hxxp://transcombi[.]com[.]gr

Analysis

max time kernel
121s
max time network
139s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 11:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://transcombi.com.gr

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd7691733418900000000020000000000106600000001000020000000afe50d70168b0d4e5de249746dce1e0a2f1570495b86d9ef425b47e7bfa7306d000000000e8000000002000020000000dd51af20d38e582820252d0f76bd5d83539760d7f0223555856d96a55e710b4c20000000a9185d001b36b58f1cfbc3cba5c9e5cb8b122049e5e15f32d8d201879780e717400000003055492bb1638a7c0a88138076dc5e7ed04b2e2aff3e7615142d49a6f9465bfd1f51ce7bf135eb2a8e26c6c1eee04c97f302176887c6e7bd0330108ea2fb31bd	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd76917334189000000000200000000001066000000010000200000006604de4f2cbcbf2d33007eea6ecb043aae517ef7e3ce5dc7a367e4b3cb5d3ef6000000000e800000000200002000000062956be5eaff85b900526f8efd398efbf0b146877a94b88732412f2a32f087dc90000000ec6752cbb9b47345be888fbc72df59e246a1d63e3222652fc35f5f00c3095b6cd83cc091d23b02044ac43d11e53728aeb59953c2eb0350628bd5f25c8e5412ab5f1098291fcd618cd711b9a21b9f9871f8e3f0684a71d5377a7e16e09f290389aa546f066b8bedd12c734e8307bdb43fcd0912de6af591478d055e3358267b0ea6dace30ae210b6102dd32d07442991f40000000785c4af1da51c2ca41a7917f2b8096239a49cb83b4a077936a78faf6acadad096770f562c2ffe6339390a809c1571dd97b34408799350486ddeaa4a5ed32c268	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{52A4EA01-AFAB-11EE-A8F8-62DD1C0ECF51} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40313b30b843da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411047957"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1712	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1712	iexplore.exe
1712	iexplore.exe
2908	IEXPLORE.EXE
2908	IEXPLORE.EXE
2908	IEXPLORE.EXE
2908	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 2908	1712	iexplore.exe	28
PID 1712 wrote to memory of 2908	1712	iexplore.exe	28
PID 1712 wrote to memory of 2908	1712	iexplore.exe	28
PID 1712 wrote to memory of 2908	1712	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://transcombi.com.gr
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1712 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4524e9166f9e0299848ed59fa0ae34dc

SHA1
78f2295e4c25ff59094b2dd16cf934a5c7efcc95

SHA256
438125930a43222d1b0ef21b4d0062fdd73b8076f36d1c8871452fc0d19fc138

SHA512
7fc37103ee4865c26b30d90e01009ba1a96ffc70e64988d2c6fdff56a15cb93c7d33cef5975365478f55048bce730fc9a72939eb72dd532f51b1cc6e439f7565

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
035e2f771bbf0b409962f166541383b3

SHA1
b4e67e5524f8d09ce6411defb47c57ec09ed3e6a

SHA256
e8e3f90cd174084cd6f2cf1d9b857b7dd5a5dfe4af760cb5d5482648abc4ecb6

SHA512
b985f9e2500de81cf8c6ea0b45bb1a6e46d5e1b5357a61d58ac9eff31a27585a7f54f0c564c19533c0d4e32a455b6df14267afa749de8bc23ce78b008bd3e280

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f817585a3d5a8a743e33304d401b2ec

SHA1
eb46ca8c6fb45f7a4987964fb9e9e015204711b3

SHA256
33d688be08a8866ff446530f6fec438d82ded316293e89296d4206b26437dce4

SHA512
2b84a11283a4f27094ae37061d10676a2168468cea7289cbb338801c51b56e1df716e6f2a8916a3822d0b6c4673a0684cf1c06458a46a5969a8954dbafb198f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8f9e7d9b2d577fad124cfddbe675ccc

SHA1
b453b67723354658cabf8cb18c38527e2221c589

SHA256
108030245ffe1da4501d1eef80f392afa1b7324ae6db608b4605fcb58e9d92b3

SHA512
8452979e37d233580060fe76a870179b6204ff38462485453c5d57badbcb07b29e2de6128444d206d5bddab46c1a4512f11f895570b16200a47072502ef6b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef70e7997404694b60474f7beaaa0d06

SHA1
5a755ca1570416579122b07f28c5b976caf1b29e

SHA256
0a4e9b8ffe48ad22bee3c87ac97d61b32130f003dadd8103d68bfc4910f26bc7

SHA512
2cd729d4b690ba64ae4ed118d1d8901d95fcfb20fa9518f336ff559e3e6431aba961affb4f8cb215113d25f4da38b9e0b8c22a1cf002169304e8b4722d12d323

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
340e8b4de86b386e55486a0e70676347

SHA1
4bedcba8aa12013a529f2fb708c2b274e574e918

SHA256
360385ec5bbc39649b8602d59d683ead51201768b62c6860dbe890ae72495240

SHA512
de321d7887db2096ca5ef46bad4a4bdeac9fe6d732c66e10b9ed92e8a65877f41917c9e49bb0c5bf19e56391fcbc2867178841675124233e9be07f25a77114c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
65cc0c4da45b29c21b39c9aa1e570754

SHA1
7ed3a10ced9a1cea55a849876ca2d1afbc08cb19

SHA256
77ec39e2152a0efa88a3783d670fc53da8662a564e83db84feec58c122c0e709

SHA512
72c6c739b542364370d576e39be195a08fb02b8a13a64c7020c08e95b635529c89bf3d73e17a0381096c1f5faf98f9cda3afc519d58e46d749009160155f9235

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3280851840ce8aab22d812079717039e

SHA1
1833eefd17c4f3d47fca1a1f6c2a86c825b997f2

SHA256
0a4601e459b62addb5bef6f21c3734c46d79aaecf2fdf6af6a05b3b723fd578d

SHA512
666fc0adab5210306feeb9157c4d93adfe44e04afa20f86639efa859e2b370180afdd23d3fd200812783cc94eb234055ef2fb2fbb9b66b0b38054435b6081425

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86f42d6d22d5c8959c42db26900cf01a

SHA1
d1c39c94b8e7039e645067112dcaba75ad6c44f8

SHA256
780e506792d2fd2be992dd08313494eb5218c293f66473d94a308f11f88206d5

SHA512
d97bc0d3b9815e43eb7254776e26695fae46c56d8dfa16ccf00bd7d87f996bcef422c48e1f3974f42dd392b3b9c62aca9dc8d34d3116acbc35c246316e97913e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd597e1ea75af9c61fc7a8ba399ecc52

SHA1
1cc515bf166f005b223a8a70977c4bea318d9a7e

SHA256
4f87d205be66cf9379b219a9c2ac5a809379faae43df0a916cf48c0851ae0641

SHA512
9c68d45123ff6c3a05045a73936d5ef03109ff21094beb5ee2239494edfd9e102c33ea7213d2028378c001e090c16b72a10ae2d863aabfd013a4d6aec909e1c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5053efe1c8d619b462a8d7182a94b3a3

SHA1
b21ab56a6d04b4a8f158e665cca5d10389dd8612

SHA256
29c024d9db11c884f7cebb94da84f750772ba6857b08b618a701e0659acb0228

SHA512
319d8d487c0bc7802d25da382956ed264ce3b20b7c66a7022307bdfd24fe56fd6f7218a6d59c9f46981a2b974875d13678fa8ca3ed9ff76f17088b05a50fba61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
80154b74ea1dd0bec11e335b10041174

SHA1
026f7386530b9e276e11b1e3df4c379a721d606b

SHA256
1dd9356b5d7969de0978f9ec3e9a0112972f1a941f6cd3b5bd9d045ea6abf131

SHA512
d64624abc9f3c288834077e783a6ade9e7aa64cdc11ffdd241ae8ff5b80526e980ac34cc4bf56e338c1b4a4b36fc0d78f1fb6baa6c70b1d6ed3c2914fabe150c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed8010b8ecee44bf62cab27d8abf5c44

SHA1
70a22f04ab33eccf9bf72f7f7ba6332745b29d01

SHA256
1c0dbb61057ca2ff52eabc3b6d993b475d5f98611164d1410c8ca5a038673ac7

SHA512
983f4bdcbe4c93930afd984cc1d3941d664a15bfd56982f9be6cf8810a27287446aae4ffd77252d585c769b3f903f51b50ec8d74a388d4cfd0b6b763ee36fe51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
284bf7b2f6aab4024e32b4961f52473a

SHA1
584c372589e4e319216d1636bff53e3648295675

SHA256
2ae9c9f35161fa0493c15ca34ff603d78145e40e25ad3b5732eec0de0a43b242

SHA512
912e80ad027313ab0be9841a67da2ec2729022a289261a8e2eb169bb1da2f7f5438cf41a56df05395844e96a346e35f039e25314576ac33a5c27312fc22f5eb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b18c366c502674d3de502ed673a6d40

SHA1
645528e27d8c6f980c1ddac11a1d421b9b918f9a

SHA256
a42d9e8047de5ce6effb497acd3d56155edcae76c232dc7e74a66f19655bdd18

SHA512
b8672997b3d051bb85ceda88f9116fa4ad977d1a384d7e950d24f2e8ca110f8c576155ff0ee818bfb2f6da41224d7e98ae8db92c5b7d2098b2a9a2d3bd58794c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
94fb50a3fd63dd2c2f82dd3613bcc129

SHA1
cd9daea21f788ebeb46594b589764e52a9a03bcc

SHA256
a10fbf0d734b369304ff5dbe64b69c534d3210cc7768a35957cb65b519465b98

SHA512
54fcc5730ee1e4210eb1283d37646e79fbd011fc85bdc4d69cfa296fd423d91192bfb00a23d0b4af82ce5c8e77e2829281cefa8bb7478273a9f2ec4df4b01a66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
07c2842cc3d3a67973c914ed604040ff

SHA1
9174ab721d8f830ad241bbe75297180a054da708

SHA256
bb8591ee7fb8172db4fbcaff301ffee3a4e76b7ded781791e0fbdaade6129e4d

SHA512
e8ef3ad1eea72663ddc7973aca6ccc336b7cddb8ed076278c1d9d6fff47d47bacf046ebfe2005cb5e4c8ac02559179f6c3ae441151509154f55fee686eb65547

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
53d92c9e13dcb5e7acc2e8e00cf23242

SHA1
97bcaa59797821665ea5d0387cc09c425d3e170e

SHA256
3f4ef2fa658bd84181993c647f167defbfc4b801c3675f5b2801042dd7c8c37a

SHA512
8a6b5ee45fd72afd78623a9b964abdd5479c4cd6bc377fb1aa004769c42b9dce77fa345ce5c439065fadb4cba2258127f4fe249ef0426a5a2793a05dcc8f5180

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB464.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB4D4.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit