6b90d7359072ca2b0b3b722f2c2c47b569928d385b8848ff6e19c4477b9e6a51

Analysis

max time kernel
117s
max time network
144s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 06:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a52cd9b394cfff3ca9c3680efb2ad6a9_JC.exe
Size

90KB
MD5

a52cd9b394cfff3ca9c3680efb2ad6a9
SHA1

52ff096a0e8062adaa155da8e378cc6ea54c8e6e
SHA256

6b90d7359072ca2b0b3b722f2c2c47b569928d385b8848ff6e19c4477b9e6a51
SHA512

b4bff6385443bdf367538525dcf48e86298e5aadc2f7dadcd94eba095762c3623859614737d1e1bf8e55b740f648b0d6695c08b5216395a533ef2e56b2749aff
SSDEEP

1536:rfquQsebbn6SxrkLvrW4l9SLvUB7Oh18DQzRcsnk6raTM1HhGlKfbxSqtsk9q:VYHMvK4/SvUxOh1wQzjk6raTMJhVf9SD

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403172667"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3E0B7011-680B-11EE-A2D7-462CFFDA645F} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2824	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2824	IEXPLORE.EXE
2824	IEXPLORE.EXE
2652	IEXPLORE.EXE
2652	IEXPLORE.EXE
2652	IEXPLORE.EXE
2652	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 2824	2760	a52cd9b394cfff3ca9c3680efb2ad6a9_JC.exe	28
PID 2760 wrote to memory of 2824	2760	a52cd9b394cfff3ca9c3680efb2ad6a9_JC.exe	28
PID 2760 wrote to memory of 2824	2760	a52cd9b394cfff3ca9c3680efb2ad6a9_JC.exe	28
PID 2760 wrote to memory of 2824	2760	a52cd9b394cfff3ca9c3680efb2ad6a9_JC.exe	28
PID 2824 wrote to memory of 2652	2824	IEXPLORE.EXE	29
PID 2824 wrote to memory of 2652	2824	IEXPLORE.EXE	29
PID 2824 wrote to memory of 2652	2824	IEXPLORE.EXE	29
PID 2824 wrote to memory of 2652	2824	IEXPLORE.EXE	29
PID 2760 wrote to memory of 2824	2760	a52cd9b394cfff3ca9c3680efb2ad6a9_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\a52cd9b394cfff3ca9c3680efb2ad6a9_JC.exe
"C:\Users\Admin\AppData\Local\Temp\a52cd9b394cfff3ca9c3680efb2ad6a9_JC.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2824
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2824 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db49f7b439eecf5d368751fa2edd11f0

SHA1
ea04fb022ab9932c5d9a375fa3c25c04cf87409d

SHA256
a461ce3bf15b932389230d19b520194704179fa929bd407818278c5be25f1334

SHA512
e33a291be5bc92fb204b1bf02ff6576d0b99a3f8a517c4b30bf7a1cfad7dffe03d62592d5b543705d822fdf6c3be92effc7965df8f5298eede3ca5269f73a5cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
39d041335d385dad4a837c2905bbdcfe

SHA1
c1a9fb2fb9030ba4f53d9d7cca73ad31ef978e2f

SHA256
b7fd1db780708cbd9959a4e7c8ecb67c226722cd20720c8f7e3102a67328e290

SHA512
dbcf210513d767545f01bdcf0c0373cf4e59fd8afbcdd98096a136c1e7baf81bf65dc3f392e81654c4ae8dae2622ba6363d19c51fe3e2ee0967908812fddc37e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e4575dab58eee0e2a01152516dbad32e

SHA1
caece99127b8a87d1cc51b3d1cbc8b83fc1030f9

SHA256
63b934ffe022757c1aedd75c630d1d424aa2ba4abea29b4ef0eb8fe6df11c32c

SHA512
31185e5d7b01c723edaa84c6737a5cc959d2d68196ed47cd0db77e187575e5ed64bdf5ac070a10444163c2ede92ce75ef6f4f42ac1939d8ffc49d582be326179

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
823313f90c2f3e67c24968bcde3871b3

SHA1
3e53c07f8afc725866b9e5f69761bd4ab3fa8b93

SHA256
f97b1cd10c54b247fc532a7ab286cec20436dd6c0d95d5717b7053ef41bda2f5

SHA512
aeeddd8ad48e68eba54f736a0606109eae5abfab67267471712537f242b3f38192c60c7e112473772640d27dfa5d128539720af08251dbe13746f78268dadc93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7b212e78d9e60130bfcce672f102dadf

SHA1
9bf22b6ee0aef1e5e22b7d277ab9d8d2307a78d6

SHA256
b97c52c5db9127a112e7d96b81ca656193eaeb674d3d6725b73370f88f452b04

SHA512
61fd0defa4001f0927a481810e0381ac1d8c51f17a14e4c64efbdb593288eace760f4826febd87cac21cd3d6e803f9bf17efb40011a26d6907366c32c0fb823b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e592c62ea039cc87a4a98e4b5b9f2981

SHA1
38c01cb3705595a652944fd2ead62ed2059472ac

SHA256
3313b0552a6ba3b5850c58849437782cbb76be35f7ea418602f4dea34bcfbd2a

SHA512
4d0f40277fe65036a95d5234fa6df9943052bd7dc3adbc0c472c76d77fa55597daea23afee744f2b7c728d0c9937f81fd537b3e76683df02b778f8d961debb00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d389b8794fc09a6a817cef3bfbbb0124

SHA1
2fba1c61af7c5794ee73b2e0bb1daf7b92257089

SHA256
be64fb5c3535615e28f753a79eb281d2c1fb6f457221f0c9058004831966be99

SHA512
95e024271ac3d570120d62efe206320e90db9f01ee14b61be384ef4cc27a869908f806f98bcaa0e3167b50fcf4f49ee4ba02869680a3d40948a21db2fc16917d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3b8ce20f990f58b311d87f2c2cd4e4c

SHA1
6b5be86f3062f27a36b7d08608c19acd27b4763b

SHA256
eef8189c0f8c8d55e0add1dbf5892cc717cbaea75b8bc6bae656ecdf1a713af8

SHA512
e6969d65777ed532378a1bca07dde3915f1c6577faf9ddbfe5f58d30994912cb9e3652e63c421f45434d4fc9c7a77c8bc9a826cc104a6142441cec743990bb14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45833bff336461c0015ff860ab0feed5

SHA1
f1458fc7f7d08569e55ec78d3166190119546903

SHA256
154d8ca2c6676428481027627a002c3cfdeff7902c9ad265bd9323603cc6b18a

SHA512
aa95b35c9007ba6e885fd7e0e28ea58acd3e481b407a0a6b27c23bcc2f119e3278ad89b4bc7703bb1947bf89fd3cf1222a389f1e9fafdb78f0003d3b7415bde8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
504cacb9a6ff1748b186015f16204ffe

SHA1
389db68ea0573f06a767e1c4a0e6b04a01b8d2ae

SHA256
cc27fdcbf0670e0a95fcada1742d9a10687a9d149e8fd6ee40c740f7188e85d1

SHA512
3e10c21b2ca00231803f270a90f409d20cbf4aa296c9ce40b35be56bf1c986b1a7705061d1aa5e0b59a83f324f0e6eca42bd08c845a533b72d229819779bcf56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c39e87729c644b47860b2497039facb3

SHA1
c618b3c66b1f91b20f57ef74ab0f2ced5fc1aa76

SHA256
b280bf05453c4ed2d3f44a14d0136ee341c85c6f5ce239f7f04ed87cea1d7208

SHA512
2f26736ea5bbef6611599948725820d08f9363f269ef28a3304680d19a636c2a63fb6d8c4921f343b8881c4a9e2ac39cb0d2d5cc279e53a33668acdfb1d292f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e9a726fd9b3cef201616e03b6dc04de

SHA1
50bf28765b83c9cea07c4bdae45b45e561d22e5a

SHA256
6dfbafa66faf5790f42e6440f944dfa5e85409cb9d83b07c65991a7261cc5ec6

SHA512
ed06b432a61202d83ca1f40236094961c381fd2805bc1dd231e72d5323f7fb08e6af5ad4614157e701b41183546ed1aad658b20a38d8ff898680d91556199cf7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df2b7f905a70b5e5596806c999dd9ecc

SHA1
b1f3e22b67f1819c29edb83a5d64894419edb604

SHA256
9ca62c1f5d861b995ecf40d31fa1cd42caad40e2568d701cc2c9a89377adf265

SHA512
6f889c65f2127015fe229934354b55e12d39666d95e0581950028ed0ab26a5821cd2e81ee5f2df65227eede55cbe42a071799e6ef3de74e5cbd2cb06d5669f6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ecf53226a10e9f2cd6620e7b5ec8889

SHA1
6509f08fc89effcc0d94c90e3aaf755be8655a0e

SHA256
903e6139514004fb5ea8212eb4c33434f8afaa754579381687c2f4ac7775596b

SHA512
11e924d72161eba8a10e2fe930e656d097cef8b2ea9667fee5638ff41a5b07d532b1f48ebf5aba915d3f100cba3cf7da573cbb037b069140edef9f4a52eba2c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c695ee29ca4c00236d158d16fdb1125f

SHA1
b83a56787a3cc11ff7e729f4abec6e58fff71ddd

SHA256
77e7aa8be6574b46f108d3251cc31e345a4499f4d9eabd9a1f07aeb9647eb683

SHA512
7b1a90e8825bb3f8de524ea800ce33bc3c57284aac1d91bbf81a1ecb51880075929e97e979f5307680799b4bdae8d82febadad2dbe7dcb1244a87da2916120b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f26103b65a1bfa715f0deb14640dfdd

SHA1
b993998d9593705c40fddc0118865c5c6cf80287

SHA256
efd460fc14b5ad2c654a07622fb460d4429ef1cf1f79d2da4a4212f927018374

SHA512
6246af45e71e29ca704ae020a74b7b8557e9196c7a328c05a76b597c076e1579d7f51325d9925c87689c475c13c5c6ad6cb22dce47395611f1833647a8ca41ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17df660b3276606d35aa6e31361fe1f3

SHA1
8904f308126b249fe437f45cc59cf69c660047cd

SHA256
e90063b6f8b83a85c6962869ce08c4f485c545477a28f07679a2f40b58f5333e

SHA512
516be4b7b5c9280dc10fd32a13284ea892a38831a09d8ca6a6ba216dc72fa8ffdf49f6685aed1a39c7e1101b1c34868c418d718b0deb645489f2a7ec5fe0f09a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9feb93107105e066a5b12a6dbaa19489

SHA1
856bc17baf50fd3c314a6c52d8bce719cb2b267b

SHA256
95744afef564fc287122e3a1e7376e9b4bc1e211b603f26fd5487711453db496

SHA512
35ae97326804dbb83c0d003e3e418becb81d929d7218077edf92e86b4f9747f494eba5e2fa42a67a39ce68c3e7407a5262794c71effad2311eb37d664a1665f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCD60.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD994.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
memory/2760-3-0x0000000013140000-0x000000001315C000-memory.dmp

Filesize
112KB

Download