a693fff41c4e738cfa6b7f0e9bcf51ae341b276b81189fa698f0c0ede4a8a54e

Analysis

max time kernel
139s
max time network
138s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
15-01-2024 18:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Kiwi X/Monaco/vs/editor/contrib/suggest/media/String_inverse_16x.svg
Size

4KB
MD5

6e5c0ce7ec09969f07ea6ee078ef8ad6
SHA1

deadc5357a26852d872bffa77d1aa19108603b25
SHA256

7d23c0f30cb9c05c81bb15785a3299772ae3cfbe51f3e04895aa1f23ffbeba5b
SHA512

2b02cb82f9e4720ee43bfc8b7fe5d6de38228329aafbedb589d5a219057c15f073023deca3c1ca5b65cea4a4f0d863ebd88c889b1d67119639fae2ce180863bf
SSDEEP

48:Cn7wkEX+c9Vlt4AFCj93Z0hDC7hSBnukNyhDFtrJGuG2XvS+yZCahDC7hSBnhKHG:EJWFCMcfkCFGE6+yZCacJImkArbbqrAm

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{884E4381-B3D0-11EE-8452-CE9B5D0C5DE4} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa00000000020000000000106600000001000020000000cee362f7c95c34cabe849a1808ea11ec3eb1d6db1eb97645b548127f852b8063000000000e8000000002000020000000ba5e5c35b66ad64dccae8376df15e8b48afd6cf6041a96473454702a7cb2cb65200000005dbc5877af2e717c804631542cfa34ceb66a8a3646b28ed691f7a60fa6d6ce5a4000000007760b2c2d4746cb5c83516055e68fe7b790acb3781f4937b0ca0de2772341159482324f86a251a1bb408a7568be4159e54700f150d10e17e8f65cf017ca1e01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa0000000002000000000010660000000100002000000026f1ae2766dd441bcd36d0707177a04f81c0cdab45ea76fa197dd45bb63ac961000000000e800000000200002000000084d615e652374d346a23d8ce0dc2a3fe50b6d018d33ac449c841b0718679edc4900000008deb3bfffccf23bc3df896acb462c6a4d23fb4b546cdd205fecba630e1fbb916c71dbab7197da564661b7cc0874213c81871613c21046577b57f2b4b6cbe35d6ae7dc2e64423dda6c88a69234e022c852f5908811dedb46f1d304ed822749feb58130060600c28671a94a57484d5a064d6493224e3d35288ba9b0c8269b605765aff59726edd3e881f617706242f489f40000000a18eeaaea92e994c63a9ae7b467bb9bc45aac0e4056b4d12c21d15a428e059c921a88cb75ba349c49976880bbdf7c32e647bbec16349c596c6678ffacfb33c75	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411503744"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0056285ddd47da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1368	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1368	iexplore.exe
1368	iexplore.exe
2108	IEXPLORE.EXE
2108	IEXPLORE.EXE
2108	IEXPLORE.EXE
2108	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 2108	1368	iexplore.exe	28
PID 1368 wrote to memory of 2108	1368	iexplore.exe	28
PID 1368 wrote to memory of 2108	1368	iexplore.exe	28
PID 1368 wrote to memory of 2108	1368	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Kiwi X\Monaco\vs\editor\contrib\suggest\media\String_inverse_16x.svg"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1368 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
12b5540d291b2cfc933beca70d1e46f8

SHA1
3a2c6fe0578b17e83edaf9ee68e942094dc371a3

SHA256
c28ba910f3f85faf900a434342fb3f1bc210abf399632dd23fd5f81a8015f5ac

SHA512
b741316b01d8f655f87473760227eb7385a9eb47576b10c228d692fc1a4d4604a1c524ef7d4cb42b7688a43ef52ab29410de556b4814b7fd89f05426f86d4cee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
683971d0eeb6529bb9b114a9b1827aa5

SHA1
a078e622256b40925e7ee49048d63b36d6109e45

SHA256
ca426f541296e8af5a85293eef9689f8274de96dc3c3df452ff9b5c44242c419

SHA512
71524ac8a48295678a2b5df7edbd62dfd312ac89c4c37565ab1bca3e9a078e16dcb611dc5968b41fca133344d23e047a00d35de712805e750ffa619e2dd6da18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d242115a2e8f323b8eabc719b086b475

SHA1
eafa0d372840172d2e314b69a12714f32db32d45

SHA256
9d1b53ef0b6dd359ade42a88a221bb9d8c43e916885edce5edb005a727de1167

SHA512
42b22805909cddb39c1acdf6b6e798f28ba81d8ed602d0c35b4b3740a2bd1dde4cefb36303984ea5736eb8126a2ddbc2ce408d2ce599271d14e3f2fb7bbc316c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9a8bc26c1010be10e3b377a49042776

SHA1
90976d47dd60078d368f25915464f0afdaf7b795

SHA256
d42cf84bef6f3cd6ce5a503e3a411a85bd71e391c2561a002a540adc718089a8

SHA512
2c81c36622c15109706693e5760c48ad6933035cf5d40cc357312017620bcb3d49dce5c3057e31af92626f87a650f6953a0e06f41e22d5d6f95d9ef1b2e1e7ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8748da5bc5754f57c35ce4efb24f28f4

SHA1
2d8fa55c888602d1fb116930266510eae1e82210

SHA256
1f51a5978fce9df51d4eebfde66f8c92324f53d9ce0a0db6a945668b70bf2be6

SHA512
ebf6ddf20071656586a69f0c534fe93226a41e30dc118b90b1948a8124ccc9eb4ad71c60fc01d5222f36bf99e46174027e215627882dc1b0d9650e594836ae3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
03bd5f92447a6ecdc7ae598a160ed972

SHA1
308283f309d8beda1a13ec75cc88a5cacf320c48

SHA256
7b03e36050a321d00d96ef8d586e1ac27a6d561527afd5f19de8d5f1a9ae0f49

SHA512
dede13d6003c5c88639fdcd7db5ff5548f28dc428a5c9c7a7b44f53abdf09ff7dad4af71923af740f791a7ea4bd1e3518a444a87b737b0686955f99ecdbcb975

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
976209647407e2a82f9d6a2de13ae839

SHA1
af49a28c30ada02419389625b5ea0ab60dcf9979

SHA256
1d78773d2d7402e0c2bca97a8b72d3bdf45cd76c46257405f41a8356e948a66a

SHA512
de4d2bca6a9135ec7c1b192819a2238092e588430ca7697e33098d8d2305919eb2e4df95e9fd4fdf8b732f3cae66a77cbc561acf9149329ff8c86ae8d7427b08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
47591b0017acb79c15994e0e0fd9edba

SHA1
e89d44a40c6a506406173501dc69ab5927db9967

SHA256
9879901d35a97158e7c163ffb6b43c331fdecd381dccca610aa4c674ab0b818c

SHA512
b98b1d213bda55f8c388b1fd9b745e09752bd10ae502c9cc9f061ca0983f9dd1415521526bd530a5defc166076819684fe1a472d79d1c2cb4721770d99170a0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c30a902195e1ae779b46bed8c07a1b64

SHA1
153027878910508d309a054279c4f4746c83432d

SHA256
af7af19d2a6585e4f8444f7d0caec6885f72a610cc95ba043afeeba7050056e6

SHA512
0d81dbd97ed9a3db7f22ad0b3cb3e34a34eb75ecda6e7cc0dc4fb62838d3f771e3cbd080b51dddd56473de9cb4a538ede80243886750cf663fadb17169f96aa5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fa910ac7b5ab62ff55cca0f925eb5597

SHA1
11f57e20a9b48a879978ea2f72607b75c756c4f2

SHA256
aaf884d38fb4a5e73ebd495ebe457daf4ec60284bab281c5d981c096c023e238

SHA512
b32bc88666a640fc77d3ad14f90f26da48766fb9a906b05a9c45c2e3072c76d60e508f74b40e008f3741f0e8837bcbe9d8626f6dfd37ee5cdff1ace1f3176cf2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54a135123f7b3d3db18bdce61f100e76

SHA1
ac3eaf825bde31c151e08c2f47a28c773d1c496a

SHA256
82598b90501bffd9b186c9dbd721810af1889a18918a2ef4d1a24c55f05e03e0

SHA512
6d4970a0a4402ab6773f932e9611fdc616fd9c547504c957460380ce54e97337128dc41a6a23724b3624a158a9f386c4264f8b083446fdf92cdb4e37f0b8103c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3efda6eb87db813031fe7b4aad05c7d3

SHA1
f8c7e0973f12a273ca6d8db99aa6fd901d2b4be9

SHA256
c64846d07f748a061a0a63c8be0df6a7f7800fe106d5e448b782cd8e4fe5c243

SHA512
fa2c2fdec9702b9e30486a7f04c369e21e88fb753735474ecc5563d6446b8bbce306683695daa6b640f6eb3976556246bf2598b9c58a779d7f42b9b6fdce02ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
50fee9dfd925a3a297d41fc49571212e

SHA1
297f2aae2f00e73d040ad9e55696e855ba0bdde1

SHA256
325ab6d88db6f80cd1f99351b50c3d8df9330897992c7db7b26ec7e1b6572e34

SHA512
ad47d431595a57228191afaa2f4de7ae496691ca25d1e924ebd0e90534bb31091bade1cb171704c34176975af1324f06048def94f0d38ff9106acdf346ceec8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f5b210486c4047b3afac396fb837e36

SHA1
f3c4a064344a94311b7866d8b40c2162d2359b20

SHA256
f7dd83185cd51706bbf2dab82830fc63de35baeb09bc21a6ab23b4fc07a1c2b4

SHA512
ed7f011b187ac796bfe88f60c8e1a3d48ab97395c0022e3dde8769d6deb83f57bfca00a88c79fa39c8fc62bcf6817235dff374cb739d627642aea6081a24dc8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f6e2427f8e23ba08f86e29911f3374f

SHA1
84138690a62b22bfaaf2ae332fd1985aa1a81fc1

SHA256
8c27d4cb1977281da95fe6a981d0acd51f2a0eca128b180d58ff1db71295e7ef

SHA512
c17d7c0031f4719188b132b89064f7218c172cf0e4513f8be96ac28565313e87a7a68c5d11da9e792db878a385293972f12497901f9d85679efb00405d36d44f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
77b2545662017258039afc76b708f750

SHA1
52b4495fd372c34b45d370f2163bc0759f28aab9

SHA256
135031a099f525e545abb341869e81aaab97af91c6943e9df035637ffcf78ffa

SHA512
f025afdedf41b4a3f367ea2d9c944c0f7bf6742d82280240e0b2f94b19d94ba56e5c6b41ec15b80785f6170e46bd2de6fe0dd38f45d001775a1f6a9a5adf2c05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
65f9fdad06c43023571a06454bc83bfd

SHA1
b8c53e78ab5bf71f1b351924db7eadaa33bfb9e3

SHA256
70223d7036dfac6f9df1c0c1225fbb2ec494d5edebf097e15294320f1e65ff7d

SHA512
04395118eeb3869e7c9dfa2ccd3e2160b816ea203ad01da3e58fbed65181fa84c3571d5c476196cb60ac5718991786193e8da64fac2fdcf93392242483fd1333

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6AA7.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6B47.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit