hxxps://td-lcca[.]ltd

Analysis

max time kernel
122s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 15:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://td-lcca.ltd

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb80000000002000000000010660000000100002000000074c0f4e0a9fe0f948dc509ca96ec4de6c57fee6c183500e26b4f82bbea09c15e000000000e8000000002000020000000cf25183910ac2bb3cdaf7ca49f8560d03b4fab9c7c690df1560c437557c46bd29000000004e49fc00f49990f8ffaefa6e81d585509de2c002ebe75aae6da468f0850cc960ed8bbe360ef9057ee79dc5dc095bab232606585d91f724117a3fa254b169a6ac35f79d710f22a18f81be3f8217799d02089eba82fb696f51b657fb8a90f1ddc0da58ea00bb4b20e52ee28a5ac2522489776370964c2c336bb787be95ab2f7861ba0d5d3ce0ca9a6b4dd5e544509e5d74000000057cd27d41697de4aaf4149893dac9e7dc1b066f39474110d0582c1ca0924aeb67462e5614f4ccfe89ea6c88028ef83de9789dec274985aa4feb3d387b9bc02fa	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e08b7e7ba54fda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412359344"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb80000000002000000000010660000000100002000000062c35c919ec4cfabba2235a3ec03d5672f6931e8477766a6af70cdc0b58d7e6a000000000e8000000002000020000000df920fe2a8101f721a6242d334b414d0e23d1bc12241aa780572f8a0ea773b74200000008f40ebb27d24cbe821d38a575409f4ef140241f845bf81750208aa11d276ce034000000000f4f1c9f21603b01f038338bc003b1caafdc5a38a403721d67f71cbcf8edeb12da93b95534a631c4f7c92d5e33ad051122d6223678b647a6d79eb8593ee49a1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A3AD8851-BB98-11EE-AD08-DED0D00124D2} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2644 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2644 iexplore.exe
2644 iexplore.exe
1528 IEXPLORE.EXE
1528 IEXPLORE.EXE
1528 IEXPLORE.EXE
1528 IEXPLORE.EXE

pid	process
2644	iexplore.exe

pid	process
2644	iexplore.exe
2644	iexplore.exe
1528	IEXPLORE.EXE
1528	IEXPLORE.EXE
1528	IEXPLORE.EXE
1528	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2644 wrote to memory of 1528	2644	iexplore.exe	IEXPLORE.EXE
PID 2644 wrote to memory of 1528	2644	iexplore.exe	IEXPLORE.EXE
PID 2644 wrote to memory of 1528	2644	iexplore.exe	IEXPLORE.EXE
PID 2644 wrote to memory of 1528	2644	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://td-lcca.ltd
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2644

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2644 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8cfe15b673993854cfd4cc35bc0d991e

SHA1
ce12e3142cc555a8c4addb5dc8cb9fbc546aea50

SHA256
8d650d3a6df382a61bd3ced70c5af5e6189be77a30e18ce9f4e790938df20fd4

SHA512
8a0b2862a3ae1b7703ccceeae5b188ff149345cf2b1d2fd8ff82cfc20c28a82dd985f9d43a95452dea9a7ae9cc7234b27d9dac247bb573302cb023729d015482

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
56d1593fe90a5cc04d4e9a63849696ce

SHA1
ba92efbcc65f92f700d377faa304b3aa1469bd8a

SHA256
8f4f6056978c8bdd31c7660d6529044264dad7073dad4d739b3b07b34af46f42

SHA512
fbeb5dd9420d9c7fd73748a0dc48db7897c3986be23265f1f5145f72f47f4f008f9ad0add25d4ce9f36818306686f5f835feb6e4becc97698b8ce231ab7686d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4fc0a6464b7f66b949057dc338c27968

SHA1
1ce84b6a7bd6c11a1cbbb18e91d539047a1b56fe

SHA256
e15400bcc1a41ec06aea3ab71720694e2e17811cc65ee543f2fc2c1b48926662

SHA512
accb9fd2fc9b3a542de7f69e9ec9d66ed590f6bd98ce401c61ccf542356f2a4a4a15eacc9fd2089edc1ff4589cee9f037e451d666559a88540ff07b98e75b5ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e3241dd678eea0bbff2a0549e51aebd9

SHA1
fc9ff64eccd08c583df17375dcb0a58a08da23f3

SHA256
d203c966586b7d4a6e30151cf0f3ccd9b282be1c3d2c6fcb85e4b826a03cf0bb

SHA512
75b17614fa9067d46a2080aa541735e69a88e1f290e1a521eead399e593fd8f374777ef353206cac48466401c5404293228106ea0bdd8bae0e487bc78636016f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
24bfe11e55e0cd6b998c4468691de859

SHA1
c6a42921a2302b5bd90e1b9ee46059e470518bef

SHA256
4be392580190944078d778890e724d24521e314ff88513081aea3f2007e58cf0

SHA512
df50e07948c311652d63b7b0ebf895c356bb58a0dc34e854e747c1da2d0f225f76c69666e48bc304bcbc370704d7caec8685374ddf9e74d50ce695c59da1adf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
3597d8e0e827bd849003015a3d5b351a

SHA1
49e02fa9d62360390e9a02494606a405df60b598

SHA256
466584f22b358a4acdcb373eeb12fdd60d1e1825aeb2e3ec064a5d054edb8f4a

SHA512
1645a93c2172abbb91eafec69477d026413ec02f4100dc073660272eab36da2860a6be1ecb3530f5b39381e7fd9ba041ffa417f1f265d4af5fabce95be1cca59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4f903c91386f99cc9365a11a19148107

SHA1
718703ba4af87994d540f628fa025f6f6835fd82

SHA256
2c13224ace434e44a67f5b539f8aedfbf84d335b6c26119fac35990c1af8ebf9

SHA512
42ae76c6f89ca560bb81114beb359da8fbb7fdffb6c7d6f48b38ed4d083d8d255dc7fc57bf576673179db8b5dde66b55a4fc003e915e14506bb43fecdd2b40cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
4c22e31a6643f852bd88b8b741d4ff99

SHA1
de9e54369f9222c93807b8047ff139345f5af518

SHA256
12054d6865c3422d6fc45c6e97348cd62c35c45fc0c69323262bd7a7e0172163

SHA512
bd048f9e72808362c38f1383ca94ff782f083b4bda65c849978d54d5c946d24bf47a9e57d38337d660548c0bec18efae87f01f155c47e334db7099ad7f08c67b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
df95b12ab860549d537db89a7c8e7853

SHA1
631d00b344496f2fc2501bcbad75de9b59febced

SHA256
e72579d8df4fd8f5a029964152a41f29b8b386ae3f0d11fdd9f11b33238c9504

SHA512
d2209350dd2400470b175a8a8cf02dbe95f88e236832e6b65bee4ec9907865a92b4c20c1e3f1419c865aa8328f646796d8102c149819bef48fe6d8ed2e5222d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8b4c36da5956afd3255ebf1b24dfd2b5

SHA1
dea72e93ce3738a967c7e86cfd31789e7f343530

SHA256
1863b656bbb66509e0c2f6a069537071ce8c776c5337713ba26dfff6b60583dc

SHA512
f2a7bcac75345bb6741f984ae7dfbc443a2e641b02bbf9b5ef17c2546f87382336d88442440374879115c8679a916f8753b061254d36b729ac3100c5cc458d03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
3becae5508a0a3fc57a839b8e4b52ef3

SHA1
6c5de42f7da55f4da33ce4b2876b00ea26751fa0

SHA256
16eb5bf387601f16d36cc802a03b47ba3db075568e6f04d861794c06b44daad8

SHA512
c6184f70f4f953f1c291d06addd9d7912fbf59fe1ca7e4fdad8e9f9c5874e151e2d658764fac8125e249cdb2a7aa6801d067e43b2254a2adb7be947ffce6b0fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
23bb249f85a05bd0775e43dbded17933

SHA1
026f7743ebde35e76c8cacb22842fbc0446f2b84

SHA256
58130cb284c70e1cd05bb62872ee0932c7ff404c06937c4f1fac8464182f9481

SHA512
35a7958967d5859ac190b43f4e4c076aca0341772777a667441b81172d238f774f6339b5c32696b5de605c23a63c9d2ffcce421f7b45c73f8d77570667253007

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
dca2007cc7d15a9dee7c2a4635652b0c

SHA1
da8109d9d73bfec60cc91fc36a483e5e3a7727e2

SHA256
05fb1c9cf63ec5ec2d2c925cab119d0759d678aea3001370768caa465ebcd0f8

SHA512
51c1e6dd4160ab955e2dc8de15bd7f2cfc037101e488d43a783d21dd21b871d615e78185cc2d486cca04110a0bf8fe024fde22c96a469804edbf5f84a106b76a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d4fd06b6b24c935cf325c4b1bd10a506

SHA1
cc53b03f3a28bf65d5118223595bc23201ac3e41

SHA256
0860e1501ccd7e789d91b95a3e49fb2830a3e46ac182cffc56f79078bf308534

SHA512
dd32ba96c9019af53d49ac1a18483470722aed36b89596e3e5bd652e553810cac299171b5e674ec9a2bc4afd3b62053e556179e002c0c079a4e7cc67f7a1b92d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8ec6af4d691efb29071fa3815383bcfa

SHA1
5e00de0d373945b8bbf5254cd6ee0339021bf3ba

SHA256
80704500bb76d0d4be83e0773c74a972f2cab9741edc918a38c6ab07c4af4479

SHA512
fb57b6c9a4b92543e78dd2163ce2c2edab61740825d9b7910ee5ab6fade1b271e6b1bda08fa9e957967d03fa7105906fba18519fba37a0510a873eeaa0419990

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
eec66840f3791240363a133fdea6d4db

SHA1
5bdd7f073e27045d8e4940bef529a02ac4677dd4

SHA256
f342939343a0212720133b45bfb1728eec23be65bd6fa767f3652da337e51299

SHA512
e5bd033740c808dc0ec88a1d76e6fb46830b666153db9ac16d874845545432bf38b8d16b0d2a49ef81149a5b77a3f51b7e68209edf9d01bd132ec366b6fba2b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1b3949a35b2527d267b72fff27a1c831

SHA1
ae5c01165c8b1c4a15c1c347548868b93f75a8aa

SHA256
d9024d730bda99988f166df9e8d24bac196d2dc2573ec987ecd95901f7e89ad4

SHA512
d2639f75860a1d86eee9b56de6d43db93dd2566331de04b2a9ec3e66ae76ebbdc3be6c07967adc01447faa09cf701b30d51d51409665320fcf7e0ad24879d450

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
35247d568ff58bfcb9162bfce6805b75

SHA1
4f1970e9713a7650b783e6ee175cc82fdf179c74

SHA256
5aa490af4c9e6dbdaad37f77878d7e1e6e850abac3fcf548c96629754ae43617

SHA512
8fb8825baea386e1560a44c0e4b2e5cd991b58b865d4372c00f7718a6b6c7822a9e45c1e207a4e0744bba2ce3a92bc873ee3aa7e60d78d4b0dcbc368e6dea5fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA2D7.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA386.tmp
Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit