909fdf2e4f3ba24be1d0c540858ba5aa039d7dbf65b005623d8cc10f8d063c46

Analysis

max time kernel
0s
max time network
134s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 08:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

909fdf2e4f3ba24be1d0c540858ba5aa039d7dbf65b005623d8cc10f8d063c46.exe
Size

776KB
MD5

04684bad6031e7e033175e1247a6706f
SHA1

5f7afb3e526bee6226102b26ce6a45e50a976e96
SHA256

909fdf2e4f3ba24be1d0c540858ba5aa039d7dbf65b005623d8cc10f8d063c46
SHA512

aef10a7084f93b9782540f95ec8eb2bc2e24232367ef13f47f6f0bab1687d390d86ef8a81abe15d7a03e8151f380a235a4ed7762b7a65585e4145fcceae07bf6
SSDEEP

12288:THEHXcpPm+o3pFFGcQ2u3+A6sFBT75ziZrvtzSHQ+:2ctm9/F1QNBBqrtzSw+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5F2F14B1-AEC7-11EE-9098-6E1D43634CD3} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3060	909fdf2e4f3ba24be1d0c540858ba5aa039d7dbf65b005623d8cc10f8d063c46.exe
3060	909fdf2e4f3ba24be1d0c540858ba5aa039d7dbf65b005623d8cc10f8d063c46.exe
2160	iexplore.exe
2160	iexplore.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 2160	3060	909fdf2e4f3ba24be1d0c540858ba5aa039d7dbf65b005623d8cc10f8d063c46.exe	16
PID 3060 wrote to memory of 2160	3060	909fdf2e4f3ba24be1d0c540858ba5aa039d7dbf65b005623d8cc10f8d063c46.exe	16
PID 3060 wrote to memory of 2160	3060	909fdf2e4f3ba24be1d0c540858ba5aa039d7dbf65b005623d8cc10f8d063c46.exe	16
PID 3060 wrote to memory of 2160	3060	909fdf2e4f3ba24be1d0c540858ba5aa039d7dbf65b005623d8cc10f8d063c46.exe	16
PID 2160 wrote to memory of 3008	2160	iexplore.exe	17
PID 2160 wrote to memory of 3008	2160	iexplore.exe	17
PID 2160 wrote to memory of 3008	2160	iexplore.exe	17
PID 2160 wrote to memory of 3008	2160	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://s.msmall88.com/links/C0DDA248
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2160 CREDAT:275457 /prefetch:2
  2⤵
  PID:3008

C:\Users\Admin\AppData\Local\Temp\909fdf2e4f3ba24be1d0c540858ba5aa039d7dbf65b005623d8cc10f8d063c46.exe
"C:\Users\Admin\AppData\Local\Temp\909fdf2e4f3ba24be1d0c540858ba5aa039d7dbf65b005623d8cc10f8d063c46.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
f75bb03b17dd4a95b86a65e241a1ef5d

SHA1
ea367831fe087a80b05d237d85af0c72e2afdd36

SHA256
316d1b10fb0f8dbc79cb5214ec2d5d33fe655ce3349e0459b93fb4b8f139dbb8

SHA512
707797ba139c22ce97d868684d92f75202d30c486d4ca8ad59d4eb71b5ddd9abb28b5ea6ddbe9f56ca9f01407da56864598c722a0953bb573f09ef4aefe2acc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c2305d160223107367c59872ab0958e4

SHA1
c8d1aefe051b852f25b79f614c7b818a852a474f

SHA256
744d3a4723f486179234ea9b5e81a65123a9a44c827f0d23d67470dd9900b936

SHA512
cd93397cd4a0b1f94ef09dec72c99cafa2a99b181db6f0ccee7475b01fb453a9affd32de46d528f6448f721c6ff4a103ed9c52f9742730cd1dac3ff6071db28f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a9546369c71fc6f6fa30257d292caa55

SHA1
083effba66f3f92efdd6e93e5b33902eef07cdbd

SHA256
27b6658d08635f58fba7df22d5a682a31fa9a1a1c7e2c62367dc890e606f922d

SHA512
ce5670df346bc65280ce457dfe969de58a33c365a47f801b130887142dfad178b8f98670a00e750a67375686402b2cce52f805529705c78f4f66cd4629df000f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
510ceb1a5eccd2623613a803e9a476fe

SHA1
7e8b8ac536fcee51c3fdeac84279cdf33f442e23

SHA256
ece8bc002968bcd4f5203b0d153b507ea6eaf79555cbb1eb7d50a7cf5660ed1f

SHA512
493e36671507daa24ebe9086338c89ed4bf6d65105030a9059f7fe1a216cd1f6456d5c65aa9e80c2a7dab6475108d5c8e24eb6ebcbd4b4faec84560d7a4df49e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6748dd9dc47a932de06791a3b51a3753

SHA1
cf74f1224a9d040bc3a1deb3a37fa1502ac51639

SHA256
60b97efddf755fc12f7bcf80a7db6e768a298b6b8879758e39c0b2437b049c77

SHA512
9f45cd3df25966dbd7dff4260178d250cff09d1482506c76b0eed44891d12bb429983ae0104e08b7be1eab849ba5357c590d74bdef52279c3fecc61fd83571dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6113aeda30269067be0e74abecbb6257

SHA1
d275d82984762aed6abd1323a68c5f0630379eb4

SHA256
204205c421a73402aa08b2d26364c7157875f1b00eaec663b80e720aea5a7039

SHA512
5456b26d819a768b4c68dbbb3c695d181cf4b6ddf1c1270e9a96d088b7d10802606a2c0af8a2eb7edbe79f92ff8a0dadc7038ae5e1a1e0fcc632d16427929c38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b678b5497373351d99cc7404d85537d

SHA1
fe6bdd18342a3b6bdd9959eada3cd803b24c4fc9

SHA256
8884c1979e929b4020fc85c65231a789c744684016af0ddc3a2c20cb722e124a

SHA512
01c5df1201cbcb4ef04b47ac86de5ac48012fc395a60e06f6f2c51d683b6bc1102338e46e4bcfb206663db010cbc4b847615b36d09a2aa3979ea4a4d061a4dc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
91bb4aaec1ffbf5db92bedb4e9367d51

SHA1
2ec3d05b358ed550afca5dcc97b595417f48b285

SHA256
845f0b445827dce5d6553d3084d29c10244861fad4b2e3efdbd0bafc957745ff

SHA512
6b7e15a3b91496a6e6a66892be77136f3976e9269cfb45e995ea7089fae60efcb9b19d050e3c0ef85a4c6a64692288c34beb31d2bc4db3dcb644752b9d7e4a8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
b6238ac4088de934d4e1eb4b22d9d7d6

SHA1
258dccf24264b5d48bff81934998af71e14439dd

SHA256
6bb4c9e65a30c4167a2b20036e6a7ead7b1b531213f11f9804bcfecb167e4360

SHA512
6034d63a042d9f21abc18647a0e7d87519bd4ec59a95630c6ca47601fcfa17a19d0f2503fc72a333b09599ad64b664c2f605abe4f1c1916241f22cc2b0aabb74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3E10.tmp

Filesize
102KB

MD5
b56f6da1178bbffa1c9f63df62362645

SHA1
b1c845cf51840c1cd96ca5b2c273d35f4ff600dc

SHA256
7439538591eb3205d54b37ba2ee9e75fa2325530aabd1ee8a282ffb1a1abc192

SHA512
af903f6bb2d2ee47a7817a3cec7c55a890cb7fbbfe69f4d378f60b982739e319245b05c219dfb507c702cdc4993ca616c236e5eef38121931840b6cdaf806ff6

Download Submit