ba575e9aae214bf52764f833644048dd33172519202ede427b985a8c232f6778

Analysis

max time kernel
140s
max time network
130s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
17-09-2023 11:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

62f55b8489c67ad0e081cd02cffb118e_JC.exe
Size

112KB
MD5

62f55b8489c67ad0e081cd02cffb118e
SHA1

bf90e2f35256ac81129f04ef85f2772ecd449a73
SHA256

ba575e9aae214bf52764f833644048dd33172519202ede427b985a8c232f6778
SHA512

a77d4dbb3c4a072330ec25af2cf4ac1161bfc228ddb3c930c597772601df472c803acd11fb0ebcd50eb04455b0c3082cd887ca89bd62a0d55d9ab8d01d621e08
SSDEEP

3072:1YHMvK4/SvUxOh1wQzjk6raTMJhVf9Sg39lYHB:mHf0+Qoh9vAhHB

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "401113620"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3513876443-2771975297-1923446376-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{26759C91-5551-11EE-A741-7200988DF339} = "0"	IEXPLORE.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2428	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2428	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2428	IEXPLORE.EXE
2428	IEXPLORE.EXE
2812	IEXPLORE.EXE
2812	IEXPLORE.EXE
2812	IEXPLORE.EXE
2812	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1412 wrote to memory of 2428	1412	62f55b8489c67ad0e081cd02cffb118e_JC.exe	28
PID 1412 wrote to memory of 2428	1412	62f55b8489c67ad0e081cd02cffb118e_JC.exe	28
PID 1412 wrote to memory of 2428	1412	62f55b8489c67ad0e081cd02cffb118e_JC.exe	28
PID 1412 wrote to memory of 2428	1412	62f55b8489c67ad0e081cd02cffb118e_JC.exe	28
PID 2428 wrote to memory of 2812	2428	IEXPLORE.EXE	29
PID 2428 wrote to memory of 2812	2428	IEXPLORE.EXE	29
PID 2428 wrote to memory of 2812	2428	IEXPLORE.EXE	29
PID 2428 wrote to memory of 2812	2428	IEXPLORE.EXE	29
PID 1412 wrote to memory of 2428	1412	62f55b8489c67ad0e081cd02cffb118e_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\62f55b8489c67ad0e081cd02cffb118e_JC.exe
"C:\Users\Admin\AppData\Local\Temp\62f55b8489c67ad0e081cd02cffb118e_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1412
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2428
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2428 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
03eae891a09877aa76ba8ebf4cc39e78

SHA1
45c09d34bd42865d61d8211f002b20b05d00f386

SHA256
703b8eb53c8173137acad2240857307fe8be457e1b59c07ec3a71761dbf35269

SHA512
f4b489ce52efae4df11a89b4436f0ca251e0aefe0b8561c68250357be1ee41015f4b4af70b800b6321da8433c505c3a8b5d1778119e81348540b906003ce8ba5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1923303add26822cd4497ad84521c66

SHA1
6d912317b7b0a8338c3e839107d727fa6ac048d7

SHA256
4d085dbc0cc87409bee1fd29478e27b5cc9251ed58ab3e797b7ed5a66bfd8bb7

SHA512
9eaa05e033b2dc44a31629b08cedfbe26c09461d87d2c0a4ed31004fd0c63b6d21025080fc04857599479bb6480ad90a9a86be6c583626f89bfd8ccb10775f2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b56e55042681e0f4c3ff8878b800e7a

SHA1
f2606389882c6d40417119ae3233f266f13a03d3

SHA256
f099249eeeb5d76b336dfe204bf5149de6129e3f44dbbc0fb9820947fad6664c

SHA512
d547fd9ed23fabf49effcfab9ae9d62291e0d44fa8149f2081a3e4680b48c301db83aea929b66b84149dca5659a94985e9a91f2313976598443b42a102544d15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
544b897099b9d4e4eb102d403aa6ba0c

SHA1
33121b209ef9fdaac6320d480f22e812a20550e5

SHA256
e7b5ceb0ebeb2ddd0f4841509c540c0cee8f59ceda0ee66dbcb97c729693c78e

SHA512
0db3e1eeea6881a2391cce8c09eafe586fd905e518ececd69906fcea4de20c4bf0cff020860865d6ee4c3dd870b3bc1b23426b3c83bceda76ac54c8704ee541e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
48ab1c2408e1840be07c4144a73e855f

SHA1
0c895567bfe392783ad4dc81bdaaf558b1ac7f55

SHA256
04c322dc9cc75ca8aaec01a76efb2ab002fb9ef5e6159b155084c491d112eb5d

SHA512
12b2521437dab8923ab2466545a9532c85dac56ba7f49cd0f2f9d024eca3a258eb9b5c25fc6603ac8e50aa3246e90fc4ea9f78691524184dfeaaed6763dada76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9240df4bb81b88cc052caeca65819d1f

SHA1
303825c803e553ed4a7d3a99e7ae650881aa8ef1

SHA256
6d6b7f6e237ec6c0ccf061157f32bd837d483328f43db531ef0f43d90c39ea4d

SHA512
d3b3a1c19f82f452fd01b07e02c329db610ae605b1eb5b090a6e451ebc820f67cd7e6ea51616a1c3d858a7cacc28bd55e569dde37189f21608371327cdda392d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
256bf67ce6cd03b1483f0e2851d3a747

SHA1
939e1175a8fa726ecb23ec07036be669eb561843

SHA256
f59532c6aee3962f4a452feb03892d91afc82348c890ff930176f3ad44a330b1

SHA512
4fc0560b1476297dc361a349b206f86492433f2c762610a3b898c1c130d8da8bcfe6ac8aeb22c1bbc757cdf1a68e3c674029b5aaa301ca22ceb85d7a5929c581

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe270f1dc1bc8c2289c52cf5e15f41e9

SHA1
59e97c4b9f0ec0c414e89a7bf8118f55560d1538

SHA256
4f39c4002c11b82a49f9ff2974996a2827124dc0008af24dd891f71e49890a31

SHA512
4c10cd194a0764c61cdf7e065091417acae6cbfe478bcedfd75b70babc1091788a88a814cc5267d6d3a0cc2bc8147b2734a6de3182ed0f50d87cfbe58b916394

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b9466b64083dbfd5d8ef29d4e502973

SHA1
c4cb7e850b0c804cb4c2849084968bb2e00c4158

SHA256
8f86662edab84cc8a10a99e7b3a6a1dc38373b64ae1550f05ae02e6af786d520

SHA512
d5f9aedcd06fbe6835a00c0dc4dc53ccbd9797b0b66f1c7c73724351ff8a34e59ceb6bc8ef6873953dc6353448a5fd43536ed054ff20bc20730578b7fa76a62d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
05bfab48c04520d01face19898533464

SHA1
ee30cd46b51139e428a52f42429a55854f064db0

SHA256
6474f0a3a1ed97f1a1f8a02538ffa6b586468846b6976474e523944202bc89af

SHA512
1121ac87982cde62c63051eef34e24449ecdd936e844914dbbafc70d2e6d162fc5f7df8eceeab899c5444a64fe6bab857f8922894a7c865c5c298589003e5c8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b08c9e98b76c3a942c05209f4e00725d

SHA1
a758aacab8ef3e3b783fc79e8c4785fccb0a04b0

SHA256
1f9f3442472e41de76186b4ddf8b524cc0d46f48c411641ea85ce698d9d56054

SHA512
a1b20dfd05b2951b55561b508f4b6723a9de04f4983bd140a63a47a9c719280ac3b7830eb0b973383d3987aa3342a005a426c250b8e6e77885d23f620b8fff46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a3d04422fd983d4f911335ba88e7bede

SHA1
0bc9ff4ccce125d7e10d769051447ff78a29259d

SHA256
092b46d057865236af2c56b3c794788dbfec857a8f35f33f394983b0d3c3bdf7

SHA512
eb38fdb1c5ecb21ffe542353f17ccf37c4f8dc933a74cef41af92ba30db49f3d780c765cc4db5722f3d72a5591939791d372f85fc5bb6d1056196bec399a4211

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
835443b398430f3b847f62d12eb9bb35

SHA1
541bc85618e5b3010bfc738f6d7e3d53b91da1c2

SHA256
a0ce40cb2938cebe6589b5d3319d900a169475d7c085a9b569ebdbcd50227259

SHA512
755a3451346c51bb2b81d961184a010b429c6f1931a480540379a8fc9ccb4b54d1c8e5b18ea5fffc2eea4cd41d534af62c34cb6bb6f15cf7854b301b44396945

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b9efeb07e05e6ada2d9b1fb3c860064

SHA1
e1c84ac4e817a68eabc935793bc9ace03c48e99c

SHA256
e627bd2e473f8a902a0335d9329fe05363fb3c0252f800c2e8846e6c7b57c5f9

SHA512
62ce0b36f46ea3370e4f4730a51aca381cd49cd7a9c18c200866f0ec3ec296623f12eef2c4fb5b2e13efec15a6f62aee770802657de098636ca891e8f526436b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d8d137c3c985e1baef216b42f51ff3fc

SHA1
1c09a95e2f3e58830317ea134b527ff568297675

SHA256
eb331eb47d9698cff157c63b8ec4a814a1ed2a5673a226b7371a0d239b4a9923

SHA512
196190f297681a424e802a3c54bae80c86221e408cb8ceb0bb3fb8b91ea9ebdeda0e3e86bdd087e76a58017f572143b77d1bc8ba89806eeaf4a1bb4a4febebfe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f00e98662ceb8d56be5352f65cb78d19

SHA1
887347b41ac9eceddf8452b8b968b9285d17a5e1

SHA256
6ec6e0b736a3d4e288700e4d84dde6290215464e173958aeb56ecc8e56309f01

SHA512
300cb9bfbd5fd503ea8aa653e8321800bd38f9c2e7c5aea8f9c654b43c88ec7ba79768b88d47caa613659383bfd9d3d8a25f8907943ca46a69ac059bb7dc7383

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86de73aeac51d73b443ff87c829a2686

SHA1
5329a7b9a644cf70e663141384b40858045a56bc

SHA256
4e26502c8dc4ca38cd2e052145cd7774943486674148fb12c7d982ec5738d78f

SHA512
a87b2e0a48bbbd63f09f636901173eea199cec3c1a69a21d6e2a8589549b4147ffc808945be28e359e695b77f45e073473ff14ff4aeb1d9105e15c3434b72337

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
13898597ff09f4da7208908d7f93fe0c

SHA1
d4b074a6e6f2423574bdead28a07874d8ccdff41

SHA256
cbda94a723d89129067cf47564b7c6b479f2685d62a8c5349cfe5c13bcda4d9e

SHA512
ea2ca7c3f14e031310007f6242755050f023ae0beaf6177fef73f055f67244683d3f470bd9e1d18402f003f711712884acd2a0690aefae70c0e7c7405338b8cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6126.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6187.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
memory/1412-3-0x0000000013140000-0x000000001315C000-memory.dmp

Filesize
112KB

Download