1f0d1a85393c1a72f385262508f46f66c903915b1ec5b2d9d9aeb5735e982100

Analysis

max time kernel
122s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/01/2024, 06:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f219ad392dfb7aa9b1d302991080884.dll
Size

67KB
MD5

7f219ad392dfb7aa9b1d302991080884
SHA1

80f014b74094029dc5eb34f4723d37005b7394b3
SHA256

1f0d1a85393c1a72f385262508f46f66c903915b1ec5b2d9d9aeb5735e982100
SHA512

1f4450110ef0f79b140c027722ca71f23f1afdb12ce4c8b6fc15178540e8eab2cc9e222d057ba017405c8f6c42c2b2c31d893d44626ae2d125d69fbae3e299dc
SSDEEP

1536:hKaouK0rof8925RMehGW4X6cHUP3bqshuqR+Pd:hKaouK99MqB4Xy39nQd

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2288 set thread context of 1920	2288	rundll32.exe	29

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{02291F01-BE70-11EE-9D00-76D8C56D161B} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412671747"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1920	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1920	IEXPLORE.EXE
1920	IEXPLORE.EXE
932	IEXPLORE.EXE
932	IEXPLORE.EXE
932	IEXPLORE.EXE
932	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2288	2356	rundll32.exe	28
PID 2356 wrote to memory of 2288	2356	rundll32.exe	28
PID 2356 wrote to memory of 2288	2356	rundll32.exe	28
PID 2356 wrote to memory of 2288	2356	rundll32.exe	28
PID 2356 wrote to memory of 2288	2356	rundll32.exe	28
PID 2356 wrote to memory of 2288	2356	rundll32.exe	28
PID 2356 wrote to memory of 2288	2356	rundll32.exe	28
PID 2288 wrote to memory of 1920	2288	rundll32.exe	29
PID 2288 wrote to memory of 1920	2288	rundll32.exe	29
PID 2288 wrote to memory of 1920	2288	rundll32.exe	29
PID 2288 wrote to memory of 1920	2288	rundll32.exe	29
PID 2288 wrote to memory of 1920	2288	rundll32.exe	29
PID 1920 wrote to memory of 932	1920	IEXPLORE.EXE	30
PID 1920 wrote to memory of 932	1920	IEXPLORE.EXE	30
PID 1920 wrote to memory of 932	1920	IEXPLORE.EXE	30
PID 1920 wrote to memory of 932	1920	IEXPLORE.EXE	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7f219ad392dfb7aa9b1d302991080884.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7f219ad392dfb7aa9b1d302991080884.dll,#1
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:2288
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1920
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1920 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
815a63e8ea8474ce74a3e4f780908a3f

SHA1
ae80aa07d25577c59d46c6fd54eb1e90b5a430bf

SHA256
4bffcee7ff4f7fbee1a0dbec54314ee26bd955021b28f0585d69e9489e985b6c

SHA512
92788f1f89e947aa7606ee68ce4ca717517fc240add48cb6b5cd1ffac780ab0d45c0dbca1e38c091869be44e6fb3c3887444c5ffc2eeba3c465b013dd90986d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29d5c74c5b3ad8a3ccc8e3dfe30172ce

SHA1
32abc7f1438615224426c84d6730bb2e15a2e868

SHA256
fb34d101657e6c7522f8cea54983cb334c06f19ebd333b5d6a94b62b672c7853

SHA512
95c1e8728293fec8c71075a23c69f3ab7e0b1e6741c7a72f74ff2a24be760fd4b066af9152a6c8c5a9f753ac37e2dbbbc773076512008b3a08972f7331b3b30a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8853309635bae7c1b43ad47aed20e7c

SHA1
e7aaba8993c89916d4e3ef3a3c177ba7908bac46

SHA256
c659dcbc7ccd0d84be31cfe6eda93fb2aab9c5e15c63dfbb07a46a2b9efe5b14

SHA512
7b99783244b43ff74867ee997aa464e02ab2c86f4caf53ce0b3073488ceb196f97d884e6ad9b0a875ba609ad2713941cfaa73d71041f4bce6618a53f17a2bfc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2754424e83d996a50a9500bd1fcd6859

SHA1
46e8b0ebec5260625a110b14caaceedfb3e1361e

SHA256
fdabb8d32ae941b0ab85092b6ca231492d16a409bd603f0163a4adcbddd208ec

SHA512
7b15db07a7a0d0f3a890194f0c7c05b34893d603d18002b888a5756695922ee1b7b6d0e7b1a04661df7cfb08b65907672542e27d2166b55229b247120e4b1be4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c8e93b2f0e15548957f04f8509c0902

SHA1
bdce09587ba3c8bfd025ebb977e8d9511f37d623

SHA256
ebf7e495505f1c5e82e8cfa8531dd97872a5857f746e8b725281d5c82b7c726b

SHA512
1c9335df07b2f74afdf94031a8f2a27343bad682f965d3c9d892cd36e81511b32c50dd329389f09945f4056e95b6c10384d2121ce351363205e4942fb0b402e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
831e5dac1c6c951a3ee3fda737a07529

SHA1
ae283b5fcb8ede5cd9607352ff7a3137ab5ff95d

SHA256
d3c123562a59064d7ab312aa8836287f3debf41a1a8fd6996ae347b2cdb8e132

SHA512
ceb9a3ccc236153b858e0b2901431bf841792ade294d2f906aacfb48a6455038eb876fa23a58fa3b846cfaed44d051fb85501adfc8e728e8f377bf0e5a908330

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b5c06244dfe365738c20b60a186a9957

SHA1
f5d646fa0145f0b0c0385abb91346cbbc6a668cf

SHA256
deafa7666b24d6682b377dca55162a0ada334c6691fe3dd5e381ac71d80c2e96

SHA512
e13eabef4da487f508aecc9e9916e57467c9ce91261611c9830e6c4e88856ea646dcf334ed7fd929a5aa80876e4084c5b6ed9974f25078817737387b49cee956

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
477964ee00503df5a9ddfcd8428617e1

SHA1
03b08639411b9b6bf4d88d62a10d2ef9dcd0b640

SHA256
ce61e66b6c87c9bacd8033b142e0b7d2aa42c40483d7726f8139e550cd686dba

SHA512
bc9491b7f872760b4ab8b24bd719e97dbf026a3d286a6faef95f3e7b7a4f8b04eb315273e424199be10cbac85d4a45ec4eeb3312da95c00e35bd6f02bd88061f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e66184b77f9d23ce756597c15866f2d3

SHA1
94f2020b92a0e2af1024704a896a02ddd1fa7656

SHA256
5dcc1ee31b6b33a22a65fe31239a6c84c831c4ae0f9ca564193d126ae2be8a6a

SHA512
be09fcb7c615ef7d32b6709d7735e4c5ff3bd622fafde13fe8bf0bbaddabbd12efa0702c4d99fefe02345a8e31e1cc75c8fe7200379d4a21b5835475bdea0fd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af697f1501d0ccc2a0b1ab6ce0e9174c

SHA1
361c9a59d6e33aab5e84b680f95e209ede023d92

SHA256
ff80ac63cb4ed5b4186a24acf775618d43f6982fef5d280906eab6683765f714

SHA512
84a52a08b84e1a45833453fabc0ac917b5b3ed815fc90ecb82ad0f73104fe5587820befa0e4e1b00420f887ddabdc8184075753dfdd77661c5044aa1f51a5467

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
64192a56a25b2ba59e2fc8a0370b8a20

SHA1
3302063708b9917e51f8d68417b959e394823966

SHA256
91cf8f83c5d2e8f0da9e12bb5f743ea28bf5f1b0a87d0434c64f431fc98e82bf

SHA512
f0cd37b2f152230ec0b449c059253d83925a8d38d6bffb7f2ff952867eaf30e63ad8513c4766b83c5a4b3fcfb6ad2a7ea65c6dd66a6c21db7396eb9f57ed2d51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
acbed0d157d8a07f0ba23d877734936c

SHA1
e13e9553188509f2d9173c785c8dd8ef9ce07c9e

SHA256
a82a8643f2ea5c2098c57f8028395d01b72bbb2e6f34eb6622434625e72a0488

SHA512
6a57b9fa9ef3fa37a3065c0c088ec105e98851c0e1ab40f84e43e9a74064ecbfcdd6b35240f590eb7361e05785a64fa6cbfb12cee47aa46b171e078eff943971

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b8fb1b16bcea962f79e577ceb5f69a0

SHA1
295f4290ce5368977bd03dcfd3a533b0f9edd100

SHA256
31c91fd0b93566ced247f8c243253cf39070aca995eb6dbd1883f3264ed6e83c

SHA512
6e334d7ef29256daa0e63c97f3537589b0e3d8c3b3527e86a216c8c2bfc2a3b920c92792dbdcb028fcdfef885fa92359a1118ac7de36ac20f25c8725fb28f0c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aea508da0bfc5b53f41902457b357081

SHA1
eeec26bd02e13717d1927cf1cd4526fc7ba28ae2

SHA256
8e1587f6a83f43a357600589fe2666508a0848fbb81d15993c1a3ec8a08d441a

SHA512
a7825a9b559fb20e2fd4b870b798ea2d441af121f54db33e400da6b83097423317458602c385f8c419357ddd87f1424aeaaf14fc1a2253dfe8098f88adaba85d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
057fb6a5c4f7dbaf97379b96d4a3ffa0

SHA1
aa1ed0414ad576a3e7f489090cc21f988b455458

SHA256
c48f1d1588c37f9c81674e3a4bc5b1701dfc3ec67a856af5a99446270fd6daed

SHA512
942efbf1598d7d74b0d9f3f5dd1bcce84240017c72e2d91624680c4f541e67f0a6c9c3b68ce4264c74409aef2a06955de07ef288cc7c750c1b938d4cf0078460

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b179a9893004998da4c4a0c26cf99c5

SHA1
69241f58eca5aa8a6684075d55b68f54b74cf58c

SHA256
5611f97497592680166fccb94221e30783375199e8219611d9736507d6d9a4d9

SHA512
1c3d2bb3d74d34ac8cdd483c16df36d28618d32228453242c62ea38cbe6104f14491300793e9bdfe4b3edc93757d96756412a854074dce03fde4328a12b16813

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14a73257073a9ac00bc86c6819858497

SHA1
c157cdb4d302785a81a577fdfee7e980935d635b

SHA256
50b6e62dcbd69f0f694bd88a9fb352662571f51608ad055f80a33ac4972f6d76

SHA512
2c0cbebf32955bf93b1d5b0b633aa19cf1bb5f9f2d85ead62dcf4fa34b6e541ecb045d459c5064842030e56cf2338cd183e295dc2375aea643867bdf4d539c51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f932c545ed523f39b3d238a16d51efbe

SHA1
c570c30517811cfcba54819c0d7e93243232a111

SHA256
824a0c1a81a56141d4eeea498ecba30ca272caee27fcdca04fe094775187430f

SHA512
471ff83e0abe5a748864e1b097a190273c21db2521c609dd2cd2919b322a94965a79cf6f4637aac4a1148b397bcdc94b9ec622c967a72fb3d91c32dcb5266928

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fffa275d785f71c198358822581e532e

SHA1
c3d0da33a0a92c4417ce47321e9c659108c6bd20

SHA256
d55d4d1b5c1933754482d765921ccc2999606a77b0985e16a81ef1a5db4d4173

SHA512
9b0e032d70d8fd133c3f82d65a96a04185e193b57b57db2f0bd20d2d81efafce76fd6576228215ed3233e20615809b89b04715381c10383836a3a76ac0444274

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabAD24.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarADD2.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit