hxxp://2024-01-18_99c07130f5309f3b293f7a9280466f60_mafia

Analysis

max time kernel
121s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 11:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://2024-01-18_99c07130f5309f3b293f7a9280466f60_mafia

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9C4BC651-B5F6-11EE-BE0E-D6882E0F4692} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a0000000002000000000010660000000100002000000094e5c2065a29406547fada683fbe71bc6df6883193e64d5608169b275f6c0070000000000e8000000002000020000000b6069e0fa1258331acae26dd01e10f30972bd864f00ec3e462bc53d6f9acf85c900000004856f62227c12c01c82804395142aec7f384f7f071535f560d9b4890771ecb6a5c3d2ec717d87daacccba4fbdb190242d8c51ae7c480c9b6fba7ac2f3b53834de27dda0ad316165db2904cd0102942a4749c96ea4a7df45de4686f6058d5f0b69a2a45d55de816d54e1ff402af5d8c1b6e78f9c844ba371fde43110004229d3b7315ba899cbdfb880bb18b15b39483d84000000033bf262cc10bbe8a0a49474df106330dcb51c33d90e8bfd7b80a98a3e07a8ce3a46641d08f6f78683e1aafed44818c9fad8364444a41239af3b381b19a959200	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411740000"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 606c4871034ada01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a00000000020000000000106600000001000020000000dc88a8ee80440799b0bf939c29b3ec785f1948cee13983bfc0d3c321bbb1c6df000000000e800000000200002000000086b25ef40e69dc934cecf88f5582b9991bc3ebddeb7db4443143a6f568d653f220000000526073045dd65f62358d8012f8c1944471798a83b49fdec52be03d4e6f47467840000000f0cec9e0d621c6990221e10ff3a80b858c2c894e465ba529a6f12f3cea2e3dbfaf83499a47976cc3b53e951ad06a27555332565b1cfb9d17e11ac03b5da2cfc9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2248	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2248	iexplore.exe
2248	iexplore.exe
2356	IEXPLORE.EXE
2356	IEXPLORE.EXE
2356	IEXPLORE.EXE
2356	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2356	2248	iexplore.exe	28
PID 2248 wrote to memory of 2356	2248	iexplore.exe	28
PID 2248 wrote to memory of 2356	2248	iexplore.exe	28
PID 2248 wrote to memory of 2356	2248	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://2024-01-18_99c07130f5309f3b293f7a9280466f60_mafia
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2248 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
93fb8c805d00b67ad6f473a9373a53a0

SHA1
0ea2db43ab53c07a13011fc83edf52642ac232be

SHA256
4be55b0a8096b2da380bb49f8db29ca72ed36609036247e80695fb5d48027429

SHA512
a93837a914e6e0bf36497de25a75e8826657ad70247ce8c9969293d29e3d9aad45135d7e43f8cf25c13c58daf6658411c56cf1f73ce5f74f298b137e6230385b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a3ddfbf4420d3a7d98118ed292eab870

SHA1
3f15932b6fbf29506cbb8f5935cfb5698f21e895

SHA256
ee4ba90d81eee6174f1315d7a87cdd652ccbadcca069c3cf4f5f91001b823058

SHA512
4e098588072331bce4162e3e5f754ad70c49a77cddb98e9147df0d9b4e846d860fa6ba83bc53f97815198b608ae6add7ce50269d089738d22093c72bb4fa089b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0602be77ae8aeb25e471ee429ad6fbcc

SHA1
a9e7d87b549c383d5c2b949a333c863d96e8711e

SHA256
385441466b91e1fa13cbfb9589dfd69448e3d40c61effc6aa82ab97227d0c24e

SHA512
60e2684ece989d2b10a18780b0facc8bd3adb906de618b16359bf0595265a9385eaa68db705074fb1aa4335a2c7edc7371f3f17e0546c824fda7037ceae25623

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6fb35cbe00dc6ddb43b79bd053d24496

SHA1
1d9ad9402c82ba1dd99a8933e3ecdd36c56cfa8b

SHA256
6353992b16e376ca41b02678ec6390fbb16b94910054aa08bf8e3b0e4d293247

SHA512
bfcdaa5b79b584764e098c7f263f9fbb2ea083e0ac31787f988ce12a2e28fe2ee69d7ff264be79b381f007f4176e00de313a0d62e08ac20713c9db616cb6e77a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c67884f53da32bea69dcbe3d5c893d4

SHA1
1da28627f630ba481f0b7b5f32f1c6371a83901e

SHA256
e3430e39d5880869953423cd51d1b832b9938b41268e060cd418120f814060f3

SHA512
9fe5aac886dbe0168ad0a4eb64999ebf0f47acb7f846ee462bcbfc1cdc03caaac3582ff4a868ae51ec84f95e0727c402768f791c9dff854b8e7c2c2630db26a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
88b3150c9a00349534a58ca956f138ef

SHA1
d4cb440cd9cd4b9c7ea2e1a8155e29391963fa53

SHA256
b66096d640d8ed98d28d4d26fb198b69a2f7d3bc207d4707303819ea05ad3be7

SHA512
2761451912f73040f696c379b5f1ee3a4a04919f80927327082a963eaa4c5f788f7366c4b1e6e03d22e5c0b8d790c1230762702ebb89169eb4e5b49b79444f54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
559c629f66b3556cf5d73596def65324

SHA1
1a9405370c3652fb71ff6b30549ec2156bccf5bc

SHA256
4610c57ff5a458e28fdad2e4f990b8688dfd6ce6bceb90621600d515e3bcd182

SHA512
357cf7c89c59be7d51d50ebf08fbbc849bfc0150ae88bd75e219d9e89012d46db94d08fb79afe09ce79509a6fcb0c60793fdbfa0e2cc79ff02c03684d2cc31e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
619c8aeffbdee9c5f79e2fe76d330660

SHA1
2c72ddcb75b2865a3da558348b6b83b4d7cc3867

SHA256
0d079437ddf8b3285d87833a5c9610e0c3f7392cbc9176948019aa4a626e261b

SHA512
e9ed98ab2536f2bf7018d8f205e4a078c2b230336fa3176e5d649e6f41c4574d2fce75bc58813b8fb545ef5b12e1323bcaedc9b49b3fa80e0a3a58224f1f6533

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a23969da19bd6d5101fb9defa44ee97e

SHA1
e2b254e00262279857edb92e39eb68c381281d86

SHA256
44f985c6fb2d7b33d7770177de95a0467b39368d6077212eea2ed667486ad3c3

SHA512
250ce92904290f251e8fdea777ce55e72c2966a7d32fc7c0a8a4b4e758a2a6aff4331e11edeeffad2a80821cb4e2ced67d58bd5fd950e332a60516b51f1ec59a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
344d042e68497aed93647cdcd8fceb33

SHA1
94feb9d79aa913c721d7833ae42e2434305b9c48

SHA256
8b935bba95475761c2c0bf4fad2695382fb99136e341b6952e97a2711670ad25

SHA512
5c1af0e2d7e4d93e0e47e3570215c35c88d5cf2dd0d222c82c6d0a0aa51d3cfcb917d57390cbe33b6a78d88a63ccd2c560056da236ddfc4717251b73dbeae626

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c33887207d5514f88bc5d6d876b8f890

SHA1
1705565b0ea694706701fab1d23765887518faee

SHA256
8b176e3e6dc5432ac5786342f60dbdc1c55b61659d941785aa42f4fb7ba56cb3

SHA512
8e591aa46e650b6859b3f568e13b52d91697b372c1b7e55ae7c0a039d526cbf227ad39a2542c697445d2abbf0df983842272c60abf3ba8803fab24899d8399e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2b7f438b6af1880e3014c99a8a642ae

SHA1
1802013989c76bb0fca53766d0e23804701a0ef5

SHA256
51f77f29b47ab7ba825b50cee973b58c80b8215be480ea02e70ee9d833d94cd4

SHA512
03a1af12ce6d185eddf01e057afd3d3ec6c2e4659cf917f16778bec929c6af3c092abd6e2d5d4fb5486b5f89ceeab54e6cfb64551eb5697fd357d46a75c9f704

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
544a4729eff19e0791b3bbe6ff49043c

SHA1
36dd32896063fa0d9abc3ddc60f6795b50c2671a

SHA256
91fe54305f2f1e8de0ea94ea32704d7cf999258eb302164ab2ad50aff2794e19

SHA512
d6e39c8bd8f37ee3b2386bdde801c5f03add59596338f139b4549fb8823d2b4dbd905b758aedba68b5b011dded129d1bbb5dc0465d0844e878bed10d679404ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bca96e38aef28b88d1343293d35509fa

SHA1
3f3be173a0990aa7130e0285208ef68f90d8df2a

SHA256
8ffb4e800576176c7529258b55ea14633e0eeaab3e492b310b451ed5e037cf05

SHA512
55f6282e9651d889f8b074bc497cf9f7bb49df615090676c691d23bfe4a2da57eb89a9f586dfc0d1559b61a20165c3f9c9c0adc75dff0b26c659d9e1081f3c1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
59f8e2287d3b7f2db79a938b5b409d07

SHA1
6980ac38f760b441c8c94308c8b4c73a20cb3785

SHA256
344f8d416eaf50df14906be48a55e9bfea132eb978dab0557a430b1e354cd55e

SHA512
6fa2afe2bd4aaa33b55beb6ac2845ee3cd0fc87e4c3742186e5e5fe90e128124a49804c1f54396714f01b287a9e063aec9d4516430f18ab8a5e93c9c8ada82a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2F2E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2F50.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit