hxxps://09-6-3809928335[.]58-tcp-udp[.]lat/

Analysis

max time kernel
33s
max time network
51s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11-01-2024 01:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://09-6-3809928335.58-tcp-udp.lat/

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1B7943A1-B023-11EE-8427-464D43A133DD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2880 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2880 iexplore.exe
2880 iexplore.exe
3024 IEXPLORE.EXE
3024 IEXPLORE.EXE
3024 IEXPLORE.EXE
3024 IEXPLORE.EXE

pid	process
2880	iexplore.exe

pid	process
2880	iexplore.exe
2880	iexplore.exe
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE
3024	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2880 wrote to memory of 3024	2880	iexplore.exe	IEXPLORE.EXE
PID 2880 wrote to memory of 3024	2880	iexplore.exe	IEXPLORE.EXE
PID 2880 wrote to memory of 3024	2880	iexplore.exe	IEXPLORE.EXE
PID 2880 wrote to memory of 3024	2880	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://09-6-3809928335.58-tcp-udp.lat/
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2880

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2880 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3024

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
dd3dea112e894b1c2022cb764324f144

SHA1
6ad7359e46cdc230ef40af28a00287c9277db511

SHA256
c1deffac0e03249ae17a9fea192006f52fd92bb94369389501f58ecb15b2974e

SHA512
e336f1403577fe4f9ca9d3f0983bcbc529fb0825fe2af48d7299e9cd5d55a8824ccdd911e1d9b308d69a7fd7b3da713c7aa740d13086e447c71a6c878143af79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
3de0a0d3b002b5ec58b20df4fe9751b5

SHA1
ad1bd097c9ee727067b8467ee82abb3d446e9b2c

SHA256
fd2c6363025083ad04c7da0dc6ac726d479f9664abadf4597d891538a37ce3cc

SHA512
1bcdef9ad2a864af79f3be4f5702238555e18df99f1b194395d3f66527ef27def2eb0e82e8d557cd0fc928557180127b30c1bf4eb5e30c43275b8e99ed4757b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
6764c4bf60567625aea60e21a71c38a1

SHA1
8a20ea2c56108c4c5401c86136e583d37485cb21

SHA256
008f5299114ed0af21951231af4932a2899ab5edc24e7d0c6d1fe2531ac01bba

SHA512
e4032c8311eb842428a94174743e5e8bb1fdc73f75550257c9265d9a3d7f2bb9696dfccd5dc3e8fc6d30d83d7b7bb87c9f7724ce3f54e131969b4d5a1ea47df7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
2c03b21b369a1c836f0e6bc68c1f6f5f

SHA1
c077ba63dc705e31aadc8b334f923fcbd6c74e14

SHA256
14a52d0e34d0f53e8cd517fe02c3bfaff2ee13a8dc2e8bf050d68e3a56fda9af

SHA512
a35b51891d606a605dd423440bc309dd15c7e955fa731f8e228e8ddf4f44fc038157283202aa7ad3d3fb396a1d9098401a064977b5a37c29f48d36637ca0462d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
6e06304f22ce5b60e52134743537e53d

SHA1
4354321f438082cca9094481053bebd69f0da4b9

SHA256
f15a1f89e56c2885bf557a365d3f9ddde544b05d762e1dcccfed6f6c027a8f1e

SHA512
20acaf25b7f7f796a568006cc64990475115a93ca50574c0ab477833a716c2a247321c2fc5dd3d8dd4b421d07369c33fecbb452b8396a73b6aad350bedd10fb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
5ada77f72a469ab55aa2a287ffac4c03

SHA1
211b6d06d146d50d6da0ed6e79087cf79344dc41

SHA256
96410cae8726e6f9cb58fdc496fbf160e2eba97c5442c7ffbd2a72bd7feb0bc5

SHA512
a724335e8f5629670c7abad2f937129f84cfc6592a7535571aeb239156bd4d72717d5f7c83019a3c94e61c528be27aa1ea6545154e0a24368bcdfc0c97ee7421

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
fa5cdfc72150239066dff3112d647103

SHA1
1c8e63e7afca7049e1759d4dfeffdb611f08cc65

SHA256
ec468262fbf145808c172462d67ca931663ffee044857abb81cdb25fc5a91206

SHA512
a4b9663e3c450466218c99a10cea557fc9ef37a209e1eb5b06e8e9f994810a8b0eee8a844f0941d04bbe933bc9d0fa2d037dec7f521c448b86ee23308a54b145

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b635ca626ddf1c58bfc622828439cc61

SHA1
59a5703af51b024e4ea80f3d06ff3085a3fca8bf

SHA256
297890ed60ace3830189a5a6d7d25e14981c2a41e7b970a517cc61f066a240ee

SHA512
e8d5e1564948963add171cae8a914e812b9ad3bcfe1fb5163152311e62ca83256bb502541c65f21597ffb9f03cdf9b08ba6b57e748a4be7511438282f36c0afc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
aaab47f05dd8c8492b83f82b31111dac

SHA1
78dd489c4414bb6db86609fa932aa53b0e7f454a

SHA256
d4256acc56db3a705bd7e67328184f4fe428fc333de2ba725735d1c035e974c1

SHA512
8525c17dc9670c97289a940335ccc4db9680271157f20062532eda5ed3560c6466a17b57c29a5b70ceb9dd2dad01d54624785012951f99eeffae3bd86250dee9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1473a3a139167e3cdd3af02c17d77bcb

SHA1
3dcf5e703f7817021c7e3c43b348c4b129bebac7

SHA256
217db801ce22878c6f81eb13aeb6becf27783df35168caaedd4430211f4d8821

SHA512
96c2af65d8768c5354654f368ccca36a0033b3f9a9c2dab1fe62b243373e7cdba2898ef17b674743c2a3d5c0d9cc61bfa1989197b3613a25b4c3105468b3ef10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
900df1d7bef62b531e86bb6829b1d6f1

SHA1
7b35782f68e19d84127e9d1a9883ef51f8f1f529

SHA256
8732817c683ac33180a74a30519f1fdfdac128abc3cd9f04b87592832f82446b

SHA512
f0f362eda59d1e314b9e5c252493d1075b82ad78b45f7bc8eb6929b9bd69b9ca24aa8a03be80ae2f312cdf201fa977aec56b6f9aeb22072fae93994602ffc6c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8f6a13d7d3c857fa7d67a1fe2a3717c8

SHA1
cd328187e411411f7756397faf6714ff7ac36b31

SHA256
40b9b5490e3bdeb8f668890317940ab55e83735e49893ad451c33d3ab537f134

SHA512
4e5c2eba4e06a12ac716b0edff4ccd728759015eae92077711e59528123699458ce60cb1392c785e1063cecbf5c1195283a26dd252471f951c25db057e672b33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ffe6b0a44a1aa1bad12980ffeeb22123

SHA1
ec980a8e9063fcbefb70ef4a12b89e153aae294e

SHA256
4e424d4feccf18e7eaeb98fa4fb58f6adf49bfde9a5bb105b4cc4fd7e0f31405

SHA512
99801f7755a8b5ef4fdc93da4a041fb4766dcf3706e77d5048212ac421b1017e4917edfd3387ffaf21e11333a32f44533ac1db41860ac579694782de5a62b064

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
798bf2f825ffd6ca153172c8d3bd1c37

SHA1
eca5514c52f0bde6f3f21e794f86a90142fdb4d1

SHA256
bfe6f6855b23520371742959054c76b156c0850015c76bafcdb009e1443bea7e

SHA512
ee1830e467390201a9a53647cf683291934379ac84d1545723e8b6a540cd7ab8c06a148450c998692155ff4b74308e18f01447283c0bd171b2a2e500ac41c4bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
b48168f10ed92f870d8530e6511e9dac

SHA1
1ae132f1e931cc2d4fa98d4bbeb20c60995d506d

SHA256
00a87fbf76de4bc40e795fa2739802808d2f4c00397ba9b307aec9b7e4bbd26d

SHA512
a3b0a65618a34814fdfe7f178721cb0868718cdd6d88a3516fa9214375a96f5b24f5489feb41b18c4f571a9f207129d717f43ac874e6e737c134203d7c43643b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA835.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA836.tmp
Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit