0223d85eaf5cd5b188e61e9c99b62a9b5cfba4c5d2ed13576858b40327451ae7

Analysis

max time kernel
117s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/02/2024, 02:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LICENSES.chromium.html
Size

7.9MB
MD5

312446edf757f7e92aad311f625cef2a
SHA1

91102d30d5abcfa7b6ec732e3682fb9c77279ba3
SHA256

c2656201ac86438d062673771e33e44d6d5e97670c3160e0de1cb0bd5fbbae9b
SHA512

dce01f2448a49a0e6f08bbde6570f76a87dcc81179bb51d5e2642ad033ee81ae3996800363826a65485ab79085572bbace51409ae7102ed1a12df65018676333
SSDEEP

24576:dbTy6TU675kfWScRQfJw91SmfJB6i6e6R626X8HHdE/pG6:tygpj

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5081e66f5d5dda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9AE7A8C1-C950-11EE-B07A-464D43A133DD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000a43c768139db8db7dee183ec034d618cfca9512dc81119cd02622ce1f7ae9944000000000e8000000002000020000000c122c7b87202ea214e94ebb77216c893603fd890bfc5814fe8cb40981bfc68dc2000000045f88e9ff6666b91e5677a9e139723e61d2d346ec72a4d78290fbc6ee3a1353140000000948e5ce3e7e7075ae3fae37aac227ec64acca710ddd4060d46a48064e7ca8136fd2afec791dde112b8e8b45b6e8ff49c7464e620108012c62b2d1a897228b80b	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000106bbe3e321d9c8c4aaabba597b0895183524f5ac70b3b10638530378bea494c000000000e80000000020000200000008c7cc7e6dc4a952e55af79ae770cc6dd995194d908f04c5afb67ed9b254ed6479000000078cdcf778dbeaf580179206438f630dcc2cd146eb725854d0f8c0a201aee7f1b9e726d321a682f5ecff63f96121a5c52a33bc0d38983fb0f6708d3fa5386097b75781631441ee5c29b87ccfb31d26fd2814ca7c3575cc37b147ae77ab0a5fb1eefdbd37f75a82a3145c2b2641c79fa4daad1d1707cc4518408c13e861b1e3e1a9b98e7722ae8cb2c977c80fe26a48690400000003886088484cd5a91436eff73ff19ece18b6e59535e2715b510c93f9d2863ce0dc67225a12c6bd267706f61e264d54fde5dbecdf5501aaf0ac2741c68c5b9cf98	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "413867721"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1992	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1992	iexplore.exe
1992	iexplore.exe
1864	IEXPLORE.EXE
1864	IEXPLORE.EXE
1864	IEXPLORE.EXE
1864	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 1864	1992	iexplore.exe	28
PID 1992 wrote to memory of 1864	1992	iexplore.exe	28
PID 1992 wrote to memory of 1864	1992	iexplore.exe	28
PID 1992 wrote to memory of 1864	1992	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1992 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a844263bf2b3d71cfe712850775f2414

SHA1
544fb894601ddc66f4563ac944fab860702ccb4b

SHA256
47570709b0e2cf5faadadc8cd319cb60abfbb2f79723c2e933ef69704bf55670

SHA512
e1a981f06b03a894a92a582010fd82adbff63d7ad5763dab65ba2c4c73a455f67c4f2a5cc7a47dc9eb5ae0a220dab89d27aa1e010b16f31ce03de972faebdd3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
129a63bb1d1977be6d13dbfabaeff18e

SHA1
33ce980b683cb79a01a1ab1419cb635c5284ee14

SHA256
89c4f15b5357b217110c855ec2218a778c34f49aee415c23bebf15d2742ad616

SHA512
f07fcb7cbebc2515c42223c896ac80e586a8ebaf4fea16729b70b57204f634f5aa427b8b9016feb3bce77f202cc1cd68dbb643ac5b594d46f16b1f28374dd08a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
43fe90f7da23d9dbdca05903c33586d1

SHA1
32942fde409f3cf44359df19ba409071e682fc11

SHA256
41005f0adb6c995d7ac9f4fba0f44eddf1493325464af5db90d93f994fe33947

SHA512
0a7ecb3c0bb002d5df7fd25b00cf2d840c5f4406564673f635c4c9872a3fde60725fc2ba4c804096f0b3b29b83790c3bed408de7ed0530594b1c367b2a80a562

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
92c9376fb35f8ffac8388fcbc5a70170

SHA1
fdca23b4159c25b3a8460e62b09b7e9a8515b8c8

SHA256
62b45dfa92a309bb626c0305e128d632434659c5673a381c56167861ef36e9d8

SHA512
9c49b17c87ddac1543ef918a9412c8cbbf9a91aed31cadc61508503caad8f9bb75a2997224fb6e73867a64792ce489cc65d0873be2eb0a7275810f0aeddc32b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2eca3986b35511e6c181eadcdbee38b0

SHA1
3756a767193afc691a0046a6f09d2d741a33f596

SHA256
b05821581876641f88641b5a71235fb92e33b71a00680929b7d22c944ed31fd3

SHA512
d3489f79613b8c2c8aef5531e7f34ada5a955a65fa833d3d591a91f70efba72127ff39f717720a466ffb73cf14cafaa1fa72b31c0313a23f33e7ca88998bd78f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b060ee7679a1d10ea8522d6a288691c5

SHA1
6e859b2fb52f0167b88aa52a30160febc279a04a

SHA256
a8de4a6092887c7085e2ecce761ddeed180f1561b0d4c7576075b57131b3619c

SHA512
69f56dfb6e17bfdece54bfe3911c4598d4644e725e1b82a582955ac5c3aa9a24df0fff7560497e24d080fbad78c41fbd5605846560b0733783e347aeb768e6c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9a79dc97b435b4706d1539e7b702c86

SHA1
5205338bb3079ae82c567ed4ec61a5375a7409a2

SHA256
e58984b92f5196ff7283dfc6a9295a456262acab02d8c4527c64aa4ba09b1aa7

SHA512
96f818541bfbc1a4ec94a62a24b4a5deed3c6eac60bfa4821d21725cdf0a86451bbc566409637db58c5f906f26f5b55e5be78b82a47bc03e9e4ca2b9c82c0b4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f76aa65b770fa4542a291ff03e25df09

SHA1
7ff3071488ff57e7b29ac2040ceb84ed28fc9be7

SHA256
5c24ebbbfea3bf7121b80dd02df66c863f03a363d89ce46d8a00a80d33bd03e3

SHA512
13150081e51dab78426b50ad5e30ce09912dfd0d7333e2478fa77979208f13f0d32ba025844dc5b3dabdfef5b2977c78145960e502a77a1e21cca9d50f114586

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75bf202c6591e22f7675aa1d90a2667d

SHA1
8f7a704252781cebd4e42557c4c567a04848e495

SHA256
0ef4a4796133eea0c9592cb49396495ec44f36c335273d9205588603d5d2de50

SHA512
56510047aebc2a104314820cf11b6115dd6f76f9fe48ed474f8a514718a5550bd16fba60c7f3b7a0b6d8671ae3f0ddd524872da0692e9ec0c867452b79245c34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
943a5fa5f253bfa89ac96dbd8445e795

SHA1
96c1599890b3c1c1af965df488c036f30d246426

SHA256
5177e6ca0bc0a5927d4e7c5a14ccdc555c2b4395eb25a19e75e0390a39821247

SHA512
144e53526e1ea06547b3451a0f08bb657a0ec03be707a6d1e6721bd4b4fb1368b2ff08eb12450e90876eebc0bfaafa34616918dacc29262fd56e27df07fc9252

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
374eac0fb0be6cf7cc80b3937d583b8d

SHA1
e7892c13ad72d106ffb6db15a274b85ae96998ea

SHA256
ed6fc6d5a3912df87aeeef0921cf8303b0551c2c7f2d2aaf0653197c0f5d233e

SHA512
be599f4bb9958d17466ab4836d22b47c1511c57df1bdec486c2d15efdb5752773b7986684fcdf436b633b0f3fe733cbe45706410cedfc169f3514a58f9d5c68a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b0dc661f54722f82eaeb80666ca46122

SHA1
c1e1d905ad9184db607a8def5ab51b843d3fc2ae

SHA256
2293c5678e3bdb4e81f149178db7b3d71b4df19685c87e1c099559f7a3b6c6c5

SHA512
2f4c5f2b93c39829babdcbc7dbb712e46c273760d31067aa81b93d77d2b22b49d899f1e99f934abe183dd291bf8e254877bc0073da75816f38770987126bf415

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2aa50292f2024638dcd70549f4309bee

SHA1
25890f20d8fde0dc18cecedf04508b5b35af99e8

SHA256
35498a3e4feb1f65927f81d7cbb1afafe56cbcaf0a57bce535633eeae306cef7

SHA512
f1ba07e58308b4cc603f1ddca77ed37cd92a8e01324c6b0f524f67ec886848527d7dc732aa55e5e1a9a7bfaeff9ebcdde8bdae9b47272c2fd402d874c5a76187

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a0fb9cc7e692bdd4e4e70d91ae7c20a8

SHA1
94c4b257cbcadde10b23e02555e72750c517832b

SHA256
cb73ceaef60d369e6c5c2672e05a647bc8d59c793110a2120c71942a0970af9a

SHA512
bae9249a30892f6c873697e6b3509eb84603e4ba268eee22b16e644dc7d2ef4aa445de866181ea2479bc4b627ee3c4d048c7abd581df2ff648b0c6321fb209d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d86c4e1430bfac3696f1024176e1761

SHA1
982184a626ea72d6968f8b997800de2831689042

SHA256
2687d5dee2fb77ba3918e9768b4d59133d25dd3094d6b9682f41b716c79cda46

SHA512
a50957c5743eeb1a51c4aa1e5399beec28951cea91a049c3ce039154a0155f2024230806f0d12cd8649cede557c7120fc786aa2e207881985b5ce03c4e407fd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d890b4ba840e763e76a323642a67e987

SHA1
e4435e761dc9ed6c4fe557d78c00c139331a1d7b

SHA256
25b745043509b48e3044c2b43262f70e5e0fbefdad5189d75cbd16e1cbd52cd5

SHA512
8c801c4ef7058c794ef9bff37215ed2aa4c4ffca7f79c24b291e28456da3bb519f6142a3a586d37b8ba4c42158f97675e928ed23c852be4df5e01ede0611382f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3254e3e10dbf5dbd7cee40d9c1fdeb41

SHA1
570eb0060059feb0abd51eb13830dd6ac77f42f3

SHA256
17f7528f4bb3b404badf007dc3cc5b71bb5f4132e63a2754a02338c67671e7b2

SHA512
151f2cb95b6e8e76a94670fcf38dcc275f40e029678bbc67f1cd0113b84d9cfc21d1fac8da95262e7645e8bd31dce32ecd32a2a93213be2bec79ddebacd05614

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4C7E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar58D0.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit