9f23df054570cf94a0fe1efe0fae1f6e7b2f66fdbd2700bb42c49c5e23214bbb

Analysis

max time kernel
134s
max time network
133s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10-10-2023 22:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

garena_free_fire.html
Size

5KB
MD5

9a849b2f53ecfb0555f094204d30f579
SHA1

54d37bca91b0bffbd10592752d90e29397dda084
SHA256

0cb9ef94582dbe566091d89b6903237d5cea31f48e494cfcf530c33de77dd72c
SHA512

d47643ac0bde9b7f4cec62687f79b2938703e0bec9f5cecd67fce16d04c44755409406d588544725c4c697b0727372731809ffd2549f1026218d61e958ca3b75
SSDEEP

96:ofdvPjc2XXIlXLvG9IgLth3Rbla+BJ3xb2HoG1lKAPHiuwSOO:ofdHjc2Hqq2YBxbVGZiu8O

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b000000000200000000001066000000010000200000002796c5fc6a84e8f5b0c2273887e5161d1c312946f49d900b1df224aa6a830f99000000000e800000000200002000000065669c5a6dd568fb468816effef5415c6a4681092bbdfcb2616c8226f70b0beb2000000052db335c1cf12765014e8dd4c304411e51e158fcc10ea50faab168670f91c454400000001effcd515c09f5c5186b89b940b78def82a507973d6559ff266a6a49575d57a2e153d9ec0456fdf2cd40e0cc6f96e4d2d73c79d06d24f7860f98dc4df17831ac	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003916b9f19191c547a3cd833648cc0b6b000000000200000000001066000000010000200000005c817e9070719731e3f78d596412241205d65a338575c06170ac8a4143390b19000000000e8000000002000020000000394fcdcaab646622e71358e1503f9cfcf6b3b4ef0614c7bd2d0bf918ca5d59da9000000099d74b0c53c9a6888ac8eccc39fdd580fbcd60245bc9cf699da6f67bc3338b466fdec6b8449ea2e2324452e05dfecf8522556b2377d835c03330a2496330bbc40283656c0540ecda190314ffd201b79c9afa8ea47eed20cf590a86c648f24db0db29f557e8335f9355bfae01009b37d129ac3029c5c38fa8992323aba17de047fd486a6c82376f62a42e714f76f9c11640000000fb831dd8428347b115b3dc06df25835e4ae8e97ae070e4424004a41f63de52b5282d6c7c7f61d7e4a33a8e89743d2f95cfa84a14cfa82f7abfbe1aed5c767b27	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403150121"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BF999DD1-67D6-11EE-B899-EE0B5B730CFF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 906aec94e3fbd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2968	IEXPLORE.EXE
2924	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2924	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2924	iexplore.exe
2924	iexplore.exe
2968	IEXPLORE.EXE
2968	IEXPLORE.EXE
2968	IEXPLORE.EXE
2968	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 2968	2924	iexplore.exe	28
PID 2924 wrote to memory of 2968	2924	iexplore.exe	28
PID 2924 wrote to memory of 2968	2924	iexplore.exe	28
PID 2924 wrote to memory of 2968	2924	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\garena_free_fire.html
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2924 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
212075f9e59e799773684c538b8c9954

SHA1
fc72de6ac32cbb84249e81900ac092f6cdc75ee9

SHA256
c0cb8ff6c830d3b8d7cccace3af7df4bca7ba987b2385f97371de94e4978ac50

SHA512
4b9fdc38b8632a9e99fbac7b1e902b9babef626b4d491aa53e519601edd608e1476d235ef3d9c40b30c01a0e504f5e63ba8af26a2b6dbb7485389d9b96682da9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
3b98f93e0f4854b2ec3a263b1034088e

SHA1
80cfcabfa2f1591893be1d05c3303c4ebadea147

SHA256
9536e0a825b5490ca0e6ee95744f3acc7ef58c3fb77d3f6db733d34005660b23

SHA512
9b8936fa625f7d06f54ccb3627b93645a073d87c0c66ab6c0765bec49387660006411bc78397ef4a61eddb8c0902d422a5421b8657bdd66bb4c364d9c91beca5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
be85458d3269ba132c8d692a965e8d2c

SHA1
905bea80c43b5f8cddb05d74a6d5025d9f25e2ac

SHA256
db10e9f2d78b6c6c028d479f718d30253cd36ba644d161c99474ac7ed6ec1ea6

SHA512
6f756050084bb5247c11523e73a8e2787c79ca140a33bbceade35048a1857e8b52b708adeec4207149a8a66a2f12973b422e9d7ad0ef5463da2d6e57e5776094

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
d0f3b67c5013fb2817edf17b15c26ee5

SHA1
c9c646f31fe65e1349e2f84366369f14a4cfb7cc

SHA256
2a81fb380c35285be1a75e1838345e7ea3a06183c836c0cc8e62acc792cbc940

SHA512
331fd088e159a07614085b69746434457768ca1f516e01014280ab17e9a7ff56e1f861f85f5fa4a27bcc54aba765b82dcc2792a8b95cbc6e68acc70b12c2831b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f7f4b3c33b8e8942cfaa23744c6921d6

SHA1
6db5cc2eb614b904758313c7714076d2824d1c8c

SHA256
4530fa896f1d9e05ed9b7e562c323b1053359962c1c91edd43c8a066b914469d

SHA512
a13e48c2ffefeef308b66fa9cfd957043cfee2e2fb8a7a93f49dbfe948c7cf5b8f8f863c584a70d1be7c13a3268cfd0ad972b620773894c42b67c32bc07815e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f15bac679851dd01593b4af175b8c39d

SHA1
63c8ec25de13371af87e381fb0d5e587394b89c9

SHA256
4abc851b230f3501a4f307697dc0aee859d4cacdb2d42bca178c1c0659895695

SHA512
049b3f60e3ab272f947622285600cb548f916cad73b87b3eb0b4f5710fe9331620cd45b5fdf322c3c59ad4774452f3f6598e52639095760e1144b2d312df6423

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
0f40d124d155e99dbd892520cd677fe3

SHA1
2e3c4064a955d66dbdd0926ca117133905b652ea

SHA256
44150aabcea67a6e0500553508a236551e7e53c3349ecfab920493bcb919915e

SHA512
7f7ba1d564120c243f2717b64fc569882c9740b125a7dab8050a7038c7df713c3600c0805fc0cb872b073038cd64ac9f00b50c7e02eeb1a51fa675552c5b0c86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c70a6f09824f1fcd715fabcc97c16391

SHA1
28bddfa2a439acf7d87fef840e81434c192c3129

SHA256
f4d801c037bcdb8c94733c9699f4d7b4ab4ad474e1d511b71628170aaf337752

SHA512
01ad72781a88e92d5e76fbeb35da1a66e7674826e164f7a43fa4d29d5684c71085c1ecaa0e970a1e9e496e8af111f6137d28c6b3a90eab1f7bfd57c9b6a445a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
3916887d99e63399e42932372208782d

SHA1
f8b6d8972be2146cf568482f06b9d324263c6e14

SHA256
d9d9285644e2a888edb2444548670296005361dce1bece2fd3071a3bc90a47d4

SHA512
1b398bcf1348a13991bf6caa752b9879afbc03119d872d55b3ad338fe9e9c82c7f38e8069eb00f7ef303df86b7214cee4dc9cf303ba158ed85fa084d5b5d1fc4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
5b6f0e6e3c4871f897a57427c0487271

SHA1
89b24d5261c7f2afbf6ac7bc188aa4c6724f2756

SHA256
de071fc774adcbf151b03ed8fce5c3d180215a5dfde9fec912efcafa9769d6e2

SHA512
05bdfa28ffa2195776a5b93fac0791dbd27954bd64653a22d901c1601d829939940a161b923f9feb82d419fb6620af3798c6e9487e5242b95682f6a76beec7bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
0b6775d127d1912adfadeac64baf087e

SHA1
45ab12fb9fa42dced3076d243558f29651a21e32

SHA256
8a652c24ffc1fe7a8fb13f50fec7ee98029521f8e1fb69dedcef4e70885fd96c

SHA512
479be4a4c8cb75adc6ff19be0e3ea0e1b1a86e037ec3419eef06686c126a7db7d8b22b8436f7dff1cbb4b5d7a1b2e2d294e0607bddcef0f7731e326bd1d343bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
293d869dc06bd2d0cb195da7383890d2

SHA1
741611d10dbfc4050011d624a35cf2e89eb361df

SHA256
00c8703e7fc696b28b0b085ed4f405bb496dc7ae244c5b68bb6a478fdb3a1543

SHA512
93ddee06442fe434c053c3b64c3530fff83032520188e293fe2aed1fa3729d347e7aee26515487ca7028741546c49cecf4efcc4ded4da8c52f5913149a6f372c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
4b100e717fc9dfbdd82560bed3f6d2af

SHA1
694478e493e79d7843562f79f54a92d33e385b39

SHA256
ba4d627c19e0c31a1e8c977e0a549b0aadf3b7f80bdef0aa8972846bcb25c359

SHA512
f9792bd69e177b10a697e236add3d7bb479c8282c19ffe8840fd9d0cb252a62245c0a7c4ed4d22a58302d18abd11b7a9297766c94f4d6840d7429962d5723149

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
ce00705dce336136272290c12951f5a7

SHA1
33984551f74ff9320a67ce916c3558d1818e4750

SHA256
d3832926ada5f378d1fbe1d0d3d4ec198211c6e3a4a19fc06055189918976c76

SHA512
9869f765ead349fc27e74215c44d49df913b3bce2a279f6d68beb4c2001a0c59b65ea89a978be215500af50761e00a7a8f6e9dfe26d897bbeaf3b3ed57b75a50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b405eaec9c17197430990da27a27d04d

SHA1
ac9cfa3c5b9d48ef07e270b395f03fa69473da4b

SHA256
24f3a241d571794f3906f7ab7a5a4f18c837d019ee5afbed3457dae06e17cdc5

SHA512
b8ec07d09414caebde1deebe3ae571df9e1a37b6e8ee437094107a7474507ba739efbf8bc010aa6a9453263f10393544947cc307e77013a989a3d86877a21a67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c9c544177022c609dcad6d6861b1f2c3

SHA1
5f47c937d7486aef6198f2d31fde605b40f6a267

SHA256
bb28b7aea7128b71281c51db2cd7fd569351dcbb96ed50a735b40e7fd136b949

SHA512
66310219e7f218b6c50917c4f44136e97e49e0f217aee70514a504cc22229a2d1e7450a58f728dc9d64b089bc1ab72e90e9d24da0371a91cf779cbc13f2560db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
5ec700b3120cf4c5292182c6e163f98a

SHA1
fe9e10bae2ad933e2854a3006004106c367efa9d

SHA256
df486e806d674762ecd584e087aeb43ddf9854d185abdffd14a6343824f0cc3b

SHA512
56e632649b48aad0ff54c1b12a9b02e6c892fc494bb6fe12269c675912ef2f8ffe10a0ab52501ea3a4df753c817209602fb7438127cc9db49ae292f28cfd3fc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA5B4.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA605.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit