2fdba7c8ace34d0c44a78f7b9a9bf1e2acb1aec1cdfb7fdf52eadfdbc3e0f56c

Analysis

max time kernel
190s
max time network
199s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-01-2024 17:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

upload/announcement/list_2.html
Size

11KB
MD5

45c28f63610574a0074d54fbc6f4d3ca
SHA1

fb4ce4391054590a1613decf08e8956c20cbc1b5
SHA256

77f86994646cf71867385c1100843ebe1c7c4b0e6985ceb99e87cf85e739a229
SHA512

c8ac5ed29284418f553241c4e8533fbac1e099f889dbb2ba0e36014fd4f8e0ec112784d36771cb2420c2feb0fd3abdcc00324e83cd5060b82e0e2107c266ef0e
SSDEEP

192:SIPJzCNi+3eERCLNlODeLjCReT3BT2Ipt/4Luq:SIUNi+3PRCLNlMUKqpVpt/4Luq

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60973f8d7d50da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c19300000000002000000000010660000000100002000000019a460981a788785c3cfcf4e5e3944492839bef87a882dc549250cb815874cda000000000e800000000200002000000094f00864e889ae805b7d067942019b3305d41cb50443408ef0559eb93fb9f9a190000000707b5de131a6f7e5ecb998d186f3074cf3c7cfb367dbe786253726970f998545e496e41a04efb4d0921f86bafcc233962b4c2acb5633ce20c1b6df8e49e0a242803956bc80e02e88c4ea2be559799da3ede24224012ca687634a782ec2fe0563ecdcf98efb70edac982880001061145f1f63613a3c49ad166e215f070bf42be4e51c02358706a8dbe5f920e4383a4ff040000000c0b5cae365cc86c03eb28801e7fe9babd79035bd2b9a8db667ee755198e58d534a39df7cd16133e929037a64bbd6681d7ec73f2126613baca6de31057fac71a3	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{902E3351-BC70-11EE-B160-56B3956C75C7} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412452096"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c19300000000002000000000010660000000100002000000026cbaad2592f27a1950a7f7d08d1a3a525421f87498fa6c39a337e54c12408ac000000000e8000000002000020000000676e94f212627250666a9ffe4fd0a4b7f809f16bcecfdd7add72da84680a03e6200000000d4856f4299c16a944df2cb8de34a52b7337bfa0ff1466b4e95f697aeb979fd040000000a126a5fdb943406b83cd178167ad53b38c19f020e9306bb51af93b9d4040752b366460d0119e2cab11f4efb0742ec3ec19ae68e5063471f77912641bc5db142e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2872 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2872 iexplore.exe
2872 iexplore.exe
2984 IEXPLORE.EXE
2984 IEXPLORE.EXE
2984 IEXPLORE.EXE
2984 IEXPLORE.EXE

pid	process
2872	iexplore.exe

pid	process
2872	iexplore.exe
2872	iexplore.exe
2984	IEXPLORE.EXE
2984	IEXPLORE.EXE
2984	IEXPLORE.EXE
2984	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2872 wrote to memory of 2984	2872	iexplore.exe	IEXPLORE.EXE
PID 2872 wrote to memory of 2984	2872	iexplore.exe	IEXPLORE.EXE
PID 2872 wrote to memory of 2984	2872	iexplore.exe	IEXPLORE.EXE
PID 2872 wrote to memory of 2984	2872	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\upload\announcement\list_2.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2872

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a4e52b0992e08bc17ef5da8956657d6c

SHA1
849656e42646f2a2636546122a00651ae9cba346

SHA256
f6ec7cb9ac75ed3d26dae14ba0de26b564fd0b6a505d97e5686ac3d69473f1e0

SHA512
15d55aa07902ddacd83dc55836a587589e1817a18f5df20a908e8e493452938a2659e82ae7a977890d2502122ea82b10e5c0f8f2f62f0877a478862a7e46ce65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a66663d5838bf682e836df2df2a1b5a1

SHA1
1e092e1e1451b100f0b16b6bfc5119b662bcd558

SHA256
ba1a392302397548db9c662b23d01ae91a23da765c184b2e11fe9aa057df9bb2

SHA512
c7d92ad50ae03d8409bde5bfa5c966bdf20c320c11e2ccae44c1fc9c54b29140a4be615207ddb13decfbab7094e4fac5a87f2c8b1a2c0e8770b973f0ff8e2607

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aa439a54dc939b5cb3e3c99be9b30809

SHA1
1158fde2b5d227c47805de542b0e9a69eaba8f06

SHA256
f386b37370fa9095d794fc06a7a5aa9815f5bd0c216d75f87d361f9d12d11bc2

SHA512
58f56e86b6243fe4a2d1f0afe788c99f08f554dd80e96589786b6188938ced665148feb2f16c624ad9ab5ec8f665b46c5498d197925664dbadf58a4bd8b7bac4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ea115ec35b3de3311b5f2bfb4d38c90

SHA1
049eb35f9b571b3e2d0156efe689a983475f61e5

SHA256
b194e43d90fb4dfca2f5067d929bb3e8411670f1d5eadd7f0796a9866460376f

SHA512
80664cebd984dbb911a6c79056c8eef499bdbb2c711eb8e7dff5e34a0ce0ce67f9e4b61f974aaf40f94fc3e0b2eb2f403f5bf5c348279211170317daaa172f0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2445c6878ae8032aaf2e50274d203213

SHA1
3f8e991c9c69a407c0853153c9d902b0d76dcd49

SHA256
5b3d696ee5e6402415c8c705cbac32b45dc8c9e3a7597e22f3a053324aa1fda6

SHA512
67d03852ab57b46025631671e808dd021e1bc1a36485d01e6473c0ff2fc820564ccdda9131c10414b6bb50099f72677dc588edef70d2f5c96da620213acc3b27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
418fdd1734a6889a5cc23c417bb1796a

SHA1
dd7810c3de508fcc49035492c5ae848a382ced89

SHA256
4b22199231a7907baa9170b5cbe07b2689b0d0640d7099cfb00207dc1455dfcf

SHA512
3b76f2dd4b4f603216affd61de0f7c5d39109aec0601a83a9403c5279e5bb413e93474dad7dac103e7d950c71e385ec62209544bcac4b0c958592d5934cd09c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ac53dacf83d6cf387a5391b2f733783

SHA1
76a865e3996b6f5496bc6251762038be15751f2f

SHA256
5b0721749b140cd0fd51357358cb2dc76c3cceb83873502cc4badc61bd3f3a55

SHA512
4477df9bd3b7ebf4bfbd5df020ca7014d03dbb209ea1a1388fe94e25b2c0ab5f754666405fbc660e96344388f030c0c94a7e5dac9525908f1b60b9fa659754f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c8289cfb5ab3a02f28c82ef08dfcb99

SHA1
5464a2e41079b944b2acedd80a009f371afabc6c

SHA256
16b49a0700a9d2a9575d0f5ae15752c39332ed3d2d4c756340f3d46402e4b707

SHA512
95aeb6b0fc4b3eb2e0ee8b213e631efcd62f0e717c2aaf8caf7e64c324d531c4ffacba3b64f31face38478d0fa78e8724617ad23f57798fffa7973c6202bfbf3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d1d61e87d1c0a96e7f92cf93c08762cc

SHA1
a59d485849ff2800b5e3fab39d44993ab937e3ad

SHA256
a58d1e35be3b5aa794185a6495b4f864933aadd00c3a7f56ef3a5e056b5e3c9c

SHA512
d9622355d6081047b2e19e976f7a23f4457d135e6a231b38ddcfea4577614518a2dffef0fc1d967049cb3ad312c92372bbea57ebd2ef622f33264a278e5baf74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a0af361247da6e565ab34af5432e4db

SHA1
82354a6c26043d3d4dc864165ab5049f3e5e1aaa

SHA256
71d0d866eda6cc8534dbff9aec5bc797b5282ac13c3ea023ce6cba4c20eac1f2

SHA512
77a40b90ec5aebe2bab02f22c00534db6eb7a6aff417bc2d2150ae718e5064541f2ddb20b925f0d01a1e3b5f07adaa25487b2e6d0faf0b74dd99ce5684b66b98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7fdbc86820d35492586f7fabfdd3743e

SHA1
a551c75287a500613e306a706476234d78feca80

SHA256
7fcc4aee72064bfeb67389c7f775db183909fed0aeeed555b968d92478a246c5

SHA512
3c167294e52ea5e4d1a9339a6ab463836fab21aca9b45dd008caf413e95fcc19154551b1ed3ebbaa62578dd7900dad47e19fdf2543f89332b173c385d28aadac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
67f372bcd78b0911b6028bc27d9fc8ae

SHA1
f071007fe4ba5624f62b58fb8a9c81c4f1fcb2b7

SHA256
1355304d870f362722d0c7399e26d9f115f89ee67b644aa8104cbef76584312c

SHA512
6774cc8bca84d1bcf6a7e1da567d70c0b4a60c4b7ed80d9f5cb0ce3b214c1b5bbcf238c542b93cfe546012b96c3de4444a157f13761f7d6b02dd2490ac179427

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a9912d0332a7024f00aba2bc61af65c

SHA1
c50c8d12b241c1db551436cf3ebe9c7dd547b572

SHA256
54d125e55e51f7452bdc8cb33c12cd76a20d744c59e68f92c73874a0a4ea92fa

SHA512
b8cd768b7ede31f2208d56a01d4db9d55cae4f77f39a786b9c053303c6de5aeeea5a963c922071bfd49ca384d073b03f520484ca9494efbe2a85ac96b537b97e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8a34713fa176def86acbf55b70acff96

SHA1
9a7db2fd90fe1a4e0aaafd124afb22f9d732b68d

SHA256
667809693a5670ead3d7900e8bab160c1952e5685ebcdd5e2fc9ed63cf0c7eac

SHA512
8cd24e1705c0dc91b53ce48eb423b7ff1481b11033cac57ab0934d5d3e90965a7831f6486e3ce64d6debdb51459d6056c3b73dc616760dc7d48033a292c001ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ac9f246dd4ef0facc62dfdff9d220dd

SHA1
33edbecbf648a2bc65b7a6fc76e3a095761cbd6f

SHA256
5e5ce2283f000599fefffaf86774eaa2801136b9b03464b2f6f62e30a3f352a8

SHA512
bed244bb6bb85fbbe76ec67fb9b1465619eec9630cf557f79a82ab4392e6f99b4301ed0693bbf19722c87c13d13e1a52f715ed5259cab7b6dc2e456bbd9499f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab34C8.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3672.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit