d4bfb1ab671d66ad9dbac10aafefe72ba8b25176f9dd0114281b37e9587a1fb9

Analysis

max time kernel
119s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07-01-2024 04:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

www/server_www/rootMD50MA/panelcGFuZWxleG9kdXNvY3Rv/tpls/header.html
Size

4KB
MD5

e6d8098b3911f97e2e8181df8b1be7ac
SHA1

4b898cee0cd85a66ec5c771de7d7f82d9d1521aa
SHA256

7eb5fb2d1508e1368dd9498d1c0b244ad6009bb29448ca349821ab48a200e38d
SHA512

27ae56dc85cf104deeddaa72dba21c9514adc3737b17615f5ee2123c1d0ebe71ee99e4369e94f945c175615fc452f3d3d81e95fb71e12632c4edcac59c418502
SSDEEP

96:husgb7jt8y3Y7biBpqNFFftnU71j4U77ao0U7h:mB8gBp0ftnCp4C7ajCh

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d300000000002000000000010660000000100002000000070d0c18490ac7dfb3a9590151c0f6b052133f4edb55b04d03487eeb3959e6b15000000000e8000000002000020000000374717c8ee9c1e32448e4cd16910b1887d198725bac369cc89d88128ffd9cec99000000042a24eb49b748b44000d40f5d4783e1e0f316ac5a7734f400bfb47562238ba1f5487f9bc4a388b4e9741a877093f79be1a37e2c70111107b3b5ffdd5ff34fc7db52c077dbc83469fa1e8e4042b476868ed0bf855083ff33e494eceea275706e62f57fd25c690c0c991de9dac8c322da8dce0994518d2ad1e6dd69718c02760dfe6aad90626fe3864ea002e0b4b15d19a40000000c927ebe1bca97b7819d4190a7bef887554f1dbfbea81be3c630b93e50e4a701d53f669137dbf6d5683e92a7314a6733369ddb5e977747a1ef4e032880bde9375	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1185E9A1-AD14-11EE-B665-FA7D6BB1EAA3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5002b1e62041da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410763090"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d3000000000020000000000106600000001000020000000a231f564295bcf2438ee6da28e7d10b5545d913aaf42b72876d00e055bcfb9be000000000e8000000002000020000000b5a6fde62fbbb7d5201f787f2e11b6d616ab87875fc1160adf29bf96899d08722000000094bda6734c285352b33bb26c9489930ce4905fa545d5943335b91b8ca7c53049400000003f77a3daf4c5a47e07a97a7f10da4a94d53a9489216a73102847a37c2c694f841d5379a6f02ef24ac3f2c343b864df8f0b1b5f32c7ebc6be57a717e8621c4f48	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1664 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1664 iexplore.exe
1664 iexplore.exe
1248 IEXPLORE.EXE
1248 IEXPLORE.EXE
1248 IEXPLORE.EXE
1248 IEXPLORE.EXE

pid	process
1664	iexplore.exe

pid	process
1664	iexplore.exe
1664	iexplore.exe
1248	IEXPLORE.EXE
1248	IEXPLORE.EXE
1248	IEXPLORE.EXE
1248	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1664 wrote to memory of 1248	1664	iexplore.exe	IEXPLORE.EXE
PID 1664 wrote to memory of 1248	1664	iexplore.exe	IEXPLORE.EXE
PID 1664 wrote to memory of 1248	1664	iexplore.exe	IEXPLORE.EXE
PID 1664 wrote to memory of 1248	1664	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\www\server_www\rootMD50MA\panelcGFuZWxleG9kdXNvY3Rv\tpls\header.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1664

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1664 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
653a7f79973da03ee2afb622271be963

SHA1
9bb9dcd1fc011d36c1a0acf9c0438835a8b2b5cb

SHA256
73b8bb900936b00a4b9e613ee4c929b55333a6f4f9d7934bbe1d8eba7a0c296c

SHA512
a9afa47f9df162f354d2343ff4a10192e08d3bf05a7d754556e0ed7539a5b7e45bb3585b30e70df295bd1ba69f09d0ab93290a453d8e431c86b9b311d7e03f0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
53990ca6d79bfa33c865b6e10b2da1ae

SHA1
d53c7f5be6ac0ea48e987d26a0562dc607ff839a

SHA256
ec37ae171b3bb9b197488e6af01cd80f225da93e1e4f1417bcb88fab11670a30

SHA512
1ae064c57e2f120bf11fe07e5acd2b94ef50195e666fbdc055b9151548673f27e67523a88621b2e31ad1f031107f3b25962d20a0a712b29e06ce4d3f1a50a2c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b5ae2f0865fe6cbed2857d8042167017

SHA1
241fbfc7112c1bd573c7bdd0a68b30f970aeba9e

SHA256
1edae5a887e9dd9ae35ba30e916f9e88199198df772624f2535d8b8294cd05c3

SHA512
2e470509a4a14b883853787920f808526866c60ca3db125326303367ee26a0331368ded2a8f6b1b802913159ba375794dd92a89204ab106f5f26c92833bfcfaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
105495a6fa720197d0d743caac903fb0

SHA1
8807b92b059a390af20341e35f2804940e5375c6

SHA256
fc0e961bcf0da60383324e433b420dbc2bc0b8e8cb923e05e33e4d5bf6504b12

SHA512
410d2b277a9fff8a0c7cb843f870e65a28a8a1cf959f19b998e35e4040ddfae858474f2d868beede516b1e6a33caf799dcfa9aa0793094975a99cb4b4def3891

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
2e9b5ab1c811dc65ffa5b094fc2d6409

SHA1
f6b7acb4956eeb35ddcea70f0e782b05dce9f9c5

SHA256
f5d8f8895cd3ab1d30910537f36a22678cbaed7e9415cabbf5c4fb6a7ad060ea

SHA512
11981ac286fb99d0599f1da0360259d9172524ad27dc8e876bfc967f89235b82e5c9ad83c33c05de62e2dbcb9acede31cfafa7cfad005042e7e2901a02d5a4a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b2a0b5bf3c00acff0a10029037df2580

SHA1
11fdae7c2af5683b3043ceb8eaa8926211e0f804

SHA256
7e80f4cded417dcc4c977828c7bd46c8622349881459ab3f5cf0a3eec9100f57

SHA512
dbfb4cd9e729597c1c09a756a4a96e52578866c38e0013f731ba70930c1723e1f1ed699e15cd6aa4d755de558d5d6ea66689f117975a85c6f41a8a253663c828

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
c514a5841487b2a823f6215d1599c6a4

SHA1
fed33526cf7cf8d89c0ad788ddab58e522631562

SHA256
11a5d80f52646f0bc6b3b2730c6b882d8957f7840ab872f3bbc3395a5d550f45

SHA512
5b40a3d8c5f851b60daf69bd3673c750b35b1f27e0b59510386c0db1188b674e300f8b3f19dd23259bbefef8b58463e4b0f5a39845e3110340225308fdc4d36d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e0273d07328488d2abc4874cf0ed5c2d

SHA1
9f7fcecf361da84bdddd7a7295e57205cc88783e

SHA256
639bf73f1338855ff740b0fa4abc6eb312aee3ccadab12b98be4cb77692bf92c

SHA512
b7142c4c8b97b4d19deb739a33b59ec3b5c8765e783b58d7872db66a2e9dd11fb1aa995f542efee30b5501a6e58df41dba841bad308d37a06505188b441d50d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1fb4c3f8c4815e7763b74c1a738f1df7

SHA1
d8469e26a10c0552def9daaaf6d95f0314ce26a2

SHA256
eb3cbb2a050cb21392b035a691659564829bb4cccbc5c7aa798ef7449bd58646

SHA512
4782f014ba0f5ebb12c32db44d56e446bd285179567330645e3578ff0546bf6fe5a10a0f2717f42a04565bdb49f5278643ad8fa2d793d38821bb2f0cb0a539c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0e875ca80c17fbf548d153069147feb3

SHA1
3a2bc9061bfb8727f2ed80dd993aafcb679dc2bc

SHA256
3666825a3ab397611f76111c8554f705d196dda630d9c458944d7d724995220d

SHA512
b4df86b6309d269c868e99b4e3bb1cf72b0fa052fc3879aa4e96db2ee22a606b37f6755f2d9dc239b720172d0403231e3610f2ae8188a8b21fb9cce0cd7afc13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ecd0d55fece5d0ae242050adda1270d1

SHA1
5d18dbaf9b2e85448e28a35102aa9115554d3c87

SHA256
a312421e8309ac75937df1b6ef0fdebfb50e8820782a7dddbfcf4bee511d1def

SHA512
63716ed13f9df74efcc4fcd651fb9e16ee46bfa363ab158a621efbf9d2ef56a4e2fbdb431f439c27019c2659a4cf9c9d4aeb7a9b99e509b98b7300d050e35af9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1a4c2f19ff04057cb575595e8fcad19e

SHA1
a2a025f8a37e5b96a5a26baa41fd041a78766884

SHA256
c4d5d15b4ec1ad52cb31108d314f057182cf10959b9ab3d8edfe357cd06faab8

SHA512
9bb3a8a8e6e007b8f470003e1c87b233d27c4579e0984bcdcef360b456836726807ce566c9da6adda2f749e84f5e4dbe0cdcdd1d6c1e7c014163f93d355adf8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
f9faf9515b15d7dfe40c6ecc6c453ed9

SHA1
5d658ac4013dc008b7a82616ec75ae48b06007cb

SHA256
19e0a5b003c58fe5532aa52b64559476fcd6f4d7cc68979199dbdf34b730fe85

SHA512
37c477d6cd88bdc2c01d1c2a40ac61ec1c081677f9b26d947b0ff4c10b2928dbc4e3efb27610453764b1a0f93a925f36b73f4fee39ac511c2af0cb1fc81d6001

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b9f368c42b2cf57c5c66723f699a4a65

SHA1
bfccf97d5dd245ff82242e71295c13b2c6f4557d

SHA256
642397fad0e5c77b542d308d988fcd79ade864fc34458e44954b1e8fd245bf88

SHA512
dd6fec8804788bee523aa89094b7a4532dd590c2848c83d5611b7856088408a51cf81092d94344a9105c365c4d2865762c5db32039f0d92389c541712f94017d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
33b4c895a9d4de2a16b5e6722caf5878

SHA1
33031ac5e5a630a056d669201fa03118c2ece217

SHA256
b88b9bfb9f31e609fb9eac1f4ba6d7fb02ce808a6dbb7283941ef162719d190c

SHA512
131d81a468700c4caa6065ce8f93c12465591b0a6a5d2bf645850c23ab96e21d2673ca0255ef492614f4bdeb40d4438356119627a5a7646a2925e4d4a22d21df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6CDA.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6CFC.tmp
Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit