Analysis

  • max time kernel
    119s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    20-06-2024 08:12

General

  • Target

    tbu03852/options.html

  • Size

    6KB

  • MD5

    adc6e16ce6e97bd1eb19d3a8dad7274f

  • SHA1

    12b55eab3225b2250ba051803f7d791db59a46a1

  • SHA256

    29e525a91d8ac4ec6bb2fa299a404d9f151b45400c7cab09675a23469373435b

  • SHA512

    2c4bc233ae8741fe0a6995845aa88d707b347cfc78745fefac346ce27ddd5b799dd374bbba15516f6e61348f52720be3639cf0cd925a599250a9947a33ab7103

  • SSDEEP

    96:BKQ/O9mOdYCQiLFyzNYs90Yi67mX9gPui39bnLNza7/OBgx4wTn:BFj1cFUYJYnV6Bm8

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\tbu03852\options.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2184
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3044

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    728bfa757b4328fc65de79e9398c6b1c

    SHA1

    78e0bf05abdc1053fc6cdbdf7778d32548019f98

    SHA256

    e3b41c271a85dc48240baf629122d863b862c43bc930ef4226a8a6ac9adda7d4

    SHA512

    0307833fe6769d43bc04f3c8906a1037ea767ca4635f85e6ff0b0cb279f8d8a038958867b77959f655b25a6230fce8ee77bde79b39b4fb80a423ec9e3ad3b9d2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1fefd11dc65a427edc948fd6c6725551

    SHA1

    0625a4f09498cb10eccda7f341822965a9b1b9e4

    SHA256

    430e4c4a2991a3540e0db57b13ec4c55b7a8c8c5738a617191dae31582343113

    SHA512

    c580eb7e7edd5fd5878a8b6756ac0d4eff7432c4dfc55d2d2be399de10794e705b4feb7d1441ec9fb8d92232806eebb8f8ab55517376ec9e01652e9549f3bd7c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b2ff6db60483608d992323595495f13f

    SHA1

    11a4418fa0438f3f2143283df1aac8bd833637f1

    SHA256

    bc37c614ef03bcc31ff22f4068a92d932bf5a725b8c14580c4c780887c4f352b

    SHA512

    ee81c65b48fbbf8e2b352f8ac7598e39c4a258818b232712460b148cf423ce3c8edf13dc820fa19d259c271870dec25e91fa5579b6c936eb8c43f90ca0ed41f6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a29b98821b9a3dd8ffdf773b90dd7111

    SHA1

    74ca5d4905b3a31d6405fbd610269e1a8e0daa01

    SHA256

    d00516ef8a369e2d67744771f917b77b87f5d6c9330261244b956a567103491a

    SHA512

    366c57254eef015b690d742e0a55b18cfc3d907ce7b346811257714dd095e32b5bed0913562821858c902809d7edda16f115170d61fe65b38a8faa567f7ce776

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e2f1b50c6da34f126dfdcde52a7e1e12

    SHA1

    4650754f3a660e1129b27ac479df5c413367ea0e

    SHA256

    66197d14d3e286963711284b05294bfc057214c9405c93a793a28aef861d6c5a

    SHA512

    b257d2f016afbfa0792edec979a8f6a108f25e65fc699656b6c51d0cf892d421712c77e451222ed2e8a80711169bcc48410b35b80d4603d33da15e304e8d9272

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    279fec894bd2051df3ead7633e15dc2b

    SHA1

    3d5f99e4fb106e8ec55e68a1a2e74e43d888affd

    SHA256

    143a2ad99e9ef731fcf5336c024bca0dbc80978e1cba531a0f6212bdc6943b00

    SHA512

    a2f73d073696ab204ffc7363b74f15137a6e7fb751534879dcedaece6dad50c68b081f70c4cb5f6754a45d6f6b584f082431194f3970635906dd304ce16a5eb9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bd8a50f01c43f7ea63e6611da4b19a90

    SHA1

    0e86e0f28bb1210a641431824a8e0d2ed730bc81

    SHA256

    40b0ae3099a67c5c5194a14a68e3927a7162398ff21dc24fab5cf646b40788fa

    SHA512

    9a2e5973b5920fc05c1275c446f6bff33f6f6250f63312ae02e361d81bc1a7320785c6771137fff6376e8a05c700dec349d23ca097e012ba52f7eab16974bf49

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    daff339d30a6ccd4eefa2faf0718b0a4

    SHA1

    98ebf8a976b3857959e4208b3d5d67bb9a906dbc

    SHA256

    248907b8d73e4e4df26741578f4a31a80413da768b64635d900c8efa243677bf

    SHA512

    4fefb62fd7028b2090456196fe800b51f7a0d5130dba3a77004a66c00ae99729b15ff45fe3fa7ce6fd56f76d5813c2d8c5b8c2f7383cf489f8eee1c086b04bf1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c35700420c4f65d664528996b127a4ab

    SHA1

    3ea9bffd178934fd618c067db633917e1578f03a

    SHA256

    fc44edf684bea403586318fe7a612ff4a7af5529f8e0171893bd9075ca08f041

    SHA512

    092bdcb2e712c6a5ad71967434a57da049ede6d9bb57363787aa2783d2e305d2a1e7dd058ecf0951472b2f3c2f495f3645bf79a758f484e43d3ec818c5e60861

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e63d030464a97a6f7d0670927ed0a95a

    SHA1

    2d1837352ed83d0f9f6ff68c10ca552c323e25bf

    SHA256

    d8e513a357606666d01877b1e51a785ddef0953ec8a948475609ec7163dcdcf5

    SHA512

    08cf232c2b827161a6a3f7371a2f2e533499d68f89ac4c3634f853036a8d9cdc807f007bb389f1731a513cf90d4eddc62d8aa024aba4e4f1cf0853c3af972e8e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6d0a61420988b97dc982bcccea396949

    SHA1

    cad25d873bfeef13e3f32c23812d834b801d1743

    SHA256

    dc95e9b8b74fa20e79923d3aff6cfe8854d2566c4682e1c08623abc0e3707c53

    SHA512

    3b54304f87815c681ccbba86e9bc3e60abd6eac54ea7f1a94ad7c3a4c6f28293153c8d3cc0b23c6e821b526a7e239b7933b2a196883884c4f530b6ca947c7615

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    adf64b4949f0a7a32460faa5a2c06599

    SHA1

    cd7a88017b31ea0235ba6161de057223d36473ae

    SHA256

    a0cdc055a93e63d504f6264797baac5d409a6087b970da67a59fe3e96002e8e3

    SHA512

    c6926e582cfbc156d7d691cee8843617839b4f768d1cccd4e41c1bf125846d5c64dd9dfc1154e11d76e8c191891a823fa689dc990d3d2d383269288737cdc80f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    af5a2eef747c8ae888a9ca6cf7963f53

    SHA1

    66c3950aaff070a9a194420faa716c8a568aaa69

    SHA256

    cab64ab32a1adacbf9d230830791e5496fc58fbb7e2b16ee0ed6c1295bbe8514

    SHA512

    6c89e1d8fd2e92375b654e7256885312193922c3f0ac0d5d393258f8d45bd8fc66858b4e86de2a8d480b00a34efc6fe37dd6943ca3320d30fdbe4af2c30e8135

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    95528c77e74beda875ff00d036bf71d5

    SHA1

    e54f07df474a5720435a42eafdfe75640de69183

    SHA256

    d6813f0c03e2d0e6b5b49b6104bc02fa43df843ab86ae3d45265d0a5e691df86

    SHA512

    3c1b4c84409143f7c0ddf33727802a0a74d437370d9b12cd79e279a1cc8bcea0fe1085a4c059bad0fd21c3a2d601eb3978a6481c408e2c09741e335b6d918816

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cb2e1736401d98a1fe6fa8ee1a57f378

    SHA1

    dd136df12599a9e7850efe863fa5f21ce2ce31f4

    SHA256

    fea4267d255465e4635f9b92ae8dfc24785d504da3f0dac501ef7e8a05e1e74b

    SHA512

    12d55be49a0b43ee68eca39086817b6835d1e36fea931510cb0b3912533b0ca21f65c4eff0d44a51ca216326217fcced00d12619765ce2f61a8e50aeab534748

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3298dc42ec8aa1aa44b45f78923c6125

    SHA1

    0f3b72e7e6454337486da38f5e0ce350987d1b77

    SHA256

    bffde761a7ce319a9766b6cc96650456e51bd0a786d33b54eea9efb44c0f2b6c

    SHA512

    840a7180b1e6291bc5f7dbf0c5eac8a309b86c60a7828fdcd936570c17478b948066afdc82ac82579a2978403b6a76efd1bd8fd64358170a3d2b7695c1f64f47

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b67baed8f6da1da2277979abcc66152f

    SHA1

    04a0d01a9077a06b61c2eba13da9c85eefec84bc

    SHA256

    e71a3dc77680f925e572ef34ea8bcfcbbdad5bb789ed7e081312a57d9931ebd2

    SHA512

    5bc6334076b6cea7a4168b3c0a28d7d698dc766df2d6b04edfc626b3be81d6b2045c5d607e395d790c5e57f687a678c73ad3ee1ce34b2fce2f43f4f1b9591a5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    711cda7aa1d2b6358fbb1af108946f7e

    SHA1

    096382d87a0bb0d7c1bca3bdffa120de908ecc96

    SHA256

    993d681af056aa92201617dffa159f3602dc75fe2d842bb54684c1075956cf1f

    SHA512

    100b7b6defa7791b1fd0550b3daabc0a1df1ee82ba0318ae8adf31a3c679193975689b93629f1bf9abe4547621a4b2985c335281f0c164954773dd2250948dd4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a4ef738e5a581533591626c5b945a3b8

    SHA1

    ad333b382840b15292772bdf6a87e2dd78fe3338

    SHA256

    38bc41e06773135c8529eb27e12953c65e920065e17c3628d3b15fbbcd4fdd81

    SHA512

    9b88c9e61417de979a2c079516cdd52871a9f22d6f3c1edf5f44c50c3a3ff180da8fb0f15dcaa96f736d4a06539635005eff42d55c23e1397307e73ebfee9355

  • C:\Users\Admin\AppData\Local\Temp\Cab2530.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar2630.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b