f5f0dc42498d4414afbe66329a1181263a11c7707ffc1f015ce42996041a8bd6

Analysis

max time kernel
146s
max time network
160s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 01:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44f609f0b8212b47e2af63d40c12cbba.exe
Size

50KB
MD5

44f609f0b8212b47e2af63d40c12cbba
SHA1

63801b3eb605c650f43fbfec864e0c17b3930db4
SHA256

f5f0dc42498d4414afbe66329a1181263a11c7707ffc1f015ce42996041a8bd6
SHA512

e4384c943b9d71de4d78bfa5f7f66af98efa7b05f6da8ce53d5ddba7f74f59a9c75570b580c56a4847647a0487209c4238401351b779b9088bc35c24bfecb68d
SSDEEP

768:54qWkc7KPl1G0zqvq14WdZg648xWdeVHvuX7LvNE0ygFFsG:54JxuPiqYqCWA/NEvuLLDyEs

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EE4F6EA1-AC34-11EE-B5A2-D6882E0F4692} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410667253"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0af6ad24140da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e917866400000000020000000000106600000001000020000000483807f2e06d42dd21ff15acdf662fbb82317f440a74599074e691945e5744e2000000000e8000000002000020000000472d1b0f666c10c2e9e2b1b6d0f180319a2c1241c119b88978cb7973bede265d20000000e631c3097377441c5bef0022793c0e1d73f5f0c8d39a39c94da70149baf8bcc04000000086771c10b9199270589183158b1dd1057a0c50f56a380f70500fdca484ae6baca1d3cf0f8a1f366fa3c02d90103066e23db4f6f059d3049b9001702e2de2bd4c	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e9178664000000000200000000001066000000010000200000007ecf36415c78fc8c3eabb9a260a5ce6a97b62e164d0831e02633cabab57f3f71000000000e8000000002000020000000ceb41c16ffc27cba8d4f2dc73a0a17d16710dc506a353a0204f6d9c17a772af1900000006792864c6fadf3e3884031626b124c086f8612736b5e8e95e38e743003acfb2dc9286b1538503fae6e3da358b1181bd67ca9119d320863174bb419084a077a982bb9f564a0f0997b76971c4ecec61ec635153ffc20064df90050f532c06245febc82856a26ee5958e158f6254b86bc4937c09589341dea37ed37e2e5e42cc4346fcf966ac4f8b999303848c659c1169a4000000002b88c84ea09afe099a5cf05ad18ae92c09685c7fba221b4ad1b85efb62653f5bc58db422cddbfa9323c6fe06f7f1bc726606bbebaee4c8386aa225c4c0fbc77	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1900	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1900	iexplore.exe
1900	iexplore.exe
2732	IEXPLORE.EXE
2732	IEXPLORE.EXE
2732	IEXPLORE.EXE
2732	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 1900	2304	44f609f0b8212b47e2af63d40c12cbba.exe	28
PID 2304 wrote to memory of 1900	2304	44f609f0b8212b47e2af63d40c12cbba.exe	28
PID 2304 wrote to memory of 1900	2304	44f609f0b8212b47e2af63d40c12cbba.exe	28
PID 2304 wrote to memory of 1900	2304	44f609f0b8212b47e2af63d40c12cbba.exe	28
PID 1900 wrote to memory of 2732	1900	iexplore.exe	29
PID 1900 wrote to memory of 2732	1900	iexplore.exe	29
PID 1900 wrote to memory of 2732	1900	iexplore.exe	29
PID 1900 wrote to memory of 2732	1900	iexplore.exe	29

C:\Users\Admin\AppData\Local\Temp\44f609f0b8212b47e2af63d40c12cbba.exe
"C:\Users\Admin\AppData\Local\Temp\44f609f0b8212b47e2af63d40c12cbba.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://voxcards.ig.com.br/imgcartao/cartoes/26/c26_amor_veiodoceu.swf
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1900
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1900 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8fcedf6a2248bcd1bf77c957dd786be2

SHA1
7b53102122cd43f9dfe08ec58f601b3c680e01d0

SHA256
acae579751614134f9e3c80c331b82816513356de39e06ffcec3390bcbf9ae36

SHA512
5334a676d98e54b61101b465b404f186e029bd9bbbad2d8e88345aabb8c0c9d6b48220ff71379058d7557dd23c3149586e8d3bb5c05ecd4005bc2f7e3dc9a0df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dcb4674eb8278acd7896280a392e0dc9

SHA1
203e800e694624bba1c679d676525def01d11c16

SHA256
08f707aba701b52279ef67ea4ab7c4eee0fd6fda4cafda877f35407b0b2f9687

SHA512
fa7d01c82eb96f1d39723f97990c0badaa1e577dfc7b3fb28a92a030702c671878f64622f6c52fb82c657f519e4c5f966a203317f9cc4d81dd617b4b9bbbd1c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
94c6aeb4db6c6ef009e38fe71cd8fad9

SHA1
2343160b7883b43d1458fa910e6be935bda240ff

SHA256
e7d50f399d4b3d029465a42ed0d7f8b7914350e2e2f0e26f71b0dd2c5dc7c2cd

SHA512
0b067e29dbf2f222a84b339615128fbc81c67c3855dfedeeca569db8fc33a5312dfe00e22f2bbd47d663abb49c560d76bbf40e2339cb9b393721f548fb6ce63e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e18f53d907b316e47a258e6d9d278e19

SHA1
e0d4321ff615cb1abda7fd39f7c8150f1b992bf4

SHA256
028f2b5ab12ae49fcdcd1d4fb6c5f25aa7664332081633ad05170ff7ae106aa9

SHA512
2c8e967b21daa1698ca7b6b84bb6fa9303612ececd7af2b877d04008ae063d2ecff45fac8d94b6b9ae9d94bf44e32eee368bee081077d7e8fc422bcc3fd4189b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf8c39a24686a173986b8bc6fa520e5a

SHA1
de86c7726e1bbf7f9fe013bac43294193093df36

SHA256
989113b5a0cde92e6517376902a080a0c25fa75f57d83efc19e46421c86e7334

SHA512
91134e80c70c8e2f658fd1dd619421f2e731116bbdee542a145afac6078558b170306cf7291b41306b7b04032be648eaec78d8a508e95834a945ac467b373d80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
13110cdd9f2587b6765fcac661c5b015

SHA1
7bb2b0986a63d2803c706a469452bb5de1fefb2d

SHA256
ebc5b507628dc52b5992755425e7d9294b04ef82e5f9aabdef9b810dd3f0f6c2

SHA512
ac4f3412c0ab21d2f2c635b8038996e3ba49119cb18e46bdda6bd02693c5a485203c16143b8fc770fc84a6790b666bc77fe550e474e08ee98c7906e034b99130

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c841bdf2cadcbad87ddf0733ef57860

SHA1
cc0d03ecb6b0ab6c3c321d15c658bb9fb56b794b

SHA256
7b34bef01193254d139e4cde02b4dd6ed408fbb8753bff1e3f36c9e6c6bf306d

SHA512
98f3c2bc6179caf02836bc9deaa1387e1547fada5af0f39bf48d7a83df12a77963bd4560e55117fcae650be20d3eb722dfdf2ef7925774fd30b0578dd1e82d54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
773a696babc79f58b8ac004aedd5c20f

SHA1
92acb6543aa26dcaa7ebbd61477650be5708fa82

SHA256
33c1d48d4643f0a349ceaf20b8a4e499e5008ed769b16c1b5a896fa152798e47

SHA512
461f6841c39704ca910c16082601236116f822bdbca08dda7451fb33fb09039c94534f4ddf0a62703301962626596a4d775c31a13f8674142aab29fc6746d764

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b4f91f2409e4bba0f0bf4a4e7e617e21

SHA1
7b4e6114348d9f72807282ae546be82856811b81

SHA256
b9cf06395800116a9c0cb0661063d80eb17d6bf74c938220f79c4500325b2dc7

SHA512
0c1b010db3b2c8bd6867d5209211a32a8c78a9c43ef95ec046c6237237639655b5c105061ba3f430c3d50992ea02e228b4241cbea8488976588e6082291b9973

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
362bd10a5a8a52ff8ca431f19f2c4663

SHA1
a011e1584ba35781f0208adcd15773651df0ee1d

SHA256
33f535a1b74855f73f378de33932812469fe3779f6e6df428f135a73ae5b3278

SHA512
33d5da04ab7dd886a15b7d297fa2767208686956246159bace4fb20cb66dd132f7f1be835c3c7d9439a2f933b8b8421c7aceda5cb89abe027a3acb617c73eee9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d245f04b9ee9ba4168e5ba320f88560

SHA1
88f4e1f57c89de771b035a5fe7394915492ea9ec

SHA256
b0ad6b55ba24f6cd15a4076fae6085dff3afb5a39925cab6823cf19278656c29

SHA512
4c7c65a3076e785caac7469492b862dc07fa9ba23d39aa08db76e0d7ec4d8735805b3ce11cfd06d2372935015c590db684cbb341d159ec832e04852ecf24c98c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc17ace8d5cea0f845eaa8e65b39e8ca

SHA1
6acf477712486621c6c63b0db30d4e6f9a62c794

SHA256
bfa3fec9147e01e83c1202161c1a4168acea52663f9c898760a5bee1d7f25d23

SHA512
50b5e6689196fe2eb5cb46570495a83753e29a7c0aa85a953259f80f84c54e63cd9f4460830188fcce018575e8285520eb1ec1b10d7c95681925b9696acd0d16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a88dadb0d12ff7027a68526beab9e0c5

SHA1
5c176b3141a4285a4aed4a251847457d8782c5a6

SHA256
a456a17b166a3b05adda95dd90fa526f400d8c772562f0ce5ec069106f7fa578

SHA512
1731b27fabd9c72c83e216934a492ddba35695c3594e43e0d81d48574595e3c5abf63d414ea2e35d7b43839d7823deeb61a40900c1649769342d14effde8ae11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c34d054fbade753689eaeeb99b282eb

SHA1
bc805d3927133070fce9fb29e0019dbcb22bfac4

SHA256
607796c3ef83a5fd7677316066e77d7ba996d7f8bcfb7f36c4bddff6f81065f9

SHA512
7be81db5a7b590f396b2fe2046a9964fdbe86097d87ad49c4388e657af2c0214ce0a63bb09b026d9c294a65409f9eeb83af0947b97606010c2ba937e9e974e17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0881217df7f76f43215255159e28c385

SHA1
532ebe39577adcd71977031fe404db2df30e410f

SHA256
332d8af7dd9594b096d2e53151705e125af25bc856cdce422bc09a2cd1d6f653

SHA512
78d24f767d71113ba7321c87670cdd690694ca21027e9ea02498135354241f021ffe1ef128d89f63a7991d444c51f362ccf6c60663006eeedc6dc177227789fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF97D.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar478.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
memory/2304-1-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download