hxxp://maidok[.]com

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-01-2024 01:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://maidok.com

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412395777"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7880E321-BBED-11EE-9F1C-6E556AB52A45} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd76917334189000000000200000000001066000000010000200000008efa0e74f877eae4d52fac447e58168bbcb07986e39afb3463cbeeac83079efb000000000e80000000020000200000000b473418aa50c33005307f355ae29dd83c06345e0de13f8e10fab0d30d91e50920000000cf8b679daa7314195806dab335fd1aee369b3088d872fb84a0de4acb100555d2400000004ee5d8ed61733caf06a1e3435e0d08912f9d810d77046a5fde85a2c8eb41d2f61270f2ae5699c7e938c3ba7f433b883e3ad954953c4255a00aa65ae4c92372d1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd7691733418900000000020000000000106600000001000020000000821af60632ed2658de1e952134ec70752d12a649fde229ba52f697d9b862f4b9000000000e80000000020000200000003d6d788f3ad116bef6008e04c392a4ec8216503cd103feb74c4d8675a0444210900000009744dd4c3045be7f8ed879696a52c6099f8af2aad3b398e7ac1399fb0d94fe753579850aa5ca5c89e843e5d49928dfcd7192030cdbb08aee98b3ccea7255eeff0f6c0b63a688e12cd6c861a04242a42752faf3590b93fe4cbd0a0a4a8dd7f24e3954a663b92b33082bdb3866d625db5669c5f56884d1c073346ea4e309ab9253e8a23f36ba4026a5ee27d899f586df9c400000004dc0089aa3e37cda5c15dc6e7255f0e0e57e76e6e00bc3c54587b24ae565ed82be7d2b24ea541ee383e5a12fc968f10a44ec969075c9183b38921a595a79c4f2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 708e284efa4fda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1700	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1700	iexplore.exe
1700	iexplore.exe
1116	IEXPLORE.EXE
1116	IEXPLORE.EXE
1116	IEXPLORE.EXE
1116	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 1116	1700	iexplore.exe	28
PID 1700 wrote to memory of 1116	1700	iexplore.exe	28
PID 1700 wrote to memory of 1116	1700	iexplore.exe	28
PID 1700 wrote to memory of 1116	1700	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://maidok.com
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1700 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
79f6085d7ea8bf5aff0c0b8955f133d1

SHA1
ec3207cf0cf39fb9652150c26e3f0e1366a131e6

SHA256
264eecf23403bf7da4c680008a1aca822f00754673699e154a9e57558ee47a8d

SHA512
ac8c253dc265ed2e3266a757c7e84355b00b3c9eb87e7ed0e800bba8b5478770857ef96648172f501a4d4f37b6e3905607c36c519d6b68d2b9f650d1d6a354e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d2176605cc327644707589a38f7c02cd

SHA1
d1b6c63802643476bf4ee06899417a5e2c5ff5b3

SHA256
be5514ed9a3dab8a7629fa545e13e851fbb116dce0e91f5433b1a5e35781b623

SHA512
45782488491e5196b853d0ee7d15e0243140d1e2694ac7501e9e80eed9c56d06a40043c59c8a54b28b21251b74f02fa4b8bbb0d8007ad04c616c511925261203

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e931d4d9dfd0c79071f1ba8f69a9e86d

SHA1
bafef50286c103418a80abb7cbd040f7ba0aaa1f

SHA256
f1fabff142440dd8076742328572af88aefebd40f4c94c98c80e6e5defafe894

SHA512
15a90d8f7542a45ff25f63d9d9e0afb829c261cf7456086a2cbcc78784b084bde08267625579927cd722a41458d269e6c872caeacb0af906e8d39d9a6a688e05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e0c1fd0c50351f7640ab45b2496b0bb

SHA1
ba0a04b8ad5d93f9d54e483362f55538bc20e06b

SHA256
9938151c5a61e801dbadc0b4802c19d95a78828938ad5add14f6d5f4ae0d0c1e

SHA512
383977317de2f0c32ea459568291a1bc04a8f51a14d11cbaa836a12ba6aa3c804cb6a501c3113e173e6cbcf2ea95162b852953f581a60f9a188d5868c8a843c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
68f66f51b1de4be8ccd128be38d5e12b

SHA1
835fbe91527c76579efd650d8f97dcc1fe4304cb

SHA256
121440101d43aab38b91fcf7a13ebfa9d743f9f044fc01a0b1f6f31decf2a5c1

SHA512
25cd679ae65cd44cd6aa291c9787de3412562ec32beb51a996dd9d7530a703612d0d1dd33443f0cb4b836e933770fc983bc5ddb7d6f000ccf265a2e76d8a7437

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
91dcea3e996b63a630a1dfaf4c393e2a

SHA1
50007698f1381b47c8307992679b0d995db23b5e

SHA256
2b15bf05caf0dc18de3252e7db5ea375b0385b596802392d8f379c24735ea7ab

SHA512
e640cf8bf4c9602847498ce75c7cfeb592c11214fa606081a8ea389a5a4ca6d4abe745861a8015832bc80ba2c4dd1a6b34f5701c3aade9a6450411435e1a7f6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f9d5cfbb87dac9d5b696e1a56f786141

SHA1
9b803976927d0cd584e1d35df5f2091a98e4039f

SHA256
10369c6f4c7dd5083f5966f2970a8f4bea15bedd0f5ecc94defcc9d50160e0d5

SHA512
54542af9cd3240519da81bac9eb807952162e6f6cfa1f0ebb3baddb99f1be231830446dd8332c77bf4d78124c42fb37e39ca12dc021b072fef628e464a9456e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8728a9cea1563912dbd9ed0a466d0be8

SHA1
d899e280b0e40e6baa9bfeb5007edb412cbca609

SHA256
ba26b786e9e2253cba06869051c46ed49cd2850182f50d5148496a6737580629

SHA512
3a9d78077d67758a0fb4f94c3dba7731e28928d39f0b30294d455d07232dff12afdd762eba6ee82fa4e42477c6803beaae9a7a85cd296f7470a3190afa7c7ef0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c43e097259365211f2e6c11f04ec816a

SHA1
39f615b17d2a97d7e139f383c05406fa82e9d607

SHA256
b19c19f3044387ee971fb6743a3ffb60a98004d6406e384d0baac339f4eaa80b

SHA512
2333779209f9959e7db9f22498a0b00828a7fbdd6f9d18f0d983399084b899a969e71ff65ba8def53575164eec2e6d8879b37572cf7b6161c23513f97ec01a25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1fe3816ca62b8a315db39aadab03d04c

SHA1
e0aa1b69b7d17a9e335aa581a16225759b2e4a8e

SHA256
209756a4f43d91dda92b49985902008d68e86b3481e0d9d9e5c32b1d0c52c5fc

SHA512
67e51b2b02bfb240230b31e377d49ae7e76f5d7544c3b32dfe47f0782dcf2aa824e7bbc11f47dec711a0fc1ae1b70c59b21e621cee490bc16b65beefe6409c9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
89f56bc080bbb7a6eb4ec5484f1a6801

SHA1
b54521e2b7d8d9283a4393761bb07032e19d0b33

SHA256
5ae3018e561bb81620bb33d296ef385e7a6fdb7b8c896f7e9f047e27e76acacd

SHA512
1c5f6ccb0de94da69e57b5476c5ef8d8b60e62177d30ae1531edb372b13334e7ce85582135a268346498d4802fc5493147d659c9611c68d7e9251288fb655f4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
83fb79c9b341e7d44d4fc58ed3a52697

SHA1
6fd576ccc7968703709762523685ee77ffcaeaae

SHA256
0272e015b41fd1a3488fec5267a6f8e362fe68416a140140fb3129ba81090d3d

SHA512
702db9638b986b4729bdecc5e2c01d4234da1f20c3afced8f9d0f9a37802d1f2b7a47154c8f6ac51afee9700b93c89b10b81b0dfb7fa71d87836e9849e7e1693

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b177d091fa788ba4190bf47cb4367884

SHA1
177faf33ccab8372410d7318e5b7294f9b7a16e8

SHA256
eaa4aae0ab7619c7a587b369e6f9de33a87d5b787127c821bee323e7356eaa27

SHA512
b9c8119761882530bb7795d04fb7dbeb5e15b9eb6cc3f4de2eda8479ca218470d6fe45abda46dfb783cdbfe2edc6fd08288b71314f656f8698b4a6f6c6e82a01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b27cf3b47789cbbf7e74e3cbb84ced7

SHA1
299e96955f9a09bc11205f3d193c25556e3bad89

SHA256
8df311748e9d9b71bdbd737a512bd72e9ad94ce560cc2ab4ed8d181b576218a7

SHA512
c86312594a6d49438c21e8f5d2db6b86ece240763cf0746f9746f212c3753c74bf9a2f19283ef36511018e6cf9031fbfe87367d7390ab6ed4e65806916a8da31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
02db7a2b9f809a0ae197b2c11af1ef24

SHA1
262bd3cf20265074f5786daeccecc4fc6ab836f8

SHA256
b935a3c6e92a4ffb0757d07c9043267719635276c52728f8c229febd32c0591e

SHA512
e064f45b53ba56e2a47ff77d54d9e60c916a86c23e518e01e1f1f5a6a863322a1d6d80b5338d18f2230758f65e272cd82d462ec0b965e50c2019aec238aeb4cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
25ffb405952b20d2bfbdd235ed113ac5

SHA1
9ce4b53afc3eca9f10b6594cef0a41fc3dc9e203

SHA256
4bb94e9217a1c93f8e9224f37678289f13e6ca99a1f8cd168ffb1d60dddb0292

SHA512
666b37eea918c68f163a158d5040d2c5479d0be4696dcfb39fa89dbc5e405a9544fd5fced9a8576185bc2d7ad9c328ecb87d067484cf38fb494020c0cfd83694

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc6d5109b9d21f71b76c4f830991e079

SHA1
6854142688d61b7c435079b0e83eb51f4b59e4a9

SHA256
fc5050e588977a6c358c84882bfd9fff699c97e5fe40d87b8a01aa261f8fc820

SHA512
d4bdc1a9fd9fb61fb01668c94affbac0dca0d857a779885f273d48f06adb84c339cd000da703ac06b72977d9ba3c890f469b48fd4b2763c8c7107833aa74bd58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab61C1.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6280.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit