4ec7050a304c632d4e31c1db13a8ea917960ff8ece35d2acb9582c54bc16ba5e

Analysis

max time kernel
119s
max time network
139s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 19:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0179d82d370268409fc95b3581cdd195.dll
Size

68KB
MD5

0179d82d370268409fc95b3581cdd195
SHA1

da435b58c35e4bea2d886bb760052f9d3ddfef89
SHA256

4ec7050a304c632d4e31c1db13a8ea917960ff8ece35d2acb9582c54bc16ba5e
SHA512

5d778e801720b8f17d126fdcae245ce049cae563a9de7e68b8725e8f9d6620c4d01ef813d9931c35e6eafaf7eaa5fd063b93778fd521b6c5843c020074370856
SSDEEP

1536:uKaouK0rof8925RMehGW4Z6cHJP3DqshuqRG61:uKaouK99MqB4ZV3Fnd1

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2276 set thread context of 2304	2276	rundll32.exe	29

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CCB17F51-A67F-11EE-9B21-FA7D6BB1EAA3} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410039705"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2304	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2304	IEXPLORE.EXE
2304	IEXPLORE.EXE
2432	IEXPLORE.EXE
2432	IEXPLORE.EXE
2432	IEXPLORE.EXE
2432	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 2276	2100	rundll32.exe	28
PID 2100 wrote to memory of 2276	2100	rundll32.exe	28
PID 2100 wrote to memory of 2276	2100	rundll32.exe	28
PID 2100 wrote to memory of 2276	2100	rundll32.exe	28
PID 2100 wrote to memory of 2276	2100	rundll32.exe	28
PID 2100 wrote to memory of 2276	2100	rundll32.exe	28
PID 2100 wrote to memory of 2276	2100	rundll32.exe	28
PID 2276 wrote to memory of 2304	2276	rundll32.exe	29
PID 2276 wrote to memory of 2304	2276	rundll32.exe	29
PID 2276 wrote to memory of 2304	2276	rundll32.exe	29
PID 2276 wrote to memory of 2304	2276	rundll32.exe	29
PID 2276 wrote to memory of 2304	2276	rundll32.exe	29
PID 2304 wrote to memory of 2432	2304	IEXPLORE.EXE	30
PID 2304 wrote to memory of 2432	2304	IEXPLORE.EXE	30
PID 2304 wrote to memory of 2432	2304	IEXPLORE.EXE	30
PID 2304 wrote to memory of 2432	2304	IEXPLORE.EXE	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0179d82d370268409fc95b3581cdd195.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0179d82d370268409fc95b3581cdd195.dll,#1
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:2276
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2304
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2304 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a234efae090147ed887ae8978ed2390d

SHA1
979e41a7ace176ca1a5f86ea99bff69c3e45f122

SHA256
c40cb94051ea641f28650018c008eddea88d30e7b23cdd2503c56008f83c50cd

SHA512
0b76d882aada84695d8be49cc6275166a41adb6eb645dccdd69f07efbfe8e5fdbe0f60f0880fa18b8ebdb8eaaea3ed2b0bdfa13351529cf2ced4b1e2c4dd222f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
080e500573d05a4085c1ab05bf8627fa

SHA1
6bb35f1870453c83a2d52e832f7b66a599e0fa70

SHA256
c636edfe66d8ce5776759e506737e5729e89e0558653e31e049815940dc7bea4

SHA512
37e99efcfab9f5fc04c8ededa0718ff28ca8d43bcff2dff44615b7b342fe268af7e30e65a3fb8b0323e7d50ba94c61575b2c8b06e9866d012b185db8569e47c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db50bbb733eee11e1197217199a9f3c0

SHA1
69ed22afa42c74058671a757d04f2262d4f2c79e

SHA256
8aca39c2422c3a6191ded202e7cf8dfcce8424bd5a86f89afb7ddd6e5d7fbf7a

SHA512
080628d8ec32e60484e368d3ea86347a534c379346a8ec592646c835e2b584ca2c56930f3bb87713f9ab17f312b8ea67134c76f1ee8a7060ccd9506f34c51632

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8af64726c126b2ff758655f6f47d0e4

SHA1
a671a6176c6fad9365e0c467386777833e9b5f53

SHA256
1c22d2e79ae18452bca086215ce63954f7f3c96801a689079b13f30898dfd72d

SHA512
465e5ef06d85dfd37936eb67e1aa66c2e90e630a8d1b8d8b00d893b27a0a52910db06662a32abe699f4a5e01e1deea4680156fba52567043d6c3272302d7395b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4da58b9fae02de3e3219a78841c9baab

SHA1
86ee3fa8d609b00c6e26f6b31158f831dc2213ab

SHA256
613429e75bbe589152b9545c0180bd93517cce5d74a356300747369f310d5ead

SHA512
c72db5f433c7ec5693f738a74ab7bc226a7d2855eef8b19615cbbb6c2f74f6982844bb02bc82a760fa3c6695f5cb8b508c8c28577f1c32146caae7f5c0b37b7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7415870e76458430637485abaa15b92b

SHA1
12679f68a96120a545d5195384dda3904ba4d1ee

SHA256
99773bd114f482e379e7a62eda881e2655f0756a9ab4c9d351d00b3b9d1a3c3d

SHA512
920708930d5656e7f2028f4c5de3765fb91b6a99ccd356e5d28bab02eabc6bdd2e42bee084337939e2ddfa20d0292e9460283352fc5b8e6d5f2cfcec4f26a8ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1dc641fdd8d895c96c1aecc3ac08564e

SHA1
599dee31c2d5df40ee948deaaf90d2e7fb7ac72d

SHA256
1259c53e8d9e6aca90c20f07a146d7dd236b116b95c30e30d758795fe169ac62

SHA512
93311554df61d7f744d0f553adaa0fb6edcc7161216d32179924b869533a356b3ffc65f55537fa0c6271b5f9517e6690414503f1259731bdc5216aaf43d32143

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
749b717ae4616ef643ed7f3100aa8ad1

SHA1
dc5b6b5ac73d4ee0bb37e2128fdfa21d09c3e183

SHA256
65ff9703cc316b161b0721e9b9bd61341854893a47606306040abf5958d4c2b5

SHA512
36fafebc9529c1e0f9d752ce9201036305e69a38229788ba2dc591644e5aaf4af30bb10f99f77111ca7c09a393bfd0f5baa783a170a35acaa2861469c0c8f78b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5667fbc89c0d592ed333298c289a7831

SHA1
fa3ff77ed23766f91d40a84479fbec1794c0767e

SHA256
3ea4385b3554856743e44b7cd506dab1fa00f51eaccba4dcb7f6856178804094

SHA512
a3c03c546c091d6410249e02e0d90407696dcc4075eb8220961b121c0062b50af8d5a70fec31f814b5b0b421140c81494c41893aef7d3074db9cc279f8b26542

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d55056f12563e1ee1777c80f795508c

SHA1
b3237121f06c1d45cd51cfd0ea3e0e5c05766754

SHA256
8d4352782272596148e68e6ac5ac38ac8aa5e55987ede1d6ee61df8661f7d6df

SHA512
e701142a59daebfcc76b8cbc4b341d9bdce15bcfcd3286097954372d7031f244e822d928c482afbd8a62df9395a39ca8c24eb10c44ef4373361cc33c7a808bd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
13be54d85a709e195b11a7a9ecfbe0bb

SHA1
16cd756e29cb5946c52f51eb6df5a2aa244fa1d4

SHA256
b158accc7727eae64d799ffe6b47dfb4e8c8fde5d64aaf95501319f21c7b130f

SHA512
27dd0d25e1fd7a653a5e1b5d2e9ced684f88266562582f156371b31d37d60573f708d1500bb593120bc336a238f15260091d0f51ea864c0658f3a84dcf078a96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc656dd54c7eebda37eba5fb33603b64

SHA1
4fbb6497fa3dd52c660f33e490173642983289cb

SHA256
1a8d3dc9736c437836a1bd2d71af5175265709860a5d2470c06c02a1754cb3c7

SHA512
642f818c355c9fe18590dc8868bf1441c02527500a1db73a830c3ac658a24252fc72a004dec1d6492f0d35a75943ff7428b8c307d290d45b60bfd202276732b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ac117939ea281acb06664c2104c0ebe

SHA1
08bf6aa980593f987b13bf1c93b7f1e460adb2cf

SHA256
b23462af5cb94f3d7c30c91aad1eebe00fce752bbdb1fb45ae0b33ad7157c996

SHA512
11238318e71b0d3982c8821d4f3f9e91b557576ed46ef9a2e18a965573595315bc8c8b7806c2654100b913f15f68e75360eb97686667d6a564731471f91d46ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
883bdb1321f22eb15f19b5cab00dc8a5

SHA1
dd1b6fe7655ffa65719d22dbfa39a1b2a8bc769a

SHA256
204ae56477154228431be78a1809f3cabab43eb60ac3798b8044209a0cc47949

SHA512
9eaf63b8ec710a0091f6046af3a5165f32c530fcbd4b5247b8779301270d68e617b2abf621d7dc9831aca525c0515819ff24a4db7707625080c7cfde0c74511a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be3cfe085b5cfbd60b8d78bf91721405

SHA1
6390bdf6c78898056b68eb611680a75c0f70e8ba

SHA256
8ff0033618dfeffd46505521dec9c8b79c204ac31bf80402a0dcb1bd7da81475

SHA512
8390397bdde2158af9c8691daa8001f16c4994bf54f6db02800241ccfb0357291349d4e471644eb241e678d724c03861212478d4b84a55f931ef2bbcde7feee4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf582c83dbcc20976d85598eabf0f7c6

SHA1
98b1a83cf9de975a224fe96613e17aa6bd45175f

SHA256
9fb0ee590715791a3efaa7c294146bae916de7f68e65e42e8133851d549d29ac

SHA512
b675e6a7b420fddfce4a7881dce4baa9fb456e79c05702830d5186aeefae042da7addc774527d57dcd3d258b78b4d7b1504c45bfc558d88901b5d6074214580f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e463463d4087c5cf50a079beba21edf9

SHA1
bd9bc94ed346b91f793c3c83e9f755b9d888c440

SHA256
0110a7383deabdb266b91e425de0e8ee263bd261a1ce2abd1f0e248a5be886dc

SHA512
b4499258dbb8117a2102ac4ca6d564fb1f8645296b9320f0bde34deb5cc5ab57e623bf2f8a0217a876afe410b67103fc0731ec6f940877a05019598a959a70fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a5b2e30e6fb8668bd39dbc0366e066c

SHA1
a8adf294cdb10b584f7b5e92b0c940f95448ccdb

SHA256
1a4f608637ec25fd162fce304d0b3c932fefbe48b2112395b5deef591a6dadef

SHA512
ac626c23635e7174ac36819f56d56b80c4caf49749fe081fb9419c72c739f09818a4943d71750c80ce09abb4459a2f117c040980488f64a96894ce0fa3d35306

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA853.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA885.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit