3d42a3b79ed739f217a357b8c797e982752148495e11192e0cebdde5a9da244a

Analysis

max time kernel
143s
max time network
137s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 10:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

.lnk
Size

344B
MD5

4c2a7c403e0c28333f645a363f606da8
SHA1

fe61f5e318e323fab9af329245e4bba6128aa5c6
SHA256

c755fd0b870f2367e644f899afd720c4aee7b019b5584a14421c407e7910de14
SHA512

8516481f41413d3ec958a07af39aad889840f964d7cb1f8027142f9c65abea9821e3bf2fcfdd9fb2b1c676031d3096d478bf06586deaaac05a7d451b0c2146e5

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411218762"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0088a8d64545da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a0000000002000000000010660000000100002000000001d1bd4dddace59195597b27e71bf9ab8a1fcffc84a0471c03ba57296237f271000000000e80000000020000200000005d17b4ec652a10883e411fabdcf724c72e7f9a6c0b80e0b2e03ad44ea7df9c52900000007dbf4b366bc4f24e6d695bb8fb194c8c1b3a41f737e857c0fe8d1c310ce5cf16471484644556ecbe3d6f7c4ce62449a72c7e4bc30bfea746ce62cdd97d3c61fdb45eb080ad89a96ed784f5c425d8c481084d09ff6304ac33149f310bc6486928144d9c78abb8c86d1c0ce7278bd683f9ac9dcdc41dec2fd175b62a3a388670c722156c44cef4d500470b69fd28d3de7e400000009db56ff80672d9b8ed96ef14e84348403942f72c75fa59e0de248056e06894f09db94f86f69dd39104a44f14cc159b6948659170d5856f22f85dfae3e671f246	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a0000000002000000000010660000000100002000000032d8b439df86d702363ef6483788087cb3b0c49b0d868bf61a240b3f00ace7ea000000000e80000000020000200000002f23d9f00c74e9f8d22a82567b26b42cee1df04f08cb15b6bd3c0c7f34804fa720000000847f55855d718167cd27315b11b0a2c4401688318ba7838fa36089ae8b2a0f844000000099b260c14d22a0e8a80a3027b1e14ef52dc1311b7305878527197f7e33a4f0589d43bb09737717f85aba38ca24467087d7e5d3f5f0d839619296273234b5f08f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FF623841-B138-11EE-AF58-6A1079A24C90} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2748	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2748	iexplore.exe
2748	iexplore.exe
1676	IEXPLORE.EXE
1676	IEXPLORE.EXE
1676	IEXPLORE.EXE
1676	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 2748	2304	cmd.exe	29
PID 2304 wrote to memory of 2748	2304	cmd.exe	29
PID 2304 wrote to memory of 2748	2304	cmd.exe	29
PID 2748 wrote to memory of 1676	2748	iexplore.exe	30
PID 2748 wrote to memory of 1676	2748	iexplore.exe	30
PID 2748 wrote to memory of 1676	2748	iexplore.exe	30
PID 2748 wrote to memory of 1676	2748	iexplore.exe	30

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\.lnk
1⤵
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.newasp.net/
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2748
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2748 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9902a52c1fbeba7ac4755b60feb9c609

SHA1
25a5c795f078089716126ff8458675f63dd04100

SHA256
fb066672e0c9b08065006cc4294b317a3398573491a8bcd997700d2f7ceae338

SHA512
37e4a4815db41085c239e4954ede587826fc081387884155ea0999cfd3e5f66f55ccc146c4d80e244ccdc7287415086c32e8bc5dc5bcfffd1717ce08dda5e0b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
64dc5fa1b19f142b7775b7279caa7523

SHA1
3a63aac01cf47b6b075b35295fb96fa93efdb0e5

SHA256
cbf987c923aca5210efb966a96173b1b1403f497540433123040d2f80cbd8848

SHA512
f67d08a76763198b63fc775ebacbe5663e8d4180f242a1b35b60e4c01c3891d6bd550fe09de21ed8bc7ed17d0cac7f3801f834032b5fa84df8eb696f14d91f68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b259e237076f767d6be70619d64b0554

SHA1
c75e1c633ab382b4f36840cb2db8ad03298b797d

SHA256
f97693f3541936627b511f8db8192bd792dac1bb799e655e12bb22552e1a617a

SHA512
f6459ec39e0bb13442013a8e53a43685914579e45bb8f2ed34eabb16f0c57fea1c5ed0c6b7db19d6aec3ac3d6e18266f74632fc152df9d5d42617b620ca6c504

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d7ad08dc30ac83bdde759fc8589dcc0

SHA1
7c0c142136c6718a8e2173c148aee83eb3b72b78

SHA256
fde55f4dc85c86ac3bd78568328861998139be1ca40e5eb55a0fe50a34a35c30

SHA512
8828ed56d2a9f6491ac46e4d952e2c814859559ad36ffa8b513d2e12afec32203e863eb48e3b1e97a44c856e1ae06d0f024ed43f69fce1a4cd45b08fc0ec05d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
43162780e4c0d3db310985db7f1101ab

SHA1
37a0e715c06f11a4aa8e0f68e833543cd6805219

SHA256
eae43754775f061062a04138b13087c553f0cddcd7198c32779dc1e80d4d2c61

SHA512
0496d6ceb0e915c8afafab8fbf5bd91353c9eb0a054f91b9e2e30e16817ce782580b32af2de321c302ef47402eaf425eb8b5372f49c2b8b0bb167543a70ecc09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c9f6aecd527ccb916182e68ee166f14b

SHA1
3d95e0aff5d629f10b6ee021681311d5e2516c3f

SHA256
394a944026b659154f9a108540031f82ac825080a32d92f524f4f71135143006

SHA512
b451aa50faf018fce3bf83c61a3523a9da3f7cfdf85377476af3e472a2126ced932de613b6e221611f30e9cb9e4e5816ce4124c37f267a7a6abb25fd6f61bbad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b7f529f2737dc6a57f80adefca8a2303

SHA1
69688bbac8210c97a6c5ffdc46d68f479cb648a0

SHA256
422217fdf88c8257e94714f9909cc6d193168553cde05c171c7c7dc95b573b65

SHA512
abecfa6cbb52437383278a7be786d68cfcf745ad1e071dd4dd4f1bd0d39c13ad98ad1ae1beaa86a273f154e8fb21b427325dd1db5a45898dc2d15552d18b8107

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a1276b4d5b1c0890bc27c946ea21280

SHA1
26dcc2110b24a012e1927e9e4f684242d16376b9

SHA256
f24017d2e52535d4e9532c0b27ad8222d0fbc018a368e8a8ff5ee989633c5b17

SHA512
3d3ddf484efb6a6397d93db7af63efe3c6bbdc5fb30031fb9b48089013d8e889146c42a7175c54681c98e29baa2cc7c415b25246b27969ef2b5271a0cc82a445

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
85dea298ad8a23da4d3ba20202b0c8dd

SHA1
7a03b8cade487bdfd41273d3b11db62d6d91dd35

SHA256
c5558e30c36d26f14d50ade5e87fb3eabca1a8ae5adfc0e25783378ee699c8eb

SHA512
72406dbbe93152fc34fa06f680572c13843e3c5856282849feacd1f91d103085892ce67c00787fcdfa389648b986e9980ae3da72f47922dba3653434ffc2b212

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
186ec1134f3f99e1d86ae415cd2b4939

SHA1
5356658cc20dbe387559872600000a4b4f7f1f85

SHA256
301bd862c305df6e610764e9812c6df83dab881dc79f0d905e398b30e3f17baf

SHA512
1eb1037f3612dc1edf69c612166ca91acfe86c729c688431204f90f6a8121c4b3fe6d7d05f775aa66b1c522b469cfd7e12c01213986b03626c80385faf75997e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c13bbe50cdc8ec7003b363fc5eb9fd8b

SHA1
27d28771315d760317e4b571b1f7a811e8ff2c9a

SHA256
80351d93f678bf2825b1480aff183c21824356e7edf67e8b67756dcca3bbfc8c

SHA512
720ddb8145c3c1443ceae6ed801e7211b6830a027fc6e7c889db9610a63c0e3648adda34f2a572ae58272fc9364515a18c68a264df678f1bd4514be40471e88c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
696498b4d0de4e534d5cce2991d3287e

SHA1
536413898908e8cf5ff924ea7bddb3c35c837e9f

SHA256
d2b96f012f178671a589d2367f3c26d002e115e6335dd41995c07bb68dd2a4ba

SHA512
241c4b62b5c33e0b413ab000e3a7b02be9a035cb404ab57adda04ac5775e7e99c574b0fa0b18d2540a0bb2044c29f6cf287c536adc883d0d21b106b00d50ad44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
47074ce51d189903ba8881888c058db0

SHA1
00b3187cf4a3649979b7e0549117b3c18b441493

SHA256
08b8cfb0c705e8539042433bc80cda71384940fc254f3802758cda45427b1bb2

SHA512
78b927b2b0cb0cce721d6926508e8df01b0aded52718f2e76a77efd4d5790115368e31f1223140bb7ff831e3a0e310f5fe52307b8307af2f210aa2919ab26952

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ac8a6c4b3309d3546f13c7996068af5

SHA1
dc84dc8f5b89d9ed2c9a9cd1e979a08dab72eb0b

SHA256
fecf6858ddd217918f8339e874eba6868b3cfc63d760de9bdae1fbed3d094eff

SHA512
4775419fa9f3be1367982bb2ba99ed254ca999117759c884ae3fd800dd4bdf7402c05ffa8d98d5ddfab2097b9a60a0baacf51e2a90dd148c454c00fb71479eb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2a6e0e19b34b733656558495d1c7144

SHA1
73ee799ba5b852128dad34cbce028d21a6e6aebf

SHA256
3071e1f2638a82fd5652d6b8d0d29c9beedecb37eb2faa2c254b9a15227c7cc2

SHA512
d2ee0fa4c9f591d8140c0e3349bb81e0a0efae25ad799619b0b28aeae6b26ffa6ce5a89d876e20c53ce96a83df5b72c8abbceea0cb8a80d73a1f67448efbc8d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f87464fc729822d7b55cc923258230c

SHA1
9e90f3fd0a703aa0ff7bf173bc785a9e78cb1a4d

SHA256
81001299e58c55d4e8202aa3eec92f17fb2dc6363057872c51c81a404deedfd4

SHA512
56c99bd3f4245c67dbf63c68e991de18be6b642e0a1b111f79f030dc1767c340c8d86b32c7a9deee7a275e65489fd1049b42a6890d394c20c9ee68f7cd0724e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b6b673ee6612975e1b0faf6d815783e

SHA1
e0e7ce27973f0d57f060c7a18ccbce95f169deeb

SHA256
11dfda31279de19654cc5e5932a62e843a625196ec1ea953e50a3754c559d13e

SHA512
d615300f19ff2286d7b119dd2df542406077e313a722ff9a18167d7fe2ffa3fcc5a08e0aa91167aad61acb788192241534ce333bc1d1a88856435a4e36d7271e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab31DD.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar326C.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit