ae4f5684ac12c65806282568e0ec9f98192f94796f19f2d1c4ae4621b9cf2e6c

Analysis

max time kernel
134s
max time network
130s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
22-08-2024 13:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DX TextBox 多功能文章编辑器 v2.0(.NET控件)/dxtb/selcolor.html
Size

4KB
MD5

a9268ae56af4ececec7797f0a6768fa8
SHA1

17e4b0724159f6e780e351e9fd646e2084d625a0
SHA256

3b1f03177325fffdbab361becb39cdbcb0b8cda9a5bf38b211091c97c5685dd1
SHA512

79d911e9f5f79acd224b64bb361b820a17a6fd2c4451614959395f02dd17bf56c2144b24e0711f138a2c31632fb4c0c2dd29393c22f14726144d69b633ab6a0c
SSDEEP

96:t4a2Jd13DWyq/aDZAaVAaOAagivAagYAagnXaEJSOeaKRg66c5iiac+afTeOqkr:TE1zXdDZJVJOJVvJVJWqEJRKa66c5AcN

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d04b9cb494f4da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DFE1C771-6087-11EF-B0EB-7699BFC84B14} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430494085"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f0355100000000020000000000106600000001000020000000884678567ebd16c79882229d7027d7f7e26bea6e8c16e1414c7ea9d6029e57ea000000000e80000000020000200000005a15c3e4d33224df02736425c661bcea37ed64aaa52220b4163a37bbf10d0b7d20000000f0bb5efd15697254644e8f40af4b5ca6d96f7cfd8901fcd5336435bc5286223c400000004294d37540699b92b1e561db9126bf6aa2bf2416d2e3259943a3fa5dea9657828736b7bbc2f30b2f8842efae252642fbfa7495e3a186d03ce7434568ac3a9e55	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f0355100000000020000000000106600000001000020000000448d68bb39468af967461b742ac91660b565f577eddcfc6ca46c211e18761abb000000000e80000000020000200000003f9065a6d5b7c716ca1cab44ff4190cb7f982392c88b0837622f3670a2a1e19890000000f466b7a18a5e5c425a37f641382b853add07dc47415256b2017864a5cbc4220f5b8a70cf808e3eb79bd4718d71bc421a97c8fc1e8bc9b2a138c8fe8288f706b76d76b7ac16036cb39569b71ae795f9d7533f0f9dda26f326c9aa989ab4c4832222b8bfe6b15316b873e71de0ae2d61bc16b2b221eaad2550f12d853c9f878e7608339e780be68ad0cbf73ef304731efc40000000054b03923951477dd07aa7b0f738e30421883421404b65546d77132bcea44c5b1ce6748df15d18fed1489446e93f2087d5bc180a37befe590579d8ee72929da6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1660	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1660	iexplore.exe
1660	iexplore.exe
2524	IEXPLORE.EXE
2524	IEXPLORE.EXE
2524	IEXPLORE.EXE
2524	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 2524	1660	iexplore.exe	28
PID 1660 wrote to memory of 2524	1660	iexplore.exe	28
PID 1660 wrote to memory of 2524	1660	iexplore.exe	28
PID 1660 wrote to memory of 2524	1660	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\DX TextBox 多功能文章编辑器 v2.0(.NET控件)\dxtb\selcolor.html"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26694512a40b8459348e0b6bb9eaf123

SHA1
4015d3ec5f6da11b96f3fb462897abc1da996f73

SHA256
aa54ac4d59f126c3e8b144f66dc3c655c645610808cf7060a893b214a2a01db4

SHA512
761b73b5f4fea037a038bcc19612478e35acc50dc563b23049fc12864fec4dafba8a9010d6921fd3f6be319b1b6a84a397352356210f5da33bdd56ca26ca5ebc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
34097ae3e2eaf184067193bf61b49525

SHA1
e9f41bbf53c611b756f948d84f761227825d8abc

SHA256
115915459a8674f6fa190a0b7fab52e4b009b3c29c1aca5823d1bae55068fe89

SHA512
7bf01432d8ee64f98e073e21d8b6dbfd33ea68dce22856c83ab0e2c6c19d0471991f7dd48257b828364ee7c7769f148add104658a7e25d003b936042b1b036a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08bbd3560a86824c0f73daec19d223a8

SHA1
2ecf540400b58d8353cb666238620b15ef4637df

SHA256
038a56cf15ad2f0cd2ccd00903aa44a15b7a1d334161f2dd40754c94167cfe91

SHA512
9fa8624eb16eb0a8f548d8c8fbab14f13bef98347532ea09212e74c4826af2067c1be172dda773cd60d3276f6a816b9021042c220d37da8546debf3b2d3b7649

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
42d88074d0be7474befedfe13b4272d9

SHA1
3aa4b0fe2048bb0822dfa253ab0ee97c7c954e9b

SHA256
3d12e492182020712b76a2371fd96300033de79b87a6e84504a21fe73da5f540

SHA512
8b6c2d694b86e62578fdfe5137694ca80bb100e4095ed2a8fecea833a847db0444c6e982939434160f29097eb2740ac228d0ee0fa50121aac9152f14fd7f0bdc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aea7de92f744092c1f85681d7e4c7c0d

SHA1
dfdf082d8bfaaa121650fbc3ce6292904d772102

SHA256
3fded5ccf0b2b2e7ab28f7a3f2589ea4cfbe73a992c2685d3c4e8d8a307c7b0c

SHA512
e906976043a4528b7dfa267deb1378f5eed645aea6d45101f1088b0e50398743b7a2413b7e41a8e1b06e1e6e9baae0b4fa33b1b83f54cc257bf484d39a865d87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e7032e6f5fd531c18e544ec8bd27f378

SHA1
ffa575872a043d8ee03c6c972929d1af56103553

SHA256
5dbd571d92835b490578a21436794766a032f583e6c73344fc11af7aebfb5252

SHA512
7391cd8520e27b17d43a8c5b0b53cec5943b61485656c836660ada74ab7855269eaef54ee4e6095b6e83b04f188b1a4e3d1b4b69d6481c6717c949150022bd07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b64f11279345641080a309e1763c0859

SHA1
0606e6a0b81d6a7181308051b1cbff07e2819d26

SHA256
3d3bb5e2566f8baaed48c20d395ded91987b5f4efce615872a861c28e53a9216

SHA512
bbd70cd4fb14e44d0ebc883a460231c7a93b2a122d4948f1f7f9ebc46345be5d6d758b565b0f26ac00951f62ac2d03e56d1dec2cf7d2cadc84ce0873e6edd33a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db85e0b528da4b82168da1e913ba2323

SHA1
17682c4099d8b2b39f9f20819b818ea3f3ee334f

SHA256
2341987b7ff4c839f6262c414eec5f14fba77324bebae88c6ca7487801925a22

SHA512
c00591d41578773cddc36298596898451595b07ba9942c9610ba57a3c555def927d11f9404b94de789a55bbd0ebf9acd406bbda0e455b71419484a9daf8fc18a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25dc0c1e6fbd204f4b8c58ccd5dda118

SHA1
5eedaba11bfd7a084df19d24b8ebdf20d0376095

SHA256
2d72c399e27a1065ae1e34f7ff57103c0376dea9c818cbb9599e580143f5aec3

SHA512
fcf6091437c9612a298aae053a48044eb390ce6eb7586d5bbe2ceaba5742da7e3ca98eb9a8c85feac0eca5c83cca894c9caebcabbd3e3ae4a3f97a7b2c668d7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
364538120ed197a2dc0a61db96ed1d5a

SHA1
f92414fbf46dc0b7c18d1f48b1869a50d2505818

SHA256
b5f4d484a78d677fdeb07be125cb25e6f6d37cb2be3b0f38f66cc53769cef889

SHA512
099ef7b0589d2acb8749ebbdf4c982ca12752df00f1c3016e1854ebc15d95ed48b7649df6771b11d7b941ecce32a52a729c199731a12988fa15fb1315c5ff9b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0792a0179eb5c29ce0e3bb795cac739e

SHA1
09678acdc2e5307e74f59b35125827afe378a2d6

SHA256
81b23e5ecf60d4321fe2997df00ca9f1ce55b215e81b01970a7a8ea744f5b3f7

SHA512
85353920ad9d3111d22df7ecbe2436f01eeb158e4cad21c7e153714545cfa23381ec1c9296f292b4639779f88e27676bb0477da199b54835da5c49972d5d7897

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d55961d7220db72ad092c2ad9696c0f

SHA1
3efd26751357c11fa26cb29d038d1489f7c4ffb1

SHA256
bf124bd3543a0e51d2a004e9fc9697bfc38ba8935a6dfdd474e174202e587273

SHA512
f44f515a416989beac8637abb6ae34572394b9974c3f60a0083946b039182636fad84526c04dd66cb5e4db81201323e2c1645a81d0bdf5aa8167d0d52bffaec7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
62878e4ff307340f820568b29a14c3df

SHA1
8e65bc6b3d86cd452b08694baf716ee7ae4080f7

SHA256
267407d00c1c21163b5c6d2d1539066263505fc3582ecbf8885531d1969f9a1f

SHA512
38cc3ce6d6b324b0832b475430e4fba9dbcee824c4d3f3f46b257d1fc1c2f7fe49c7809278c6723245ed53b03b53dc4418ce6bc75bfe09174c4c5f4a13a55951

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD59A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDB09.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit