Overview

overview

7

Static

static

3

0200b0ae3a...18.exe

windows7-x64

7

0200b0ae3a...18.exe

windows10-2004-x64

7

$PLUGINSDI...ad.dll

windows7-x64

3

$PLUGINSDI...ad.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

IEBar/Uninstall.exe

windows7-x64

7

IEBar/Uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...ad.dll

windows7-x64

3

$PLUGINSDI...ad.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

IEBar/xbietb.dll

windows7-x64

3

IEBar/xbietb.dll

windows10-2004-x64

3

QQDownload...r).exe

windows7-x64

3

QQDownload...r).exe

windows10-2004-x64

3

config/swfobject.js

windows7-x64

3

config/swfobject.js

windows10-2004-x64

3

updater.exe

windows7-x64

3

updater.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    134s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30-09-2024 15:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IEBar/xbietb.dll

  • Size

    404KB

  • MD5

    f03364a071944d6517a537b0d91409b2

  • SHA1

    c8cdda8df6bc7b832dda8891a61005fc0c11821d

  • SHA256

    4af7f55e631b40d49c973e9f595f6c9d0ab0ac85be8358dc44e5e121f3699aaa

  • SHA512

    39e04e8d0cdbee66df03bddf531c2eba831268b29530c1bae8d0bd9ba0abd1ffc86218ff33c41fcfaadfec2238382dbec8407e993ba9ce75528841c44e8302d9

  • SSDEEP

    6144:xa4ZBXHlMZPqnN7bzS4P7sB2lXqlS8UyY+UWa8rnQ6uKmca:xa4fHloqnN3G4UEqlS8UyvUWzrnAca

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 48 IoCs
    adwarespyware
  • Modifies registry class 50 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\IEBar\xbietb.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2500
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\IEBar\xbietb.dll
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies registry class
      PID:2512
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2344
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2344 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2136

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
    Filesize

    1KB

    MD5

    5d7982578d49af554bbf38fc6ddc1c44

    SHA1

    e4ba5494349a33ca5dae8861a703bcc776b2c34b

    SHA256

    db692ad9c94304bd6f9dd3cfcc00c769d9004dba78730c417b8dbdf28620f226

    SHA512

    d306667c21cb34f6e1e5f8096b4c24b26fa61bf66f847b3f77ccad498c874e662eeae506261132959b8c0c52c34ddcde3cb2a2b396854109704f56a7bd025147

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_6AC155AB4458D0D856D89A8608E588F4
    Filesize

    1KB

    MD5

    ad069625660c463b2bc0b565469f7b49

    SHA1

    905e68cb7d71ff72ffa0de25258e44c2d8013906

    SHA256

    9392860962fcb2d9f93059bc1c41fdc46eedfce6f0106fc567a8d09b79ee5f09

    SHA512

    839b72cf7cdbeae3cebd0bd7676aaf7e166a43e15a974ed6232f1eca344c050f89ac73fd2da641619aa87391772035ca2ac1ff2155b22192e1018fe452a5ffbe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
    Filesize

    1KB

    MD5

    436f35ad019ac62701d494bcbebc9f91

    SHA1

    1644382074bc565318fda2aff05ac621f494c14e

    SHA256

    1f0d759ec7b37de287b8242ea6a7dfff79a8ccfde27824a8d92bf3a9e61d1d5e

    SHA512

    4319235c9d9e870d355e7f2d36e0d5130b5713d3c1ea72f54819750074c0ab8bc4018d968f8052a254abf6326f37132dbbec3f0ece53133af4a26fe744ec0517

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
    Filesize

    508B

    MD5

    a3a5d221e5053cce4c19a15e30b6a543

    SHA1

    1f223cc6ba7d393c08855628f0b761a51b39b829

    SHA256

    6734054f2e3182d1ebc621867773fd8945e63f8cc12706f269516c1da2997e5e

    SHA512

    5b3c116147785f416fbb67f0e6baccf83f61b92e395ae768b5777546cae68b5c9e1668641f9f3e2d322654666ce141ac3429425a4a7945c30458df9dbe1a9c88

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fe72d91a46945043647cc8f4f4364f8d

    SHA1

    017bef4fff8387a01ae6049343c98fa576a08ea0

    SHA256

    7376c8e8074986a30f9bcc93a67751e192c19441cd984abcba312343b6eb517a

    SHA512

    98fad19d61a7bd20f320faa58d86b6b5f6bc278db57b1118661ce4d0667cbf669c018d80f5678de5729a4051d641c8f567e733a314c3a7622d4dab0cf881f695

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b66518a3e26b470e1bf6b2bc803c9780

    SHA1

    9c802df1b2c8e95ec8b44755ba527dc8cdb64031

    SHA256

    5345d8738878647e01fe7286f0f38745e9ddb4c9004586ce444c4bfe79cd7481

    SHA512

    4ad53b2cbd9225f14d0c611618b70349565877a4e5448e2170476826b9c4f351b75f15e6d1f23f83844d0eacee0b88e674fae912a40208122ab18e6f9c64910a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    054f8061ad37cd3760647d0e6b6c8671

    SHA1

    a48118a8a1008e8c228815e14371d1ade94f2b33

    SHA256

    cb91044890120cd57053b463727add45f198d3de963ae568b8b6fca46f2cd8e8

    SHA512

    dcd9ec209c364ebea1fe7dc45931daad10b45369366ad4b23dfae177df2c6fec82b1f064ab9c34bb148aca0722b94dc2af01a887d0d0b8f0fa3bda1411303e1e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    20a1875c5dada308c48caaf0616a525b

    SHA1

    06e96a0673ffa75feb6a872ccb11a64712a17b60

    SHA256

    58e927e223e6b6305987565e19e8ae8c07880645631d99a937d1876be282f07d

    SHA512

    dcdc8e40fa3c2241b4bd54b480cf40fb2100d5354aadfe2250a062f3ce0f0b8a8192348f6825c24ea99115833a78cde766f76d64388f12b36cda26368063edb2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    89757ea51bc6a8f2fd4d600904f3a9bd

    SHA1

    db02b1a92c8714f4eaaf6b23269a0e0be20548fc

    SHA256

    7f2e401cf809972ab5e4a2f0d751eae0748dc520656eb1a166290d493d308156

    SHA512

    5aa2f268dec23b15c82f4a12c075b702d91d3fda412f33871470f310c34ec81824c8ce857aebbf2a520787f286f9c5e6b7f752007d80fe8b66a00235f2c687f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ad82c91ce7a205de442d6c683795052a

    SHA1

    076c6d29d6a81348609005e95e0ea82ba7a9e2ba

    SHA256

    25c64e2dc656a01d44deb3379c940be33624b094dde543e72d4e019e9c0e362c

    SHA512

    8e6547bff3ae11913877d4fccebeee177bb8bfe1ad2ee2b4e814e046a36043cf310656cd4f8d338144b6b563b3b8acf649b4d3c2ccd8a4f5e938b5fd95e696a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e5b4c25b2b7cc36c0ce18e63ef79f0f2

    SHA1

    afd12e02b586683b33e191cf60e1f038b08eaa0a

    SHA256

    7a2ac83b70c9024f67edb746ce9d10c0cc21b534acc1c8303777bbaafc45e4f6

    SHA512

    e4baf63d49bbc3ab6f7b8be7c5153f8db923c8225a47efaddd8561f82faeb323f3f0de1f89ef40ff790fe0d2993817f987d8f5b549dde3c3d658c750df676136

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    54776bb80631b499842c38557766e8dc

    SHA1

    5d04f7cb8c1d18d59c65c3c933e42cba8cefcf6f

    SHA256

    c2f3896f8be5ed84dfec23b134c756e90f85df28e7bb987a77aa448194414ca5

    SHA512

    1e1b89ffbf865c30ad7e27d61dc372f442d3fa1733531619a2e85742cb97e151eafcea0a9a16e75f21160a8679cce4d7020a118259aef057f272bb6350be88fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ebf467d1410353f912cafd60e7794e47

    SHA1

    2ee7d8f15d911466d643ededacc9966de0906367

    SHA256

    211d167d06c108861c875c0c74c995b902364387da00317c6bcaab8310f0248a

    SHA512

    aa79820667581e3daa65908d374988f35355d1ae7ae8e309c1afb871ff3730701aa065f335ae1e8be4928a7319848ea0d9c52669afa4aef04f4cc190d47a7295

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ac7325c2ab814f12d4c84b7f511c902d

    SHA1

    91c2a0ab9eb09faaddeda9e14815e2bbaa37ad0c

    SHA256

    8e4cd41cc503b8ad878183652a8557fb5b923b2799c4f191a1e44b8e4f53fa37

    SHA512

    1c931f6222e5638e1952d68c9028886f4f536fdfa6eab76095ee1c78fa048a4a429a2aa40b0d494775e75e8839b31a6aede8b92f9be2a9bf5c00c8d7aa3983c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    57da797c3e2b19ab374faa7c90e500a4

    SHA1

    b2c238bbb62082689ec80d4473453037b36e743d

    SHA256

    460991be2465ab6020545f42c4f9414bacaee9a2a9fb05f1fb2ea1598b4975fb

    SHA512

    7f3032f5fb573ab30b6ea6bfa49ca8866b32eb0ceef50247f7a00902a5244a79aa1263bd8fd0ebb046ca9cbe73ab03fc4131010fd08f871ff5f434349e698c22

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df7fab9be3ef065684a3e068bbf0bf09

    SHA1

    253fa8f7c1d13c814908f52a87bc5e5b7aa5be34

    SHA256

    340195f02eb77e8fdae339c3cc01757138703de10b5cd1d271b2c9ec8d0afb99

    SHA512

    8fd6f2de180f634c9d15c6e36c684eceaa41b04b40238eefef6eada6e24ddde2a86ac0f09257fc089f1a0cd74daf2180d26bbc7c6a6b366fe6f347f409f1bb71

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dbf548e4b260a4600e5888a7c0213781

    SHA1

    a327432c536a5be20ab77a4db4270471ae7d081f

    SHA256

    96dacafb15de8fc363e811081526c4debed998d478817c9a24f34b659b67c8b7

    SHA512

    f870dc99d98b45dd8016b37d9262fdeefaac6e165384a2a842813fe38a99f1a7fe06222ffc9d55a8ad95ef9c96e4988003ff7faa0c639b46d90c4056c8063208

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b6fca01f8c36b058bbd799dcf6994b08

    SHA1

    7b083419537bade280c603ee13da5d57afd32bb9

    SHA256

    2c07a7cf4d45479358dddfed192dc79c8b756b34b0f0f4b9052973340ee6981f

    SHA512

    e020e25d2004a63ea2f3c75bb615c9e57b1d15b119f917553b9e15787a8069899f73272f8da417ba44ace692160f5d6662723938bdca196fcc6558a8589d1e52

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ba936c3049008d1fbdfbaa72e7753d84

    SHA1

    24bbe3ccfb63c9f50873c402b2cd22f80514617a

    SHA256

    26f6631ded009892013d6738d384cab4eb16b63d094f7c7c4e099d93573ea786

    SHA512

    08ac85aa1c3f565118aecfd513827700f1193b0aaffc85303898df37f736255200fe6e2883e8a098fee563b841404aa0dfcca9b2185bce1c6f7e4a8bebe72e5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dfd7b2cf8fa2ff38c850b116bec0d252

    SHA1

    909214b1a0cffc3e3381bef51708b79c0ccfa74f

    SHA256

    7851ffa99f3683972927132b612799125c47ee0fcfef05b49af3a1d592a1b62f

    SHA512

    4288d9fe68fdbd0944caf69af73ff9955acc3fad359a68901cc9d8d9719b2c799739cde2f3783a905189cbafad8141a8cbf8e6756a4e4e2c0f6e855024a2909a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dfcfb9ea4b1169522849edd29ca2d0a6

    SHA1

    9c1a1b340c4fef5ebfe71ff98513bda9c87e60be

    SHA256

    cfcc55bb5e7f48bad402f12006c2041ebdb659fc36dcfd33f0a373861c05a999

    SHA512

    b919c75efefd50a62eef78e2c1ae992b9a18a9df981a2d979cd56d3a7ba924d280aeb7340c2c74ba381ee5f7606eabf342be8e796c502bfe10b017edb7a72eb1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
    Filesize

    506B

    MD5

    f2988d2bc0acd4bd13364f3991739533

    SHA1

    6e74b84bb3ca245e97bdcd889dde113795df13bd

    SHA256

    78124f414456bd5f1541bef1560bd9b554cdf57e6d190cb6a0460657639d6b94

    SHA512

    da426f02015c43f877492531f5a3844ce2ed697d53295a690a773f1153d459a195809ed1246b13c0bef06d141b6409dd327afe21639ab0e60fc45bbc3a51c007

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\yiu0yt6\imagestore.dat
    Filesize

    1KB

    MD5

    0face190851eb0b223d0e4a89cc6392f

    SHA1

    4aeb9881d634b7e7c13bedd498c9af6738b4ea8b

    SHA256

    c10567d2afecd13937487368d85971badbd511e34e5fd5bf1fbd735b7b01470e

    SHA512

    9a4dbc8955aa1d98b4882d3cfe9c76caa014a708a55d3ca3f20b9fbe8f261cf9975de98606ff7887ea7c449cad2335bba869ce28adcb0a700278a02f434dc271

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIYAG1MM\favicon[2].ico
    Filesize

    1KB

    MD5

    2f28c6396b4d1b56a709ce4188302a4a

    SHA1

    68151fb446d60e76f6563d638d5b620d70948abc

    SHA256

    c9acc7ee399fe561e7d6dfaa3718993179436cf4d5039909792ec8134bb6b571

    SHA512

    3c9f8f13671060c4da7f3ced16ba86244ef8f7b360e254fb7078d96169695ce3a2d33438573190ba602031b76ada08c104591a9fc633f846250394a757c6d326

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9C6F.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9C72.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2512-0-0x0000000000200000-0x0000000000202000-memory.dmp

    Filesize

    8KB

    Download