1bd849c9c65f64a18acfb8783ea72c4c90f8a30d821bb83b88acc2f31e679ea2

Analysis

max time kernel
239s
max time network
282s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 09:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Koobi Pro v5.8/OTHER/Addon/modules by nulled/MobilePublisherPHP_to_Koobi_54/index.html
Size

6KB
MD5

9bcde19b29ef4d3e34a0ddec6c417112
SHA1

ff850e876b4a1699903d8b79226f5842bfa917cb
SHA256

44ea574c9e468151028c780ef1e244618a98e96cb12d40bda4833e64399a5730
SHA512

47be9378f4b368e0dd608100259b434bb52d9b50d078164d2810dcf138938cac9030abf6a6f3045d43f252df8d3e4855e32d00b17a383f2bcff1bc47f3921eaf
SSDEEP

192:cDhVCU9L/uMQawTm3BgV/Kv6/VyFyPaJSuUB1I6iaWQ4j0K7fyz1uNfc2FgvnD9F:Qv8Kv6/VtaJSuUB1I6B4j0K7fyJuN02c

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b05bc05bd33cda01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c1930000000000200000000001066000000010000200000000613679aa6d61c24df6075ce44b5c4ad20ef70627e17d641667464272ca317e9000000000e8000000002000020000000a05aec965c0d7c3b9af33277067fed2d838ee714a78558ea2f15509424e206d8900000002e49a5c5c4ba7e6be2d22f46b84df0dd4a50936927f467df338fb91889bd78b2d63610b9bed2ee9f0fe86f82111773373c3a6393d2e51cc7fb7a4b857719c34edf62ee168f826eb020905e1639b80f6267295e6edd9eddee50bb7f5ceea47b0b0774dde4a63b720dd7395dc0c6e0946e7ec8f991bd1f6c69f2b141bb54afe7f17d0096ffe10114165f8fa76621075129400000004c1a8af0db9d61863485fdb790877f9620c35dd505d457d366f519535258eaf78694e054a7c5ea53d1997deb4aa11587d21d9b4e9207d9771bfc8e0bdce0dfce	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c19300000000002000000000010660000000100002000000085de8229ebd9c1d3260f9a68bc7e4402e49420bb2c90b815343a39bad7f9c73c000000000e80000000020000200000004fbbe7294bd3cd3372c279976cd38a505374a7de1d0f75c476cb6ed2103ca404200000006d280c3ac3fcfe29cdd7005e947244c4a6d6e741e1b394bd23d9f3bd17041a9d400000002fa0f1ced955f5d65e99dad9d271903fced94bb00f21d25cc8e38f3f48a5cb84de389375338defb81b83eee8ea79eab4375caa1e34682f26803ba58f5dc37ffd	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410289958"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{75592ED0-A8C6-11EE-9295-C2500A176F17} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1232	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1232	iexplore.exe
1232	iexplore.exe
2300	IEXPLORE.EXE
2300	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1232 wrote to memory of 2300	1232	iexplore.exe	29
PID 1232 wrote to memory of 2300	1232	iexplore.exe	29
PID 1232 wrote to memory of 2300	1232	iexplore.exe	29
PID 1232 wrote to memory of 2300	1232	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Koobi Pro v5.8\OTHER\Addon\modules by nulled\MobilePublisherPHP_to_Koobi_54\index.html"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1232
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1232 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f9e3ecad6212d4e04c02e24dfc5ccfd

SHA1
4856dee989541a342cfc0e2d49aee04ac9633b97

SHA256
6ee0df4121f6533e8af0fc0f076f89aab9f7ce522db0e89a860f7ab0c88dd480

SHA512
4ca106b578558a977128a58546f371fea903e50c06d0853fccaa67c85ee1884c12b286c91427d1ff76d8c41e96e1b81052200ea066ab5aec830abe3fb51df341

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4a6289944890f8ee168b61bc222c49ae

SHA1
fc41e736bd99f8ae722cc76edcae1ee4e6c1c09a

SHA256
e61548c1b83b41ab485a59f16a1a47be519634035b5e4d3d1fd7bf10f5e91a51

SHA512
fca0e50a33f6ec3fe84c7dd5b5769ae44ef4e92f98977b092a48c6d8eebac2a16956c23c983a96554cc5cb060c949ada14360889a988a4abe86e9cb1051d9188

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e568408f60ebfc07bfb66fd58afa57d

SHA1
3f7e60cab0d2b67112b51bca4c8d4d40ba1e11a3

SHA256
e875c77297e1569ab8d0c25e13eb13e62bcc08795058dc188aee0369482dcd45

SHA512
41c28068e53bc3590b0ba7e3a7789ac278715756924b6111949327d24fd817c7cb052fcf56ce3ebf3c6a2800cbece5ee37e846eda553642a0f078e68af552c91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99cca60e5818c1b17c370afb0f998c29

SHA1
1ca3eff9b6e04589b2da4a4cf54cd2968f402be7

SHA256
61651e38075070dd9fa5f0ab90e5ced05f53b61a22e9ae8b598e6b1657691f37

SHA512
0fb1f585a2e850b544d6be8efda75cf3d105f327e757855233567dff96fe142d987249b4ece2ab916a90d73ff4539246dc5fa507814531740c9c0fc30102a2ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a015c08ea392eafcb8109cb543b5840c

SHA1
749680d5ca917525ea25e5f7bff975998dfb603f

SHA256
032666e2a7ee9d8a101a46e57042ce39d6a02810e150ff8870eaa19580ff3519

SHA512
3a653159b5b454c1595317c591f53e7c02e31459575a730a574a858a22965d1e98999e98e7b33ae0ed1c0476e32b2e19e1efc0a81b105d0829e8129a984076cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
703fa54a4238693d734371578a861e4e

SHA1
80fdf469a9d24d030a7ff79e12993ef93bd61830

SHA256
ae63e4494ba3bbaef97b5c6f45c326e58fdc87b6dcd44f79ce5ab2b0fa7f7e4e

SHA512
e980f33f67684d0a98993d9d8af6f884f2f5efcb6d2202fed9697b16990375574d29f9107ce46b915b31b219a3b27800d6ad2744c50f44610190feae7f2dafd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d0a13edbfc7148818146ce3a5b935b8

SHA1
a10238e9c212bb03ab7eb7ace325e3278cb9ab91

SHA256
73f37efb04853cfd037e71c1baccf0a48fd2f878be954f3904ad6363b1e19e6c

SHA512
6ea0e7dcdd6cc2f57b37c9256578eaf9ea44cdbb759b98a69b71f9ee2d45e1a0dda4781eeae6bb3f67ecd57dfcc26433a7fccde199f93532f41e5a0c6512a969

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd2cc2b41de9ee558ec4133ddb2d0e1a

SHA1
f0ce2992fffc05605c4e330d84e01190a58a2329

SHA256
dc26cd6661bb225018a86efd9dcb60db9bdcb148b3dc1cffd579c0625404a3e6

SHA512
80c4be41462311fdf15051e209db07ead71e670c2109edaa9965bbb152709881abcb8b65fe2465ac91c8b6b922e5208314c7ef85e3a010ccc59a6a0d37537f65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c410ed318b98490d31f1b93b88997745

SHA1
76e0ebddc79478d56a45c20e4b5731006ba8dce8

SHA256
e4a4d99ed53c3bfd5ea1eedf5b172e4c384953ec624b7cfc1d6853c65810d3b8

SHA512
ef7415a3bc6f529a3073eb315ccacbd9fcedcec57d0983a81a2ad41e942ab82789f33241db5f0b32e00fee5f1f76312e431dbfa79567624a747909eb62697d76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5b53edf0ea2fc87644c385c749d2d8c

SHA1
6142d9f7674b637764737c8d00d9ef13279d76e2

SHA256
ed08f6fcd91a0b2f195731201f7aadb990286e7716dbdc990fe01059760bcee0

SHA512
e1363424d545d6328b2323c733a924382c755fcf1684820e7f6ca5a4cc28d68b1ed8587da0a7281405c2f239d761d5768a21cf497a56c8b6f1d9a8b6a631e65d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
91379eaf73d4f747d3061a7366cd7a24

SHA1
114a7b48579a7ea745a6a175a9c3c3ee3a1fdaaa

SHA256
279d121547e9a80005b49c2cbe2c8d4230c10506414c5df51b023c0e9f874d9a

SHA512
8bd055af605b8f043982d14195a0b886a9b0271b3083efe62458c64e142ceef3ac23710baba341bf9c72d53dd5d1b154088bac78da4b5a6a77c337d4943f20cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD646.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD6C6.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit