58c5cdcc3d86ea378fbae69fbe43d6f47dd556d2b5343fd558f87f5450fba185

Analysis

max time kernel
1s
max time network
3s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
13-05-2024 19:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Yuqu_v_7.98.html
Size

312KB
MD5

2ec301ee8351ef1c26b0d20c8dfca571
SHA1

7803bc561d9c2a45e5bbd7143322ac8e03af2a9e
SHA256

58c5cdcc3d86ea378fbae69fbe43d6f47dd556d2b5343fd558f87f5450fba185
SHA512

89800c85098f80c3d3096aa25ad5f6659bd07ea501143696596a7af53528b919f09a1e492c820856c424d74b0d042c13a3afad7ea5e5f7e0d1401c40337864f0
SSDEEP

3072:BiSgAkHnjPIQ6KSEX/gHePaW+LN7DxRLlzglKz4i/4:JgAkHnjPIQBSE4+PCN7jBz4i/4

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{21349EE1-1160-11EF-9B88-D6B84878A518} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1544 iexplore.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1544 iexplore.exe
1544 iexplore.exe
2820 IEXPLORE.EXE
2820 IEXPLORE.EXE

pid	process
1544	iexplore.exe

pid	process
1544	iexplore.exe
1544	iexplore.exe
2820	IEXPLORE.EXE
2820	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1544 wrote to memory of 2820	1544	iexplore.exe	IEXPLORE.EXE
PID 1544 wrote to memory of 2820	1544	iexplore.exe	IEXPLORE.EXE
PID 1544 wrote to memory of 2820	1544	iexplore.exe	IEXPLORE.EXE
PID 1544 wrote to memory of 2820	1544	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Yuqu_v_7.98.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1544

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1544 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
Filesize
230B

MD5
36b88726a03205f582481b7f7f7e87cc

SHA1
513c0857ff64b57a459087de0e2896d58afa5c3a

SHA256
72641d52ecda3d453c9c9dfb9f293408c3efc4d59801cecafe34682d4161ffe1

SHA512
0a61c004a3f6090901cd3937291a459d8604df99d3497134034679a435739a3811cadc33d46487fa46d4307271c18261f3fabda9989dfb71d24c721ab6be50e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c2ffcf656c9acf94c7ca9d32f57abbf5

SHA1
2940852cf86af580fda10680bca654de50336e16

SHA256
aad49bb4e0bb0ef1850dcc0eb511f885d32be68af32fc55a0f12296f5dcc953d

SHA512
7234420d77104d27c773fc480a3c51f6e6b5a0c4c5676792f2162e7b40c08fd2e6eeccb80dae147d03e017fe0a400a53f814cc86051ccddcf0b779ebdd51275f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
7fad8cf719b950dc2dd399f1f7a1363c

SHA1
29624b8dfd2f14a0b78c8ddf17d2c2525c486391

SHA256
d486d9e214663848e991545637e518c6870c76f92f54659d49eea671d9124627

SHA512
d481826d86d3ca3edd6c2dd049c39bd0b0810d2546b0c2e8226be15c66dd6f777b9d4bdcb0e740e5f5915d91ecfb87987bb86694b76e962000d7aaead62672d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b5f065b41b2ae9ce76d5b01cd152ad39

SHA1
a1c2cf4c99822977ba237e4b58c1486faa3da0f5

SHA256
050e736851fe35f37e1950d9ea11b004b18340499a83d08a05476e9f79231c3c

SHA512
e408e4eaaa7bfa5b79ea9e51e254cf728f6bbd58e938ed61a08f2ff26f4db50c9df02e51381e322cac22641f727bab38e5539886181a0f4147937ce4de7d0f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e59ebe230354d20e293752dd02e5c123

SHA1
8ed7d037bc46f0af8b9bccb83fa57ce90aa96c10

SHA256
3430a30e51471f2ae16dfcd4bf1372487c8ec486a942b92cb10c6d88ec60b3c4

SHA512
b4e7431fe7f77d7384b807ac3e9fbdc0f80b94072e75aee7dccf3ec04bf8160d7b25e3a081e21111e0d6e99f31e4c0c0fb6e6bc3d94411a6feee56733773addd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
00ed2e13cc1d535bd281e6c85f410790

SHA1
d2f907ef07a0e2c80d8b9d56a719394c18e8a5f2

SHA256
ea3c00f7aca9fd5098b5164f766237f1d552fe1ce3782e215dcc419cc15a3598

SHA512
d57649d8757977ebe1cd87ff7324927dc7d82b126f83068ded6e538339031b009c16fe4bef27179aceb44d276bff57feae2c04599abbf35b70a46820e27caf25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2C50.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2C63.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit