7c79f377cfe6c6213755d10fdeb59e3919e256d25c1d0ae21f70ad23f346ef1d

Analysis

max time kernel
121s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03/02/2024, 05:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$APPDATA/Internat Exp1orer.lnk
Size

1KB
MD5

9ffaab5f197ee38cf1fe65e19d4bb217
SHA1

39ee57d785cb31b75fe79879ab5dfed14eb1a28e
SHA256

6a1bfc7b4d0b3c749f9a5737f7f0253c634bdd62fe812948807c6beae039ecca
SHA512

eaa04c6437eac713912a81b2e11f97cfdc38d5d5bb459d7f4ae94d140b2bd4d74685cda43697f00b6803b1b58da3bef78ca3d9d6a4b9f5e4278ff2451aee512b

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c000000000200000000001066000000010000200000004ba8c3d7c1a53876f4b8f281ae130942bf0888b7db6b193b62b911d9d43dff21000000000e8000000002000020000000c8806ae5dfbb9b2881eb480a5d5f828e736dbd3dde3f10b3b33223bf4729e3c2200000006009e9a51ac178763ede2160887959880f2733d927b6bc62bf07996f25946f7a4000000038613decf33c32466009be87e44548a210e6642a4ba3f0079220c88cd7e104bb625231eb17ef75f861cb8a9148babaaaee196eff710eec5703a9797f7ee8b290	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "413100741"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D6C569F1-C256-11EE-8B00-62DD1C0ECF51} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c00000000020000000000106600000001000020000000f0b69c3d793a4433b499b9df74f10756decce8024d0ff9bcf7a0a2e2192076f3000000000e80000000020000200000004bf43f60a2bf7c72ad64983e8b952f79688681e50b3d58c1d6298fa0fa86c8af90000000a4b539f4ca8517551b30372665f3db749f558d9e124a948477b785f7701468827484f8a639affad7eff38f0defbc31d7a04d9ff6fcf189b59cbce4717a576fcf75f2618a3d50ff74238f89edfb485e86e7e1b414eece1b73eca10f7ae3967573205333f91eade406fd0893c2f5b4d8c8dea1897451ee17e10d17769e8942b28231b000b45a3ea8f01dc5cd7469bc9cb0400000008444cad0c8d8858e2d9f7fded626351ab111b81585df408c4b09c3095d0257fb0ab57477829e60352ca9d564a0375a2a00646b666923a1549394dfd6e827df4f	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30e776ae6356da01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1128	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1128	iexplore.exe
1128	iexplore.exe
2600	IEXPLORE.EXE
2600	IEXPLORE.EXE
2600	IEXPLORE.EXE
2600	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 1128	2784	cmd.exe	29
PID 2784 wrote to memory of 1128	2784	cmd.exe	29
PID 2784 wrote to memory of 1128	2784	cmd.exe	29
PID 1128 wrote to memory of 2600	1128	iexplore.exe	30
PID 1128 wrote to memory of 2600	1128	iexplore.exe	30
PID 1128 wrote to memory of 2600	1128	iexplore.exe	30
PID 1128 wrote to memory of 2600	1128	iexplore.exe	30

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\$APPDATA\Internat Exp1orer.lnk"
1⤵
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.113w.com/?waga
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1128
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1128 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a7bea787f76ab60680870c143fe0bd15

SHA1
d7d2335c856ac7b42c1c22e44ddc0db5bc1ad26d

SHA256
592dc76ad84d58eecb66cab20ec6b996076729d263c6dd8f18ba5fc9496af1ca

SHA512
167e3462cba904ac32dd61a87d4557cea028d12431a10a0b3c921764773859d8dfeeabbc41c23ddbeb3070ca0a22474aaae242d65e536e4e44371483aab4bc64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
515d09081a696bb320ad077972fc1b2a

SHA1
0ebcc1e923f0495be1f135826a64f865b74d64fe

SHA256
e139d90fad63026f45a0c8bcd9f621ba6b5c5797633e144968ae46296681e353

SHA512
dffcef020f1d41341504ee64ddf28f542c319b31a59c02b26eec2b8269c6c2e4a31370a1ead1ecebd471feb9a92114c91259203aa1d805969fba74b58062afc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
678023827c4a796bcd7249cc5485aa96

SHA1
6d0c12c72b8ed2aea38ca3ed9e883cd6798810a0

SHA256
b5008e0c27831fe475ad7cc3223a50b0f11cacc9bf3d35cc87231f24a30abaee

SHA512
b8186d751666d686f400a5783aaa41f33923a68e71f24f80f46838cc8d2cea4450fe1ac9d11bf9ba7a3f00d824ff3dc2a25120d2c353f147b3117585f9921f7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
50ab51e5ad031e4c88671a591d1533ef

SHA1
954837e5021b416600dc54dcaeb2c9366a80209f

SHA256
13bb56cb412715f62cdaf0cb2bcb04bb5689dc7753bdab1ea67d228549c9fb7c

SHA512
810af13929c129fb5963c92736efdd03f54720a190fb1c84f18eb1c63c39f72d6401b37cb7efd0aa50ee601852978ae775e2c53011e81469bc8127a1422c8786

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e358f171e14088d00b5fa3617bd7861

SHA1
96c9e1eda010a62ea3a6f445c2dbc8efc94fbb46

SHA256
41cb9a42ac8bb066c7e68a59e32bf04578be72be852847f0776f107daaee926d

SHA512
1dc0b986d897dd94a06a509d2ec1e93ee8b5e2d63536ef15cff0d601c6f26e34649c7daea494540d51db5599d2ee42e0d36de7bf8b826cc2efc095fc18f4e698

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
08e45c6af5ca121d820b58b90847f618

SHA1
e4949850daae1fc687c0d8f176729a02d8fe28e3

SHA256
fd1aa6eca5a05fa2f0c3440de0dfed4c0655ba31807608ae2f4847c36c866cf7

SHA512
be1ce4d2050a451feca0e846f92fbcbe621651797691f1496914388d93e84cc686598856483581ab5335b4dbe92bfa097a70574dbf507715423ba2286eba785d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
152598ce366bae274f64bf97aa427d54

SHA1
062a0c98840d3f208555305c2c3099338d6b1693

SHA256
bcd4117d76b4d32c00838cb3d2a731537d675281ef978d1155e247977f5010f2

SHA512
442e0868ec3a14a97444b255f2bf68cfc6024d979b0f4888c23f63c8ff8c6f1a7129a12e0d1c7c28650417a966a07e61be0abc89246f787e6b6ab41b6082b2a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f8d586f2053742d376118f71c79f79a

SHA1
02a4a20d330314e8480304713a71fcac454fa839

SHA256
b648d2b3821f5c26cba5656ffe348befbb68570fc1903b646388faf36ab4a6ef

SHA512
006ead9365780da7d9259025f79c51cec1cc041366dce67fde889cf40f12c33662ce72d597210aa9261073c579efe9aa16123f120eedc20867484e43f184c560

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c31c00a5265f5d167f81e191c6cfcee8

SHA1
0c0ea359f0550fc2565ebced212c3dad5c2f9e28

SHA256
483740aa240a63b79daad029c382ec4185415619c8e6e74b90df49d3e92f8b3f

SHA512
f9c7d64decdf73387e38bd955bb0b39d5fa96852faf895a2ebe4a8edfe9af88608e8db50abf0184ee851d16322d93e79713136d4603ee94c8513d11cdec929d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52b32c9bd63dd53c5c79b6f52cbac3fa

SHA1
e55ce90dedc9e47e45fbbf9c914345625c01ee96

SHA256
3f79d6cd372d6ad8bb503b6583deba4c39a33226c5c133efcd220e39dcba0ba7

SHA512
842a40a7403660f59f72737098ef24b6449a5c1ef43d119798b8bcdd1a28522af3a50c6b0809edbbccfcfebed821dc2d78fdfc325f5e18d6e70cf2422fd887e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5222f8cdcd38f809183c4f61df8a7a21

SHA1
c3edee2543b4095db06615efdb13aae7236bee73

SHA256
bc6a43ace56deeaf85f525c8449e13212b9866beff9e64f9ba828a8640f8ee52

SHA512
fb3e62d6ae9610ade6d7b3f2a60bd972f3eb1289e0d94ad974815d87e9f5da53c99d73f880a851c0aba01af0585e66b156d0f14f4c47a1dc13e1be5bae056be6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8266bffb2aa694db4e1e6fed24cd03f5

SHA1
c382ce9e10fcb351ab295265d780d0cd47f5ecb3

SHA256
730132d0c808558866c8b903018a60cc044e59901709ae38263763010da64c97

SHA512
2db9e216931a6a9bac518d989edf3b78dcb290162fdedbf279235833d409656d215b187294dc233b15ecca9eaa641586e3821567023f13581e68d479e4cc615d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed21d138eeda5fefdf574c7c26066c74

SHA1
9071ca960938dcc1e3840114fdd6e24c697ee6e8

SHA256
11dc14d841eeec0390f11b0bdc41f5cd0362e985eff4d19a68ee4f41a66596c7

SHA512
46ea5a425f788ad2005930f6dc8c061ec782e91298b3101feb6773353f73814be61a46825ea77ce66a892281963eb178557024dbe27f13c3e8e5e2eeba43f393

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b3b4477b58059f286ac863c29d285a98

SHA1
6a1e5825aa289626adc483733842a8459b5db30d

SHA256
54d9e4c0e2d3135148da1c6d81164ef8acce1af8de688c80af05fb462e4f65ea

SHA512
8a3aea1accc62294d69f84c305eb4f3e58b067725c04ab61f08f893492bdb450ec21f945b2489f3a387ee4634406965775e3ff016549f5dc8191069b2b1ecdd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe7df3317a4ca3dca2060e761d016832

SHA1
d40b5470cb71f2a92367e634ada25b5ae7378d6a

SHA256
8ba01f1230c891a0b64d88580f1e1412084c5c6fb5a8a0b11ccf1e8527d884d1

SHA512
830accfe5054d07390c335c3552b7b662362250eddb48892cf2bb75b485715f37985c0872279649a1af829e515237b32ff3133d967031ebc3ad5d7f83462a77a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
30fff9266d1cf096cd87554a28ca6877

SHA1
90658e84a767b3803ad9bfc8220598c7d8922e73

SHA256
f1b075416e60f148a5f4a5cdbcbe41bbec9f8f32aeee0f6c577369c5f7ce4f9f

SHA512
62ba3214097fda4e356263d175fd3cb980ada15fb03d0aba808cf232ee6bc13968e4d5e4b15299ca48d3983cbec104933763757b50fffeaa263583914ed836d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5050c1f278f313e32af2a5bcea4fe44

SHA1
656d3045422607c46e3a6414815518a600c0f8e2

SHA256
ac2edb156e864bbfed701aa7bf115969ca559eae9e268f3f01cafafca19c50a7

SHA512
d0a6d2f2da5a3265cc97612a2103bdb8b06a1a356bf0923f5a4bdf937d8a3c204b6f8e07f5e61f940bebb91c47763d775df23b6b5cc10a096c5cecf0b7ee7a9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6809.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar68A8.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit