7bc3cbac682c7e6f6ba55d364592e4588a3d845c9aa7c6c28200a59c3766f5eb

Analysis

max time kernel
140s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/01/2024, 09:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7cceca8cf5f9a3198762fa24d0f15bd3.exe
Size

31KB
MD5

7cceca8cf5f9a3198762fa24d0f15bd3
SHA1

5c9926b8e74c131b9e0c9b6c2139e35c3ea27141
SHA256

7bc3cbac682c7e6f6ba55d364592e4588a3d845c9aa7c6c28200a59c3766f5eb
SHA512

a94c341a054c9c86718da3e730f4734e35a0f5320292977ac158d3718972e96f89f8c39bd0982b910bfa8034d2772166cdad72e0969ac9cf7ef8a9a33ffd42eb
SSDEEP

768:ya1lzEsoMAEbwFBMUXs8xPLfTPSczEzeuERBkqzhEH2YqnMQw//Y:L1FEsolF+8lTTERUhEW5MQw/w

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\msjcf.exe	7cceca8cf5f9a3198762fa24d0f15bd3.exe
File opened for modification	C:\Windows\SysWOW64\msjcf.exe	7cceca8cf5f9a3198762fa24d0f15bd3.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2228 set thread context of 2992	2228	7cceca8cf5f9a3198762fa24d0f15bd3.exe	28

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5E636F41-BDC2-11EE-BE60-EAAD54D9E991} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412597169"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2992	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2992	IEXPLORE.EXE
2992	IEXPLORE.EXE
2788	IEXPLORE.EXE
2788	IEXPLORE.EXE
2788	IEXPLORE.EXE
2788	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2992	2228	7cceca8cf5f9a3198762fa24d0f15bd3.exe	28
PID 2228 wrote to memory of 2992	2228	7cceca8cf5f9a3198762fa24d0f15bd3.exe	28
PID 2228 wrote to memory of 2992	2228	7cceca8cf5f9a3198762fa24d0f15bd3.exe	28
PID 2228 wrote to memory of 2992	2228	7cceca8cf5f9a3198762fa24d0f15bd3.exe	28
PID 2228 wrote to memory of 2992	2228	7cceca8cf5f9a3198762fa24d0f15bd3.exe	28
PID 2228 wrote to memory of 2992	2228	7cceca8cf5f9a3198762fa24d0f15bd3.exe	28
PID 2228 wrote to memory of 2992	2228	7cceca8cf5f9a3198762fa24d0f15bd3.exe	28
PID 2992 wrote to memory of 2788	2992	IEXPLORE.EXE	29
PID 2992 wrote to memory of 2788	2992	IEXPLORE.EXE	29
PID 2992 wrote to memory of 2788	2992	IEXPLORE.EXE	29
PID 2992 wrote to memory of 2788	2992	IEXPLORE.EXE	29

C:\Users\Admin\AppData\Local\Temp\7cceca8cf5f9a3198762fa24d0f15bd3.exe
"C:\Users\Admin\AppData\Local\Temp\7cceca8cf5f9a3198762fa24d0f15bd3.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2992
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2992 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
55ef467b0e871fecd02ec51776be7411

SHA1
f893987b8ac8e91ad5963a8a2af3aa85f8d361c0

SHA256
d669d24042f1ea89831d9785315bdb1a65f7e91b93e584661e19365513de43dd

SHA512
f3373e2788750c57bc9eb739a4451eba8a82dbbc5611d2b248816b896b76ac30d6a5adf8dc2c5550f28fa8e6af2ddb35e458d5d8ec646be6f800efb4cc395b19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed2d936bc76193cf39620fe5c5dc9943

SHA1
8158a208bb383fbe9a13e824e8f870815df75d81

SHA256
391f4d8ecb7411297464b0316762c783b24bc6ed4f1ac459b6228ce2fec454be

SHA512
70599daf06f1a5c9ff8d33397619d0203c5c2ff72f3e75f9e9764c3d17f15b6c72658e94b3f702687a7e3f781fb006e79e29b98a234e5e7cff4dbad170111870

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df29c359a127d2a577dd2e5bd36779cc

SHA1
20ce2d573637cc54bcdbc2e68a85bbc14e5490c2

SHA256
ef7e38b185da4b0456df7e81ed288161a2d893c73b8e303b21502c5b1be30afe

SHA512
827fae86077bdf2f61cbfff1a47837588ceecadabad2d90975aec8815838dcc91b32879df4064f9fce64a7f23ccf1dc11104203f2d75c3888c4221ec8602ea03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc30b1258f7dbffd96175b7a767ae453

SHA1
208a52ffc9b1d0a72a28f488e16a7ddc39082f30

SHA256
8b2ceca5813c4178ccc113292a830993db9a64b7453881e467e802cd09cd44a8

SHA512
2b663c83c83f029ea6495bc7beeee52f1f53100dcf1963db898ceff8f844611815052fa8fdd5de36b5ebb2a7af397a8ba3725bde78568f867d8d2293fb613287

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
644cc4e0cb4dd909fcec8a2fa04546ef

SHA1
943a016e863fa4797d84b6ed4ecfb3dbc351dbde

SHA256
7c0fd0fc18a23c59a5238922483154bdadd6a4a9e61ff72ba328a1e8cbf25989

SHA512
4b01a7f5673b674aed5aa60e7329d733ce9535759f8b10a5ff1a56c3f5ebeaea85541a3b4fcac5143ffdfaec5352a400f5833c9afb6734e49c034c5ce2c58dee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e259ef3e38c1161bd1cf981b9b34c892

SHA1
65c8cbc43c18d85734181c97696f1e513879fa33

SHA256
189d55cac4f86f02612e3474b346d5638636364e283007a8bde4eacf1ba57f50

SHA512
62613e721af7c1d20c0f07904530489a2b9f8461bf72a6018363d50ce26c3cff3182396ed746e19a37593a6d17fa03cc2477a152054f5ed791a56344d56c09b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c0894bee9e910cde49a88651f40513c

SHA1
a9d46ff79c7a7a72ae3492de73aa7baef612ad76

SHA256
0d8204c2af82df97f54ecf0eadf7a100835111bc21b6cfc7352873965c5dcc8f

SHA512
65d8144e979a3ed97e3fc2563892efa0408ff71d13fcfe6ec772a66410b7bfb22a1e06da76f36da14686b677756b8101c87dd75d98b92813d9307553b4391af3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f186cc5bc791173b31eba8091e757376

SHA1
561cb8f313239a031dcb36f424cbd02f7adac226

SHA256
778d0f7acef713c0de629264634be20b0de577a58d415e86f0f37b787c0bf360

SHA512
fdf52a075dd32398b12aa18db32f763785cbbdd3ed17be0e2ea5ace20ffd9eae54225e873e696391cfe3458f52e4f9d1b712cbe9cce35fd35768843ce8e5aad0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3fdb1a271f73f2a116ab081001c3824b

SHA1
890a1d523589631ae587a0613bc29d868bea4fdf

SHA256
b8bf78df7e560fd39ddde8e28f42fe4242e76d48d001f04353140851c351ff09

SHA512
cbc834e721bf6f0e823f023b6e136fbaf15d6e40f31c16fc1cb37cffb1bb6b34fa57ed549469d01e0fd92fe196ffbd278da1b3fa92ade7584a2f729052395514

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a51d3c093b63460b74f8927298bd2022

SHA1
f41c4aeadacc367d3bf0f9085a11d96ee72f2d11

SHA256
b85e3fcdda962fddc1fcf0271e1490f71b7d19453c183f195f1b414aa0dbfc6f

SHA512
5ded71707f985842d1b62a6385192ae6eed95a1524ed8946399e8f54c9143fbd1e6e0205a4c627df071ee34c00d4356ba3529c063d8645bdc9ebf9e582c15084

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df98b3e9aa63cb02f0711a38e98b4459

SHA1
8190cd2c03baf977fd0a1be3b2e14d4cc73673e0

SHA256
de7ae2c3bcad9bd78e62b83ec812f5bcfbd0090fe518ebbe929f464372f89d45

SHA512
817367c42fe9944671f0b7745b6307a9571173b14b8842ac888db8c2b87b6656a440d9f786621a180e8ded8ad5a6267cbedba2ed344f738e68bf062e86b6b85a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac3f78fbc9f1ff47500038457f904246

SHA1
b34e0f27de48f20710ed571d2ea8e07438eafe08

SHA256
7f6240b874e807b196ae3f1fb4e1719681c4f53a7e5057e6bc70b5acc70b2c96

SHA512
e763c421f314b552708792e166ab432def045dc857d4a4d7bdb822117af1bb4105cde0d8a269234a50c5c52e6f5c250193abccd4d2a8c17df28fc159570892e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b4484762fc79050ec3814b63aebac84f

SHA1
7d148067a91bf9948f0494009991f66f5f9fa6e5

SHA256
96fb52558e29f6861624daebc3e62f9d93ea8de1bb9801c3fd708bda8f3ca4b2

SHA512
68f131085991d6fc74bf8cd42cbbff3971080fd0e026e5262bdbcf1aba02f100f761ce487be7fd1a7cd7e69e72ae1f5bcfd9f017c4890fbf7358d444ffd4186b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f6772c74ef732e180d0dadfad3bd44ec

SHA1
3a5c20379c7fd777e724778e7b27925db0d907b3

SHA256
2ab64a25e729d4bd362df584022dc4b65e9f365f9f4c793d88f79278a9e13d17

SHA512
a9811a8b7c826e8879eccd056f30187b28ffb82b1824badcb932e5d766e130be1ced406be22d9092e2a86c6e34c58f2d4281e2cc45e9870560ff69a28b8fe179

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c438c9ab661b2df2e726bba4bab3014

SHA1
7742a16ea07a1f76f327ca91d54cb3be8646690d

SHA256
8b6ad550f3065dd7c96274b9e8b913cbddb835a72fdb378e90fba6ac32ac46e8

SHA512
3ad58bdd3d8719a87f7c3fa5888054ce23d2ccb6e090947a4a9a3b6730961212abbfed717fbb240cf0433eba9d2a033a7f0d7918e0ddbe69f28d041adbd7b024

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ffacada73203ea5dd3cfaf9df31eb1bd

SHA1
fc036b76b698244712fb0d56ce44fd0c95e3cce1

SHA256
bdf43573b6e4021cc41df4f80d322acf26296e0a075d67a358d20030c09c2557

SHA512
bd9f9b34d8e731953fd7532a89d3d87fdd951cbeff365cb72ab45cf848567f36eb356d43bbe39dffe5efc80afda483b347767b210863ec91ab6fd2d9054eff08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
607f8bff6500d5b5ecc0f54159aecaee

SHA1
31815ad33d21a2f976cd0a716ee7be67b38c147c

SHA256
2699f7b654c161884a0e0fadfd644428cb51e8d95653f0115ce71f5d043ed484

SHA512
753e4f8e414610991c3c909e547f2721b044c2a0dd723a908a96d8dd510c59f664ec86c47a29018a37148b14cc92939547b4203449ccb2341b2aa8ad39a6a248

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
578e8852944e0de1fc36e0404e95352f

SHA1
5601b5c6a93ab41a0644a73e9e2f42cd21d0c2f8

SHA256
4f073b76b19b171564fab35b2d6ebd0690c8735b198a97380f49d94f089fe104

SHA512
8f7ae196e153da7ed4714ac8d26c17a61ef04786c76320595d09dee936b7a0ce2fef4f149ab70b61c22aedc9fe348b32178c212ada7a35c02f70c433fc3b8ca5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
783f604215569d8becf14e6dab7e9e81

SHA1
741d382cebcd8a1f87cdbd93a7c0ea45e37bac30

SHA256
a6c4cc4d7d772d2f490a32bb04b3a45ae0c7b42bd554c45a6ed6f1ab82531cce

SHA512
47c359c718bf0290adf9448004227a0adaf828e161dbbb0d05102ab4d789146e5f863c90dc0c47d8ca7ac7f07b6bdf87d479c3d94d2ee0e59911e2dd38e1d743

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4B65.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4C14.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
memory/2228-432-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download