Analysis

  • max time kernel
    120s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15-04-2024 19:13

General

  • Target

    tbu03852/options.html

  • Size

    6KB

  • MD5

    adc6e16ce6e97bd1eb19d3a8dad7274f

  • SHA1

    12b55eab3225b2250ba051803f7d791db59a46a1

  • SHA256

    29e525a91d8ac4ec6bb2fa299a404d9f151b45400c7cab09675a23469373435b

  • SHA512

    2c4bc233ae8741fe0a6995845aa88d707b347cfc78745fefac346ce27ddd5b799dd374bbba15516f6e61348f52720be3639cf0cd925a599250a9947a33ab7103

  • SSDEEP

    96:BKQ/O9mOdYCQiLFyzNYs90Yi67mX9gPui39bnLNza7/OBgx4wTn:BFj1cFUYJYnV6Bm8

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\tbu03852\options.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3008
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3008 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ffacc8781924adfd280b55fcccb88eb4

    SHA1

    85ddd83ff1e9778e62e8b54a66280f8aeac6ab6d

    SHA256

    144d024879dc118823e14ca599106a04ad71459a5cf4645d813d72bbde20e02a

    SHA512

    971628592619afff17163d323005ddf48151a9fa8baac88fc0020ad0971498a2fd8bdc16bd0ce7c8e51b40b850a446cf6f420af090b54388eb006d67b04757d4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e3dade13daa98f0b721f399440954e83

    SHA1

    042df52be6ada219748ee915c7b9a5994bbd653d

    SHA256

    5d0720e37f1b4fb3b4d9c89e2aa9198c764db32b6d366e5ca2841e1397cf2db2

    SHA512

    8bb132d6236ab4de3932a067aab72a8ce4bce1236f7319351fc8d7fb3d23025746ccf34a70575a4895e2d00c524581f8a7aa99dff3f26850d342b8b092c70ef8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c49f1b5807f700335570f72efa322c13

    SHA1

    d9110574fe648a20461dbb8cf3bab88af05425c2

    SHA256

    d649776634f0b522f063d4e42365a6e0538e4e0b281d9ba222e7b397cfdbaf8d

    SHA512

    980978b74b71175507081091457dc2e5c71b7cb659412ef120b5b889830540e9115ffc70b88081929c54cfc2601cef0ea11b4cf1a97254c313f51a0b1e14d047

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e8a08ce02d143e8e23c1d2d0a1786325

    SHA1

    304b78d02ea707793084095a1fb539fa1f02b637

    SHA256

    4e9ce96459f458c84846f5e3dce922f7ebd5f462d3eeed9a43ff939a0db4d6d1

    SHA512

    95c9b1be01b846d648a650081cacdca4c2c08889431befb354cc629b2029f01e45d269079e5e09c449433ff47f6ec6f2a6e3487f4cd8d2c43535fda959f7d702

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    41ad3dbc7ce452acb1888095d3d31781

    SHA1

    c7e3eb67f2c78e340f700077654402ef6e27bdf3

    SHA256

    021d1ee5567c1060e611217f4c3666284dc4af878d9358ea5d5a3c004b6e010f

    SHA512

    d43e9911c889777f58a02699090f719d61f9c190b7a72ee12ced8f63ea03bd777dc5e29be7c5762abd9405fe3e00ac69fd88fdce89d0eed1542f87512a498130

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a1f24bec75d405400297e479a3615060

    SHA1

    956837c765dcac82b8b968880be8ca07bee86590

    SHA256

    06a4476bc24f158519f37e05e771e6856f23a476c4656d630d4b35b13cb6bbe9

    SHA512

    6450c9e8b77485d8107f14997856f95444cb3c73aea9ba07d0a99cc78bd38dfa7d86ed5c81758889916f8b7267f986172610f00edef43da53275f329edd81268

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    797296aefb7fcbbe20a04b595516ea0c

    SHA1

    47bcde3c8db095fad1012ed3d2a559d67eee1b30

    SHA256

    c151c8147bea560e1a6a336596a522710cd7f1c768caf94c0e8689538d0cf26c

    SHA512

    75cacc13319f7185d6baa55a6343d8fafadba237f33cd6918561bf84bb3959f5586067c8866455beb91b17686d30d20760513e09d72591a28896c8e688e4dee3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3313eb4deec411b61a8e38dd6aac955e

    SHA1

    a23c744db606df750694af08064d76c2c043ae12

    SHA256

    298b406825607cf73a86c175610a0eb5642d97aa76b428876e72cb4ce7c56f65

    SHA512

    485c8d45e5c4f451ca2b78800d4215d347700c879a3cf910f609e233797a16abfdafdcf61ec0bfba5d352164575dd2e9f56a5d9a18b89a51bc3e41e64ac0c6b0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1e32c58d00450f41cc25d1dcaf49f0ae

    SHA1

    ec8aa9eb43c7bbba1d7ca64c16620c735ed2b785

    SHA256

    390a1953517fa1516afe79c5865042843b6dde8935454c32cfc35b7d6077c992

    SHA512

    d48551c1af2d54989ccd3f10403d310ba965de67ffb2b2295d4eb38e5d6fcd2296455a3632c5ed8d5c43e9da61a6e243685708b218cf6fde580af614fbdadcd7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ec44c8f4cc5165bde29432315eedd21d

    SHA1

    af71f65af05c2ce45139bcfc1635a2b7c28d2c4b

    SHA256

    ee95b0bdb80480ad578f3a3ed8cdc06ad769fd8f76817d1c37c005bee8d0b9b2

    SHA512

    abf76d3f6c1ade27227485063132dc671152d92a80ba7cfb07e693f7955989c6ea4c9f99183e3751f24337ab8abcf06521d9bdbe453ed7ec07824bc7d0f404db

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6427bd01ffc3b645b1f3b3f486d835b5

    SHA1

    106be3ce52075ec377cb4a2568755d82f16e896c

    SHA256

    ea8e26232656664496573bd74c69c8453e0f4028fd833c08d7c99ca2c4f313a9

    SHA512

    4340fcd18be59a801f8c88e9e40db501f5ad7aaddfb2b6e7dd0aa8896c52ad8abb2dfe1779264f145d83e85ddb33b6338e8055c189a905647b9e00ba23021e5c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5b198084ff05cb97342f5bfbd4fb61cc

    SHA1

    3c0162f8b4df89b5c8467f5aa3e075c89be2c057

    SHA256

    5aed0e068bddb708cc1e1d1436400c2c1a23158850f6eced74d32b0e112a75d2

    SHA512

    bf0db4e9a197b16613a9cfe53a03952b8bd9687df308ed66254bd06224e51d066adfcdffa373e2f5a6b957f8e7c0722ad2859759798e1c5accd8010c17adc5e4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    87bca25b8a78d1172675a9b2802216d6

    SHA1

    240b25bff412fff5d5215c89e390b1bab4ea81c2

    SHA256

    208173425092b8cabd0080641cb0c1f4e596059c3a7ad148e6c211b5179a80de

    SHA512

    948701d2967088d0e89efea85af983083d13f5fb93a428b4b554f33b89c63429f490d3b14fa72628e69c76e2ec0b9854b50f51c130e686b9a768401a70f4b2d5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    493e9909f388567f24d86d32830c5c03

    SHA1

    2a9dadc4313c998d79ceda056d87438d5fafd498

    SHA256

    9dd74fbdbcec154c07607330e82480ee79a350f94c2bc1bd7bedd7725e4c4ec3

    SHA512

    99b74f80220aa38124a045818f2aa1a14a75c8c1bbde1a72258d6426055d2a3c937b0b4339a7e8b773da3a66eb6d63a79491539651d46973379471df4bf5984d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5d6d254007a7cdf5681a1fabdd3db121

    SHA1

    95d5eb90cabdff6c570b947c895551d76910ebb9

    SHA256

    d6c2c6eca0b36b668a40259353c1800e1f37a869df846e1fbd3dcfeebd3ad4ba

    SHA512

    4fcff108fcc4da3f1c5c84ddfc3a42f55e386ecb2ef80a7e6cbe786e969ab6119582216361025d12ebd2aec68961baf78671b12ad46e7d97c050bf5430e775d5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ad77f14680d78fe66be82c04aee5f190

    SHA1

    68d12ab0ec26989cc7ffbff5f7ab4338d675c1ce

    SHA256

    062bd018316722ef22fb9dce979e654e610cda8a3c9900fc6ab6aadff83cbb87

    SHA512

    dd620f09624763b29724f24ad54b0a460ea9db1afd671f01e6d314bbd15f7c7e1b72a94bdaef6177d4be30da175761deed26ca95916e02f3ed5255b7b8edb6d4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7a7ad54f0d616a7ba6489d7fcc0af7bf

    SHA1

    ae6e604523c87adb6a95255291546c5d88c5358a

    SHA256

    8a13da6c5ae439e587a9b59aae95aa0c9623c1342453482d4d8687e21c134b9c

    SHA512

    1256a5c090e0623ccccecb6e5d6111f85f81fad9b96cb6dace6603dca65875328c220753168640643fc601c220e370b01b4af3fe3348c2a089764c956eebd935

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    199d4b68716021a285e7814d8305b04d

    SHA1

    f35f4f5402fea0fbaad808631a4dde34931eaaa1

    SHA256

    c3369406f0f51dc11bf1511c64d535669b40f40c69e8762cd867f60493eb79e7

    SHA512

    afeb3e76cd7da38acbdfb345743cea14dbb0c5fcf29db003cfc57ce103bbcd2c0e146d2c2b887038c6c9c9d25652095b31b71b4c792343e9276e27088ed24f0f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9d90675ab65faceda7c8fa2a088927b6

    SHA1

    f8eff379b176c5f651f298a4a5af6f39b50274ad

    SHA256

    6360f25e14532966639f3a5b977f4cfedd9842412a3cafeff1f607b4dd855e2d

    SHA512

    bfd9e893b3e8b4ad105ab74102c8f358fc451695314b462059a97158962b3629751b7a94155983a085a5d4d324ef0a1055db0c7daea102fcf04125832a241266

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    391d1575a07d5741d1704ef89ac82dc1

    SHA1

    ab55df64ce30a78d19694c7e4cf608a66a911f0d

    SHA256

    5167f4da76556c41b7d93b8cf918e01f123d1584fbf46466d80909572b64b427

    SHA512

    4d9aa35c0fca88446145869dcb5cd541b8737d607b71ab6c6df08a46e1dbd7decd189746745b70d7db12726d1f4851896112dcc1828bb65738d6bb8c2df217e0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    bbcdaefba56677e9a685e162e97780f5

    SHA1

    a7faee83704a6ae1209933d952b6a6f47d88c7f7

    SHA256

    8d188ec3bc9b697f08bb4b65c1e2d1a15ae5c05cf25a002d625627ee33a14301

    SHA512

    7e701bbd989e13bd63e549f81dbfcfa9976a17fc9be76041573955db1ad6c1b2c868b7d3a2b05d2d07cc4d52dd9a869f809bce20ae72fd7fcd590ac1fdc53b4d

  • C:\Users\Admin\AppData\Local\Temp\Cab961B.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Cab9785.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar97B9.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a