f46aae7a50e9fcc554184e69a191d553b6287aa604f5cd5b2713d19363e318e7

Analysis

max time kernel
117s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 11:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$SMPROGRAMS/Ա.lnk
Size

1KB
MD5

62d588bdb74e4e2e5d1689fa9272ce39
SHA1

9d0db515d8f65e57353381d707060f7343a74da7
SHA256

248402dd02a096f9721d61fe867fac5cacf4dc9001fa2aa6a50a59f7405606ef
SHA512

cbb47f7e4227177ad39a1c914e00e0ca13209fe0839d13819299ad203572b69026c541d71c5101e4cdddbcf7786c6adf339af3e4b0aab65cb188614f646a893e

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EA057E61-B6C1-11EE-8FC2-4A7F2EE8F0A9} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a000000000200000000001066000000010000200000001e6e31795bd24b886f8be3b7155436a80982bc6157a7a3f5291bcb3fda036f3e000000000e8000000002000020000000195ae41d595e0d881bf493462d7641f53eae036c64176dc63ef06bc458ec236990000000355b1c003cf1dda0e46aa8db4370deb807fd31a33a133bbd67c0bf939af7df09cf953ec4f08ea3b3d8752c9259f21d136334d350cb6ee5793898b67da98d9deb6ac562d8d98f33a34bb36742a4ae87a1617d40a748589712ce9f10f64123b42f1b74cf274285487d50d911db553927ad67555f58d06fb0e812ec23ab7adc69c14bdd62de99ed9f29f3001bbeef8b2e454000000015314e9cedaa015f75b0e9b47480c444d99f66624a9e7ba887ea14f97c7966822b49b8f7252042936a9ba1554214104befad2c5d5d1414a64d5688ddf203fb9b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80a5dad7ce4ada01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a000000000200000000001066000000010000200000001b42ec5b6abcd523eeb18e0847c54b8967e449a7b7bd38dffaef5126ec0b4364000000000e8000000002000020000000a3b42ff2456f47f951b988db8ed794e456169dc25aae413e2ad11f98615f1ec92000000039ccdaf8a5633101b0fe89663bbebfb7d44c5b4e96d387125c5fc68f7d15bd8e400000000eb07871dc60268b4a74ad49ef4eed8f30869f3e15e8a5270366a6576e0a9ea188e104fd0c206559362b53f5c331133ba0eee301b34dbac36d252bad344ac9c3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411827314"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2840	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2840	iexplore.exe
2840	iexplore.exe
2624	IEXPLORE.EXE
2624	IEXPLORE.EXE
2624	IEXPLORE.EXE
2624	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 2840	2896	cmd.exe	29
PID 2896 wrote to memory of 2840	2896	cmd.exe	29
PID 2896 wrote to memory of 2840	2896	cmd.exe	29
PID 2840 wrote to memory of 2624	2840	iexplore.exe	30
PID 2840 wrote to memory of 2624	2840	iexplore.exe	30
PID 2840 wrote to memory of 2624	2840	iexplore.exe	30
PID 2840 wrote to memory of 2624	2840	iexplore.exe	30

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$SMPROGRAMS\Ա.lnk
1⤵
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.mai520.com/?taobao
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2840
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2840 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a532970c773a9d34917340761e813e88

SHA1
894102cdbbfa302f033f6a26803292097f2a0b1f

SHA256
1ea2572184618657ca02c6ddc147656dcfa3ba5f79ddeddda2ac3967105b9014

SHA512
0b2a0b0b9572e5925332f7fcc16a20021b3a3af30fb3364f64e61fb90e97621301838eec560e440c45f439e64a456596d77bc5c6040ecc8141aa782424e7a6bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5dac23dc52d99e151d5ee795648cd22f

SHA1
204824fbb3e30d2ea0887445bdc947a31e3f8794

SHA256
410b2e3756826b14d909ecce3912696a16bd24bd81ebdd8df10014b8ff1c6844

SHA512
c2e9127953da3633e50d050120cd754ff1cb806ae851c9f86d490f4d2b3c62eac86a43c15bcab4b5659182caff2c6cb255f15f1881f59db6bfa3db56d0c727ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c00719dc4abb6a0119e63be8b6f2195c

SHA1
c7b0840c35d0869fe4a8404f2b8d2944587a871d

SHA256
63d321ee6f40a2d17e6c233175d5d110b07435dab4010a82fa663bf40bef2441

SHA512
42d34ef2de0a1204fb70397abd454dc83630affeb85cb639ba3247f5f35b784399edcfdffc2d2b443f412b495eab0846b4c80471504de1e2ddfbf0158df3b3b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cdd3b8c5497167294d89fe7bc663ea60

SHA1
ebf657aa2d2caca53ca89b3f91b11b5d477fef8b

SHA256
bd753ba1ceb894eeebd4cc5af25e8d916a7b27bc0d8c80c93608066a63827da9

SHA512
0fa813fc302337f9f241d9bce4d60992ae65ba03731e2925fab81bca3197ae50ab7425caf8585217a8d797753b7a3c9b9e3add5d7fc0b177a1840080a14f3883

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
008555b937149e78752a6e871af93b1e

SHA1
b7e60771f0331363e1d4efa4780df25873173d73

SHA256
60ea3460ac108f8ea5222e11aa6ef207d458f4c6d665149b370e7c612c4a33f3

SHA512
6f5b1e25be746f813aa3c1da3e3d9352638d327a2ee7071da59764d8d94cff0b13eca20a6705bbd1ae4acdaa7e551b5673c2fe5931f5c5745142e3a81580fc52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f26c9888e973b9551d698f627af5ae79

SHA1
1cc7516f80c46fed6b94c58fc35d61d13a2cf1ec

SHA256
b735d636fff94ce4728b6ec995d3a1f7bf547ec5f9608fa41a8fb94e40673280

SHA512
6cb3208c54830058c21cec92734698133899bff08ef7f82a6175479fb557379bba084c7a3ffd9198a94a88006158181cf19d28683121790d3a6282b52e3125ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b6e65a2e3ddd200f1a4a69bbb21db3ef

SHA1
691a3342daa59239dc4112dbb2cdfc12ee1ed6b5

SHA256
70cc5838af86330395ee7018833f98fdc6ccea423bf7c53c8620b75b19271dd9

SHA512
5372fb4ce5b980ce941c0d3bd457948e00cac2717b2cd63e463eddb1d324dddc88a1698fa56c2d95365bb0a3a656a7681f063957a9ed67494154707b682630d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
385c0ac213e726d25f11fb83ed2b99ef

SHA1
a073a0080256c6c8a1769807e8c705ddb0e18800

SHA256
fbff13d37aac0e33722b52a985b3cdab48d80b7714bced02e6e03d59e6fc2d8d

SHA512
7c132b08c52f37fc3c6b5a634784860b32486ad2d5c0a0fc1336e3613c96dca6e614ec7189ccc5735a6d2e6ffd1dd2a4dfb42c898962001e47fca391c6e09d1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
454ee251b2230f898a9f7f0a8986f3a9

SHA1
2582d472d97a3e8cfcdedfd1710cbdfba3ef27a5

SHA256
23bddf9d1d3be923f2a5234ef59e85f8aee0327ed93cc36a80e79fdbf14c63ed

SHA512
223bca571ad6e9a908a9e5e496c925a537490c29522834571ffc82dbe294c7965d28a4de25e854f8f42a322f2a31298590e4aaae077c5470d77087bd2a1eaf3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd128e79cc52906b30e217bc17a25533

SHA1
f0b8d58515c6680fdbe53a20e9c89a1a11e71daa

SHA256
e76f8b3aabbf70e3f67382fba3489cf324cb5bd13293a2bd8e911be6827fdfb6

SHA512
c4d0a41113f0a86d1117adff4eb15f7c599af8c69e208dae17402faf5c421173301d869e10875b7d27dbd30c1b96c37426d631941ebf994f8ad250f6dc1f85aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4762478618f6015e54da5cfa26f539b0

SHA1
2dab8a0b697d5149cd6929ac4bb4d5214c11c5b2

SHA256
78d6fde889a560767c0c2628cc3322d3fec5dfd073408cfdfef21ed2d06ee0f7

SHA512
0bcc807e43cc776378b264a804209612edc63eff7eb3b50af07be25d1bd7722f7c8fd5204fc33ed2228bedc945b86f45a955bcf23edc60741101d0b2892d1325

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8166fbb0b5148c1369c90a5686b2f001

SHA1
6aaecb664dbae138057fff8916c62c1a314f9584

SHA256
4914e201edc978f04dbc7a1894f93966ca8be03efab70c63b33e5158f530e06b

SHA512
632c5ffba97181ef93c4806d9cebd394a0eca7772938e333b049d6f0b20d9ab5a7c85a76b1003beb24ed3d084f3e5c90099252d4138df8bb83cd1ad71a5d0295

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
66d3a564adf86eceb3469b5c9a3e40a1

SHA1
1fdf00291f9edd2b8c42bba3588723bb337c0569

SHA256
d42a9a9c1787d6d1f82381cc69df7493bc0ae005f8bc63c9697f831546e54d71

SHA512
1df2e5651b9e99187edeb5c3ce53b963e0614e857cbf1ad95aa4dea8d4cf151064018675381979aa7f01c5218626ad50578354cc72f9f0332a46e46d0f01b6df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56ea95557c54cd3166d8605ae0771b0e

SHA1
cc739e0d4bb86bd622ba7fcc6fbdd1b0bae95271

SHA256
d3b4e4715210c18197131327c159c0e15206c0180261ebe016ccf4a060e35d9b

SHA512
1a82a92c8aebc47c1ee1f7d6c02b42491dea85a450088c15fbc1948c45e6b2e6a2c63dbe2c819569b09df77fa344732418a610426467a77e4c85ac2c26900819

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8bdad759afb3beb96b3dd005cfdcfbe1

SHA1
b13da64663c30e3a794c976925487cf4ddcce62d

SHA256
a0bb8d12bab0edda0ceaaa3a3eda22cba4f59cda8bf402f93a73be298ac43d5e

SHA512
b4856d5dc7d0539553119ef11a894cbf0ad90244c0241ddfd3dcea00f803317987c340d90c2e7d07aa2aed8b807dc206ccc867a009d7ddfa8b2b49eead5aa8a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC89F.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC94E.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit