hxxp://s4[.]noshwsmkm[.]com

Analysis

max time kernel
136s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 18:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://s4.noshwsmkm.com

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f02332a2b94fda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CBB780D1-BBAC-11EE-9D5A-6A53A263E8F2} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412368002"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb80000000002000000000010660000000100002000000036efeb6ebedad4ece84a6c4927143d1e651849eb768fa2cd2c3ba76100e563cc000000000e80000000020000200000006ce15481a14a07cdfb811f81f6a8990693945adab6bb6aef8b33e1e3396004e4900000004b1d591ba0dddf55c7cfb3fcf34f64ae326203a9490f08c9b2b555db564c99f1de5c5a8ecbf9d0cdbe1f62f6c0dc2f8b60585a70674bf02027c0d9bb6ebb1f29b22081f77a8855a22151615a105d042936db9acfac1c6b6db8ca6700b008717af759f5a1623404e986430a7c68fd784ca73a38f3d796f64556dbd2f7dc24d3355fd4ebbbd9ead5c97676cac37b69f929400000003d4b2187d86d4db371c76cd18f06f2e08d026e4e87215bcf704e29d61d5253edc79fed454baf6898a335c5821b955b46b5d375fd8b0d03f9ce2dad30d0358d0b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000f7e6760e942de8ffbc83e2b40bbf02fcc52004fa75309db604be24056327a469000000000e80000000020000200000000546571b3c2e3d50615c270d45426793922bc27ac5fd22f1fcabec8ad0677a05200000003389e7d49a7cda818b625ffdec7bf10c721014cc6638ea2057f938a14a78544c4000000056ba08e6bcd9985bc389844440dfa8e57fda2b77ee782a5386419f2173e44701e2b62f1538f28c6cc74c51af21bc5834c57fa85e452ad6eaf14fd81d9df88188	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1888	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1888	iexplore.exe
1888	iexplore.exe
1980	IEXPLORE.EXE
1980	IEXPLORE.EXE
1980	IEXPLORE.EXE
1980	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 1980	1888	iexplore.exe	28
PID 1888 wrote to memory of 1980	1888	iexplore.exe	28
PID 1888 wrote to memory of 1980	1888	iexplore.exe	28
PID 1888 wrote to memory of 1980	1888	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://s4.noshwsmkm.com
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1888 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56bcb7d44a521b5fa2924f7a05d52dff

SHA1
4e5d9c48ba567225f63e278b93e3fe71f3099832

SHA256
cbefab055ff46621ac4468986bea7b4ce920d001bdd554359694e4b955cb4ffa

SHA512
a97160b1a2830f5797e781947114ca24edc9d70a19206133fd91752e60eadc585beef782bc01809324487e6b2bb036e0180cc012b630243eb80175f756f5c2f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b688a2d10ab1b7e820617b83ef85bc7d

SHA1
e06c093f2925b5de0fc86f8eafa52562314d49c6

SHA256
2f278eef212c89e2ad59ac666e185de72fbbc034f4c10158101bad867e3463f2

SHA512
146ab4813007f0eda2989c923caa7c0bc9d0e1702ce26d2a25ae9f6e3634baf1d08eb9e51c6a7eb4332c7c6dc4fadf070f7d892e2be659806021264c5c48e4ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e1ac44b68595e33bbaf2dc80e5eb09cf

SHA1
c4459528aa1fddf175d9f60170a6380b17162306

SHA256
6b773df93d30170d4601e8f106e6791c4084f26a838a1aa33813333b10268fca

SHA512
afd567aac733f01b5e2472d5c321b5e61d8d6321d0285040c58ab62bb02129040e20e5e6aafa6861bb8ff8aa07d6e24992f3933869ecdb22b98cae9660d19521

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a6c11d053e0ba290d31b8733b5e67b8e

SHA1
a7d959d46e382303824dc650c471cbd4e99d9fa1

SHA256
27c2d564c064a313d9776c66e7314168dfd060068008525640f74b27c8ce06fd

SHA512
3fd137c652e6a83b103016e50998b420bd2f79a4d3266ef4587029976127de9a689413ae76ded9884aad0a5d7194ac660386363c5d6d26cec55787bd162123b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d81648c5945ec8f2afa7155cc305afd6

SHA1
fe61d502444d72948dbadd56f80b7c72aac66ae4

SHA256
f37bdb886d1d97a38555bb5102dbe551b1e0a9d27a925723e41da3ef832f7a26

SHA512
b6ec1f022ec325c054a669ce79eb2d1ac989945b1af1c1719fa492381a788241c94408ab68f7522a7d72c0bc590debe9deff3d591e6bc9019d59f60693d65d96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5367d314dd92e1a0370385e494a940d7

SHA1
20789bf74aadabf566fb5c2c352622e1044f4d8f

SHA256
e2ea0813f862cca7268bac84fb883a5a6e191282e7218dbe9f2e088fc6316e69

SHA512
4c407e80b8ff187cc34b5c1aa1071537c8f091e4825f64c0a4c0c71d3f8df16ff65b63f037e32fc5f6fadd1bc6da92260ac97aa1907c215a7ee253f426721d35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c792602883821e591aa9e27ad3d34cdf

SHA1
a1b4ee405a54f9185ee209d005d0fe23f481ca9b

SHA256
eb7f2fe6947f719d7dba2275ca16fa6dedd96c5c62cda87ca59c694b028a4b27

SHA512
743ccabcae0e611d6898d398efcaa59fe2ff550edd81735dabe5583ae3f3088989cd6797e3cdfe3d49f435d2d89c7ad6775fbbd22d0c919613404c370e9d6773

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aa8fca3df72930b50252d4985a5f45d1

SHA1
b735679a598fa0e869c07d0da5bf1d0bd8d2ee30

SHA256
e5a116a511763d0380dfe739dd25a69af4ecae220fb899e5f7025df6943b2dc9

SHA512
a6118534eed117bcc24a766ebe3249574f6fb74130411289b59a39b9b812028d3ab6049d562f7452edc7ad1a81aee53095a1bd06ed228a659ec6642db2ed823e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
35c08afb8dfa32914fea8e38ede7b2ff

SHA1
a26e7af605467e28509b8a67782dcff475757de1

SHA256
f54e974fbc527003ab6ad9669d2d4add51c0e6eabb8d98d8f57f2163578113ac

SHA512
8ba5429a07d023055b9b409355dfd5b23dd3515ddd2a0b25221e3837fb50efa64f92bfe82ef0e45ef0b43f215b65b9de8a3cf1c9afc4826018b23318a9d21753

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
569425da0319f8fbd4234710f28b7b04

SHA1
fe3eeda0b4b062a79730a82e286694e91bfa5cd9

SHA256
dd3e08b5f3fabbe1769d4dcab08a64cc70d1774ffbceb29b55d740133122a186

SHA512
7f229548bb4e2436cd92ab44d5031ad63de945f10345da5703c578c340af91e8654a71c984e2ade2271a56d82225a9492342aa3b91c2f31b553ac4964ad3c3ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a75b26c3d547fd397f74a10928287c82

SHA1
cfa1ed40c198ce7d11205e5df17ca7f531a5139d

SHA256
98b801d7c740ab7fa46ec3af0a73c79871b43bfd55588e97594f5194fe8b07e0

SHA512
d9dd9f90a6e2800ff2e5e4c726a22ecf78e25131fa3ab6b3f70a2f794cfac48563ca932d4e14bc3d7e52bb1943a63eff063974006d81c71744c5992de72d29e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c13be70a3b63f76b36558cb2afec0113

SHA1
cd73d0d809054bd2d04b0060a99c3067da8ff326

SHA256
ab5d3478ef0f0d6023a5493674f17e09c8e2930eb93402e1b63c88f18fcdc13a

SHA512
7bbf9bfcd35716a9e92bcf18e51d3d49d4bb28be0bdaa19ee2947ac2d2e7040bb1f624139708bbaed4036080f5f24b124c55caa825d2ee2c5a25984a30a0718d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b06145493dc3380675af8a58622b8528

SHA1
5ad5b44a1660d47d4b6c08202997f4b88c61f33b

SHA256
406e3ce2c20926843ff8449c743c1c3d126422003985028b14c7439d2bbd2a5d

SHA512
b2c33a30dc5baa4697b38780ff5d29b5a5dac7618147834e0eddf199be75bc0f970ce1e32abf75129226ed00467f343861d3b487492205d593b731cd7752b1ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6594b211e60b64efa9f5b1b36e3b587f

SHA1
0a8aff9cf9ed74078c0879cb57c151275e1694a7

SHA256
d4b23283bebcbdab3b9a36cf9838e2a449289bf2c10f94c10db73af3b73f3752

SHA512
448af7c86b1b8c7d296594a4e70362947522c7b56e4afd40dca5ed1226a0d2ae96a4a4f7a8a245505248424b10c464e23018317c22e64eee6bee2bf78e6f1c11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
de3852a6659ff2f5bfeefa64f13de527

SHA1
4954fc5fbd66a72b88ae7bdeea80b3025e5bfdaf

SHA256
7588758850b8bfc270132b81ce48f0c92038eb3b75facca2274ababeb2019c8a

SHA512
6ebe10d7a75f30184952fe7cc561f155aeac4d0028ce6b025886f67af40241765c4a98da26e7515344ad3544a5fac0b7c344f0bd135222fdb414190a208aab42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2fd434745e642f5cc158af3e173fbaae

SHA1
311461880ea2813a9138aebfc16944dd266714e2

SHA256
fb4e092ce8fd6e12358db465878019a8784153946ab0120c5e2d65fee51e3d44

SHA512
52ecee4e544cdfe00107d0e27557b421ea4a1b4c60cd11f0235a4e567b5414446bb191fd67e0121db9373398b22e17797d443076f1260f0940ea3f8a010e5b38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
691aa95f5fbef9bf93abf88663f598df

SHA1
21e6c52c23c0ae845bb115301bea3dd4bd1d3f4e

SHA256
3c0f6ecead955248709eb60581c90db5ae223ac857fd343fa6462d1e376ce4a7

SHA512
0d35b5613265645200ddb908d68acf748d5076fe807f61d731fe1f7dae21c9b3eaee26a61a23c2c0b1fe571f65798468ddb8f0eed63d77151ea96f82989c7e30

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabAE0E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAEBC.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit