hxxps://www[.]linkedin[.]com/company/winvic/?original_referer=https%3A%2F%2Fwww[.]winvic[.]co[.]uk%2F

Analysis

max time kernel
0s
max time network
33s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
08/01/2024, 20:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.linkedin.com/company/winvic/?original_referer=https%3A%2F%2Fwww.winvic.co.uk%2F

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 13 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.linkedin.com/company/winvic/?original_referer=https%3A%2F%2Fwww.winvic.co.uk%2F
1⤵
- Modifies Internet Explorer settings
PID:1936
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:275457 /prefetch:2
  2⤵
  PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
477431186beb2afd447e261ac3cfbcb1

SHA1
c9a5cdad15175e5edab4bfa2d7b31d1d65c0e5c6

SHA256
4dadf803e3443dfe6aed0bb670423b0f7f599a3d92fec869a3c4ac47f7da7fe1

SHA512
287390623f4bcf626b95a22bb012f05100dc7e61f02d7d850cd3b9252c9ac4081090f574da0fa33d626743f99f6848258a9c0d47eb1f0c4e7261f49510f76341

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a738e7f4b8e76368b448bc89532e4c78

SHA1
682e8f38457db3298e0a4f6957d2000a90d7fe5e

SHA256
af625327fd421b2d01c740ec87aeecc422e24e89e53178d004bb3fa85c4c9e6c

SHA512
36fb9e2eced1a30f4f89cf1f5a38caf30d18584f7a2fa5f5143a273bbba17d02231016355769acd86f506202ed788a5264f6804c1c71b9cbf5d7b216afdac0ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0dfbc2166a4a1bb8ebf6a0d8438905d2

SHA1
2c80cde1418b0085212949e2a2ae074d8c5b818a

SHA256
e5e9943a0923fa2cfc012b26cd4b8d364d86573503334f4568207603e9d31819

SHA512
a0683fcbe8b5096c0fee2c7046ecb26b7c8794a45b42cd3a93732893d7ceacf4002b110cc8b17b315dd67759a88266279d50366969f2a764a843246701bd0b76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d287dd7d780e90890bb1f3a25d56ed65

SHA1
a26a8305694b45d2949dc5c05cc59793e7f697b1

SHA256
0f8712c2a953cbd761103962f5476dd33fb36519d0c2297752e90df47e600a47

SHA512
d16b5788b5b00586fe3f35e4cb432b042c040e0df6d67186c0b82d1dd3f5e89da9723be3a21357bb894aa231a9b55dbd364ca9b2929a6fe5d9a89a451b27c58b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0623bb59101d7c4cdaafbfc5b365696c

SHA1
0aeafbd18388de7d0d0f24cf9bf90f2935ead374

SHA256
7039e4a2b2569748f108c646a8ba6191311402adfc9df6e61dd1b44316d4d66d

SHA512
e99543336a5d1e284391caf0b8cbed476c2fca99b3ab5d91c214ac46dbc39e3ced7380aac12b2c06c06edb3b8213e4d4a68cd36b424a0d2d9cf1684fe2612980

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ac69e8cd60d2481f843253a63a76d3c

SHA1
29080597dff71264b45d84210a908f0a7f715745

SHA256
50d4b86583636d9d4c144fe74d16ca07188ccbbd2676ee6010f6c9a399738c52

SHA512
e7ffcac71956d2c3c8803cee170fe5b36e9eb2e5369b423835c325f47e82d188c24c09a1af5c716108225e9d861284d63ab9b88a9f79970b7a98a642f03e8371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wz5r4lq\imagestore.dat

Filesize
11KB

MD5
0ab0f2260f22e5853cc9448640e64e1e

SHA1
d15c73e36db08db5fa416213056e53444212511c

SHA256
52088a10309b0586eff0888dd7675d0a7bcbd7c373a3f7fa76cb83807f3b2861

SHA512
d1da1036fa587579e81c32243fa64e0777765748e6fdd56d53317e3d2c63749522337e94178220314ae7d8c996295a1bbd4cc970fd9bb77c86e6b7063782e496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4K0WM73A\favicon[1].ico

Filesize
24KB

MD5
b2ccd167c908a44e1dd69df79382286a

SHA1
d9349f1bdcf3c1556cd77ae1f0029475596342aa

SHA256
19b079c09197fba68d021fa3ba394ec91703909ffd237efa3eb9a2bca13148ec

SHA512
a95feb4454f74d54157e69d1491836655f2fee7991f0f258587e80014f11e2898d466a6d57a574f59f6e155872218829a1a3dc1ad5f078b486e594e08f5a6f8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab95FB.tmp

Filesize
20KB

MD5
5f51c9f5ae3e2df804499cb1cf432f4b

SHA1
e861a9173396503fd88f067fd9f07a0fdaab2334

SHA256
3f42018f98476bf0f3a29c25273701fb58512d3df46fbb457a4ef8ba0a8548b7

SHA512
7bc3490c7945498836083720ae143aaea7752d1c5ee43c11352b01f445c5185fb26f11b92b68c5666f0a7a9ff7b79aad812d90729729a42e97e097e28a5d330f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar96F6.tmp

Filesize
48KB

MD5
50ff4467f5e0839591fbb65e7fecd5df

SHA1
12671dc6f4631d501ee4582aff20bd5b3221aef4

SHA256
a2f4be613a9644bc0be1e5459864c561792a4a1226be0e7c31fd41425eddb196

SHA512
4e5199d48f6dac87c9246a5ab1a4b1607855308f967a2a515d8a4756a6b73067bc7489a8041224908aff0367ef740562faeeacd5446c5cd582ad1db24101910b

Download Submit