a693fff41c4e738cfa6b7f0e9bcf51ae341b276b81189fa698f0c0ede4a8a54e

Analysis

max time kernel
120s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
15-01-2024 18:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Kiwi X/Monaco/vs/editor/standalone/browser/quickOpen/symbol-sprite.svg
Size

20KB
MD5

649fb0a55b0e0fc9d79e6b7872a14c10
SHA1

b33619c9dfd65d3f2e5a5fcb767a752123d51607
SHA256

fcc3026b97068f3d9e1743d36ca26b96ffdbcd2841fa9d804caccc4f249911c8
SHA512

3fb4b07e9313b69c84f887c9ca0464e4c8d06a98a8f2ad7d0b48452d068bd526004c21633d0279b4b5e17ad882acf8c7e99b4c3e7650be43b495b670a87d0cbd
SSDEEP

384:cyPJZCcKWPJuCNoSmvcar1PNY6g2HdSjEc3/WD3:DCdCNkvcaQ6x9SjES/W7

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e002205bdd47da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d6000000000200000000001066000000010000200000009242713595cc7fd6a99990e6e1d19ad90400428c81924145f02e4d2794c2f287000000000e8000000002000020000000c0869aa4af506f84081e689a1d8fb880a38122fa791be98bd1e4b74109a8980f900000001bcb14d9a5b2f18b76fbcc19f273a0abf11811a944fbb43f6b8b74c0be9e82753fea886f016dbcced83bd52af3496b6f50e1b70f23bc7ded2043c0e8f1df28be5c5924787e0a567c6ace263da815b14bd06e306b05c83f8be2f43abd078dff682fbedcc56b8a2d55029897bfee14c7ae09e4cfbc99cdee69be59c60cc362d1ceeefab74bdff03538eb8f3d6fb9e0ed51400000007711b796354db27cca1c9662b32320170971f744cdee235943a527b8a1954c527c80a2a12adaaed380ce599817fa58a56e0087cba8d60a8f46b6799fe4a61f77	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411503737"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{86A6DCE1-B3D0-11EE-AE81-EAAD54D9E991} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000083e87a78a0634c9d7acb2904d497fa314ad71d319ebbe155ef3630988636118000000000e8000000002000020000000d6c1968a7d209a0c05fb9a3c2a50934b299fdcd3bdd8d9edcf272ae4bfd76508200000009607d820cdb35052e271d65745adfca4cf0d498db6b960901275d3635e24c910400000007ccaaf47912ac095551b81c4441ba239c6c8df36a10c1f06446ac68b16f1b6a60a5df0836221502f9bd832f62cd2774a895e0fc6c17616ecbe8c1e0d47f51a43	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2496	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2496	iexplore.exe
2496	iexplore.exe
2288	IEXPLORE.EXE
2288	IEXPLORE.EXE
2288	IEXPLORE.EXE
2288	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 2288	2496	iexplore.exe	28
PID 2496 wrote to memory of 2288	2496	iexplore.exe	28
PID 2496 wrote to memory of 2288	2496	iexplore.exe	28
PID 2496 wrote to memory of 2288	2496	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Kiwi X\Monaco\vs\editor\standalone\browser\quickOpen\symbol-sprite.svg"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2496 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1eb72b1bcf4defd83b91b42194d6d25d

SHA1
2e57b71fcd763e0f154b8cb791084133a3930c81

SHA256
ee1ef9ced6464020cdcd513ed19ece3a9953ef6718a77005c6f71ba51df9cb5f

SHA512
7539798dd29ddba88f66f54a75abb00f578459aa78c3d18dff2fd5bb03bb77d31cdeffa8ee234d0cb97377acb146102f269f30e661ba56514e9fc4eecdd3c826

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
085efa67490dcae8448a0cf473b8da67

SHA1
280faf9d0f64622d75873de66c7be1a13c20f592

SHA256
a2f7dbdeb2d3cb55971bda043be1dfb80abe9e560e69b14d4bd4f3261a08aeac

SHA512
855ca7a2e9f892707f8af6e84f5ce8b4d62a6fbaa19b1178f840f01d366e2da88f344622b676f83421efca8115ff1f91e6714bc96a21639bcfae924569195351

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2f23db51541edef54494c6e809a4b3b

SHA1
e23b36db534f126a96b32c13a7d176b7d2174783

SHA256
42933e8f055f8e9f60dd0bf499b360f238037c1cba09142f63985a9f8d427c6d

SHA512
4f2e7bbeb9c77c93b4ce721809c811bf911a888025aa12225d7e25e83b2e59da78952efa476993fa0f61261d74554e1daa61dc8eb10f844be3acf262e6838c53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
968ca6601553114df1e91bc699107dfd

SHA1
4ffd0b2c86b8236fc8aeb8d8318e743534849353

SHA256
50f17c578ac19f5ad7af682deb2539513376ce8be36cc2eccff47c7a6fc9230a

SHA512
6f189346f319525816ccf05a4569f992f563104e0e711060bda4944da25d84144a33afce49270d4314b0b4b88b75278fa13191078e08e4fa0521cda0f9b7bd45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dac5cb807357d2cd39b9d954add3955c

SHA1
48f78629988b87d5e380e75e1d984219e8a137d8

SHA256
a68b42f3fabbe87288cbd2fa00982b6ecdf54e49e151a45091b2dcbc75d7dbf4

SHA512
6d4995d9557b2f882ec5b7f996fd6c362908fd3638dceaf5a32970e463218bdd5a34f955712a90c371206290f3752d6942e84f926e1e85d2f7012c6035514cb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2cc6177103a87656745366b888901e5

SHA1
7a5e0d2b8c2858fa09cb051a979d499c036f3f7b

SHA256
cd8abfb772882064aceea6a93e0cf18a5010c61e4321606b2fdf81feced8c61e

SHA512
c7d715575742865f8d605251fd998931e33da2a881c8e2c2c1b3d740b7cf6a1bc473d3b5a83a15c97214999455fdf0372220547f27b1ce75a96fc4ae3e3a3d02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45e129b4df8d33e7dd8109635c29758e

SHA1
3209ae98dbea0e45c95cddda95b7f8e568b0529f

SHA256
dd6af1c7f4da9fb2cd5a7ab6f56d0a6c5802a46f3ef6efd932dfcdc5414aaf46

SHA512
8eae8a060ad96f9fc1f8d227686f0008a2225203942d07428336da6bcad941d9a2245c862dbce4693070054df8e01385ae9f331612503809a2465a6587fe1759

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f244b958e4ce0ba548b5e4e4986ac30

SHA1
f0706d6ff302da47277495c36bc5f44c4bd39853

SHA256
4eda8c68d0c93df79bc17f2aa2aafb59c9a84bb8b6bea57888a1b04b72f8a4bc

SHA512
fa018e97610c55da0fabda0a6c49b66fe886080153e7a7d4d3913f8718f44a50dc0d4b40a5f246bb60b5c0e9d9c09a530911289fd1e274802f57efe4a26d5e50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e114d282a5a1df79cf14f3901d93f731

SHA1
e12e691e741b26266e551003d88b68a5a1174446

SHA256
f5f00613246018208f0f9d6151f256eb9d49787849173f420476027246a17d14

SHA512
ebcb460ba863c872bc04b7433720ace463140492161847a3ec988298b1dffdfaad5a726f38d6e79cff5b04b21dc28a8f47247da9ba0d5d555ec7a7b397e4d87a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0220a15846e7e413a86572a01784bdef

SHA1
55b7ac5d2a9601e20eb241f07a6cb54490e95679

SHA256
77ff84dfbfc65b5797613577d0da9fa25e698e1d47cc5cc47deb472775a97e71

SHA512
d2b266b412aa8de5bf41cedb7fe3999d35a630918f8e4dd0ea4afbffc70c086a7f4e24402f28a5cfe26314cd68616f9ae6793cbec2872646ab361c5279e038de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f658d0016ce6bfad216f167e62d1ffa1

SHA1
3a26146dc648405f8916bf0e0b9eec9758c29bfd

SHA256
033463a9e2455216a4dc288eda6f80eb37d77e40a729832f48457990f4978edb

SHA512
e0fd31b82ca042f728b6667f5ac6a5cb91f7ed584c8a04a3bee2820efb964a9359b1f322f28f95261a2b2604f44cc9d70b5fd746548eeef5c844e32c81cbd63d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ca7880a3e1a37ca906fb8408f8f6518

SHA1
e8d1b3511dcadd8b5dae06491024c5a909af0ac4

SHA256
670ce775b9f908ac591d318c4d3f4afb10c57ad43e077761f37f2f8564c1e7da

SHA512
e2d8d0f69347e703d690ee7c92f6f84a9a7add4a8d3ad7093a42dd52c41e61fc93e5f9bb1dc35fea6d0bda27afbac948980eff88a9726aa269b3f98ecc2382a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aec88bd969672685d301250faad93184

SHA1
89b9fac428821240368afe99f4805d10abfe9e0f

SHA256
b2a12b5fb93783799460ecf0164838a1178e2d11c92979fb38355a4398632da3

SHA512
1bebe2e4302facb4c97c1979921b21db24f79afff7d0a952b2d0056bd72b6c01f2ceded4c662a85ae5a866acdaf91108a94b5f9a0ea13d9dd1197fe8b29cc3de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
19f831cc2762b83470c3249a4f19c88d

SHA1
ca97df91e0dd19b0c19b9117936d6979ad863059

SHA256
d0862315fcac89d8c9e436f0f8b2de433aa8097f9ac5eef6c3c87edaa8d63c83

SHA512
6469d264e2b044b0c8620a9d77f3242cea28184f5f445fc6123d665ec5ce61c38e16a10cdc74105f698039d604e3eb19a0b2acbf9b64eaaa27875f9a98720d44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab393f33e6dbcbbf3d0f957b8ef9b568

SHA1
d3fb80155d643ff2d04571ffb1bf174d5f4cb967

SHA256
eab39bb2fe31a152838d53824aedcbab43eae6e001d4bf725a86c1a37db1d1f3

SHA512
e3f14aa3a2d856fbd2bd04070b9cd22f5e9ad7a4be8d08f455ca894dacfc9d9e6ffed0f0d8a5d7008d57ccc064add7250dadf943c4a262709ecab89c32e9bdcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2EB0.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2F9E.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit