hxxp://sync[.]booster3d[.]com

Analysis

max time kernel
22s
max time network
25s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 18:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://sync.booster3d.com

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BFD41381-C38D-11EE-B7E3-EE9A2FAC8CC3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1672	iexplore.exe
1892	msdt.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1672	iexplore.exe
1672	iexplore.exe
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 2704	1672	iexplore.exe	28
PID 1672 wrote to memory of 2704	1672	iexplore.exe	28
PID 1672 wrote to memory of 2704	1672	iexplore.exe	28
PID 1672 wrote to memory of 2704	1672	iexplore.exe	28
PID 2704 wrote to memory of 1892	2704	IEXPLORE.EXE	30
PID 2704 wrote to memory of 1892	2704	IEXPLORE.EXE	30
PID 2704 wrote to memory of 1892	2704	IEXPLORE.EXE	30
PID 2704 wrote to memory of 1892	2704	IEXPLORE.EXE	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://sync.booster3d.com
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1672 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2704
- - C:\Windows\SysWOW64\msdt.exe
    -modal 393502 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\Admin\AppData\Local\Temp\NDF8112.tmp -ep NetworkDiagnosticsWeb
    3⤵
    - Suspicious use of FindShellTrayWindow
    PID:1892

C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\SysWOW64\sdiagnhost.exe -Embedding
1⤵
PID:1648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c138b30d80af7e2d6a5b54887a828929

SHA1
b7826400fd1c82b18ebf106a9e25eaf9baa52dc9

SHA256
8814c0766ab135bcecf21fbf75f7409dc8d0ff619b6c21bcf0e2757ac7f3a95c

SHA512
4fab6955de96eb214cdd7787bf0aa592fa58259fba273eb6582fa2339974cc5d8f3478359ef424778b24b7a79e056c9ed00023cc66c0f255283ac7f199da7f3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
578b9e2c72a40791ad9b116614ed06e7

SHA1
b41cf2d20f90e0a99d41478039541811a9981751

SHA256
e4a71f00b52ea689745fe71bc8ddd15272702047a969cdd5aa7dd7e57a7e023e

SHA512
04e8aa30e62f36eafa4799e16f59543052afa745e94f488a55abd5f6b8827fc0204b2542a6582ca22e85a7f959aa3572cd79d58d0a754a8f249c764988b38ec8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b36c0620cd95d0e1ec0cef3097a8c6c0

SHA1
a694a0477a41ad8fd8128d3aa416ea9328cc6185

SHA256
7fdea3e516312c247f5aa405bd99d2beb83dc8394d1b3aaad2a193e46eaf13f6

SHA512
3ba6e9acb049ab6d821d00a0821e4d9a5fad0bc968786df4b4d0cc98d0391d06649480d39986c3e235fc7653cc384cce1705878b0e8bd68ac76860e0f567819f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1194b9b64db015944ac5d2a7b4e36b56

SHA1
07ebd38cf820dea833f2c41be8997192d480ed5e

SHA256
1e1f9e339a103a6b063a63d03a93c6f4eda7922844708ee505b3e9dcdfec7bed

SHA512
64fc81a26dd26135894239ccc1588454d3b37e83e0e40b37856e841af1b75c7356d38e985c1dc3abff0dca1740243d62e90b9b89670c0115030bf4c3de6e062b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f6a3fe0208e8505f3016ed8bf491b43

SHA1
52f6f88519b06640f24a9478c8904cbeeb2d2330

SHA256
be584b4b4f24a2b7ffff43b62f1b864a76b7a464523594dd1bf3057342349d22

SHA512
7e007dc2c74d21b932c31f81eec05614a6ad86f3620c06aac4dd4ac82bd5281dfa8d39b4cd4549b1ea125a237576c5c4a8f7c6c5f00bb1b7e47933f6c68ea851

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
125bfbe8a795a5a6acafd2b2b34ed486

SHA1
5666318e2d7eec1d676ee9383f8ece095bbbe3a7

SHA256
61f0abdad31fa2af983c2557cb4de0b80669447b16c1af3555b1a30383bb459d

SHA512
4a1455576eecedf9a773270094fddfe3d2966253eda6b4b194e90c8fe67214acc04936240af9efdd5323cf31143d874bfb6a8ff60a1e726630db7d85fc5c5048

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0583c97429ccef94c8c6232716993973

SHA1
42fd5f900e96852fbd1b0f17395e5abef3637fbe

SHA256
f9c26aea7bdaa739f1fd0e78c302015d01c6b2269f40ea4a5eb940331cd0a844

SHA512
dd5aa4002616380c68a7e2c979dad49eaf3c7e1c935d2a7ea7e0462f4eaf2994d97dc86c806ffafb8cdc37e7c65234199ece4ee4d6d00084413d6aef79d65b42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e8ce77e180556f364b5db2aa2015c1e6

SHA1
0f2d3d1f734b3bef6081e1c1523c7743ec865ed8

SHA256
1aad8072a8d67631d192944a80b0d1e3174264e05d2fd6dcc173d4d0eb2d119c

SHA512
860cb8f7f4afb460ab5b1cf023e23509e20a09c3d8f1cfe47c509173df2d99b14066ca59b09820fe41ac4c6dccab77e776cd7f7e346677ff2981ee5d05b97631

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
335fc9ed39104a92c82b5de27a054198

SHA1
9f0340bf8c9b6139ede44656659ab6cbb8c6c4b0

SHA256
99eb7f4450c85154b53636bb661c97ad1a93bd5aee0af45c826e8a24159db64f

SHA512
6491965e8c725992ba0a29dcfb86e58a7399ff49d1f3eb62769647f8faaae986970467058bdefff21db2a50426da0c770f090935fb33453ed9585b2f2f3491e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dbde2f529174bdddea616748c9761091

SHA1
59ebb816cc6ce82cda8c170993b3c3caa209c753

SHA256
9e5876159b818a303ca1fe7f956462ad79ca840805944d7a3bbb47c06d84dd2f

SHA512
d9ff17baa4ef641c26d16b7edf404bb967586f312816a8f2a402799c395dbf3ff7db4296cb7b56f1ba334b35d7f4681317170130a38b377b46a10d72071c5498

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024020418.000\NetworkDiagnostics.0.debugreport.xml

Filesize
6KB

MD5
e3ffe9ab6e2852bc3dfbdc3fb50fb01c

SHA1
13b1dcacb3c0e3de6a0387f4db3b305840809032

SHA256
1ae00676920a136e7f2305f2322cd993b47f8ba5c12b4df7599b7d131e88e5e9

SHA512
fa91a5e2ae4d64e98af47f2c1381d6155e9053d93c4f216f87fae599ac81cf9ecbd2609f8ac50c5bfefa71e7dfacd7890d9e43b6f99aa1027d3ca2d7f0979cf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7C73.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\NDF8112.tmp

Filesize
3KB

MD5
d3581ccec369a442970f7f4a39562da7

SHA1
b7e209746569eef30aadf56bba1a65e24ad0ce14

SHA256
d50b280c879088f362ab92f690fe2497a7e28ee16c2230d5ca5133f219f236e8

SHA512
5896542cb5976ad0c089dbe56319a537640797a146e57dafb78ec63b7140632a7c8c48555c8d61c26d00139b25a67df7270ac8a1165e9d7fa257061603c0277c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7D31.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Windows\TEMP\SDIAG_d7e938f7-a91a-4f98-abf6-773b9aa975ae\NetworkDiagnosticsTroubleshoot.ps1

Filesize
23KB

MD5
1d192ce36953dbb7dc7ee0d04c57ad8d

SHA1
7008e759cb47bf74a4ea4cd911de158ef00ace84

SHA256
935a231924ae5d4a017b0c99d4a5f3904ef280cea4b3f727d365283e26e8a756

SHA512
e864ac74e9425a6c7f1be2bbc87df9423408e16429cb61fa1de8875356226293aa07558b2fafdd5d0597254474204f5ba181f4e96c2bc754f1f414748f80a129

Download Submit
C:\Windows\TEMP\SDIAG_d7e938f7-a91a-4f98-abf6-773b9aa975ae\UtilityFunctions.ps1

Filesize
52KB

MD5
2f7c3db0c268cf1cf506fe6e8aecb8a0

SHA1
fb35af6b329d60b0ec92e24230eafc8e12b0a9f9

SHA256
886a625f71e0c35e5722423ed3aa0f5bff8d120356578ab81a64de2ab73d47f3

SHA512
322f2b1404a59ee86c492b58d56b8a6ed6ebc9b844a8c38b7bb0b0675234a3d5cfc9f1d08c38c218070e60ce949aa5322de7a2f87f952e8e653d0ca34ff0de45

Download Submit
C:\Windows\TEMP\SDIAG_d7e938f7-a91a-4f98-abf6-773b9aa975ae\UtilitySetConstants.ps1

Filesize
2KB

MD5
0c75ae5e75c3e181d13768909c8240ba

SHA1
288403fc4bedaacebccf4f74d3073f082ef70eb9

SHA256
de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

SHA512
8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

Download Submit
C:\Windows\TEMP\SDIAG_d7e938f7-a91a-4f98-abf6-773b9aa975ae\en-US\LocalizationData.psd1

Filesize
5KB

MD5
dc9be0fdf9a4e01693cfb7d8a0d49054

SHA1
74730fd9c9bd4537fd9a353fe4eafce9fcc105e6

SHA256
944186cd57d6adc23a9c28fc271ed92dd56efd6f3bb7c9826f7208ea1a1db440

SHA512
92ad96fa6b221882a481b36ff2b7114539eb65be46ee9e3139e45b72da80aac49174155483cba6254b10fff31f0119f07cbc529b1b69c45234c7bb61766aad66

Download Submit
C:\Windows\Temp\SDIAG_d7e938f7-a91a-4f98-abf6-773b9aa975ae\DiagPackage.dll

Filesize
478KB

MD5
4dae3266ab0bdb38766836008bf2c408

SHA1
1748737e777752491b2a147b7e5360eda4276364

SHA256
d2ff079b3f9a577f22856d1be0217376f140fcf156e3adf27ebe6149c9fd225a

SHA512
91fb8abd1832d785cd5a20da42c5143cd87a8ef49196c06cfb57a7a8de607f39543e8a36be9207842a992769b1c3c55d557519e59063f1f263b499f01887b01b

Download Submit
C:\Windows\Temp\SDIAG_d7e938f7-a91a-4f98-abf6-773b9aa975ae\en-US\DiagPackage.dll.mui

Filesize
13KB

MD5
1ccc67c44ae56a3b45cc256374e75ee1

SHA1
bbfc04c4b0220ae38fa3f3e2ea52b7370436ed1f

SHA256
030191d10ffb98cecd3f09ebdc606c768aaf566872f718303592fff06ba51367

SHA512
b67241f4ad582e50a32f0ecf53c11796aef9e5b125c4be02511e310b85bdfa3796579bbf3f0c8fe5f106a5591ec85e66d89e062b792ea38ca29cb3b03802f6c6

Download Submit
memory/1648-790-0x000000006F530000-0x000000006FADB000-memory.dmp

Filesize
5.7MB

Download
memory/1648-791-0x0000000002400000-0x0000000002440000-memory.dmp

Filesize
256KB

Download
memory/1648-789-0x000000006F530000-0x000000006FADB000-memory.dmp

Filesize
5.7MB

Download
memory/1648-835-0x000000006F530000-0x000000006FADB000-memory.dmp

Filesize
5.7MB

Download
memory/1892-743-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download