b81019d16d83197a22c34667c770345df756242aa5f17cca00f418a5d0360ea0

Analysis

max time kernel
151s
max time network
235s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 18:11 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

akcms3.9.6/images/index.htm
Size

1B
MD5

7215ee9c7d9dc229d2921a40e899ec5f
SHA1

b858cb282617fb0956d960215c8e84d1ccf909c6
SHA256

36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
SHA512

f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{59E5B2B0-A67B-11EE-97A9-E6629DF8543F} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c19300000000002000000000010660000000100002000000033f903f030e7a311eb15d288e7f5c50aa2ed71dfd37a0ccfaf4ab2d33e71b693000000000e80000000020000200000008c5db0de4f2ecc66006b5df06db011c608249c4814106bd885d2002f268c693b200000007be534cf4ae560d788436870ec94d853a32460fe9e837d40cae6064fde92a739400000006be2b55dbad3b7fefc56963cc3632ce1f0b24af24de05e19717b4e1d83778a0d35e03ff970306e097c0f5a93cbf0b16a6b70e0917024f1950624e4632328aa14	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c193000000000020000000000106600000001000020000000cc0c6a7461cf2d8fd2b8b81b8cde14016e0302b9d40816d8bb024bb9dca2fb11000000000e8000000002000020000000c8d3ec0ff1de7830abe1aad9e20ac8ae205127f774fd66f26e1835eb87b9376f900000005aa6cf331561f76e63437ddcfe20e1deb3d5406b5ff9563940f0fe063adc2dbcff884224fe0b0069a6a26233a4bebf88bd1e2913a8b2c69c58e6c6e5faad1890a46a91736cd2ececd34d7c7065454cc277e72bf9cd304b6babadd94a4b1f3b8b003d8d12474efb391a985bb6fdc45295cd677dcaa949197dac97bcdea7fa4c0943c314ebf457397a3ccbc6e6e47462a8400000007e823c802b8033235c8ab32a9519f7903af3f0e5654c111362d43e379e88ab84c503f2cc719cbe2ba5dcffa61b9b790839e121649eb43aface9c0472f95d128e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e053db2e883ada01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410037797"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2668	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2668	iexplore.exe
2668	iexplore.exe
2808	IEXPLORE.EXE
2808	IEXPLORE.EXE
2808	IEXPLORE.EXE
2808	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2668 wrote to memory of 2808	2668	iexplore.exe	30
PID 2668 wrote to memory of 2808	2668	iexplore.exe	30
PID 2668 wrote to memory of 2808	2668	iexplore.exe	30
PID 2668 wrote to memory of 2808	2668	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\akcms3.9.6\images\index.htm
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2668
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2808

Network

No results found

204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

960 B
7.8kB
10
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

1.0kB
7.8kB
11
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

823 B
7.8kB
10
12

No results found

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4eb73f6ac8783b7a60a932ad77b6741d

SHA1
32529859a9e0365bc0fba97a83ff250674adfaa0

SHA256
839ceb5b5830d272e81ffdb20af398a6c7f13ad799d0bcb2459ffb655b62bcce

SHA512
dc4a832760f7f5b3fe1ec5764b861dbd73e8658de1b3f5d5cf739ad743fa7a82776168e9165d8fd305046e87be780a6cb7573c7970b826ae8c261a7c68d8ad45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2fa9a3dbccc395d7099548be23d73043

SHA1
c4ba5f0c7ee6d6596b9df3fa30386ebe367ebc7a

SHA256
2b65993e229294ecbc6ebc06bbde4044db2c4748512a4688d62b8e601c3c2ca1

SHA512
dcb1ec8180370a8730545dd0f4f10020cb6972ca05d41888b7eae1ffe686ce96108626f8c0979e2948c21f0cb18d7cc07be8d9b3364fbe6e30b9c084e888c052

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9772afc8cb85c67fed543b02e7c92345

SHA1
5e21d04f8dfaae9640dc4d5c0a4c37d6a97541f2

SHA256
a3dbed261792859610579e0ad7294149baca4cc852792ecfb74954967e332479

SHA512
b7e46444aa580a51302f018693b03afd21be79cc3000d47a096f30fc634b5227e01e16de8f874df02e3fd370ec20222c8cfb5fd3b48ff29c7ff2a8d9f7d492dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
342c6485a32993c35b2a204c0400e92c

SHA1
d6c433ce799ec111c54e5665587a613c902da1cc

SHA256
98ca3ffb1680b075984bee45e6bc788668aca4faf4e16f9a96b250097b5e2d09

SHA512
7e6d849dabb04f3b06a70ca0d003216c2e92e19a9401e2298d3d43c742c38565638f05d52919fd8d45b7eac453aa6106488cd1b75bc7cbfdd24e405de2063d90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8036ad707c451fb256e3927b46951800

SHA1
680edfd7ad144bff6e239e1b345cb270f88f4fbf

SHA256
5edc8f441acaff387bcf5b0be9682016da596c0a5e8686017065f35bb5bfc345

SHA512
f0b1f09e490754600a169ae69a2fe3b5439d6ca7aecfaedf3bbdbec8c2adc15dc3fa0510f6b0570a0335af84e1dcc1dee243b1752bbf1aec5a3df26ecd1e9515

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9660fb367bc2f6d130e51d643e1d89ae

SHA1
9d7e2f0d3ac2bc28565f01fa8f5e8bad07391d92

SHA256
d29d9c8c4fcdaf3cd215823bb4da3bab5cdc1f9c39d15a65833f5bef12637e70

SHA512
14f24f12abdf37fa62e96ee840a43432d4a5f04fb0ebcb1f717da566d6925cc84e4ea38f35b2a9d29caefdf772b57fbd48540ee228a5f27d812d653fe2f7c71d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCE68.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD4B3.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit