hxxps://static[.]licdn[.]com/sc/p/com[.]linkedin[.]email-assets-frontend%3Aemail-assets-frontend-static-content%2B__latest__/f/%2Femail-assets-frontend%2Fimages%2Femail%2Fphoenix%2Flogos%2Flogo_phoenix_footer_darkgray_197x48_v1[.]png

Analysis

max time kernel
0s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 07:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://static.licdn.com/sc/p/com.linkedin.email-assets-frontend%3Aemail-assets-frontend-static-content%2B__latest__/f/%2Femail-assets-frontend%2Fimages%2Femail%2Fphoenix%2Flogos%2Flogo_phoenix_footer_darkgray_197x48_v1.png

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 19 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7CA24821-AEC0-11EE-B432-EEC5CD00071E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2508	iexplore.exe
2508	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 2708	2508	iexplore.exe	17
PID 2508 wrote to memory of 2708	2508	iexplore.exe	17
PID 2508 wrote to memory of 2708	2508	iexplore.exe	17
PID 2508 wrote to memory of 2708	2508	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://static.licdn.com/sc/p/com.linkedin.email-assets-frontend%3Aemail-assets-frontend-static-content%2B__latest__/f/%2Femail-assets-frontend%2Fimages%2Femail%2Fphoenix%2Flogos%2Flogo_phoenix_footer_darkgray_197x48_v1.png
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2508 CREDAT:275457 /prefetch:2
  2⤵
  PID:2708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31c99c7077cd148b6481a52d7f6e710a

SHA1
240e421e5bc094de8af165da6f81ac6799f13135

SHA256
0e95efd0370e357b803869661f52e8a71d0a946ffcdefb33ef818c9b990acfc1

SHA512
0eee21e96e024f1e6a3f457b14dc9fe959203c7d283ff0614173fb03ef2ee913b06e7e2381f73b3b37ba0bd532f39c44fcbc196c5e7cb64f2ea5c523338719bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
517a0991b2c2af46bc0489f0f2c7dc34

SHA1
16326f83563393f56ec06fd9cfb416e60c2d5d48

SHA256
c07417cdcb5bd255879a120ea73d322b21efd1c85bf3e085c1729f18d6a952cf

SHA512
c51a9cf8ac4a72f379de26bad72cc69a3d8e3be1a91af0d8ccba1bd21659cfc1b48ab71feadc6022a107a46c085bc2d48bb8179d9cfc621bad4ff0fb1f323c6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33422aac39a413e7271c55dd217f72b3

SHA1
166ef36e7cc4dbfd13a4628b648dd2a2c913a586

SHA256
e0f36553f13a45518a2d554d3c6958bbdc116e385496c3e5cb3ffb9b3d18de56

SHA512
b86aca379966b89697891cbfca6cec52a54f5052c3d5c78e94e44bb518f1bb36fe4c303ae2fc08c0e2af5c51d6f325680ae6322d041e5771e0184de019164171

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c95f7ff710ee6e8a21551d663b37866

SHA1
e7b80b8a0fc6417767c5e3d201876a69b272336e

SHA256
6006defb31b40647c191954b1606e75d4fb2f832ecd166664b1f0fc38a2ede96

SHA512
aa5de8336c0cf64fa7fa820bb8c6dddc00bd9453e756d08dd79e284b2432164a553103ad24724950f1995725701b7e5ead9fde1c9e26e7fa02b587ce0a532bbc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1109c401b1f91cfa31495cb473e8f87b

SHA1
ad1eed5063b48d281443f4c4c98d80b58b996cec

SHA256
619073797ee364b83bfd6214f38b622491f9d0a68f0963b8bf9077114b273d2a

SHA512
6a99bb486be11c8eacb80dc790381a9d295b2111a3a85a1e6c427ed8b56a6e5cf4dea33aeacd5c3add2a12b487eafae5486ddeab40646974525537c3a1129040

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c9d6b4bde51eaa2dd92421f12740c9d5

SHA1
0863a8c0a4be2c9e1042fdf26295265ab3beeb0a

SHA256
9f792890bcfcfef9b94116e4dc5e459cf0aa5f31e98a013cd5ddf86b881f2ed3

SHA512
40da11b31aa576b79637052f864eede8b453e138465afa8adc52e8d0c300c127fd843d837ec3ac026bde9737b798126410988e9fb672748c8d5c8572f7ac03d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d1991c8db2c79d411bbbd5bf4c543cd4

SHA1
d5aaa331e0410e44e8e5f63b516f891a9d443bd7

SHA256
857759371a3049d52f6f5da0ef29c1763f73130c16d8497277b7327998123a66

SHA512
9984a937ef368e16aeb207e651f45f9c191b1a6b183357c712c4e051ee47b5fe7a964f84e2021f4af95dba7cd1c9a45fb2e3f80951118c30333d1600fdfe0c76

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab370B.tmp

Filesize
63KB

MD5
cf4ec27aea97fec4db56a037bf283aab

SHA1
01b173b008cfdd3a2603c16614a65052eb824d5a

SHA256
be85542cdd9cbb77be6214064a37f3ddce878cbf1f2034d004a0dee7731f8ddb

SHA512
b09d8fe318f2197bc74ff8036f21e03d39f6ab21c0115024c8211a27d5a72583082b39b5904e74f62b1097572fb2a256b46bd708acf15d3c2b726a2cbd737241

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4F4E.tmp

Filesize
1KB

MD5
fa527dcd6b5eb05e72fc51570a2a6608

SHA1
3380c5ef74408265fba2f67e790636d0ad0a51cc

SHA256
4dc7a4a6cb3be2c334a27a49df89f18f8f91749fe6aa1cf28d548e0e0c75ce3d

SHA512
05c0e217c433949cab210102a26ca7f6a765515b228b217e25c7409408fc167b5a59a8494e1181284e9ec72849c90288f3a066faa284e29d871097ec76291a5a

Download Submit