1c4d6232973923b1b75e33f012b526856580d4153bdeabeac110472c2796359d

Analysis

max time kernel
7s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 22:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1c4d6232973923b1b75e33f012b526856580d4153bdeabeac110472c2796359d.exe
Size

1.1MB
MD5

fd6ce55d0fc4454a0a0912997cb104c2
SHA1

703e2f81a950acf7e635ca4d008c1941cea33afd
SHA256

1c4d6232973923b1b75e33f012b526856580d4153bdeabeac110472c2796359d
SHA512

b975ed80de6eccd069b49f09a6691115bdfb599432c79a0439d1c714595be556cd0e27b8e69fe6846e54eb079bea3c2cbd80d6b306c8b5cd9a20a1dd593cc6fb
SSDEEP

6144:7tXr3Ifz4PrJvnNVq5CCDymFEymFEymFEymFEymFTymF8ymFYRM3GWOTymqNi:75r3Kz4NvneOssssjajRM3BOmo

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 16 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EA58FB91-B19D-11EE-95CA-56B3956C75C7} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2460	iexplore.exe
2460	iexplore.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 2460	2180	1c4d6232973923b1b75e33f012b526856580d4153bdeabeac110472c2796359d.exe	30
PID 2180 wrote to memory of 2460	2180	1c4d6232973923b1b75e33f012b526856580d4153bdeabeac110472c2796359d.exe	30
PID 2180 wrote to memory of 2460	2180	1c4d6232973923b1b75e33f012b526856580d4153bdeabeac110472c2796359d.exe	30
PID 2460 wrote to memory of 2976	2460	iexplore.exe	29
PID 2460 wrote to memory of 2976	2460	iexplore.exe	29
PID 2460 wrote to memory of 2976	2460	iexplore.exe	29
PID 2460 wrote to memory of 2976	2460	iexplore.exe	29

C:\Users\Admin\AppData\Local\Temp\1c4d6232973923b1b75e33f012b526856580d4153bdeabeac110472c2796359d.exe
"C:\Users\Admin\AppData\Local\Temp\1c4d6232973923b1b75e33f012b526856580d4153bdeabeac110472c2796359d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.trksyln.net/tgmacro/download
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2460

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2460 CREDAT:275457 /prefetch:2
1⤵
PID:2976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6843b222c5697ee9289337dc1573ea9e

SHA1
dc8e23f0792588a4097fa9c942ac8bef5eb8f30c

SHA256
110d50b212bc93110f4080acec30873a32868ae5edeb0463c1cd0bb6b7228fb5

SHA512
f681f9bd02f45c9d83572b7e4ef9276d2b146e0e97c8aaaad3b6f2787ebb409c3654b5f83b7ddec38e3d0af7016d38450203e9869323ca692c625d983c7ab7e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b73d10f8ec42408c6b840506f647749a

SHA1
d639a9d7f7db8b1e45e95104402e72e1d7162fbc

SHA256
5d33a6d3c8219cf82769d43d5bf17457890cbab349a757420b93ebcb4af7e5fc

SHA512
ad4ebf5c72d9e2f0d678dec9103ad8ffc82084c36ddbf58168bc8d81ff0a15286017710b701eb56c6dadc9bde8da8630fa15afe89c376baaa8cccde50b5ddcec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
efa592b1ad05847e2ea34c15e34b1a6b

SHA1
d4cfaef86bf7066426c325389a081059f335517f

SHA256
fd4310e6be52d86cec140377b8b8a4f66c99baa11bcc09262c15f3700211c819

SHA512
61c3a0dda28003ec1c16893adbaddc592c502f8407c6fae6fc53957a9da43e36954ff447f125f5af9876c77bfe880dca9187ed86bfc3777b31985ad092ff7e18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
38c63b008e1c5ae1c1ce96eb1972dc0a

SHA1
948f08ad588d8f273df9ff225f9501d9eadf21f9

SHA256
15b460d88a44542efa3f165f43e29fb7785008e5396798b26c39e574ef5fd475

SHA512
29e0b27266d664325f83d02f44a38a04eb1fde0c7f70d3fb2f86376e52b423cd0e5aad9454e7f0a730028050c3082312dea51b24741d2b82a236a4462e8fc0a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a93f7365cea2e2f631a0daac482adb82

SHA1
4001923f8a1b9bfde31e80072335dbd39f6d2a24

SHA256
6cf0adfa14ab77ed6e64f2ff661942df20fbd93d8190921dc5c73db2743dcc74

SHA512
571bf5350b3ab1e64ccb2f1c278bf30c39a1b7b248d64ab4468a2028c317a8d5474204bb5d4201b32c26e5ad021a6c1ad7e51bfbd1144f302dcd6eecf7b3592c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
750664244f61ef413243d2031d2c14ed

SHA1
e3e065ed3322e9e3d2dbf9dbcd19a72899570599

SHA256
1f4b7c317a7e33b4ec2de4041a26f6259d4f3df06f5d1e704eed3c3b307befe5

SHA512
c2360d0f74f4d29bf16853e60e363aaab7da95471a0a538aa00075a0bd1504521ef18a4b6dc1fe4b3d3f634bb6aa172ff380c5f529d9c109b7213dba26371d5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eae93d336c141cc5cfc5ffac828b7e77

SHA1
2cee5b5618333ecffdc2edd9164d9cc526d65bb7

SHA256
f8f406c0249f80925e8585b8a34713daed749f0da42ef4dcb4268678054be437

SHA512
b736b4e04cd591d2d1edef106bd91b02d4c3453f95edf80a2ad5152bd207a9ff5f1502c38bd6eaf336c38f75cbcdaa77e0986bae3a51d8debae0fb38668d544b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b81c2897774068d0bf71f56539c16d9d

SHA1
79a9c7bb694d4b17954547aa4553828a8a4900a2

SHA256
94c52f09a0cc76c817e4027d0ed37aa6a78a4d635b23aa658ce80f434b7423ea

SHA512
0246ade713944be1519d295442160feed67a610503fb0657e26689ee0c895e90a809fcffa2d1b1b60f2446cad8294a33da5b340e798eeda6f6fadf299cebb801

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
566637d8e15755e8703c5d8f05753cee

SHA1
658bba9cb7ec2aea92ce6f47b226725f143a111b

SHA256
44e76e22f3acffb767fb192b53386c799a468a8056865849de7d8caef915fc78

SHA512
2e3589f5740085c793ec7062acfbe1ae3325be5d5cff69b67e680d25c5d8929d401aa4776d69ea1c8697a5a9d4c6f7f36c00c842004c58d54f83bfd0b7189c99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
79a25c883ff20e1bc1563ad3b8ebc4d9

SHA1
4bacb77c7a3aecf66b46bcbd8c78f5a46c87ef6f

SHA256
ef8c5c75d1d54e1a6c61c0f57d07143578eba5eb53287e8e3cb7e2643c67cb05

SHA512
44d57d51107858483ef0ced4f8e1c42fcd5ad01dc5553cb788b6c7fdc91ec502b63343990016138288a648f6aacd51ea70a9ff11e2a63f2b42e97e3132a3e133

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
954e0d96fe9f6cbbeda22032ecc86731

SHA1
914fa9ab016a5df3bf6083282211a3a7d666e647

SHA256
64bf66a24982ec05bef4103b4cd67528f39bade283743cd79fef52560f32cfa9

SHA512
16c9b6a38009d85c6a4daac66c10c206f1ec55259a6fe7112a1f6ed678d0e01aee58c8e5ffaca6e6dafef6027c3025057208a4dca6741855ff5acd02f4631903

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab39E7.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar39F9.tmp

Filesize
32KB

MD5
07f28307499aa6e0088879fd21116b9b

SHA1
5e1de9d96c3e5820f1ed10276ab13cb722a8aa42

SHA256
80e34a95a20c023b3ad4d86af83d0c560e3d35b4c6ebee18f2cb865414db3cc1

SHA512
ca6f58aa5490b20c8808ce01a6bf9da9cd66ac51f9581e7c7b907e284bacea729131e1f445dd3973fe096373ef7b5481c7931778b2fe8be2c0d179b51ea8ae57

Download Submit
memory/2180-3-0x000007FEF5800000-0x000007FEF61EC000-memory.dmp

Filesize
9.9MB

Download
memory/2180-2-0x0000000001060000-0x00000000010E0000-memory.dmp

Filesize
512KB

Download
memory/2180-1-0x000007FEF5800000-0x000007FEF61EC000-memory.dmp

Filesize
9.9MB

Download
memory/2180-0-0x00000000010F0000-0x0000000001210000-memory.dmp

Filesize
1.1MB

Download