

    ce09676fbbd466dc9d2beca191027c1054ae761560ea52e0bbd007b84cca7825

    SHA512

    11aebb2c1c3048ada609b4bf79bd3bbe4f8bdef911cea7be49c65c8da49c6bdfc22872388b10fb7222c6026ca3495570cc038c9eae129d39a66663b15e09b987

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9ff3399a7a56cd2dd9511820259a3109

    SHA1

    1f4fa6243c268f47eb52fc3820eb23ac456a48c4

    SHA256

    b133203a586669daac987050794a31b2a0719fed09080212754aa79e9143dbb4

    SHA512

    35003503d4eca1272bf78dd35d0bfe78a5c76ea5d4843a13d81bad7ec1df8c11cde5a2bf696cf0f52b9972aa914c864088be68d299a414ee30186305ad5589bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d3eb48315db98753f58aa1df44fb88d3

    SHA1

    2fbe36247cdb47a3419c554e687e6b8042d2b3e8

    SHA256

    13d13f87e5113c2f2a99a86b43d73ffa085a6bdae806fad036496916a30c5d7d

    SHA512

    cf8a72bebaf95119e79ca6902aa9f5f44b7c2f98579745b460efe20acd3a87330afd760db27154422ad5a16d6bd36ebf95c4cbca7abb04c29e5a8282f6a7d3dc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0d007673edc195b10efa841ea0660e64

    SHA1

    1b95146aaa0f03b4a8b1d575ae2a26e861b229ac

    SHA256

    ef7744b0cb533c2b1c261ec79bbc780ffcb0e68a5d29ec14d5acae3314e0eee3

    SHA512

    1fda23a4a63fa07d8ad06b927283ef2c1ff96503386a938a01ca7fab461c5bf341870819a7d1ce82632c4a102a44e0a72906a84c1e5309828c5e6231a7b703f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    29c8930cf46ecae74909af27a2153ace

    SHA1

    ccb666ff2582fac40a47471b44afe0d1c822579e

    SHA256

    ec6c8783dc62f228b647a371f3d3c1dc17c0c06030fd6f0cb965025a595ebe67

    SHA512

    9a48364b37f068aada0c373d8beec730c61a5432ef16b56640109e1525ff3536fd9b98503529b388554970db3b370bb22c86ef1a13c0ec57a70f7858026bcbdc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    52b2425e6604f1a995fcf5bf67f8c7e7

    SHA1

    2e5260e49ead0f8aecdfd81afdf98a658bacc002

    SHA256

    2ab3dcde6866fb1c628dcfda14389cafed9e322e1825ac531a5f17e329f06fb7

    SHA512

    2246d40feef583dda60bd46708cb28d03b0ff32f3b644332f514a12b878a2e5464b5cc6ec114a33889b2a9b092b432ee3960d2c30889514a7a5b4954448c3385

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5aa02c6adeecafd5d9820d60f0c6eda0

    SHA1

    6f02bf2a7953c26a9e947a6ccc1a3b99a3187eab

    SHA256

    cec1254f02f587956a6ace13d528a1cbb1fdbd35aac8fc79b3f051a602bf3ca7

    SHA512

    743f7bfadcbd4a4cc01a99a88c7cbecc55499d3cbcf37c9fc9bb0995f14e1a0946c0596a13d32bc871e644ae136eae5bc7711351792f3ea5d914b143ddf33016

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6c37caba4def2257d0526368ae96cf47

    SHA1

    3d20f126834fa18edf34ddf8613aea4a81f7cc47

    SHA256

    797631b61b8b51082aef84eba95ddc078d12af1af420d5727a34ff924db45ace

    SHA512

    ea4014c34794193603a9137f7db1be1447dad802216402f719a64d0a7910f24001c0f9f37de422c3255cff916b2a468c16a2cd74b9c9352b4c21f518a882e72c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c3f35842f23ca9653e23b01349f37383

    SHA1

    7ca922958fb1c9e1bdbf1831056f0ca0dc9f2a6f

    SHA256

    380934c3b8ed7b01939e5f5f85a57d46c45fc1338f92a9416993ff1f268c7f17

    SHA512

    efa6457d81760a0a321a1a6114719f11a15e5b9c3642acbcb110b7caca128bfa99ead9756d54f5b13c67c3143b0df1c86721c82165899c2642f0f048cbb19498

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    95cab1ca8be10937011db894c87e12ce

    SHA1

    124b40dd57bab1d06ab1cc8a132564d19b0637fb

    SHA256

    baa655956400912ef70b3caa85f52249aa6c2c80443ed09917f1a041a97b5a1a

    SHA512

    aca24745cc3ecaf00351aa65465dc9a75dfbc8312658d1fad0c5f0ee82afc8c60614b6af9f94abb47f555e2c53c542cec92074fe9e2bffe3f5a967a90796d35d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1e7db58ab726fac8820a74858f3bc9cc

    SHA1

    aa9463a3fb60448abb7ebbf47eab15eff41dc163

    SHA256

    7624deac8a60163ae93814ff1c5c8c8f8c216ad27b923adebd69c3c5bf0f5699

    SHA512

    b17ae73d3b8d06206d5a31faa0b007c898efff4f8a0b8934f4ef66aec4dc22d3217fcb69a7c9dc727db99d064bb763eec588c797b5bf423340ddeab8f86be356

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eaba509f6e68bacd16d58996d624653c

    SHA1

    a6da543fa6603b0e08d37ccade6dc4635d99ec14

    SHA256

    e97d806ce36eebc78649dccb22355a71f7412b9af11292bf8ede98b6c7158485

    SHA512

    7aa46ccbd74ce66ad64e30b6f3b8a175f2b955daa2a6b23e288bbf1a52397ac70cd5d303a41f9e72701c9d153229bda4d446fa1e4b07ab9e1c63a67cd6113db7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2668.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2759.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit