a8dbd50282376c027c77adcbfcbf7d22e6afca8607fea320c42ca23b735beff6

Analysis

max time kernel
138s
max time network
134s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 22:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

渣渣网络商店系统(ZZShop) v1.0/admins/js/calendar/index.html
Size

47B
MD5

dd5d02cc750d2855cf6f6c5bf5bea587
SHA1

48f9dc79b3d531c23d71e77ceffeca774fd4955e
SHA256

5b6576ad5f7079ed401d054ef98f21a53c9a333f1bf88ce558779ead30b6c84a
SHA512

ba4eb3b6c30b6bc3fdb40763c877039115af3991e53e591bbe848112cf22310b744b044038cc349e76a8566cd0de9d3baa5376fe346a41cab1cea7115bcf38c3

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 903338b920d0da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf71000000000200000000001066000000010000200000009a12bf7fdaf4fe77394eb44bba642b20853b6377a406e32d3c4a297a732e0244000000000e80000000020000200000006b46a6f95bbc97d46bfad733a4b5e8d60ab450b5200612e87239b6ee27f4eb7290000000ca220769fb7fc86441c5a86c9626b7d472dd274a5d4cffdc767f7b69eb62af6c4fe6702dffcda6451b1c5c8762c4883dc955175290ea461c871243452fc737c3c1dbab337be5d36f42e8909432916c2472b32e804f24be5c18e87289ecd7b69124044e3ce7130d0c3dca86594ca9554ef54395f974a6f9aeba33efab26f11462c938d02e50e6c6a24a6616d12b4ccc0f40000000f2b96135c6ea0c0abf590d3cb94c9bc653c4ce44e8374eb24d778a0d719fd02eea7ec05e6c408663654ca6170f2ba5779778f8f46b8848805ccb5cb018740c77	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E4CF8851-3C13-11EF-9449-66F7CEAD1BEF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf710000000002000000000010660000000100002000000047fb812a2711f1da44d6b975acdd32e4e24b84d52801f62d8d7b87b632398dec000000000e8000000002000020000000fcd937d397e2a1a597cf63b52e987342f6d6a6d391f5f8812aa481d7367ccb1020000000abcfc4ccd43c1d8c0414c229f5b69782ea845c36cb545defc331c855fc689c3540000000aac501e911f8d18e958e2bfcdade0e5fd4563857a6fed63d44eb4c77c26d4989b069b28992a5126b67112ede1b5db0f6985fe7c9a414631fb67e563280f42171	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426486032"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1712	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1712	iexplore.exe
1712	iexplore.exe
1992	IEXPLORE.EXE
1992	IEXPLORE.EXE
1992	IEXPLORE.EXE
1992	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 1992	1712	iexplore.exe	29
PID 1712 wrote to memory of 1992	1712	iexplore.exe	29
PID 1712 wrote to memory of 1992	1712	iexplore.exe	29
PID 1712 wrote to memory of 1992	1712	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\渣渣网络商店系统(ZZShop) v1.0\admins\js\calendar\index.html"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1712 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ae2de35b61ac64b4a37f103c33fa51e

SHA1
4782cbdba9a83a1d1c2c893b3c932b8be258f808

SHA256
941fc7dbdbfb1eb3545c0d64fb6abc5094509dd94d724944fa2b9e907fb8c917

SHA512
01969bb0356870fd87ea32bf35841c1e00551e8e2d4413a38ae708e6f31c8b032a0bbf86cb196733f4da3522c412cc1f6d88453dc0b1b7df22b17fa7c15b581c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04e742dc49d5d8a6e0913aad88650e51

SHA1
fa49a197ebf6531ea3604ea314d55eb2a29ed44c

SHA256
42b1fa1ebdcc44d45081aef0fe86880cbaccb8b46c8998e90257ef674312fb37

SHA512
d86b938f3989ecc7b759be081d364e46d6101f6b5f80710db9b86c58f156bdacf82f5905787fc7e89823f9633db84ec45085ec7ef62f638b433183be803aa302

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8be0b6de08d4b4c24110419c199debea

SHA1
19824c36cdc02b012ac531a65a563a43947a6eef

SHA256
fb95a3111d0685649df866426c93801f79fbfecb2e7c1b0a97b9418d6c9a49c9

SHA512
5ba26411976d0feecb89b11809764cb9f2cb2d3e3345f8e7d2c706daedf1ae5c3e0c372cb7d1a461730d1e976a94374e15622d76de5c11fc96f7bb0a735efef0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31ae250c495e5fd63dcf7e353e79cb7f

SHA1
9661651bb37ca118a4bd84fdca0f1bf426ac5206

SHA256
200ccadc5eb51ae9eac913ba76d8799999e0a0871c4cc937541ff7a3e34fd82b

SHA512
f96dfcd875d8558ab9cbbcd102ef4e1f4e9b5b3af5e48d342de00815bec5b62cb323b76370b9031a2fab8968f22fda616cafb7c5f2f234491664373f3228fb2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc2351473fcd28531e946e97ef090952

SHA1
b818972981ab073e1add8c9501f2467e65810d2e

SHA256
fb46020cc5be40846f224c1bf5917335dcaa7595bd2d4b4f2b12e85834963f9a

SHA512
36edd9b797ba6c6d9a6a8a9fbcda116556a9e617c3333a03d01feeb257b25b20e0d6b1dd5b35f8dd307420d9b5144d3c6f32b2eec1b44435d6f5ef08517e326e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5351abb1793ab09146490d29a45ec481

SHA1
194f02de722bf56ebb667c67acd7b79913c24fa6

SHA256
2fd81d7920859aba5150121708083fef32141b59c319ef8a394776bb2ccbc4e1

SHA512
ed03bc4e668fa55853049e59738cfe192c4c0819269858f43d4e0b8b26ac942173e83698c94f9dccdb5179b543f1a4adbc3a94a84f9af8802d21fdd5d34f6385

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e7126f6e705f4df7b07f7eb7a778c39

SHA1
7fee32cc8c2be72c848be4c5378c26b12b1b0426

SHA256
ccfad48ae4f07f7d4810e8f996ee04125335e3c78f38b624effaaec3eeb73b5b

SHA512
516025fc5477ec7230121f1cd0f4ceed5abd6dcace40c229c1b255c10f7a3db318fc924c7fe117c86d0bfaa3f50b20c8d3155950b8987aaa745d81aab7ca4b4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02300e754c29a3ba41efc837ba33aecc

SHA1
6bf15ef0a6476d7f0e03742eb431b8c943bea93d

SHA256
e231849d2a9f09e48108dff67797c1a66d189bb33f7ad9313256c705e0761c43

SHA512
63b3d142c8f8190781551ee47c1d694dd2a1782f9bdec756347cb2171f2c1064c59b2674feb6884f87659bff9e59cb1380d9ee4f8a6675ea0f8a9fa9580c7603

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b734d5f0598ccc0a1fd2437a6d7b3f92

SHA1
be4d0792902a21ff936b4baec2fc47118444ed38

SHA256
bb078b605324e483b61bda245ac844db70eeb95d1a706c6ae141bf63f8f7ba76

SHA512
edadb4e5e376626d7d0de2174debc29f0dfbc523444cea25dff78ecc84e1203120aaf1f187cddfb421c1f03cbcc1b9ec7932ac46c0317571480a12d7e1e41220

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f71a20cf09d19bee5203ab72e17818ae

SHA1
26165c941748d9f52291c6b049cc36d440ec4cb2

SHA256
54e8925c34a6401005e47df0ecb519b6e2390ea21b24b0a4d91142aed05a9985

SHA512
db01d003a52d14c971e58d069a94f6bb446807c726a2ece1d4648e55b83864b6efe1849238f122b78e077d94c86ce9110fade10ad0a894a4eaec20f41e024310

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba97e479d08cb89759b503c651121a64

SHA1
50ac7342fad91ed4a247777c35f9124cc6819842

SHA256
81b5a57e50218149f790fa06433b8ec1dfb8379463e40646217a6a85eb348f58

SHA512
2dc34aaca6073a2cedf6d057c2394a60f38a830ef3e6a39fb5b0d6f29dc800cec22e68c7845ea0c3c0e2445d745d2132405beecdc9340acdc02561210eef212c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98d216eaf66f506dd747061cf3472311

SHA1
c86e0996db713bb3c879420e5a6e7dc335c935ab

SHA256
913861da6919505ca7e391e1c9d7f85cf858afc04341e4392f83b13cee4df8cb

SHA512
d73192c30bcae1e9ed091a853422baca2bc99a6e5f477766fe965d40f42d6badc5692984a343f2f9f77242e3dcba508e454192beaa97af7b9d428d65b3c93259

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
761b79253167c6065bd19e0a7e899e8c

SHA1
57e9136fdbfb299b5641d131a2137c9665cb25b6

SHA256
a7c4625380f687a4d328c088f44c58ceb0744a3c4a10cf2a6226e4d3d510f83c

SHA512
d64d80ded57af694df7728e60a7618ec40a646707eaf663fb862383f4116219be876a771b97d1bc6f3b935b0dff5137023ce96cfab2c3633be09cefddf8e26ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
94af615975c18944c19155217ef871cd

SHA1
b598f3ae497aec9083155979ab284e139de79fad

SHA256
59ea43202b47d58cacc38bcbc083ff794aad4904f5a3873061fcfb0a20215e9b

SHA512
e51759f4afa4d3e79a8aab70b2fa59ef941291fda88888f9237c3eb8f7f567e68bf817241b9999efcec2bf9245163d0aa09f1e2c9743be347c938f46b352e38e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9353dbc034f364bd5826d1e3c0fa9fd5

SHA1
3ea4e16bb9a70d22b29b580956c0802a798e66c1

SHA256
76994316e951ed20e6cd9bf2916e6920be54dd1f455793294e5b45da4d8ff8c7

SHA512
b8e7d5c8d0172d156e08a2d03ae2ff977834c8ad8a8f9d0248a549dcbd61e9f5b29f693b5b5d4fb5f9038499fdebd71e777a69ee2bcbb61af4f17fa22b24ef4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC499.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC539.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit