f0dac8db3ddcb12545ed18e8d1a9dfee4a8f625fd83866c0979360d40380285b

Analysis

max time kernel
282s
max time network
176s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 17:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

microsoft-office-2020-free-crack-activation.html
Size

84KB
MD5

d089a3d18df4e4168d75078e596271a9
SHA1

b992d1c056544d7466c058c90ddcdfd63ad76c0d
SHA256

f0dac8db3ddcb12545ed18e8d1a9dfee4a8f625fd83866c0979360d40380285b
SHA512

341d5b8ecd48342c3db177d00c36ee4fd9734a856110db99d0c5e9d71446f643892d4e2c0acb65bcc10cf32c7216271b2b1d375ec87762b345df4a6e3daefb7c
SSDEEP

1536:CBEPk3bf4xv5BoFq6nZoNEPPPPm6HKe5Gzyk1K8:Ci16kT5H

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062e6ef0d45f4454ab79548c962d74cdf00000000020000000000106600000001000020000000ed365b273160c956861658d4d182ada3e842df63dd2a0412fc8a6149954f87d2000000000e80000000020000200000007c22388891b27ec7508639daa35d6d1e909cefab71e625cfca38cb181e1d48dc2000000053c575d239d86ef9b053406b77fca2c920f6f36aae3b0247e2b9ec940dd8ec7f4000000074ee6754946c7376b1b0b31c9c27cad3e8ba73a97db5d0c7d5f7c6499ba181184957e00a5b0f5948a29bf18169c2d67aef141892791dbbd3010b4648788e5771	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "373920676"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5052fe3e90ecd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5E9EAA11-5883-11ED-BF3D-D6AAFEFD221A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062e6ef0d45f4454ab79548c962d74cdf00000000020000000000106600000001000020000000aa337a51f0d768aa9a6b625597ece6e606ce25237c21a2f020c922ef95f0a797000000000e80000000020000200000003d2e98715744550d964f2c8722fc3bc0f10876ca8f123cadb543974529004257900000001e76bf63f422b93a297f15b2662ffc388b91dea9f46bfaf6a1da599fd766116523820c50a91519334891850838376271a571bde4e94c77c1160ce0f992f55d9ef0afdc4ec2819804c8bf798d478b831b49511a4333aa950b3015c97d1dc997611d8c8e86336244eacea9c9f4460f579ec163eaf4a33f2d93a107c3572e274bf9fb74c4b32d68c3f530197e53e6fc51ce40000000e7a5a966edec6498e4741cca889a0239c32157190ab030c9a608fb9a207011caf0bfa6bab11a1f371a853dfa5d5a36a93263aa277191aaa83a6a8f5b77f7eaed	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
864	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
864	iexplore.exe
864	iexplore.exe
844	IEXPLORE.EXE
844	IEXPLORE.EXE
844	IEXPLORE.EXE
844	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 864 wrote to memory of 844	864	iexplore.exe	28
PID 864 wrote to memory of 844	864	iexplore.exe	28
PID 864 wrote to memory of 844	864	iexplore.exe	28
PID 864 wrote to memory of 844	864	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\microsoft-office-2020-free-crack-activation.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:864
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:864 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:844

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F

Filesize
7KB

MD5
4563380771ebf6adea7651fb48155d9e

SHA1
465e61b8534ffe9a462618d56a358eb39a15479c

SHA256
f9706c0856c657e50eebc1d948f572a6122b732f12f340fd2e666483d09b526f

SHA512
6c8845ee4ac504982ed4336bfbf0de66671499f138001271fac97a27eb7a0f826dee6a60904256d7a31a869d6fdf19cdaf9dfa6f1ef6d5a9ffb3e134fae43a3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
3dcf580a93972319e82cafbc047d34d5

SHA1
8528d2a1363e5de77dc3b1142850e51ead0f4b6b

SHA256
40810e31f1b69075c727e6d557f9614d5880112895ff6f4df1767e87ae5640d1

SHA512
98384be7218340f95dae88d1cb865f23a0b4e12855beb6e74a3752274c9b4c601e493864db777bca677a370d0a9dbffd68d94898a82014537f3a801cce839c42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F

Filesize
232B

MD5
aec47d0061bf88fb2a23fc503f560c60

SHA1
bc10816c4e281f4ecae33195758cf9034728691b

SHA256
12eac844a14da0db78e70ecce0ef144254a1d54545e91ebbc23b66054b1b8da4

SHA512
b77205370d5497a83b488a86f998cdff3ad9c6b0f094ab4334f68302f50b58cfde6c5f76b132705d73e90ac9ea8aea0b58ccf03ab7fc41503a7e72ab1b28d935

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2755ad962242b9c3b651f36c5b15c8b3

SHA1
a8a9bcea671553757bee35a36a92a886bd27c49f

SHA256
558d3e67dd2db53b2a44c991f18ddb5263d23600e53471da959e4c68784d9841

SHA512
94cad5073558831cf26a12c64f58f8097425d0f69d448e47e4550687b094d15679ee59f5114b8df1bd3c8d3c96619876e3adf6e48436b0dca14f7eda24305687

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\DIU5GBUU.txt

Filesize
608B

MD5
42dcd202a0347638e7a11493c393555a

SHA1
3ec3aeb7631fb7cc707ef0fbbaf2560770689a5c

SHA256
88577dc6d899e0303a6f911a5dbac6b82c002b73612921984c6bf867a0e5d159

SHA512
a98dab01d5b74f2a6fc92bbe00c218d5c3bb42650c5fc32f15ef3f898c93c00757effaa409fd4122598f5d422345d9166ceba29f99893409477db67797744b46

Download Submit