69d3b8a2b9bf9fe4e1be8a17edcf3bf19379aa27c53a73853585b832a8babe5b

Analysis

max time kernel
121s
max time network
141s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/02/2024, 04:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LICENSES.chromium.html
Size

5.3MB
MD5

dfa12f4edccb902d7d3b07fae219f176
SHA1

c2073440a5add265b4143de05e6864fed2c3b840
SHA256

501f0b7ebf0be7ed8702d317332a0f8820af837c0a2a1d7645ba04352270e2b8
SHA512

eee3a8e0eeae139ddd9369d0869c29c91007bf6c5b0d7982918d5a013214a9e80b9233e7c1ccb43124152f684f0b782831b0a6b3d126558261dd161230004e50
SSDEEP

12288:FetnJnVncnJnknE9RBvjYJEi400/Q599b769B9UOE6MwMGucMEbHDuX04nNWQFna:WbXZ5IoWSL9bcwVR8mf+/cHBBaRp1

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0032a145805dda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "413882680"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa000000000200000000001066000000010000200000007f12c7fc6e1e0750e87f66bed1bcb97a21f06b46167fbb77dfbd490626f03abc000000000e8000000002000020000000e0427dcc4743db80644be032a6a9fa4b2bb1f0627eb43e956a864fe746d8a5119000000092d5bc40499e80cf691da0ffecff14516af4d785599828ffd34cee5bf2ea216133760ad2fd60ff9469ee085745ac5ac84d55b7bcb0333f3c501a12e3ca100507dcd4c8a160cb1b1061079ad905bfef286023eb108006128d80c98f13dae97d3711eb74e102da798f74ee7a49bbfaeb2a9e7cfa7d94bccc571ca8cb8f5fab1af6250f13ef05e525a7673a1854f218d3e3400000004be4882de7d364e644492c04e28956a0beb50c4dc0c34022f8cb6ae3bbc8dcdc9d79dbe00c38e2d2c0b832f65c93e1092dbf146cc7371451eef3ca62f401388d	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6F568051-C973-11EE-93E5-4A7F2EE8F0A9} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa0000000002000000000010660000000100002000000075ab2d97485038c810453e80dcf23c8458191d6623a315e454e198a7f3690c95000000000e800000000200002000000036cc61089d3d96ae84dc4c05d38d13261e1ba6e9ca5738d2c9f14809769418712000000043cfd693112c9e051fd1054b26e248468b7f66739a70f8c88f4d2814d4ae692e400000002b9eb932c1e2f5f868b3c930c2e4f020a64894634f0d9547c8b263edaa67ee578ef387c944b5c75c5bbfab19e2d084c7c86464f969c11aa896fc00713f3da7d5	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3016	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3016	iexplore.exe
3016	iexplore.exe
2744	IEXPLORE.EXE
2744	IEXPLORE.EXE
2744	IEXPLORE.EXE
2744	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 2744	3016	iexplore.exe	28
PID 3016 wrote to memory of 2744	3016	iexplore.exe	28
PID 3016 wrote to memory of 2744	3016	iexplore.exe	28
PID 3016 wrote to memory of 2744	3016	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3016 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e6a40a1d2fd79fbfaa6fdb7a097242a

SHA1
b296a3fe35b1aa477d3c044f6eda9369ea8eb66b

SHA256
ecd7525aced2f7efb60b2dc560896fc3cf29dbddcd3033289e901c92b340d73e

SHA512
7f4a181d06dc91b561f8eeed34e1c1c83c2750f16d4a3fd73b2acdc63508c5d459501ed5ccb6d66538293ab077067291245d2171ceeee9555979165ccdf8da43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6de4e1fcd0091f8a95a15d393a3afae5

SHA1
eaccc511dd6a05d466d70efb8d5d73012c7da87c

SHA256
a535a5cc31165b9b72cde76cc9465f3e3a42415b2b5edff2746957e1f8ddad41

SHA512
d4c4e5267a5ea1ba2749c643b27768850bb9e3f8396a134667e302aec9267a3aa3a0a64c4231f7f3e46e2cbae6b636c8ba8c194b1ccb18129348b4299affec7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
169d26ee39f20bf47348357e6cf34257

SHA1
d6fc1dcbeefa10ca12574850a8d6fe9fcd9c2a54

SHA256
f8c9f2c9ae87cd91e625d50d483700f0164f2fc76359972b1e6dda3bf4669560

SHA512
acbb7e1cb09dfd5dcc8484098dbb1169b0df44a7a5d425d8ea0def052e20b4058c7e90dc0896f5d8658a86f4c523b0f74d26aca6f3aa85f2f1c7a200d586ad26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
119e68b35200ee95b41856aef72bd9e3

SHA1
d259342c1e7083eac0ace00f301117b4b55f5a7a

SHA256
f0524b41b63b4ebc01fc955d009a8e8b79d106ae8d3ea1dd8ada782c0e25103e

SHA512
70a5556ae9b80b42b4bc1ff3a17deb7e432dbc4e8f7a8deacd0ebe771dacf88133764a9a8510c7ca05c03eac9f5f27260460848050e7c0f394815df20430a631

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b26c15f41a7255e60085cfead82dc298

SHA1
d2a3f73b03a7900587464df5be9dfb0944671197

SHA256
e0b635ad86516564f89de8076daeda267a9dc1a681af831f67173050f90467a5

SHA512
38dd08b27444d1eba5fd84087d67c61b21f67fbdf286f32ee07a1642045ba5cd672ffaf530c5093660bbb93a588d357d225aa069a83aba87a644da655703a481

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
92be56352333a9e0423daf04a6b5aa83

SHA1
746a4cf709e5e7ed2ab675920ac19b0d8bce6042

SHA256
a1201a9a4c613a270db882ec92be5b2509f81cd1a44a8ca51ee8e95237bd2370

SHA512
2e2355f30a37524175495b26fe9217545cc3798ac2c7d4439a34ed65418e85e141102adca06a640a73276b183239f16423de610e7b1e9559fb29ee5d0e47fe4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0fda713063ea32add77eaa8202575952

SHA1
b8abd404968706b1406a90426d3dd6265a59b376

SHA256
8aa4f83ae429675a5a8ae69923fe1f4538e76d0b2e7abd3edde5d7d02784d016

SHA512
a41c0cb4c9b2c934c9e767b7b3e03d658b92480e47e89448e5e0cbd51046ea5f17c3b13a73dc1ae7a7c1c694fac03919c79073ecc4353778126ccff918dc5902

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
15b8e660a306d6cd3268cdb73d3e9eb9

SHA1
04301ca75905e9e46973b4e756385a5454d31fa7

SHA256
365ec78d342ab4e4c1612c0412ba47979009d10452963abfa85d03797c1dd84f

SHA512
cb3ab70c63c57a376b6d130f47d55632e37765f9ccdd8797911cdf6ad5df7240369accd65c71601b34f546138eda6ffaf2f215901cefd95de13b6642598b08da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6476884725eaa460c21b08dad4dc4a95

SHA1
25d0ce15feda655282fcaf830e6350160083dd61

SHA256
5813e7cc8f2111e0ed9170d5b080cb835db43b2c5b99f8e43fe9817a75508863

SHA512
35e9d8b4ba7b445beac59095142fa7e7200623e05eb2fe52715d193876555bfdf6bf15046756db7ffda6cea9362382536c231a51232e90f968b91462f669412b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e3ca4e59a2125a36ad4c42f7eda99a9

SHA1
3657bcb8ac196c7663d6676c951cf22e2a740716

SHA256
16edf80afb2a511a1ecee53b5f5b41217aed1c000ddfcb06dee6228e217ac27d

SHA512
0b910023be02c6a39e40acab6d4377fff16d367cc35c87ca2423599b3e055e82ab31d7e601c53dc82ebf7f453e5483d92407ea09e8bf26a8df7e378a8227ced8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e47e108d384d447edf858774c3e0b0b

SHA1
7eb74af2aaed11fff1743a3c1afb1cfaedbc1838

SHA256
f36059428aaae4707f6402fc701b5ee7b30b8e82ff3dbbff8d540c7d63ec1c75

SHA512
e936d53d511f73a7a5a500a9eb6fba361963ee83db3015a30523c0ba7be0eab40f1b0073035d2afa4e2a0b9ea694ce5364130312c26775d9a5bdcab08f4b985f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f1d474eb5d850698c272244c7c23c00d

SHA1
3b353d0f2ced63bb0d04540605e40bd317a11393

SHA256
9f165a3527afa0126d07c2a8a2ca55e67f54d517566b7fd339e5b1587c2afe07

SHA512
1caf8f533265fdae379780eb80b812fda1bf460f29f9eef3f15f63b3b0a9d4852db204d466da62c5ea0ff87ab2912e498350c143977d417e57494119ded32d1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
10277c081ad9f312b67f9fee1426be5a

SHA1
619913eb57e48533aed7f7a72637031fa2d27d86

SHA256
06d0dd6e3e2f508ef1a54aaa3b71e1483e152e49e18e0d4fec9ebbeee5d42ee2

SHA512
85da197c4e46f916faf9a6bafa97b386dbf5d46c055c4d00704b94249c90a09f6b35bae56d57451e47ef0b30e39743c8cfe37fc42cf9b2f3d38fde8902f38654

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9dd3169ef4033c95ea8dfc5a4a30a72a

SHA1
9f590b4b96a4ad6c372738047691eb37e1540a26

SHA256
99a48f854bb744a6196dd6fa3b3882ff85ea3c88ff7fa80f93b550526941f327

SHA512
fc586f049568125fb4d458efd293878ff49d121a19b8b8c2d8134ce598b2fcdf9d0c658cc3a7ba61247e9b299b4914de072b7776e0709abe9fb9a78cd4c566d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e4f24f08e1a802b262b164a3d29e8a9

SHA1
c3550e51fa98ac964e135b3b962ff7e8943541e3

SHA256
2782b8489486b75706c26257139d7d13ee2ebbf7355520ef558045bb6d909d04

SHA512
907ee92e57cb23c362a0c0b126fa8611ec1230e2bfd10f611c2f05b30ec0ff7fe90e721db122ca6bebbaa7c0875e133abd875af6dc1107c7666e4e133bd7ed78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
717739de09fb8dcc12ee85511eb18a2b

SHA1
da6818e9814e11ebc9c890dfb1b8309b22e1f01e

SHA256
e3ed1140ef60ede96f0665f86bb94c9570fe6c4062765aea71c97d8ed2660921

SHA512
f36693eba2b32efaefee9a2ef9c6833e21ed20d4bd095307747455e8d4180d3b5db900369be0060f2050f1e92cc035fd4a3bab7c9a0930384bf3f45f4151d51c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
611115e328b72fe1cca60738ff1eaaa4

SHA1
eb1a3287d114de3862eee0c19740f5a8b83ab56f

SHA256
4a5cceb766d6e90fbd27d1d0afcc1e0b3b24f53c66d1cbc90fd0370670fccaca

SHA512
4564920010203aa17f05734228d6c9185188586043145cfe4871f7a84a1557324f396c62618d29d64c5a9a35ccaf0ffe42f4e190f1b8c95f4e3df43a4b7e9204

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9271.tmp

Filesize
7KB

MD5
5da20b844c34cda2b83a71b13db09cc4

SHA1
69e6d745c078011b171356b1257806a6e6bd1cfe

SHA256
6556af10ea7818bee690b6e39844a2ddc3a42bff4cf27434584de666ef7e459b

SHA512
f2686a91185d8500ee47df031a996e8143d3fd994283c9792e5992870e5cf67003dafdfd74694ac9f358b1e843fc93d34a559c6ba226ac4744f628f3115b4415

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9312.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit