931f5de97cb5f2d57d0158c65a3ce50b51e7f1cabbfb4b1d004b88be1c6de2f1

Resubmissions

12-01-2024 13:14

240112-qg1c2shdb4 5

12-01-2024 13:02

240112-qaa5ksgdfl 5

12-01-2024 08:15

240112-j5sjsadbf3 5

Analysis

max time kernel
3s
max time network
139s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-01-2024 08:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

=?UTF-8?Q?G=C3=BCnl=C3=BCk_Kiral=C4=B1k_Evlerle_=C4=B0lgili_?= =?UTF-8?Q?Y=C3=B6netmelik_Resm=C3=AE_Gazete'de.html
Size

309KB
MD5

bbd167ae7c3eb6d4fe1289e095a945b7
SHA1

bc978547f7ade6338048cafdf8d8ac596a931817
SHA256

a2601413162176c9474137ce40b97b80713b397cd92cf6437168c57c4ecaab3d
SHA512

2e8019e0839432eca17dddb1d21e8440d25af3c61c06b23aa313880163ae6d057edde4ab9d8b51191846e1e2b9bc64dd75bfd0146ac62e15b69aded97daab7e4
SSDEEP

3072:pPDU+89SCjcDE/N2DyMlL6Vz9095SLGfciivW1l4inL:pPDUpSW/pMlWV+uiiOD

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CFDD5F21-B122-11EE-9F40-4A7F2EE8F0A9} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1668	iexplore.exe
1668	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 2688	1668	iexplore.exe	17
PID 1668 wrote to memory of 2688	1668	iexplore.exe	17
PID 1668 wrote to memory of 2688	1668	iexplore.exe	17
PID 1668 wrote to memory of 2688	1668	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\=_UTF-8_Q_G=C3=BCnl=C3=BCk_Kiral=C4=B1k_Evlerle_=C4=B0lgili__= =_UTF-8_Q_Y=C3=B6netmelik_Resm=C3=AE_Gazete'de.html"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1668 CREDAT:275457 /prefetch:2
  2⤵
  PID:2688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
1KB

MD5
c834811dafc6d0418e59682fe188313f

SHA1
6432de32ffc9f4a294f4cc510efa098111b31389

SHA256
24f0153499cd06692acffa2e0483ab7ee4086a3893a6557268e20a424f71d3c6

SHA512
cd9a2de7a42b2e58fb5c84b71f7bcde51055abe069f00e0c61ed00bff920053370b498f87087fccd0f61eec129fc317a585b149c8673ec66e8782b7ee68d6085

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
408B

MD5
e5fa462d57812ea2e632cc06d8e9e84b

SHA1
f096b8ce2e6f53ec356aacb51facacb86f714eda

SHA256
e122db925230cab98050bb0b8d3af8194c61ec5a0dae58c4b2ee9563c2fcb5a8

SHA512
213db806b1067b2cfd1286da209456ed523509e43ae225b967b7bea79876c42136630701fdedc4c0c1293eb96601fa2c390c9abe0de29b2a2a58a53e03b0d5da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
408B

MD5
192ba9185a570f7ca1e27c957f87a781

SHA1
1971e5c5be44f81c8b74357957c8bc246ee0fae5

SHA256
fee1784d854a92bfe383ddbc585121ed7b6b222eb056a08d514b368801dee155

SHA512
6d6c2a248b8cf533e18e8cd15422450719faf87dacbd5be00cef6a3abc567f235817312af923989498f05d32be2132cfa995e485de6126a47e310d795ee9abd1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ceadaf2e5eaaa32b5100776c63afea97

SHA1
9fa2678ef5d65c0e3095957620718ab51e1e5723

SHA256
89179ec005b96395fc278693a4e3008ee09fead9fead6e5f72690531d4925e92

SHA512
a94062f12290f8cd287503f6c3fd18de8aa6227596ccd61568c08fc7c033d7a97d4dd72cfb4b29ad9f9651d3b9615c5e0080bd62080a1a6dac65223f793cbfd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a711beeb01e0e184f5e18d434e07e2a

SHA1
9dcf0e63daac6a5965775a1b4846d01409b499fe

SHA256
570c656c150358fb2b0a1afe2968e1c614a44bd1ce088f783c90ac0ce10170ca

SHA512
a4bcee921d09eb20d80b544bd4395d3fc21bd5c1317c09be7d8c8e47b1c13c2bdc62a85d7f7e992075e1c133b7cc260941f82de20846f84efe2a50c1d0d4b7fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c197a5845fdbcc9e6752ad5104574251

SHA1
9cd849a74808c3243b0fa536ec8341aafaba0bcb

SHA256
3f0964bfd305c4a39935f93b04f1e07ce506652b8ec64aeddccb154345e2165e

SHA512
ce9f08b9943722a17e74de8f84e70b69aef5379b13e872a7276c5a5f5f9ba9e4800cd5f3e307983a4f0a387f0da6953b460207cb48d93b806dd2f01e1370bd4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
05737f29a7aefd2dfc1bf6a9b9adc4f7

SHA1
1f8aaf6022365a96df4c14d19015b47a7dc27b4f

SHA256
c155435bcce628f56f2a7de213d6a8d9aaeba6d5a8476aadd8afadc3ffb28174

SHA512
6dc4ee88915676f23016bb14e1f00639377eac962f92d3f8e2dcc6acd49c176febd31e13968219cd84e12a740e60b69af9b1a8e20260bd18eb6d4f07ac2309e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d0054c3c24dcb5a42864f1f01647adb

SHA1
86656174825af4674571d425845ec5be60bfe041

SHA256
6ddd44b9ec4c76c5feb08211959b46b00186669505cb653de3d7b74d7b879311

SHA512
e77a87d4236574096ce3e4c038b33c91e8ca9e0148a5ce63b8c66c7744e7d486285b4a81a5658863d305b79e606be4b37ab0aa1f05e0dcf476205b298f6494d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d2ca1f99c942fc8b086e6dfbb6d53922

SHA1
8718dcad96adad78e3db566b861a4ddb86d0703c

SHA256
89b250ac6dfcdf8cb3fe6d7ef05f31ac238263c0a04ea1dd74a12bbc9b021655

SHA512
40987547fe5d8f8a6ed95b42b66d0754436d8b190ddf7aeb59f4892f08bc950894bd154dc75b346942ddac4b913b12a04d28198633dda4564f23eac349f49393

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
211dabef013f2dffd605ecdbd948b62b

SHA1
3469a071dae039650dee2519335244b93067492e

SHA256
9dd1cac1539ddf4fd69809da1decedfeb7e73c0c45186920c85487159098f84c

SHA512
9bb40ab50aa0f29256aaf890c6fd782eb032da3de8b4470494a0ab8c34d98e883bad4e650ccffbc84e6a332a587d7769aa65773d90660d7f6511926bc79b7111

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
694f9fe473af1328fcfcc2406ce9112d

SHA1
cc6909e00f9ad30dcd6992dc0fad2d68db31e7d0

SHA256
647448b88a103723626f2dcc996154dd0552889de5b5e554f4b4a29f4b4100fe

SHA512
c15d3662ef683c4d48a18db8b941125c21e07f446534a9e3f45daddd3d434e15dae173cc60a1e2818eab4f920bc558ff664f7ba2abc3cac58ad5ba9e34e8fde8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
068336141f341b541ed8c8975458086c

SHA1
c20c019e78cac96f35ab4e705dde3ca939deac63

SHA256
b66bb401c61d2b38c5bf72b07fd269416c793358d51348e79cb2984d79f250cf

SHA512
9c5724a86f7d11731f7110ecda1c45fb329773d0d772575d47638aaedf3af2463b762a1a80899cfb6945660fc125aedff5faa231e6b6cb8abad5a1b53fa23288

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
21dc4645aa8b7f18dbfa70fe6d55dd19

SHA1
153b0274279414822d23d06379e2992884bd769e

SHA256
179cc0f384d2307d8efe4450c0de51f63ed00138d3ce4d76c53a934f430afd34

SHA512
cb7c8b4d7a726152315fb56028b7ea3478c5ef14fff3ec4e113d9fb96422fbdfe65d89700a3905248d2b43a70400241d559c9df23eef61608739563507c1d928

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e9976e3938f6614a8c81efb1cd3922d0

SHA1
bed8a810c9c64112e8cbe10cc429718b854fbf00

SHA256
22f03688a9a946b5bf3ad268f179e42c44776a8d040beadfcfa9e07792e1ca25

SHA512
5916466000517c1bd3c28a65a65b22e0f610b8b5cd948a1f90dbe91e6df8682620b80c2494cfdf3bf94e1ed53a5150f005e8dffd3d52cdff95800f0b314307be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d06a2bcd43fd48c7220225551b54c41

SHA1
7ae8be345ca771fbd4880aecab8390bef3215c8f

SHA256
fa3f37f088eea9e1f520b4d55c1a2019539557751ffc065faac23d09e3425f6c

SHA512
c3721107c5ef2f35ffbd877618609f8afe6a2a7400c1f448180fd36f9f5367bb275abb84d692d7897ecdc7e42a9fe9aaf9dc101a8d21b2f60b06f127033753d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1029f3cf5b3dc1eb3e9bd534f8e9a16a

SHA1
ba2e35224e84208d5fccb2e578e422dc67712198

SHA256
27fb59b5563eb9eeee301d2eddc02c1305883b2a202e20f961e74a1d8c849a32

SHA512
e9d73ba85e246e723a480caf9c7ffe82b192b2a49797d63a1de5816b714389d50e78d5a01e98a385557d09d59593815f0acc02009c811d120efb1fafcd97d011

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db925af6514fed881f0c520f760c3c69

SHA1
8ff3cc273fc60631b024e3b3f6aec6db8452d2a9

SHA256
d6bc5c593fc309e70249cf4002079ca030ea8cb428513b1106968ca99c6a87b4

SHA512
e08ee44ec079d5b537f565d9866e86c1b8bbeb2822d84c908a2569606f585846679be53ec78a6faf14fe922ba5a68e45f3606fb25a247cca23d69f80c202ab11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c41e981dfbe8b14603188ddbc5c1203

SHA1
ec79ddd580ceaf93079cbfc31eb15b12a774d7d0

SHA256
7e87b294bbd600e57c21add95be74d35f016595451c20be5c91e30b148dca50f

SHA512
9d032bffc30d706eeb68f13b413e7bae54d588b7797d1d1ce13752ff48b0b7fa5fa05398830928b06f68c47af1723b37269d8039abea20c57157d5d226501436

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
adbcdb6f4fd661183879b48d15fd42b8

SHA1
89f819d9278d272e598fc479fc6293aa790ea475

SHA256
c9d2bcf697848d584993697e4c3f1f38a25a5d7e371d122b3effdcad555fdf15

SHA512
7119f1f9b5ad5c049c49d56c04f16ddc619ae9cca75aee75d5bc000c768fbb0e1771b71f3df41d9b4a8d95828f288a81fedc35d615ac9a874f3b62a865114ed3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e9b388be87ffd2d6944b6fcac94c465

SHA1
024fb6579559e712f6bffe3c41cefbba83594db1

SHA256
0bd203204aebbb84c5518518dfa93813690a0347801194f207af6f6204161b2d

SHA512
8140e5022054b05ab9966aa9eb9b52a86e41a3d00b60db6d5ce9f9b45d3f72d5384b353bbd368992f4b3c1af45c90a6dc16cff5e1a6493312dbbc12ca6437a7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aa01c43c7482f8d1ebc49e6fa7f7cee0

SHA1
7f83d7d67b642d5092621f70f0a38baea452c93e

SHA256
f6569d42a811a384cba28a94a8b4f07d8904e8c705a01864612bf4b8ff32f18b

SHA512
ce1eb0d8a21a28a41eae243d9f739d6f08ec68b5881bdaeea41c9e26ad3c14a64c62841be85cbe52cbf005253094beb25a3e7d878e00296755426acc7c124ea9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
997037264ad7d6d7ca6bea7248353363

SHA1
3032327fdcfd095da2732698a74fe638b146ff4a

SHA256
cefa7982d781035df2936a9fef12e156a4d3b4c45ca1697e0d7a278dc1a9171c

SHA512
1b5e5f3d5c4390a3bcd13834de632baacd9f218e95c5772116d2e3a4b824288e04d99358fc99be76669b777b007f355a964873a99204d562150d28e1a8b4ca8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1YVWL6AI\dnserrordiagoff[1]

Filesize
1KB

MD5
47f581b112d58eda23ea8b2e08cf0ff0

SHA1
6ec1df5eaec1439573aef0fb96dabfc953305e5b

SHA256
b1c947d00db5fce43314c56c663dbeae0ffa13407c9c16225c17ccefc3afa928

SHA512
187383eef3d646091e9f68eff680a11c7947b3d9b54a78cc6de4a04629d7037e9c97673ac054a6f1cf591235c110ca181a6b69ecba0e5032168f56f4486fff92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1YVWL6AI\errorPageStrings[2]

Filesize
2KB

MD5
e3e4a98353f119b80b323302f26b78fa

SHA1
20ee35a370cdd3a8a7d04b506410300fd0a6a864

SHA256
9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

SHA512
d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1YVWL6AI\httpErrorPagesScripts[2]

Filesize
8KB

MD5
3f57b781cb3ef114dd0b665151571b7b

SHA1
ce6a63f996df3a1cccb81720e21204b825e0238c

SHA256
46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

SHA512
8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab82D8.tmp

Filesize
40KB

MD5
8064317b7ebd2db5ca126ee0b8c0167b

SHA1
92f169a9c0aa9a31adc318fc6789f0131ee44001

SHA256
8ffe4a8d7800cc1d81f46c7cf0f728abbc6dcdb023f05ffe5845b185c122bab3

SHA512
f500d2e6b4aaf62e54ab16143d2b13c9bbb76ec3b23cd69a93147a91efc46a1f79f89911591126fe8138603e1a1f3a37c01572441ec74a946266733fb5fd1497

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8490.tmp

Filesize
41KB

MD5
abd158289d0b5ef05629c7e265d0de7e

SHA1
e693832e0373139990f3070954e6d0a1c1f8c56d

SHA256
75b7ba2d0a53cf4770e5fbd02c50619a2106456f26cc61f69954c07889b55275

SHA512
2252b6f03d49188106336bcfbb80957449205b4607869dc672fa876738d864daea57d898b10b97a641d2a19a14dbbcab19a25c58bd915e12be1b52f20639f3dc

Download Submit