b7fc9286938a40f5c877232aa37413753dc639230cae5f3e046d77656476cfab

Analysis

max time kernel
122s
max time network
131s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 21:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

千僖网络音乐程序 v4.0/Ad/mms/adfshow.htm
Size

1KB
MD5

9d147ff95c132edf6d522ebe7310ebc5
SHA1

547c801b06847d0c8acd145f7abecc3243f5c836
SHA256

0dfb4bf71bb6ce7b37d68eb7d5c7c6d2cc1e80c3baa368f502388655a51c0a76
SHA512

13a29f4ee356c2ed1f815c46709fbd30f72fb6e8ee985fb15a9c84406a0e64d70ca07c8afce92562fcb284fa1c3ac6cd43737b8756e9ad26aef13ea5e1385bcb

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427585603"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf71000000000200000000001066000000010000200000006df2ecc6261a460c1324671a64d361af6b28ea93fbedcb302f31e4c15adeb27e000000000e8000000002000020000000927651d90c102a3c38469db03c344d2b3726e10f7189f88d883e15bf181274bd2000000071e73411134c7d71280fee6ce1ce1891b7d36f65b831a625fc916f82b0551e8840000000b41e7618d43c1052b29093836ccae2c3b7a3e3c9a4efce6b49cc6209d2a746166c5282b93dd61517155b95ee6d94ae1fa9cd0b170856ae26ddeb5efa65795d24	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf7100000000020000000000106600000001000020000000b825292366360a1514b3d11f4921ab76a4a571d2373eb58e01c26f62d476651f000000000e8000000002000020000000fcc4116ced7d9addda5b03a5481ada41d00cef55cc76d6fe82672d3920a4762f90000000ff83cdabb05f927aaf0524722302626085620904dc4162fd3906dd3e3df6b217ad16a80ec6cb6e09858b2d6962dc4d2b3522b1b28cbbb1cd11c6bb963647f5ae03507b4465137198fa2f243fb15c703fec52b149fef0c0e673f0eb904e39b64839ce05053eaf8f27692362d69404840412cf71b44a6bde98ee2d1241f8b7c3c35cfd47b5a107f9770366393c9400f8a1400000006d4e32fa81a56bf798bdd78caf3c70c85e4ce49db963ee5b3b05243badf76ccdf980f831e07e3ffbd233dcb2602d3d3c3ed06e6a4489769a0a2e105e6e1185be	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90d1eddd20dada01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{093BC911-4614-11EF-8A2B-F235D470040A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
872	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
872	iexplore.exe
872	iexplore.exe
2432	IEXPLORE.EXE
2432	IEXPLORE.EXE
2432	IEXPLORE.EXE
2432	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 872 wrote to memory of 2432	872	iexplore.exe	30
PID 872 wrote to memory of 2432	872	iexplore.exe	30
PID 872 wrote to memory of 2432	872	iexplore.exe	30
PID 872 wrote to memory of 2432	872	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\千僖网络音乐程序 v4.0\Ad\mms\adfshow.htm"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:872
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:872 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e9b4a389a366568d335a15b85ea3453

SHA1
6635a70cb7dc8922ad9b4977743dbee91897a5c1

SHA256
a22463c369caf71538041056b03831068befd5c3a12aa93d62cbf55b8ef11235

SHA512
ec3874f40d35455f96f0f58b3ac6b801c4657c13255b2eea85f553f357a6d76ed46d665477bebc895a2aeac16774cd9d519a6a7f2b7070eb3080e912a2440475

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa16c96151e4de0507f0bc028296ad7b

SHA1
d2276f559a95ce7c83aa9f0e178d3e6f33a5c186

SHA256
7683436577116187a724d39d0ea87bc5c840a2a07615d9b08da3c615262ed76a

SHA512
2fe36e77c809b05f92f258f8849f23985d0ef05d2a4241724b4e7820dc574c69dede85ae7213c9f810a7dba2cd0391e39c296b28d7dd4d803807f54f24c4c563

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2632877dd8d67e94269e27264b80aba3

SHA1
6785159561659132306af9488982629e006f898b

SHA256
1bc553498793297482a5fe9b95db5a681dc0875ef4bcb5c1191f6aeb85462c35

SHA512
99c572480d7f611c24ec6879bf8c4e53a92b97684f51ccd5ddc392fe413a32dbdd2a22bd983aa50d5b46a5d26e745bcf8b967391c36d7c50d57642e4ec34845d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
263f2bc8fb5578fd56ed10e0aec8f433

SHA1
9d351313b97881a1b0921776b7289ee03317b0c3

SHA256
a37cb186c598552309457d16c636dc797da1c68f328c01bdd93434478ff6ba16

SHA512
f4f09d590b35edad1554a4b87ee4042223ebc0ec340572936494d82a317105631fe9feb8fdf938e61d74ab7de5ceafad00626393be2f9b2dfffa3e0639fbf77b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd4407e56c95bbc2846a7d5ab25fd539

SHA1
7ea20c26cde4591d79aa6418b3eb14a24d0b6a69

SHA256
a554af5091bfbab5a8addd4e8949dbea741fba48181e1f85102eb96a7e22274c

SHA512
3133a8a71022c28a8301be52e760981ade0634dad4268fd91dfdc0b4901c3772218386c1d72f9812b4f16a5b08770863ddcaf422ee2a99d2a5dbac6f8f556a31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ffd0546dd459408269a3e0f3e77ca2f0

SHA1
911a27cfb62b275790fa433c978b42da705af64c

SHA256
f0b76d79ac55f97ec482d2ff23419816937f0615b06ed295b9ef1c114e14cd3a

SHA512
9368401588a373e1b419e6f6e764bb1968d935aca6c58e4653f1eae75757bfc228370ba38da30296c99db0672f4832e0edae34d3f946ae9a47ba7ca67b576a56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57039eac0903c19987647529ff1c866e

SHA1
8ba4ed3c8ae27775378d91b53e794836d2a11d8f

SHA256
387c97d75976d15f8b7ca74a34c71f7576213754e9282187984528ce6ea62054

SHA512
15d3fb0133a9fab051a1278c83b87e64c74338df26069e428e89b264e0a9e31fc9ee8a38386ad1c10a9bfa6a2edffb6b2c5f330465e1bf0b4a3c2fdd64c449ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04f408732dbd772a82769d39e1b4b9eb

SHA1
368b1946e467ce5ace8ec6c2e766d68ae410bdbd

SHA256
f1f01d71655fb9cb7ed6e341a64f7f7186142a9482904fec8eb0cade3920b25c

SHA512
b81900e5cf3d6795a4a9e473912096c8afd2e11a3034f17ddd2e15099b58ebb8d2fdb90ebab4e331b7cf164c10900342de65522cef7981e12679276da3e1e951

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ccf9275967791af75400a870f2e9907

SHA1
e98e1cfdb5ba7c694a486f656eaef1c0b59a96c4

SHA256
096a55b1f27a830aa0eb8418147a4b04d748730a4f360beee2f41e2005f2e398

SHA512
2faa67aaf8153c46cdfa24039bff15687a83ac8071913e96ff6df032d689fd560da3f1474232a27890c335ca43c41c2c74a9372a945adfaf93e3a0d043fe7f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f7ddf9cdf9b90e8f885e9f37e2fa65e4

SHA1
989282887f6beaf0496916deac043e8208157b56

SHA256
40bd21b08d95e39839dfe0f218305a96c1d440482bd03e95840a21c0de779cc5

SHA512
082c99764209ebe6cbd50640d7d6c8558419dd762e32bb8eb80470aec85f0cbeebf2349c7c72c1b60172503d12b92ba22e0925b9a9b905936a2b4e1d53f1a1f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78fb6455a55af9f6da41cbe350aa90e2

SHA1
7337a87ae45b3a85ac028119a40d453953eb86fb

SHA256
a29cb1d17eaee7fc33304a0ba20111651027ed9f1e84c1b0866b79eee830ac14

SHA512
b873a0201fd947ab63f7390431dd58c463e54a4d0f3ac589743afbf9abe66ea8650f9a135dde297bd705c94ca377f1042bc66049b7cfa784cca448d2cbf0db35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c704eb214b26f01dca3fe995201eef0

SHA1
f8e48a52954c9eab1fc4d8f1a4a3d987baabb8aa

SHA256
7870a4c245b4d14dbf341cf604a8859455bf5e07a2824ef2cebd8aa732a7278f

SHA512
49319ff4ecf010bebd4deb2119f236256918d1b7afbeb0a6764b2b95ef157c7d2eb6c45c46b1a10d05240702d9ad06669460ed163432ff2ae6ad8ff3f2036aaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4dddad37f57164de548d06cc6f15a21

SHA1
fd11c297c9a582fa64b659adad2eeb2899fb8327

SHA256
7c1cb07a932dfea1933c7f457db6a7e6a9ba1d4600d6569b9ed317c819d3276c

SHA512
1f335727281ea459c5efb8b86a9e8d2dd0cabe67e62cca839decb1177fa99b2386677eda775c4b6144c32d16074e187743c73dcbd546c7efa4921df9c891da00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
948dbfe55f11160746d666448bcb6737

SHA1
a935a23cfede09423f01ade259adb0be446f4c3b

SHA256
5160b5fa145239b3ad0e7b1fe75f8aa682ed824ea91912a4f293d5d5debb9384

SHA512
54fd98b7c143e1cdd0fae8b836892887b671e47a94376dd2f1707b8130f4e1a85a80cc81de3a34370b0d3c284189a2b26e5a06bde90e467e3f0e23bfe49ff007

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
feeb6ee8846c6e4797764c9a506c2e6f

SHA1
b8cfd57395a6f65d822bf498b90dcb7bdcc02ff2

SHA256
40354a1e1472d858020bdfde2078a1b8f969f28e43a7125c73128fc5ddbb0d29

SHA512
a4ba5c40fb443920d7ed0c00450d592da777ea1f4acc4d141edf3abfe1f55392eca1b60e655c8c2dc116dd907b95a7c4c31866035bb6e7b5b91680e044e26a54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2888.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2938.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit