72b7d2dc3a9aeb2b839a93b257f064fe3e513a509e317415bd2c222bdba280e0

Resubmissions

08/09/2022, 10:32

220908-mlc7jaeda5 1

08/09/2022, 10:31

220908-mkc55sech6 1

Analysis

max time kernel
67s
max time network
104s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
08/09/2022, 10:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Logout.html
Size

1019B
MD5

3341da747b4e47e2604681ff6461c268
SHA1

ced67776c6f7c71756f973634bf66894acacf16e
SHA256

72b7d2dc3a9aeb2b839a93b257f064fe3e513a509e317415bd2c222bdba280e0
SHA512

5cef3419332cb2f9b5b461e8ebfc96fe52ba59d44606543bbab47afd9428127e0d817bb4341445137aa3e591de9fd00332ff2179f241874930948b93c73e6db2

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "369398168"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000048ca5449a4d21846ba8a995ea0abd35a00000000020000000000106600000001000020000000316dcb3c4edc2c92c087c3b4b248118094fb5cd4f943723d3eb24e26361a9719000000000e80000000020000200000005c3356e9b7c7a61c65ea636232159c5707798218058216153f2c983b495ce00b90000000707bf99bdfe50fbd8b09ac21d703c9cb889591ac0b1a6bd0a9906a86a34fea852feeddc2ddc18dd0216359d9b47892fb22bdbb74ffb0572b7cbc7e21642f0927f97e390d6135643586d5dff56e879fd78ad0037aa70b8a7bebf26a4b0792e6f9b710084e7c33ddf77bfcc3a27e8943e45ff0308a029711c8f2658df1a5304166f4cd0f8f53acabb310cdda46a7ee09b140000000bd22e5e9b3271b9b6b8e7512377ec05f4f493f03c135cccc96479130c5aa570048c776c6294057393e4ea3d34b51e4dedef61fcfbb1e6d16983d5c77fcf30df5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A3691721-2F61-11ED-B63A-76C12A601AFA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30ed286c6ec3d801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000048ca5449a4d21846ba8a995ea0abd35a000000000200000000001066000000010000200000001014ce69750c25902049eaab756e334334321e4ea63e85d10ef85761c413eec4000000000e8000000002000020000000d505dd232e5972f7ed015dcb1d7c3ac5882c8b25aacd3d49f579dafc21537b1720000000e8a7d596e6e97dc97c25384b1c622748f7577282a70dc153f1e414923f5fd709400000001ee47de11e322a7630a567c5f90af7a408ca95f2f1219702732bb28f4bfceff38f3a735d318dd50018dfc075712f8e9399ee73b24c152e6667c8307207087265	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1600	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1600	iexplore.exe
1600	iexplore.exe
468	IEXPLORE.EXE
468	IEXPLORE.EXE
468	IEXPLORE.EXE
468	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 468	1600	iexplore.exe	28
PID 1600 wrote to memory of 468	1600	iexplore.exe	28
PID 1600 wrote to memory of 468	1600	iexplore.exe	28
PID 1600 wrote to memory of 468	1600	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Logout.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1600 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:468

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da338d2c4870bfdb5946cb1f22a6b8dd

SHA1
0473a35c478795fc92ac4b0417d6c8a050d57785

SHA256
0375bced1d3cdb2d8472f0e02dca5df98354d8afd631acd026c64202a5a5b637

SHA512
33244b757ebe64e98146779afd136db57d23e7a3ebbf9847051a662d0ff4f06f330a4ead417f8e3a3c599e10d5efc2e861d9d92272e1b38ccefca92e05fee503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\309axvf\imagestore.dat

Filesize
5KB

MD5
8e72c20d707e45be58ea7929d83ae484

SHA1
e3779000de9e9615d1b734434d30f865fa84319f

SHA256
f14cd55241a84eda2348ef857d0d4323ec02bfcf95adad5a38cc04a67bfbe8a5

SHA512
d422796a2b4c3024155b1c6608e450b64e989f6e9277497fcc7cca37e12639434b8bf7c1b55141678ec4d4e3c1d7116278be22a79e93c3b989686c687a219932

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\FJVC63PY.txt

Filesize
603B

MD5
a4446b292c946c546a57f2aaa838a70f

SHA1
47d5df1821ed8e3150d2eacec7d2cc560453aa66

SHA256
52a6cc307d6b31f84f58b8e7a7e1a3f9e3052b632ca273a5b5e888d89d2f03b8

SHA512
1e5954e5cf63692349187e5c8bafacf35430f95863564600cc2045ab6e686a5abde03612c79f7a09ee64a8e6455e5b283af8fcb5101a03bf01b65df9659cc2e6

Download Submit