d4bfb1ab671d66ad9dbac10aafefe72ba8b25176f9dd0114281b37e9587a1fb9

Analysis

max time kernel
122s
max time network
141s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07-01-2024 04:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

www/server_www/rootMD50MA/panelcGFuZWxleG9kdXNvY3Rv/tpls/commands.html
Size

3KB
MD5

46b6e29d64f4152ac7ff1b076fe4f889
SHA1

aea4e4384f1a5ffb84c151a1efb2cbd34435b6cf
SHA256

ab23446ecd02c52a3b158b075f345343acb02bd39f2fef403e06cfe22fab31d9
SHA512

e8b9442b145bc1cb1e8108f0acce2d0c2aae9ee4cba719895ff1081fbb8c36586e853d119c520882cb8b9d3108efb6b5d50f8f09ecf6c73f688b69ff31dafd14

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c00000000020000000000106600000001000020000000245cfd9e873f1e5d9b358f5552281b34e72c24fe32e19983d7c80baa69846d55000000000e8000000002000020000000b8193c2b6404e4d128075a415688c6116a205b8886ac47c1ae560cbb1b1c90e19000000071bfc6a8e34c8eef25d348b4e6dfea96b0a2e62669a7fa6df60c395b5f5b9948dd0b9e3eed6d7363bfa24fad50c8305dbe221d65353151e8151804b76d4155dd2a26cf9a87171a8cf37278bc536d1f42016ad0ed5bdfccf17119dd90d4f3d17e7cf27dcecebc1b384808f7edf12e57de8f88510ca6841623b3cadc2436e973d9960e9fdcab2e54f061602724827a1f1a40000000a34d5206eb59f045ab6c46b015a93ada4c78f6832a89ce4c081a1b196525b854651e67b8c42faf987287a840731450a955d14dc5427bc58e659a710ccaf57b12	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410763103"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{18181271-AD14-11EE-83C2-FA7D6BB1EAA3} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c00000000020000000000106600000001000020000000fe1055c92dc5d7a63872f95662c8428f98fb292121be5cc1fadcec0cad93dd96000000000e80000000020000200000006fd5e4cde244f46061b7314516bec56f7400b1ebc6fe5ca0940cd3e36d5747fe200000005d788b8b94018edc32af82b9e227c6b823b24f1e9edf7e491f249c91a4c5a3a3400000002ff08713cf4507dc433800e682421baeeec13488fa9d85782b93a6a4fc0d61e1d9ceee8dc4330a66ed54831183d0e4b2471a71013e8a13173b2ca08ac7ee5847	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 201f45ed2041da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2096 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2096 iexplore.exe
2096 iexplore.exe
2960 IEXPLORE.EXE
2960 IEXPLORE.EXE
2960 IEXPLORE.EXE
2960 IEXPLORE.EXE

pid	process
2096	iexplore.exe

pid	process
2096	iexplore.exe
2096	iexplore.exe
2960	IEXPLORE.EXE
2960	IEXPLORE.EXE
2960	IEXPLORE.EXE
2960	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2096 wrote to memory of 2960	2096	iexplore.exe	IEXPLORE.EXE
PID 2096 wrote to memory of 2960	2096	iexplore.exe	IEXPLORE.EXE
PID 2096 wrote to memory of 2960	2096	iexplore.exe	IEXPLORE.EXE
PID 2096 wrote to memory of 2960	2096	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\www\server_www\rootMD50MA\panelcGFuZWxleG9kdXNvY3Rv\tpls\commands.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2096 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
690efec42b931d0b6a3ce59fdd2c147b

SHA1
4aa2b2039ffbcc4eb1a3497adf19ab9651d28be0

SHA256
005e7a54ad030219f5cc5d4684db9e7cd667f2d3517c46789408ed0efe898954

SHA512
3714d8e6b1e5dc3dfd1acdefce2a06e68a577670fbbd003e6b0524243b4a9fe2c9e4551d4e2d68bc2a39b88bce6f3b9c65b2c9e5c6dd4d4d3b81f5ada8f32e7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af5918abc5fe535a0a795777b56c8057

SHA1
63dfbf212e9c7c6290f7711c45df69f223b3c225

SHA256
7ee2266750baadf8d70b9f87837a5b7ff28012582e69e2b5c066a67ea879a2c3

SHA512
093fd45641220b11d7909ed38615c0e71c4f0cb5d24fd9fc93efd9a2a4d9e0c77f5b281173fca259f663a9ff92a4bcb26ce01c9e910ffe13b3c5d661b34d3be0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3378fa8df159ff4f01df4366c2491ce

SHA1
5347b1b11801da67944de548b9f39d7e7eb4e138

SHA256
9ad0212f63718c2b555c4c373d53c8871496adba95938a6553608d287741ac71

SHA512
f9a143ac994d47a0e45a8b25f0f24e0b5e94f207bc2d7f6daf8cf1b860432c9e0de62615410ca1f86ca151c9efcf8cd32876632fa91682be00c1aa7342e405c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8763859ed35de21911f88cc019cc4c99

SHA1
209b637291597b1a0450da4f77cc8f2524c4a8d8

SHA256
5136c2208eb6725745e2da983ff2e6882ced68db9d1713b13898803304e9c498

SHA512
c54bdb86121a1180e91a55e6bd50d0b0778a25f52bc22d49b0f02ba2ebbd9c85bd257c068f221347d8ad678b7a71f5fcd7afb4bcbc0c3448d68aafea624805a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb0e69543e70f5f5db847c86e8524630

SHA1
9cd7cc28e72db441a081a3277117d0b1b5194b77

SHA256
8547e6bb063703d1255419b8169b2fb720425967e8a9c56b76313f9f32634c66

SHA512
4be80e53d46a5d09d138cf7c1d7224738589daa8ce49e0b124d18e04751bdf8894c3c3e55e1727d59d0933298420089d4cf7ea4f56732fc6c39d1bc0df3bcbaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
00ba461084defc965cef5ac703d3355c

SHA1
e9f29b03569393d083201f1bbbe6d9495ce07605

SHA256
d1b22864e2e2746a5a1a9a9f0c48494325d5903b793c61e7e3db7c6f3a834069

SHA512
968d797268eab13f24ec5948cf44b202cc9cb2f6236862037f01e50b7159960f5c7b81c08af2c4be2a77f13b1dd58e08591b888189214cee9e2473bd4e1f1dda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ce7a2f68523f2073d446c7c4e315e18

SHA1
ef3b753733374a040c7ccfabe9237dbf13cfe6c5

SHA256
dcb9fd9ebe5aab06a1539e057b7eb5d6c86b8897fafb3e76918a89ea594b6fa8

SHA512
540155eef90cda8015bada3f9d8d2595145037d22a884d4b3a5fe3d7d1ed7aab6e25eb007d937a18620184de4efddf055b539c3aac44ed27065b058a03b13cde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bec2f7ba9946fbfb91717be458819a62

SHA1
c88ddc43916a33556f17addbff9f1684ef649d3d

SHA256
abdbb81156b3afede82b769a58c77a26d9825154d7a8c667a5281478ca7d4b63

SHA512
c988a68a801c398c35f540d4723faaba157a26fbfb1606df3367f54f26b3c4bb7a3276492cc9eaede2f0b880e265689be4dbe49d0a95a8e6ccdf9896c9f95348

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a7c222fb7c8af49d9cf966200330959

SHA1
70599120d95b66ac668af04d99f36792a30f412f

SHA256
4be09feeed1a156a643db6edb31e481b97ac3d3ffc0593661581dba0f077e564

SHA512
52f83f529b1d37f48a29410c30808cce7bd8e8d6bd79b2e84b54d2224ffdc9f5ef051408218c1fc25456f201f1ede67d2de1bc8812523aa74342145ab628cd41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a71b44267a5e57a25f6fba7518af0cb0

SHA1
3720571f0f7ab67a636a3f245035e35576d9067a

SHA256
e25cd2b821e5abe922767f1d42f7d0cbfbff9ccb1312179c5b783914d728535d

SHA512
edd8682bdf072ac3ab88754bb176674e2ba579f1ad8aef7a213eb54b426eb7d9fe1b46d5ce4db615e7bc510aa93717e167c4005eb5a31d0c38348d6dcd24a13e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb8388206fd637a5b4e6e9051f25d160

SHA1
8f28c1fb8b332ea2c2f42066a3416edc38681ae8

SHA256
0b1eb238f5eb4280bc782e52beb2cfce8e456ce02c40dd1fe488e4f475abf7d3

SHA512
0c93ebf33cf89b468ed30864ccbaee78dabb80d99df7513ec4b1d3af814edea6ba546b71094b3ea16fe3bd1b623e7d620bca0a18bccbb849fe17274dbd1b330a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b147be9cb0d7f78cae4e5c3774dff1dd

SHA1
4e437c38e79690ffe30ee6ac1850ad37b1c51cd3

SHA256
cbd4caa4565ab24b6e3d2475c568477df5beb969852bc860757c0f0e73819982

SHA512
d0b074e044f5d57a61b252fa0093abbea4d48276637068a5c81280be22947701ca68cf6c0935dc0b36627e332684972a0f1f06a17bf0d5fecff4cad28ae30cb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c45c787a1e4cfe46143b229290dcb99e

SHA1
b5c43a8552ec795464798b1be34195e08b4725b9

SHA256
57b5e8a9c4c31f33fc6105bdacf60792edcc60ac6c84ee6802c0eab78a45da11

SHA512
7fbbfe477e210c445f86e628a8f5f9224a45fdf0ce479d8e63bd7ad85c1421a1d236c5629fda25b486f824b8adfc77a094f6f386c8db6310f688ca22476e3aa8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
efd5d190d8908600b522e58170a9c51c

SHA1
b664a893da22b799ba9e0a33568e07d36dcdefe4

SHA256
ebb9ccb707aad44e7b534d5b98a7e6df0e7b168be60449421edb7148bcdec1d9

SHA512
cd932931998c22c2996a8e9eb00115ed6506cb0f6ccbc358d949f1f08ad6aaba194e07af47447f52ec14970d817b05566f60efaf19866cfe29bfc1c68c1645f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e99819a86d11b9594e281b394917de24

SHA1
a6fbcebc5ffebff55debaa0970a486c3192c4b6b

SHA256
19ef6413def1a0a0533fa25d161eace7080d314bff4af852f564681e6cee1a9a

SHA512
941c9fa83bce3e9b46c755d1f7d8264870ff8a1b93a49cc3cb1c243906c33518aad1fad4649d3783cb6aa31d9ef90f11d63bc4233ca4d1fa17784c486c2cac4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8892.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8EED.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit