hxxps://cavallaritelecom[.]com/

Analysis

max time kernel
195s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 13:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cavallaritelecom.com/

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 408af6b8de34da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c000000000200000000001066000000010000200000008d5b181d87d3fc37a6eb5a72b27c9b63867a23c9dd58a7ce79c3e9389b922a27000000000e80000000020000200000002cc44488738110cfb0f9a9df133d80e4f73a89ab40f61acbc5f1e4ce0f49664690000000f460e79e97fc18ac4d7cd7022588974ca49c37a926fbfdb577176a75ec163f56a5ae3b05deaeb205c19bfd25474c3c005e86705668ce4ecd744af875dccccda8ffc37df684dd4ace7dee287c7d8e542e5df767d09d4554fab025db976faaee948e64a166d6b872bd2ca77a5890d298bb9d07085f9ddf8374570393427fefb055db765a8e14c6991d50cb1851bda8c874400000001b2794f1cd0a4a6252bbe26b22c708c5229fddc4f7a97c637b9e1184b79bc1bcf5e16a850d082eb6ee69804a53255b4483180ffff1ca17984add1a1564d085c9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409415251"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c00000000020000000000106600000001000020000000eb0c64c45d998906af056b4709c3770ddb8dcf00aa365722881c59667f1c493a000000000e8000000002000020000000aec09e6ab5fd48e5ffa68afd435d8ac8317811491ef4b5840adf97c02315c59920000000d9d67d1fa9ccb0f2d1f85bd81b76dda24150306d2cde6c19b06dfea5c2e001d74000000082af4f36987814d7d31d388da1207a9f9ea18c73944cb73e8edda995da7d0a085c186d689e168d56a9806fc71442e580332043ac5b1cf29988d52c762caf2728	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E3949A81-A0D1-11EE-A2F4-C2500A176F17} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2172	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2172	iexplore.exe
2172	iexplore.exe
2924	IEXPLORE.EXE
2924	IEXPLORE.EXE
2924	IEXPLORE.EXE
2924	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2924	2172	iexplore.exe	28
PID 2172 wrote to memory of 2924	2172	iexplore.exe	28
PID 2172 wrote to memory of 2924	2172	iexplore.exe	28
PID 2172 wrote to memory of 2924	2172	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://cavallaritelecom.com/
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7cbae6959b7ad7e3fd7e25cfca221122

SHA1
283674aac1e08cc19f1a1e6674af59fa299e3960

SHA256
47590d7a43da1557fb0bc6dbfaa1c74402e84e06bc62b06288fd3516d7ae09a1

SHA512
9f3e33a3b2c4ef0ee693e3d3211d9484e7a27a6e14f0475159ab14d53b70e1e8d88c618f365abf57405cc40d0b810707bf02907c4d2187b77df890c5a6ea8eb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f680797192b4ffcd121878843c8dcbd

SHA1
e5994c7a07876d9d7afe4a4a56a944570a25c049

SHA256
b489a89815b766b99986dbb96ceb0091aa102aeee502cb206845d7dba24b7396

SHA512
a1c8f36385c220946b58db68a14a6314e219cf2338385e499d3befa999d19342cf78754681793f31414fb670d04af08fa2c9e87a6f907f148f4901d4469791df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a987a845ac772a79be90ecd90ff6a4fd

SHA1
819fced6f25d1071ecae6ad17821c7ca4bfcf91d

SHA256
9c7180f27f1d3487e7f66d1010cdd848d4e88a7a753a81a3489ce321782f2fb6

SHA512
75b78797226680c668cb099e68c1e24cdae2df756ee52fde678a5877622761b3065c878e09602031040b7e1cbddfdfaf086b1fa90e09ff1ae78cc68e50f1707d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db099c9f2d95f8a0239e32ae1a06cc78

SHA1
99746409c1482ae41b9170412fde0bbb79fa58bc

SHA256
c2be7bd114107ae7d59a38a263d7fd623538b958567f27d97b0360e164171034

SHA512
f57e14528b548887f381f1dea37ffef183ddac71d830d89331d7c82aefce6c85762a24bf7b86d1b0b45fcc5a1c9e5f3c63d66a2aae77b9f6c4c6e71ef05286f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fb16481018c99e8a912023562d3ee3ca

SHA1
e94b406e93c873fb563ac33b22282d9cd1bc2dda

SHA256
2c8c059c073635ebbae302e94bee4609b86511127bd52f83f1daf3a21ec09697

SHA512
d9c29cb363a59a0d9af527956f2acd9a451cd21abf91025e7dc4e23780498c251def93d18bb5ecca659b57b353a689ed994c281a47ebf6df431972bcd4d0f0f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5647bd03d6c9bd7664b3a3e57a7d3bb

SHA1
ce26dacf055d32e8c69cbeb12b42fb70f8155321

SHA256
8c5e2745e3ba8f7281c61a865d097bc2bd24268a341fc1c233d9cbee303d02a3

SHA512
6240c76851a3c0d75a042e25dcf9a68a1bda9d53ca1eb36731fec96cee1ab1cfafd933bddb1b7589c38740172fdc94e3465d7558e8faf9c54b8093f4bcf425b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17a53eb63d4b87ccd44e6ba282f671d3

SHA1
f16fd78e4e18f908d44d395065aefe7ed9404ccc

SHA256
c7991ad21aaed7f294d5d5d2fc5c71bf428d846f27c428f35ab574f160c07188

SHA512
8a2924cecec07324a1ea367cfa9bb7e172267a3a52b8cc4cda099895140004254b0a1e085041a041309e069dd634b59fdbe654716d931f79fbd7538b388211f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bdb35610c0e2aaf8f7187f44e9266f89

SHA1
dfb5467d32c05f26710495fd55c313b77604e91b

SHA256
5c42abdd33911f4c4d77748c5b20da16464f3a8ba15e14f737706e0bb414ff9b

SHA512
27476352ca4af49f3bee5f947aa9429126133b6817c5055bb8c80af9444be0a47315719a0392d086963985fe7664a2a280c2c8b756a29f08390c0e064fb74e3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e908b4a1ab0a081f5d62e948eaa8608

SHA1
c1ef24f9ec9a5303f94571dfeb4d42c38c530e21

SHA256
1bd1281f2e2a67dc5b7e3be4c64782e448c8edff3c4adfdf342afab165cada5b

SHA512
b43154fccca80cc13b4b85e13278833dc39e4129153d8acf626bf4c98bf061be24d39b70ac6b46eaa6c2a9a6d726e838d33247c3a4bd599563db95c57d47b891

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c11682900005c63624893549ff3b6f1

SHA1
9f80cfc9985dbd8a944a4794d1e85460f10f16fa

SHA256
b54c4b60ee565f91600abd5d2564f551bd4e144a21c7ddc4e5538d3bca2996c7

SHA512
b105f3a4354b53f6f3d588e834f2280208738252c7f4f8ee677fe16063c309dbb99f1b0bcf781246735f68eef91863e144d646a9805ce9ef0573185d6f4750bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0e519a24c74df430551bc9633c8caf2

SHA1
f4067282061d5f77c8c0d8f44b6dd5dd8b81ca7d

SHA256
89f0c277b374e17fb3047151e855c96ec786815d33e48cab8e824e6c555b9d66

SHA512
bc897980711350536f22bba795739765af102c49dca5ec6453a450d6e63642d310245be752b5bb840fd5355c55eaaa8dee25783ecdd65998079d3d43ae303456

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c9828f3cf39dcdc838280401383d88c

SHA1
29c4bcf47206a7a3f82d725d4ee3ee26533ce54f

SHA256
a7e1b639caf47d987c6aaadf5b8af3113b4a78717f3d90fe35853eeb5c804097

SHA512
4a12dca168d99b439f94abadf108bd817a3912c2cedf97a667d59e876d7d54a1f40ebf4b24254e69c76f6622b43f73394d25770f007c09f4efb98b616c8572cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
00a308540b2ac608aae6c22ed21205e0

SHA1
8ea38014785bcde577128d4fe59352cd04030888

SHA256
8715b05130a20df47e76b746d16b0df717b0dc2cf9ae29fb638ba5146f5fb5ee

SHA512
b830c2d62bbb24a5c124a5204806d42fe088eb6b885ca484582e74c23f1c325d45c202ba82e63dac409600f0b573c848887c6176213b00e196ff86871c561d6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf7a0c8cf9989110bb00b26328e5bcee

SHA1
acf1744e37db13dc22d39258068c796fdbd9a933

SHA256
928f44c4e0075f217d4851a2cc8c7f0b2c012157bf83c8b434b5ecb2e5afe9d2

SHA512
20fcb4db6c2c80d81bfeebb515c4929716ab2b1ca7e1701d151397fe6706c6a88c253d71ec29897e0e5640e9d28f63f526af65bdf09b45b3608e420eb5068a1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
330310782800a4f93383b42d238511cd

SHA1
27b1a569b186cd6ae72d790e7c435333baa526f6

SHA256
b14f521241744aa9391cca214b77fa11c91d1edc7913b69b6096c6a08f11bd70

SHA512
7215f70628bef0611f5f02f9c6655b59d66e01a2382495b2aecce34ac32b2a2ff8485fb539931b61c9a3953b3f6100879b61df8d7881abaff6afb7cf6d770fb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
751e8ffb895d03e048a91b961ed04e5e

SHA1
28461af9fb6463b98be7fef0d01a877746e63b15

SHA256
cd05144639c4f82afdd04622262b3a8e8fbcfa87e843630b1a2e0969b9ca5230

SHA512
0a5a04f3e213532c556315f8d34705e01bc0861b7579ea596d2f6df2407003c0860b906010bcad0c8fe3a19baa2ec52dde5017cd6c5501e924f5478b26cb654c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df575202255c81fcaed8d480a2b0d67a

SHA1
9f893b539ceea02668f7dfb6eae4d08a35e9173a

SHA256
af0e48d04e9897683e11e19680ee36aa928a402c7ba65b9b330f04ec38476b67

SHA512
ca879609b504a5d7dbd8db49157d24e165389bd7e9722c246e4794b1c4aca6a978285b00080a47884187564bd0a1aec44cd3370e5602bea6c0b751b29c47cc57

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5707.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar57B7.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit