e66d7a22d95abdf72b17c3612978e29bae0a56ff4884bb15e020e68077a0b64d

Analysis

max time kernel
148s
max time network
159s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 03:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LICENSES.chromium.html
Size

5.2MB
MD5

df37c89638c65db9a4518b88e79350be
SHA1

6b9ba9fba54fb3aa1b938de218f549078924ac50
SHA256

dbd18fe7c6e72eeb81680fabef9b6c0262d1d2d1aa679b3b221d9d9ced509463
SHA512

93dd6df08fc0bfaf3e6a690943c090aefe66c5e9995392bebd510c5b6260533b1522dc529b8328dfe862192e1357e9e98d1cdd95117c08c76be3ab565c6eea67
SSDEEP

12288:/7etnqnVnMnBnunQ9RBvjYJEi400/Q599b769B9UOE6MwMGucMEbHDuX0YnpWQZb:sPM95FCWStQj6ERs/mfMl6H0skDpS

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 401220790c45da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411194127"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000071cfa0f3b830360a5eb80301f450a76ed0cae0d7681d3fb19284de2612d57e6000000000e8000000002000020000000fcd09d8f7926bffad97fd7630ed9d9c3c9ecc537001c924b594cfe20492fbbf2200000003d9c970938717f6a69bafbe88bd3e001dc47900dd8249413f98f9b92f35cc49f40000000d182bcac7e41f2b4a1b39ae593304248901db1d999e175e0020bdf721999ed13a502adfca5a0e2037aecaf0971d9b4898d1c7b16eb36d36c51dfec41d397bedf	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A3D78681-B0FF-11EE-971F-6E556AB52A45} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb80000000002000000000010660000000100002000000077df671e5807fb717d2b087701d4f903097f01e3f233406e8b4279108e1047e7000000000e800000000200002000000035d55dbbcc4d62edecedd5bc302e526006d20c8429f250ab0626028fd6b476d99000000037fe2a7a87c5b9ff1d2151e84d491415744689d3aa9851b7c7bb82d8624ee85dd6a8640babdbe0e168d3bfd3339738be1affb211b55c6dd9ff23c30c5c08b8386bfb5f43a56c1c038a0e5abe1915adc72fbc4f3a98676bf97d4d1836b0133fbed603da8e91173b86604c1b2c0b98b3218bde160cc40c70e1a5750967fae600a4e8d9e8360fb748f364b8da78cb7371e14000000037a88eb50d786875b6c3815a83532df50375c7d1da3679d155831e3141b2847466b6da6c285365e9c9ba857287081235e0ffc7922270ea4d94cf6087ed5e1a75	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1900	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1900	iexplore.exe
1900	iexplore.exe
2144	IEXPLORE.EXE
2144	IEXPLORE.EXE
2144	IEXPLORE.EXE
2144	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 2144	1900	iexplore.exe	28
PID 1900 wrote to memory of 2144	1900	iexplore.exe	28
PID 1900 wrote to memory of 2144	1900	iexplore.exe	28
PID 1900 wrote to memory of 2144	1900	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1900 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed9a6a603f3a0199fcfa250f1013684a

SHA1
526b66d2488a9abe2e48cce762292bf4e4e8c533

SHA256
dd261927659b35a6502a107544fd428515a450c8a61d560167509ae1e76f6b1f

SHA512
3f09f19f7712b74d42cca7266efa96906cae51e3da97ace3a648d4506ab56ca63712d1f2a1f7187d674572c7612ec2ce23b535ba147ea6f994ad1a9741b88391

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0df577226551c85d210026cf97f6c28

SHA1
be1df8e5edd31a002b186eae9bd519a5ddfa8510

SHA256
8a410937c8a364b6e6031f2ec74308eaeb2b0a1c0c363474e8631772a7c70c54

SHA512
aca49613a5497e4f7df21014634fe4140909747cd80e0716159616fe741607008f035a5c4d257ba4e3f1b522afec1833597b28e35887be96049734a57f5931f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5dd1697a4b732a8a38546c07c9ffd4be

SHA1
fdefbf5728061fc0c5a7e9d32e5ba346984944d8

SHA256
4a68a6072d08d8db8dbb285853ddfb6e27be869a3ea22e72a25fec44521dc695

SHA512
ca7a773406850285b33bbcc5231d6341478ff990e5f9a6200a6b94988a4b47f14ee6156de1d39a547e04b2dea33dcfe7384a54b50b0b488ace65c35b056b8fd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
44bf0b82806c2f2b4531157e34202502

SHA1
64c706cfb97679a8b8494df5b393e15bea6b2ff9

SHA256
4282a7350a134f4e0d94236cbe67d0f816ea23766dad261054f6296ed6e594f4

SHA512
99e995eab3471570869d1957ebebc3db379a74817b30332ebc13c14639bed89a7f5b04d5c82a2ef441a77f3ea0a7a324d11f558ffc904bb6841cac1679bee090

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8bff58ff8d6592226c36dd5c2f76303b

SHA1
bb9a832e20cd4860c74b15289f14e6d81c050e91

SHA256
7ee1f510be9070b7659d93174f6e7439b49982bd1a1745ac683deb5d1ba1bd25

SHA512
f0db0db497b0a475d326b89d88da7cc08536fdd0fe7c65df445ab81263d91c4fff2cc428feb51f240880169c4b8f9c8fad02e2fa74b2abec023b7e2f0c6d6792

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1078f7cb73f0a6df72b7f37e6fba1dc5

SHA1
8051a3361716a366c5c072da3eb46a491e491f7f

SHA256
6c2c9b3ba4f662c2f5a6d86feae7b57edd41777ea9d48bbbff773b8df1742826

SHA512
fbf79f9d05f0972d681d42753f8f105b3723a044c3c1ed13e142f8654a3cd39dd8f83f3b23027323278a43572c96d2fa211bc1ca1963e221fc86660a18ecc6c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e8acbe4c17275928cbe0e8cc05dd33e

SHA1
436696056e27f8ff02f5b3f448806dbb16df8985

SHA256
b98e5f1e24de241ec745de2ca0f0899688a8241a49518aa2ab7346e65f4fee03

SHA512
9e1e14ff719796255ec40328f61cbec898bbd411a75a9052bb4ac0a4377c8def1c5d568cfbb595400322ca662f1afedb8e463d0a263c3e3f7e08cf8c6d8f19ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
223de2bdedc1d1a96aacf3d96a436061

SHA1
33de82c4f373c0fc7a41a81e94fbad8585c2be26

SHA256
0287c5822b3e8dd6375743892bfbc1582f93f0648b49d4ea88e180fcd352308c

SHA512
90cbf2223505ecd79a527dd1e3ab5319ff1223c4a977039d983a2846e365b29608080c202ae8f1c8689f39ea41795a743bfe6f71da86cfa7363d7f6669e5b168

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
928f5ee889711252cfb248de2a972740

SHA1
0b3e41fd63986eddc393f161cea60d8ad476fd91

SHA256
df9e67585415c64ef42439c8920f9b955a6b43e248103dbac0c35d862402ada0

SHA512
23223877d4fd84dcb44f327d8b743bdddde59c99f1fa245e7b99c95c21106dfe136c9e11f97a7090db4cc4b0ccc008797b9dc20071faf33a4cb331f70ac12a4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6860d899189b30c06e5b1a7f72684a9e

SHA1
8e273d095e2bbf17d5fb187d801bce1ba05e23f6

SHA256
5841dc6cbd28d9b766281785a99fbc98edc83c4ad8a5dff74096a57b9d799f99

SHA512
8577100239a1191734f384708e1641d5060e576b735bf90c1b2697afb1b7a3b53d7736abaa95dddd85c949b8fe62a0c41bf24ed544db7bec5faf8af7454e46ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2837623056b0b199a7de111b15ef130c

SHA1
9e355f1389f03c2d797f6cb57911ccb8b71cca2c

SHA256
e67273e6683683bbed0f9872dae6485e30b8fb655107ecfb440a1f60ac6f61d3

SHA512
c6d5b0b9fba4b5fa03c883d4fa7ba63ec5f69ed128606d11c1ded0a75b5f53147ce7fa36d6a1e547ffd4e414af763ff416160e0050ceeb93cd3a889ecce5a516

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1cab925c687e0c04f3c012466bbfe4c7

SHA1
6279e840f97ec95b76840bcc6f8a2833d643c24e

SHA256
29bad730193afc17aa10919d18786d5ec7b55656bfa568308c3363eb14fab552

SHA512
477273023a9a6e93f3fdaf22f947c8a04c9d978d27f350a1b2ef79fa2560066cd1466b52e60838037c3a73595c260850c8c1acfb192cf1b46279e69983c75057

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c50b49633ca318134dd68ffe092fd054

SHA1
c609e4b400b9707dbe128dee1c1fd2506991bfdf

SHA256
1913b397a91baba411efc1773d0b4822bf93a0d4d4e9c4deb6d533242e8127a8

SHA512
3f4be5209166a6ec0dc5cad4650020bf20df6dd177ec13ae5946d3ffab0098d85053c6b383d48c41369a2e9db84021990d4152ddeb8abc00a09b4b96e4598f7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e708c20f557612df82ab91bba8ba944

SHA1
9279b3b170d18f4f26f51eddcc7b55d3f8a4062f

SHA256
0228327478b60d5ab2d93ea322497d740f85dfeac8f183798907fe318589d369

SHA512
7ee3d295be840b1d6a9a7ee98bde811cc0aeb8cd9a3ec2e054674a935d3cf955dee632b35655a5be8f8d30e4bff91ce4143defa4da58b47a7a5b59b6a5cc2200

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d053b3f77bf4a3e8d1acdb31163321b4

SHA1
33bf9f08a148451fb781a9196647e3cf77d6a794

SHA256
55478398a34fe7ec5a6e11236f43c5e448acbde2b3a405011aca218640772a77

SHA512
cf92042203a432df66e580ca29fe66e34ef30f84deb8636577515c2432572f3ae1c1ee198a8350c4addb22bfe1c7c2e8be437433e2383f69bf57abc1f273ed60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
211657fabdd66b71fc8e98458b0cd565

SHA1
629ed103d143d4c693fb7bb61b2cf65cd806c318

SHA256
edeb4b7be68f57b5f71691c963ead067024500f2fa95a1a74509679f90b0e402

SHA512
9f488b2020c2342d52fabaa2e0fb1f250e6064a1f54d0d8539bc47ea721153727deb665ff2d2f14f36dcc0cf72f4888b212ffac19b1b3c40e31060c22ca3aa32

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBF6A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC059.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit