hxxp://lllll | Triage

Analysis

max time kernel
0s
max time network
46s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01/02/2024, 05:47

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://lllll

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 14 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://lllll
1⤵
- Modifies Internet Explorer settings
PID:2948
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2948 CREDAT:275457 /prefetch:2
  2⤵
  PID:3056

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:2360

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:2564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
642feb286a30c007d8ad06715b2056a0

SHA1
17c89971e9e01e2893c3fc80f2e4e6ce38ed1260

SHA256
f1669a74b705f1d221159a73a70ec967cc7f1c0d70a5888f88944b0a7d31e1c1

SHA512
e8580e560afa90efaf1faae796cbd32d60192acdc415a0b057d276695da92f06a82ba844840a5c1344c14c2f3bcd65f848019a6a5364d0f3e77de955d47f207f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c644634a6fc0c4939254b9fb1b308f7

SHA1
dcaf4cf1f0675c1679d9a0ed0be400370c02b036

SHA256
6d83a942a2a20a5d135f80028189c138e4d4c1d3da6bfd8c0874e9a616225a30

SHA512
3fa257908a71fa65eec3eacbaea74fc2a48f58fa2254bf312c5184618e02e13a063b0536d912da4edf9c9c12fce46129967ecbd8d87669ef84033528acbf6e55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a12e25efd5219d7f59d798b246ea56f7

SHA1
06bffc1e976eed857503749a476367355dcc90f3

SHA256
c3df2a3b7da47477e7d80ba16a11f45778e9f71402208d60ceb290834b4e1ead

SHA512
fa6f4a7aeec4e76128b5bb1435573c6adbd6335317fbffb92ce0d4d4c192df567cfb4b97c58827b6b2440d6634fb448ee42df10e4dca295625cc9bbeb3f7738a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
44ee2bdbec37fc2c1cce1cafd404cee7

SHA1
a80b2192dbdd2774d4d85f253e832f24cf8b7ac6

SHA256
812f8536d77c8109cb9087c187a1f8e8b78cbe795744f8470391bdf06888b0b7

SHA512
cb30ca2f867a2dc0dc4315c38f5edf049190910ac4a147af07799a720fbaafc703ffbbd2ff9819e709c894b18aa793f42a38f47d105f118b05f2d545263cb2bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
95bac6edd2e4784bcc731ac795f1af29

SHA1
ce5b4cb227071d8c93b8ab60d63bd303c9257873

SHA256
8446eb05598465dd7c3ecfc3ff9b98fbbef575989b7f27b7b1e6b6d9314a76fc

SHA512
771df837ae11df32c8dc74b55e4e0494c14fb20029a26ad13134af326133035a6404b5c6abbf443e418c50d6aef357213f8d5a6adbc653549aa931d552f85ee3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd74c17c7ed97064eccc602c66dcdd64

SHA1
c4af660fc5e3ccb5ef4c679ad097eb116725d5ea

SHA256
c27af8c50c10336b8b3fccd338a8887966753af16e6641bd1fd61caa6262f92f

SHA512
5aac83999169a1e48457c32ca7ca9f9f373c3dd351c7fa0ce68d7a72cce1c44f70a0f137f7ead351541caaacaa1d200e6830cc06d4330a3936e913e657e33f25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f0d3fe2faac94fd838d630584d6348b

SHA1
aaadfafaa943b81ecb2f3d763fae183b06e5df40

SHA256
20b7937a5e49a399ec5af8f8625a0ebdde681853903c08ac961cd8da5b36a8cc

SHA512
0f66ec31a63914ec67670942d5edeb123b82b5d4c328a0de88d006f5a49486c6b0ce0b17953280e07917bf8c5c141cfd8612897c64831bccd99a1778b0549a82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae8e2d91604bfa17baed9cb599d4b04c

SHA1
b3c72a7f3ec2d6a2b2a56ac92175577153158732

SHA256
d23ac0ad6dd58245bd9909330ac7bc62c579d61639222c8758c448a060dc2825

SHA512
8e14e1f158c5897195c742cfa8f7c91ad724ab3ef0e698256458b202d7640ca3d7de40945ee14296ec7f2c6ca37944a19ccf8422810fe89000f605b330b5858e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b90b925c66fbdc56cdcd4eaa1ea3e73

SHA1
9525723f7fc7a537c81fbdf9017f9bb67cb4d7fe

SHA256
19aa1d8501766960885d146d656bd174c2b3f3590cd65b1e52a3c4197f4204d7

SHA512
70411a23d14311f5c0e0944bf1781ceb86a50e55d6dc2f483a93e42100472c5a1beaf38d7c3a753d9d00cbd65a48d24c95f2c064efb15c0283b67bc2b85047a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
87f2a44579927de326837fd6d1b2251c

SHA1
b50dd04099725b158590be5c920bbea2c38ceb09

SHA256
3333cd4844e8b46c13d33f5940b93df1c7dea81d015751c9106b57c90e295886

SHA512
ef8dbe2381c164a6b32f3715e5c20126650b18d2230a2d8bb881d3f1cb5837f24c8834f6993c018d7957c45de2afe7dd20191a53cac68a2a2c50a95b76f67595

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
bd98adc8cef94eaa85a12cd15dd428ea

SHA1
0fe2c2d963df8c72aa9aeab883ff70baaabf32f7

SHA256
203f3e437836ab370bc43674aba283878351accdd176f3dc33847e62745690a3

SHA512
d20bc2a6e7ec3796ebfe2f405852a81d3eb28e980facf0a51cb4bfff6bbb7757e5d998243084c69f0689a7d49e427f438e52f86e0d03243f4ee614c0e6348def

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3026.tmp

Filesize
32KB

MD5
2a7302b69fa64d6bd573a500fe5bcd94

SHA1
eeeeb60b6593cb6e2a25eb36534901296cd25a7c

SHA256
fc6042b9ddd983ec95e08c70f253b77cc11175b82066b4ff5081b5bb9b12f823

SHA512
270b58504d3dd3729cb63169889d497ddc023061c817087e8abac873320dd326c658ca81dd6af8abf0f220446b79faeddf62a3624f46c2ea3a2d667a0de9fa2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3145.tmp

Filesize
151KB

MD5
62e520218ffa35e467f13f951ba111bc

SHA1
6ddcda4d733ccf344fec01e8051f870022207db4

SHA256
f841710a8ddce2243ea0c3be26b3c811eb5c171bce7062a6ba374cfa1e665bf1

SHA512
0556773d8d152c8987f0029a4db3d00609ee1da0f07e4b16b9fb7108ebe660cfea06971a2385d5ac52f1a630880433f2889bf13761708e4bea0b3a7e3236d5ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DFFD7F4270B6173178.TMP

Filesize
16KB

MD5
83240ab649f2aa1f0f8c6467366cde05

SHA1
33e5a3b4c11feca8ec7fed08af972661f18a895f

SHA256
db5c9ef9f43de61903513375fe609a71a674cb703bf0e8b31334b9ff25270207

SHA512
fb2197844a7e51183b8117e3474b947519d61bfafa1acfe125c280606e3b2268d4fcebc941b665888c5bc7e7864e7093813f852b04788440d24a61bb21ecc8ae

Download Submit
memory/2360-594-0x0000000002E10000-0x0000000002E11000-memory.dmp

Filesize
4KB

Download
memory/2564-595-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download