Overview

overview

7

Static

static

3

37e3d951ab...18.exe

windows7-x64

3

37e3d951ab...18.exe

windows10-2004-x64

3

$SYSDIR/Pi...er.scr

windows7-x64

1

$SYSDIR/Pi...er.scr

windows10-2004-x64

1

$TEMP/dospop.exe

windows7-x64

7

$TEMP/dospop.exe

windows10-2004-x64

7

tbu03852/dospop.dll

windows7-x64

6

tbu03852/dospop.dll

windows10-2004-x64

6

tbu03852/options.html

windows7-x64

1

tbu03852/options.html

windows10-2004-x64

1

tbu03852/s...g.html

windows7-x64

1

tbu03852/s...g.html

windows10-2004-x64

1

tbu03852/s...b.html

windows7-x64

1

tbu03852/s...b.html

windows10-2004-x64

1

tbu03852/tbhelper.dll

windows7-x64

1

tbu03852/tbhelper.dll

windows10-2004-x64

1

tbu03852/t...091.js

windows7-x64

3

tbu03852/t...091.js

windows10-2004-x64

3

tbu03852/u...ll.exe

windows7-x64

1

tbu03852/u...ll.exe

windows10-2004-x64

1

tbu03852/update.exe

windows7-x64

1

tbu03852/update.exe

windows10-2004-x64

1

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    11-07-2024 05:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tbu03852/options.html

  • Size

    6KB

  • MD5

    adc6e16ce6e97bd1eb19d3a8dad7274f

  • SHA1

    12b55eab3225b2250ba051803f7d791db59a46a1

  • SHA256

    29e525a91d8ac4ec6bb2fa299a404d9f151b45400c7cab09675a23469373435b

  • SHA512

    2c4bc233ae8741fe0a6995845aa88d707b347cfc78745fefac346ce27ddd5b799dd374bbba15516f6e61348f52720be3639cf0cd925a599250a9947a33ab7103

  • SSDEEP

    96:BKQ/O9mOdYCQiLFyzNYs90Yi67mX9gPui39bnLNza7/OBgx4wTn:BFj1cFUYJYnV6Bm8

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\tbu03852\options.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2384
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2384 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2428

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0dec234ae31076804a56cebcd6ef3642

    SHA1

    232b77b200c47f39ea6f9f384ac6b3b2782ee17b

    SHA256

    1826fcbdb08f902e86ff61f7a127806aee2c4f0811dde47ede0806ddd6249522

    SHA512

    d7e358730671dc540d90f77251e31a53289aa6e163f2b369c697144ebd08111584166d90c8d1bc62dcb2463d72525d038d6212b55b8e0e7341bc0c657cc033fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b687254571cd4a4809fb7dd8b7622c1d

    SHA1

    0eab79ff223b58abff20af8c3739abc359ceed2d

    SHA256

    8f80799b5d1694d0743e27a308677137f82cd9d3cc293d796f27fcf8b19c6b04

    SHA512

    fd8a69295b7870d3df2dc4128db6b45e0ae7660935709eb4c877b1c8d7e7e7c90f914849ce8ba088df37e57a3137696c76465e8974255ce27264f40326a669f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    28c36fd5663fd565ef7e9d7ac8defd26

    SHA1

    2a8b7879c8cecec3424c7dedf43f88d2ee7baae3

    SHA256

    35e822b26a3a124c68f3ea1a09e9306bed5bde1ec5093f57239207613ca7bb60

    SHA512

    ec24b50cea7dc6914bdb99a4b10a0c56e9277536acc2975c8919c50ecc07f4b84a855c909c1a715d08e464d3a088d1c6573159b44dcf49cfbfbac5daf1fac1a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0142f02f289ef20a9395bb0d515bcbe1

    SHA1

    3cae23bfed46c46491a86c172fc79af6acd7f4b5

    SHA256

    b4c480b697043c7078a8957aabbbba4bff33670301b59ded240f8e33b4703bb3

    SHA512

    12bcffe17378b21c9b080484ee99c57382cd5025560a9ffd811b9c8a14e2bb3e5f545ae7b374dda23555f12ba2288d896a2d1d9aa9538f62dda0d0696f61d2ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e61694015a4da3cee5c71cfbe1e22a7e

    SHA1

    71583b9c44aab9331e0b57ae75150117580b14dd

    SHA256

    4fe397191baf14ab7e66bbd6f18a9e736c1a495a915fa5b96da6da7ea8ed0845

    SHA512

    0b4568058405ecbd41fc175726481b60abe2ae40f45b1af82cfee871481e2052fad0dfaa06cab5fff8a2c763780fdeafa8175900a69803c1ffcf238d1b969086

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b04fb3dbe42e2447729b774519779944

    SHA1

    f1bbb9feda925af54972e6d2d59b74e4a11ad6a5

    SHA256

    db2e62f9a4c5c5374630119e2d0b1fe759b6e3c638a5be1ecc17d19c55c96e56

    SHA512

    72cd19ad2f102e0791e71aa6a6055ec77f29b65ed55fc9dcfd3a667829c05229498113033b3eb47fec97e08f5dbb8dbf4077cf434e3482f86fad0bb30c127c0f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    381345046a80f7a4cc251092109c8998

    SHA1

    934f34cfebdb8e7eb4bc018364f07523e264f543

    SHA256

    6082ec1a66945413205a8f4d2cb853192a2d13ce2c3b091785093fb7376ecec6

    SHA512

    da44c393f1504c9cf22d2a585ab313aa9d39b56b2c30bf8e016da22e433e5f9c80a8e3b81425bb50ee45ad0791c9e14b97442dd229130385fa2d7681a3cfaf7b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    535e8fa90a911f8390e6544234f89534

    SHA1

    f01d64e63c842ad94d5232519c9d884fd8f0752e

    SHA256

    46775fcbaa44511c84c8ea2c653641cdce2a7e9e72adf2b9c56dc6bfe539f900

    SHA512

    b94f4f15ceaa7cb3f2a87701e1455331a99b569aaa0c453a7b1614d5c1809b37b31ee25aaab1c741f85f904a2c53056048341a5392e18a10ce786c130aff51ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c3490e2444f2bcff9d0946485e6ccff9

    SHA1

    90c7793e09928a16c33146de586d40c99a8043eb

    SHA256

    7b7cbb7fa2236a2552be32d516872f6d230d3b69f98bc19ab88bf54aef98bd59

    SHA512

    a9d6a58b1e8270a752a3ac405fd4eab14e54485521b8bf6f84efe62ff95c498b0f4d54cf791306c07d8baa699b7a05ec338645be73447436340d1050dc922741

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4a172436ddf7c8b73b2f5fbd9f28b92a

    SHA1

    d3c00c4f5e20ba155e7024d4f3efe3c96c7af9c9

    SHA256

    5a13be913e1021f020535df57c4552471e3dcc2b8f22a780ac781cd7de50c0ac

    SHA512

    d6317b3229cdea728435c3413e8c099abeef75bcd39a723e7686f40fb680a51c1cea773952f89790da42c4ab454e25ae6517dc55e7a8e63556a305c53447053d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2fa0d6f1cb5f69591b25d37aae2caf81

    SHA1

    5fb05909007938e1e321fd0bed6ffc8db06e5888

    SHA256

    590efc0db60405b8ef6f10989a4308637ca946781fe38da5db14b4c820587e3a

    SHA512

    105d393a3d04e56b5f74d77484805e5b183126a86c3713b963e696b3c4d95c757bc44b1ed02adf316c2875c1b9dad305735aa057db7aa92b5f0a25250747c48f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    593ab622019ffcb90b00170fbab1d533

    SHA1

    0196b3dd1f3214efdc25f0c56dd943ee47732f0c

    SHA256

    c091e4f9195ce47cd196d84274b93a754f1056ac493179a3029ca81bc9ddf9f8

    SHA512

    3a77d22d70124975f072960b5c7a2526be1440289b81c5e8aa2b14eb2c7d62adf173449976caf9727b20b6c11ce0abb516e711545a301b21dc874f23a5cdcafb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    642fb9f7836831464740a8fa55b80c75

    SHA1

    f447a58afc8fb19f03a15a5fb18e9da20aab2f4e

    SHA256

    680ad984b46a7dddc83d672368d33b7dcaf97582174ce9f8b6705c06c25c0ff0

    SHA512

    b2b9bbe06ec7a7ae80e8a65a358892a127c3e440b063ac50940fc9260f7f07d49e9c16016a43923ee33fbf62f7505fc567eadc7e89e24b322bf9c507ca491eca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    86a81b5041b45dc1bd392be3d0a4a2eb

    SHA1

    c4f0048135162b5269a8f5c280aa7a5e3abc6cc0

    SHA256

    2f18378db5ecf7f2214d86e724223793b8766161e99ef05d1bb2ed303a03a6a0

    SHA512

    e6fc320c4b05ddf6fec30d8103d44b906ce236025559860e9479699f499c70a876529397ca64cba97ceec214adf3300618cd6fc17724291c15155a5e0532db9e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4d584c7d999b1787284e52ad952b51f7

    SHA1

    c3053b519bced7400578483e5490b6bfc0ccab18

    SHA256

    3937d832d8d477396cabe56a6000cb42f8cb61b624bc80761fa31e86acb5b22c

    SHA512

    b491cfa4d760e0b09e05a77a6c6d178ec7caa054c102d61afadcecff716bdb271ebe4a3bd844585fef007b250578fba3f41ad7a323150eedeaf9a001eaea2e10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eda054517499d5aefbd3ce26a0ca1cf5

    SHA1

    d011b8e70c2c7ff0f6bd87145226b69879c4e94f

    SHA256

    20953343d55c93d5480e1ca0421c055aa3b84a1d52aab09aa7ec2167d4987f17

    SHA512

    93aad1da89b147567bbcec978b37960158952c108a3be212bd4a80202a73c7c350977f6a0aa26ed24f4bf677d706c108e493708a5a8cece32817855bb59a1139

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7c1c3a42e90160cc6b7c132ce0d24d7e

    SHA1

    fd39be0c5a4dbd7aa941d777f020ac76fcda4600

    SHA256

    cdce3e90c62f2b771c1010cf783c32506f676b14f7968d3ee001d0f7a7797809

    SHA512

    666aebea37d24e7518a54fad32d4c21c0af3b817d84ae9d5733d6b0ebf6071350ed2d113c03d848b00e55413fc6f36c769fbcf4f0fe1bf8a49cc6c2a98d4b3d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    584a89e882300539bcbebc6c1ea434b1

    SHA1

    743dd84f96be1c290bf018b6b99ce08df03385c9

    SHA256

    6c8c8a9cc7ce9e7c1c641cc9e1c4429b78c463fb42bdeee5e880d76d00bd2a32

    SHA512

    f561a59c58974090d30fa93a7f22506f34d18b7149fa64e2ba4634638958ac32fe4a5e940f2855861bb1bfa1154c821a14dcb8ffe407cac2c268812de18ba43c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    782d3e81719d8cae3bd38efc9ee50806

    SHA1

    4f08ad5c008cde5bdeeb5be38ade669e4dd12fe2

    SHA256

    159e17e3e56ffefa2caa6db8d0d43a6ff8aa9b79a1949a5c5356711961394c5a

    SHA512

    46fb9e2f9b4a13e672984159ebf2f9dde34ad4cbe76f1b9263a9ebc75c260209d080cf5a3a1026231ea326a5bbb630d3626f4bff58ab8984955d7619c30e38f5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabDC0E.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarDC9F.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit