c4b95c4063a7f74e0d271595797237fa0659f1bd560c801458d12e0e116eb54c

Analysis

max time kernel
67s
max time network
133s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 15:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c4b95c4063a7f74e0d271595797237fa0659f1bd560c801458d12e0e116eb54c.exe
Size

832KB
MD5

9edcd234d21e83491c45d42da5257465
SHA1

ee8c76c79eed220e4054e4c2b766b413a4a3dab3
SHA256

c4b95c4063a7f74e0d271595797237fa0659f1bd560c801458d12e0e116eb54c
SHA512

47715502575012fff14f72767accc0af38f03f39919326f5adbd6c9e357a3bbe416442c6ff06ef723bed3a8b0fc152acd6d76e721b3716c230cee43ee62d936e
SSDEEP

24576:DozvbozvJozvbozvwozvbozvJozvbozvKor:k4G4n4G4Br

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AC866D71-68BE-11EE-9302-FA088ABC2EB2} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2152	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2152	IEXPLORE.EXE
2152	IEXPLORE.EXE
2424	IEXPLORE.EXE
2424	IEXPLORE.EXE
2424	IEXPLORE.EXE
2424	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 2152	2040	c4b95c4063a7f74e0d271595797237fa0659f1bd560c801458d12e0e116eb54c.exe	28
PID 2040 wrote to memory of 2152	2040	c4b95c4063a7f74e0d271595797237fa0659f1bd560c801458d12e0e116eb54c.exe	28
PID 2040 wrote to memory of 2152	2040	c4b95c4063a7f74e0d271595797237fa0659f1bd560c801458d12e0e116eb54c.exe	28
PID 2040 wrote to memory of 2152	2040	c4b95c4063a7f74e0d271595797237fa0659f1bd560c801458d12e0e116eb54c.exe	28
PID 2152 wrote to memory of 2424	2152	IEXPLORE.EXE	29
PID 2152 wrote to memory of 2424	2152	IEXPLORE.EXE	29
PID 2152 wrote to memory of 2424	2152	IEXPLORE.EXE	29
PID 2152 wrote to memory of 2424	2152	IEXPLORE.EXE	29
PID 2040 wrote to memory of 2152	2040	c4b95c4063a7f74e0d271595797237fa0659f1bd560c801458d12e0e116eb54c.exe	28

C:\Users\Admin\AppData\Local\Temp\c4b95c4063a7f74e0d271595797237fa0659f1bd560c801458d12e0e116eb54c.exe
"C:\Users\Admin\AppData\Local\Temp\c4b95c4063a7f74e0d271595797237fa0659f1bd560c801458d12e0e116eb54c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2152
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2152 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
2c21c150ebf281c98eb26844187d3703

SHA1
677e939f248285f18ba862d9a86f1a9e0e1cd57b

SHA256
ecd32ccd4f7486fd4a3e40ed0cdc56c01f4db7f5d1bac29fe263cab777fc04fd

SHA512
942563ffb5aabc536f8663cfb78d4a59acc9c1df6aad622d0f2e471773cb89583ea1eb02cf756124f92aae5b85e9087e8309def2f573c54d75e7c29abe8cc50a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
e07dea85c257cceda1fdb0649c5f950a

SHA1
6703b7905893d9b205d06d7baeafed34736aadd7

SHA256
ef75f00e29078a70e3940469348a98f505e74368ffe5bbba9dd3881b3a2998bd

SHA512
7cfc8a6f05b6c9817331b0f339276a27ddf5e488723599de3499043c422012b9f2972985a68a56aa91a246fc8824da7862b854d8c46842027a6f647080ecf71c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
32de855396c76455dc53ce2fa37e514a

SHA1
5b2ae37f1398e76277fd43baf498e99c1b670ad3

SHA256
4611d0151e6296d79ab1d3c10ff521cd9818dee2deff7900f3f4f4fe81fe10df

SHA512
d1045f869e1322ab35921b67ee9e191cf3fe3989f16aa4bbcb9c2799e80aa368446620bb8165364ed084064245e06dc3b4163e4610385ed70399888dbe3b2575

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f78a9daebacf774b3e1aa320054e482d

SHA1
46cb970ee3fa771ac9c12c82418897a96ed0521a

SHA256
532c9a526d68e3ea0d64029a660dcfd724560478b6a66102228db8e8f90cbb05

SHA512
35a1bec5f84a6274b3a7f96cfd6b482d890b6305649a3cfab3e6b0388e3c2d68eb1f0d33957ef0cba48c731e9a6c57b113ebd39f49f96dbb25701eec3e5c237c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
e319ce9b751bf01154592207b60f67d8

SHA1
69bd3f7a923cff5e0f585f5a90c2f65e00770648

SHA256
127633173b5f166f8f37306a72fbf918fd5cbc45f495c529ea09394556e33b0e

SHA512
39c9e4c7436b9350933a821c3d4efea4111dd32e34f11233f0e5454cd2b45303ce2fb9f0d146db8d45772c491c0c83ba24bd942123c73a129bf7e01a5cb44545

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
1a6d63ffa9d7a5594c49759824d03645

SHA1
548466213c7c9cbc8af51752db0849555028f82b

SHA256
ccd742ba931158e93fe6ee337b9f3a04a01dbbf5f6bfe3785e7d5fe65753619d

SHA512
6ac2335e6ab879993649c7357f67fc213e9548b5dd69f86da154bdae73523b255769ece277b940e4d835dd7e3eced1059749d121ff91f0a4a8ce11ccea456698

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
a649596afba7407579bba4863bfcb105

SHA1
610801bd064f0acdd88365a1ebd1539ea297fca3

SHA256
28fee62f304221c62d517591c34045f61639df6738817d2fd0b0e2dc37ac76ea

SHA512
3d59e33bdd23e9533190d419bc7b89af455c278c37e5b2f3cb38c23e1a124c3d333627bbbc0db650f7fcd25791dfe072a506bad4a50cf3bbe402b0b72aac50f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
1e08a99d45cb308502543aae5872ad54

SHA1
6583ba4816e3f3a8d3c6c30e0c3b9f0ed356f387

SHA256
faf57994d4ad1a78587d00d9c7a030fb7f5f271599acef4a0a191d92ba6f649b

SHA512
541f3127fa4f2e840ad540e1a6995e6c6351c81ef625b741f249dc264dfee634e973a6af74b65943bfbf62a5c3bde38c962f04f76d03f34077fd23e864b4f765

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
0809579ba352d3d89e046cc991506d10

SHA1
b2d99c2388581ed345d869f87c9021c96590e7f8

SHA256
eb010d257e63f38c2875565903cb25d116ab1b45d264b75bacb0b180cc2d46ce

SHA512
e6fa2bac9d354aeaf886190ed3f54658a2e69d068d42bb7d2e1c98e6e86fbe30b9bd4853a7cf6b3c512ec9e6607c845daa584ad192a60403397e10ae5510138f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
fdc9ada7d789baf6763f0ee708635574

SHA1
58a5759fdfa462a06758d790ead25ebbfad0be08

SHA256
4773fd75dab8e2b3296fa2a8a807ce0ec9cd72655c4ac853cf8f396ef4447746

SHA512
1a5688b45429564330338ae9e9a8a9a7720110624cf8b3b69d29a6b2f625bd32e41b5b9c42af528062a307320122d7e9b74bbdd4fd776b354f29bf640da02a10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
d281afc5319bdd27058a47192030ff19

SHA1
6811e581365fe53b37408998fa7fe6068ba82cfa

SHA256
096b43e876e480bb7401d6fb80ce9a42511e97b9211f19bf72b787d9b33908c4

SHA512
c58fcc1c1ff05688afb69d243c62ae0a2691ad2ec07abd6e26c6d372f08690db0234a9247fe7c22f2b265a8f7980bbc37c562781c122213b736d427acc43732c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
28de46f49ca4f3ae33b8a7323f261da5

SHA1
695af564b3b57c12692d57e98f7839bb185e7131

SHA256
6154ae530837eca1cc3256b51a745e56650114824dcaf33c2aadcddd854a8696

SHA512
4980a4245fda873258578273672d7674a036ab85b4b3349a8a1c8718c0677b71567f24b901fe647dba4dca8d56828a65cc7ce677b141b88c759b4cc9a9bdf477

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b4b6bfc3bf4d8389f36b6a2e1d232192

SHA1
2b1e78a0ca5c65fd42dd375bcb3afa6eb8d4dfce

SHA256
b8f0572fc75f55f1c81c3c775749cf22a75fd193d831302d89a8ff043124a515

SHA512
2bc60024f376c9988a294cd19230467db0e185cb1310a00e30f6a95ce75fbf99720de5badc05a0a6986f797838c04101e499c08907048aa40f6da6592ae5117e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
3c351eecf5d25a7037ac08de98ce1758

SHA1
9109766336018993e146f65313f6cb9b05f6bbd5

SHA256
236df1a626adfd9e2081649dddef1c37f21581b8f988bfe9d47956da1814bfa1

SHA512
8c01dee1e6d9def955a70268bb69c41d78ac9863f52e585ffcbbccb09f9f7030b63df8b7eb4797c8c650a6cd4fc461f79b0c31112cb912e10faf7330aa8ffc52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
64a83828e3841a7a97b020e0b93e6c0d

SHA1
aca0321e3b7faf3752ef045f5866e7571b8d545e

SHA256
b79971541bc7f9d4010022e308147212542561b6ab9ff6275a52d7ab740792aa

SHA512
346854e2467c70eeb916abb77ca4cc3e14d8eec01d8eac9d6620c901ffdc269009cd38d1c6aae54fd330ec71efa0ca8009cf9de6c4bef7235d726134cbf4cc31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
bbbccd457e62942dabd876356ef5b1f3

SHA1
f24e73e6b5a49ba08a354079bb20e045ed85d4d2

SHA256
f385153ace47e8673809300d86496e7044704dd3d309369fa615a3ee417267b3

SHA512
1fc1f9d0f6fc2069a135b1dfc808e9afa1ebdd0aea993a712499fb0895c13fb3887985b9bc64e8619a6a39caa7a28e18a89974a8b440e57d0e39111d4bed30af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
5c8eb21f94ca6cc7d8feea21e5dac7e9

SHA1
f13e868512126fb6189aae0eb18dda87df7b097e

SHA256
328bb5f7ecb3e99aa53420a58643e09b102b842cc4e93afc93b733efffe5a058

SHA512
9754106cea5e0e2f4b6ac5ea7e9b0a00b88396a5b0e7f7c02ec7eef02e4013b5afc278256ea0237e3a80cebaa4d2b1760556bf4336395426ad82e622947f0902

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
16846fa51ce29d0ebf38c0792096ae52

SHA1
f891930678062d4c0428feb81d205cbdafaa219c

SHA256
9fbcbb207038f1125872bc6fdfc321377697bfa3b948ce85f9004f1655206ab6

SHA512
4265998edac6f4e64687ec3d31769c664d7989b7db47317e9ff2608b7727b4e14d84a77aaefc216490759edb06ee6e28f27fdf81ae7b2c5b832d0cdd8f7c6cb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
0093907f484206b7f0e69d2c123797a2

SHA1
3aa99f0b0e32e6ced81a5c7f804e7eb2d7c525d1

SHA256
1de20996e8144ccc0c6250d51cde8374ef309c6653eea92cb27ed4e76e8face5

SHA512
b11c8aab4c1e8fbfc7b62d88a5c140dd1d5f3a10ed7f24fcb77d96522f08636f29ae3d6bb603a7fbdfaef1b9c51f0501496afc77295fa2728b8e3371d333357a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
cdb36ec5f73e474252b01089ff98a232

SHA1
646d37191983f3e9d98f9863b8c98acf29bbc54a

SHA256
281ffa42e854c41b7b629dbf0a33da664c02ee3c0f24060d8052561d9418406a

SHA512
72af5178eec18e9fcd1ec04ce0779ab74f16c9b54023f20a9b9a72a5b3622d1d155643a41fa6c780a66956522313ac1eeadc69d4cc8beefc172b4ca3ff1059ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
51473782a783a0f0deef1ff5e921b2cb

SHA1
8476fc61f10b29a53ef826d76a9bfdcef56009f5

SHA256
de30f5d1a390d3316a13afc2676d31635f3f8705c15dac7114f7422cf6433194

SHA512
d7798fd45a8bb0c04965c3a90734d733fbfe7caffd7864814b16776c40e176bc73069953e0b9892709faa71cb966693005490867480d33ed220ec83c4e480cdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9ABC.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9AEE.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
memory/2040-3-0x0000000013140000-0x000000001315C000-memory.dmp

Filesize
112KB

Download