cd32e1dabd973f6ea6b797f90f525cf9a8203ef5607488f2be33e20047de3493

Resubmissions

16/08/2023, 13:52

230816-q6gl8sda6s 7

16/08/2023, 13:49

230816-q4rdnada5z 7

Analysis

max time kernel
140s
max time network
140s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
16/08/2023, 13:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NewWifiConfigFail.html
Size

69KB
MD5

10896ae0a43b727ccaa7ec5c508957e3
SHA1

8d61f975ff0bbf8b9fa788c91e494c42e01b079e
SHA256

797b053afc030835a4829c91e673af5dac4b44589198be6785d2fa0b57667d4d
SHA512

c8146f2d01477309800669b935fd456ada111c7577b9544abd21c324ab85ebfa6577fdf863d769950f90eb1945465ee7c0737f91d718c62c4a726d02370f6cae
SSDEEP

1536:oeWarn/wsTWEW31C+cHAzoIrNAmX37VsUOlF:oedc4WEA1T++NAC3mlF

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "398355756"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FE20F5B1-3C3B-11EE-BE2D-CEA1BEF6F4E2} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2024	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2024	iexplore.exe
2024	iexplore.exe
2120	IEXPLORE.EXE
2120	IEXPLORE.EXE
2120	IEXPLORE.EXE
2120	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 2120	2024	iexplore.exe	28
PID 2024 wrote to memory of 2120	2024	iexplore.exe	28
PID 2024 wrote to memory of 2120	2024	iexplore.exe	28
PID 2024 wrote to memory of 2120	2024	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\NewWifiConfigFail.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2024 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
de5bf3d31aaebc74408dc984bed062a5

SHA1
b1da1374f6f099089fbd04a75a70e66ac38d302d

SHA256
3579e4c921e9492cf19a5900070ba482e969f710e93af151b5469f1b038c16df

SHA512
330f7a22d717b1ac21dc0c37ba115f3d3e1cbeef107eb19b7451c6834d73ba41edbf8792596c7bf2f9640272b4e86f20c5c3929d5290505962ecce7908625bd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
68093f6f9fbb182b947d2c60a8cbac8d

SHA1
6a72076ba5335544a88dab393833c1d5dc3225db

SHA256
294775a09709315acdbb0ed39203ec55fed1dab84642e56de5d02590c0cf3167

SHA512
e518308e632435aea87e60935a54628414e6bbd541c8a446d855d8618bf1e1f19e30b165049b262a6961ccd4e6d3a7002ec929e452e7259054aec1cf74940ddc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69498759b0d334949f660f9ac5b27620

SHA1
01482e4c4823065bc199b059fae13b796a1ce8f7

SHA256
f51ded0820826b87b752d5ddb99850022de348a3e1f2f45a9bb6d14a5b40e877

SHA512
5dcd84ce941074d62698e5dbdefcefec3ed2c361c373340d846f105a6fa0a8aeb003cdb2ea97dbbb695f0528778c0f5d70c6d7c55eb21a7fd727b16d1db22220

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5c01c90c8cd4274fc401d70113e5f73

SHA1
4a8638d01a0ab33c000d15f8f5a6c7866f0d371d

SHA256
e96aaf595c06569465f330cc46d1294d5c54f6116f42b926a78ddc4e99fd272d

SHA512
416c8e4f9601ed8b610f67ad49d64752194a6862922228d1a1338643ada728d96a9078d9968cc64498cba4f4fa3bd1461b3faafd645097b7da9e4506d9cdb09e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a30566380b22e2498de6c16d2356b654

SHA1
9c9691f4b42374512f9ea11482b2e0a5cb8d8ec0

SHA256
045db252b5cadc43cac99c2740cacbd34f875d06d7fd165630e9e12cec061e4a

SHA512
f021b0a7218a385f703790d2de502e718fdaa9a000f05cce713fb294b50971ca0043a1014c0b208e8e656136d5ff83df55db99d8bf04280182eaca753bda1d3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
faf2285134674e03fe3440325165e6a0

SHA1
c9b574b257e64d51013ef28cec1d8cdd229c351d

SHA256
45ee7b1c74e8bb3742eda3973fb4edbdcd056565941d0d69d488458cb4869feb

SHA512
5a527a457bb9ba6ba0436dc61199e52e92656ed114d6e207fed0dc6b0f38c14fca2010a0ee878098e3feaf674128e46ce51707e1a4e79c1e2086405c1f1a24c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
05a73205c7941eb4bbc9f77451f1f008

SHA1
c0c44263b6d0e11d47a1b8af88ba0de0e3899610

SHA256
0a56568e6be6ab244b4531371f74fe10249acf92bcac39211be1c6049e9b73cb

SHA512
a07505644ab526666ae14a5f747ce22a6fcc3b2d72074d02445f21a09b9bc791f90dc749896b0bc5374148d137426df7fe349bc28db476423445dfef69f30c61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab0f4e38acbef7395277f141b7e1c908

SHA1
9edd38631fa146e2cc4b30f64713ffe741fe2f90

SHA256
2e2bf890cbc84f3ce2a487598778207d2e0537844aee5bb7539ff365c4e77bd2

SHA512
ce6cfe8000e76431762c4efe18359bcae6730bc2236796590ad5cce509180a4b09284a2849e363e40ea666c14a6a93cde5250eac6b9e125ece1c69abfd3ff558

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e906275494dcf548e6e105ae51a326cb

SHA1
d26bfd4861e136df53361f86598f862f315a3629

SHA256
0af94b4616454f85e13877686b7cb289f291d5d6ffbe1e847784d46a1bf488db

SHA512
049c03e164b14a03d1b8c6bc32c64a2eb8903429402ab45f203f4631ea1d8345ec216eefd929481f2ad64f36c0319453ab1ca7291b425aca4f7f96d58542f563

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a9f24a4b492193b42130108e50be97fc

SHA1
3a42c231b68773362a15f73f6590158bc1bd459e

SHA256
9cd47dd12381c6b87998dd07c37a2135700eb14477db98ed81b509de4a1dbc5f

SHA512
4cbef845466eca5fd2209033d94c17be3e958d7132a9ecba91feb8414f6ef49d9509a1536a061b5136860c1a46b39a8e1b0cd64990d5e3c58fa5a6ca316f9c24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a404aff614b910ca2f08b01259f3931

SHA1
1e2b1826f889ca75d7398873cf73fd2c432e4da7

SHA256
c87355fe263264887af7d64d027c3a89b0bd65c75f28de0d12083543b26e5913

SHA512
df01040aacadeb827774d41362d592a73d9b1fc2b562758df820f4c044b5c29548c7c31ceb1eb1cd0ac53b1c6cf19fc0926cdac1f57d3ec5eed944ff5b7d195e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
097e3bc5045222427e391f52b10f78dc

SHA1
094200bed1546dcba8c525fb5afb033e4e27db20

SHA256
150d8eadb7a2352e66e093c65c8eeb3cb953cc331c657461abee65bdc45cbf17

SHA512
ddb3c511d4f391e094d6bebb1de9afab1276c89e6ec93044cfe8b11e0a2681117033298f1bd2373631df2d51cc8284bf3564b3526859040a62382853d367441e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5fabb3f1d27447e602c9ca9401197cae

SHA1
e3a46dee7e104d05f5be7b818e516f3d939ca4c9

SHA256
96f44c83dae282a861ad71d089d163c83468baa5746736388f3f6bd18d3992fa

SHA512
15221889df252566ceb728c876b8059168a21f2ecd66f77180e50ec78510f76e6c358be7e0e0306426c427984b1d903a70e003e9a9e20722e633fba89815e868

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a7c6e0628d4ace6f3a7b875a7219e08

SHA1
fbdbd7486d777a12fce879e1c0c4bc749ba492ad

SHA256
0399a265710a0f476e664ae0079ef0788665b9acd149771dcb535ca38572acf5

SHA512
ceca0ade9ee6f42389bded215d914c4f2a1defc99a5bcf68647e83d59ffb40e99fb67da4aeb69bfb042dfa1553c6deac58dc5796ccec16070a7287805d142f52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6480d5f8f2ba9a2cfd2db6830b3e6bd8

SHA1
9a6c77ea711485a2d8cb34a04250e6226b94526b

SHA256
007bf420d41206166beb1be4194ba17de3bf9b23af6debe3a9192006a7dd3711

SHA512
6546f395415155fcf14817eca59eda426c6e70c7ced295c2338edd04026642418a5bf854519d55c14db3e2f83e3662be0c4b088cd6ded6019bed9dc721657888

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17ce358f4289e55536778a8978c1e870

SHA1
4d943340dd8e31691883b2efff7dac8b0af1da8e

SHA256
db4aa4a2086b069aaff1446960f3159ab1db5048283f61289b19b4b78e7ae45e

SHA512
2ce6d7fe1b03b96916132fb6579da050268652e196e85514540636a40410ba606fec3c7c6a6b8d2b94bb11bb248e7f04eb48b39b0174e350daafa015222afe41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99491126b4825af03721d56424ba89ca

SHA1
71da33cefc48d449a783eb66883be53d4be6a95f

SHA256
465c0fb1b60b16085e3b26bd00181601b44f9296e826456a23c37af996ed7b68

SHA512
8b814eb35d0c79790f8598b33cf1bc7f914a7665de3950ba4fe3e3e91d10519a699ebe7a643c7c30a2b0294fd2e814283728861908114abbabb4a7ff3650fae8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca622b7bfe70c19a2f60e486978377a4

SHA1
7a96352a6a9dc20b8dc960974efef7ccfd31d671

SHA256
d036db1626bbeeb0aa64a9d694e0e425510543dea1eae8ddba29db1562cc367e

SHA512
2eb581d66ce92888c29ba2f302730ea8eef5bef75527cbd3e5b135fc8cdca8cbb730d006adb773b538d8b9e1fb947a0230bbdee0f56fd746a3fef40588b8f967

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d690561222e56ccfda316f89fb847f0

SHA1
5a014d1d599978152e51375e1dab2e9193a8b559

SHA256
eb8002dff74ada30bd03c4c1ccf2560ac687b37fb973b790d087bcc12f355d6f

SHA512
4cbf60fe7b9caf50a95fb85dea4f0d031b88e1b30d1f4c1f7e1041333b0cce78f1caa933c5a570be6c98f26836307c296b71b4f3c58a138fbe375c377c34f4d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabAE1D.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAEEB.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit