6f89de2ae773d9d0823f407572017c7dea50d8b28c7140cfcb9232293150b9b7

Analysis

max time kernel
138s
max time network
145s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/02/2024, 18:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LICENSES.chromium.html
Size

6.3MB
MD5

997768ae7eb8c036425bed10f766e823
SHA1

2ec99026b977f6603a8a7890bc05594a9a4f13a1
SHA256

ab30ee348b3257ec2f19fb5733e64278438be792f1280ce0f28eae0c9cb8943c
SHA512

f408b817b68861cbad62425e0bb8726f876d36a2212186a8f948d5c825c95ed819dcc41284d8ad8ac11e7ab7ff6141588fededd01c287780f84269846515f639
SSDEEP

24576:nP9t5W7WSLzrj41T4mfA6c606q6C6eBcHKcaRpG:gFO

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30c0d266aa5eda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd7691733418900000000020000000000106600000001000020000000b4288b45dcacb932f093fafa8b912ca5230c1663aa3fc65cb347c7b36866dc42000000000e80000000020000200000006bc39202885a65d3a28922b67afdf7981af8d50afc5dbfa72a05e06f765f0b4290000000d209b4bd4dad376fb79ccbd87929b13c482dcdc5212d6f53a5058f2fb839e7745fbc9ab361c7472a2cb4f03b1314189585ef4eea615aa4df912f2f20cfcd3c7490448a6c62d62d150dd4a675dc779df61387cacea1a3784381cf79c461f58e10c8cf1f1921aab7c05450474d6de6e71ecd44e59b79d884d58adce847a737b0a26917a88c72c7211e5d01bf5cfeccc9a640000000c2b228ca0221c4422bcc99c7d71c4c2006f2ccc51c2bf707392dbc99d052b7bec9c9dd59024faa62eaed52a5562f9aa5e87fa8d9359601f4b748a10e9eaf4f8c	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9160F9C1-CA9D-11EE-975F-42DF7B237CB2} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd7691733418900000000020000000000106600000001000020000000543b2283b8cb074f6cda5fa32724bbbf9e8541fc866331aa2ccc4e63cc1ab1eb000000000e8000000002000020000000599d84790cbff7a28e0615d3b0be3b12e0b427eecd4d57736e480febb10c556320000000fb7f2793341a9116ae3e1759908a9eeab504a4f40540ce9e23116d58920c827e4000000011390847318685540a3b621636824f5c9c39eee4fccfc7fc1a4d5ff59492942a9df19880548d62a17c805524a3464cf6e95a66eaf59c233c286ec5423be67d29	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "414010728"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2352	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2352	iexplore.exe
2352	iexplore.exe
2304	IEXPLORE.EXE
2304	IEXPLORE.EXE
2304	IEXPLORE.EXE
2304	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 2304	2352	iexplore.exe	28
PID 2352 wrote to memory of 2304	2352	iexplore.exe	28
PID 2352 wrote to memory of 2304	2352	iexplore.exe	28
PID 2352 wrote to memory of 2304	2352	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2352 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba6e2c2ea1f118f07afb9d45aaed59d3

SHA1
68b6bf0abaf8238c754e15fb446bde701a9086fd

SHA256
c04f91d5d8001ee0f02c83957d74b0cf4541b1595040af8340f5b5bb1e0ae105

SHA512
8eed0a91c46ff6a1515f751d040da274fd3ffa61f6da60bb6033827b719592b97b45995c7f8ed79942749aa743e8af70c650b9ebce0a4b7b1214f2d1d479029b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6cfd8638e17066a9e178e5a918e23c49

SHA1
574a48fc479436eb9af5ef32986893c9abeb97bf

SHA256
4622b42136e5ee1e2b8a69f5492565365d5a1bd3da898b5051981f8127ba0d1c

SHA512
4758b7a478d86df7678e30a62754880a56612c042d051eded254085d947e8972ae6171b6dd134ee3c2ad68ba9aeafe67fbd933968c91336a01739b7d4fa96d34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6775ed95ae19902e4a523e6d040e228c

SHA1
0d3139b4f1fafce6c73f913658f2ed421e278deb

SHA256
ab240a671aeae62a2c4278a1e8af8e3bb8cde647ef6fd195ac1a03c73bceb1e6

SHA512
3be51df72005a4e7be080bae1dfeca00a744f0198c490dd463fdb1000f372d39c0187b5a0e835a8a1a2846e29c3288fba599f79d9c1bdf44700595554cd00693

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a250d95dfbed05fa84e9aed4c105878

SHA1
9daf50dfb7c7e559b5b30899e83f82a947b58fe5

SHA256
0bd5a99e74d5abb183ef01329a2128a6f2be2f226b6fa5b1971f56c7500de064

SHA512
ebbdbbd243c54fd2f0fd424087793bdde9b481a409c3d45d4e1b2b8204b29c0bafe335c134ab3aa60a90847345e7f45e5a00818ad84b4c87a4fcb63847f7f2dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
39782969f94948587f41acc8181249a2

SHA1
149749fb50bc0dda6603a5d3d554fe6680a51417

SHA256
6cad5aff21ec65225138fcc45ed59e6d37828eb476eee1c6a3a523e4f7d616e9

SHA512
6f631dfecba00a781f314b114833811bba114b002673e7799bb69cf9e9fe632e4933763d84db35f64133d834018c89230be09e15b884874b65d0e58d1fc38448

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c2a1fa55124ea52d746e65d17c34d0c

SHA1
7e5ff3a91dcd8597cb7d4afd6747baabac25c0d9

SHA256
ee45ee4979d00a15408c21742f31772a82232bfba7468412ea5c8780f5a70245

SHA512
31c004ebe8fa5c2ad7ead79b238f53ec72d9fba43befd474e6b812352e1898559a75f0af1859f5de8932a79097f9fae04231b28d6ba66b122ec131ed46d431e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
57652e251d404ad9be4e33e47767e36c

SHA1
ac14494a317f15a557d69d91e482bd2fe82c6932

SHA256
666f0bc863b705a6d590795e6d9917f4f24b032835eeeb0ba5acf40a4b2517cc

SHA512
5c17ebf95c42c3230365a14d6298ac24615d352918fe060183d0aca2f99034653ce987a0d643d799907ef7a41771e399c4c1084d52e6e2890aba711e8cb282a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
36e53a50dea95033f290ce25d73b21d1

SHA1
55376b360090718ead9730be643876b2be52918f

SHA256
3e31c43aa3963b9db3660112346d7d43fc3c3d54c7adbbae0510a50ebc13e3f6

SHA512
f3fac289b34330a9b4e317de59aa1855e665ac755b5bbb397f55c744f0b06a9f180848c0c5b14ec9b6210ff4d5da5c5324986408fa44afabb7a5c3f5d0b33c99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
87392048862fda4011a4847a37af2c5f

SHA1
017486e40a1eec714a1e70ae0a4262554710b410

SHA256
778dc9e48123a8faa513208b8191e396a7c1dcaaff796d003f093639a8bb0b98

SHA512
0de56d3e32b16c3da62f3d1d5de3674fc297a4111b904012a3abb1ecd8adb5625e4aaa64d6e0041c2ee18a995592cf5f8a46174f86fb94d95c41d1d253e1ad68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5af53526dac69b633c2b78d346004d94

SHA1
c67494a1b31441472ac761627c82db9861e43406

SHA256
d38618be31cf129b1101902ff570ea6ebe655415b3f90ebedc64daf7b1cb8657

SHA512
49adf87f4570dbc7a60c57678f0cc519b72c6ed98eaff92b559efef14a88884fbdb088898995dbebc54c6de6a649fc442f68461ceae5a19ecf8483e611f9e0fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
661a91a9c2ed94047546b512571a7af0

SHA1
7d5f9d96733f002c90ce4bbc355218ab0f8d74cb

SHA256
a73bfc51cfa1ce89cbaf346cd61379878b0fd9a33f67a789fabfdb93446ebef7

SHA512
ce49fade1013c665ed11fd58da479ccd1a5a90971e513975f0029fff21944949dea69dfc71911fb0278f6e67ac9d27fdf6b5a1e63e087e31a703ff931815a890

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
772cceccabe505c4f0a01236f9f1cf06

SHA1
b7992b9c696a4ca3844b7a8ea52bc17368566e4b

SHA256
f7495eee314b56c6c7e52dce7c5b71cc9a00aa4091f0efa1db68e12efaf7b720

SHA512
64deb0488bf99d964aaecf39b85f2917c16e2e6c5c83c612f8d3b6838a2074c14762e89df3129c282884d844b6f4383398a94806957aacfe2aee4997ed0bdd7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c99a1bc825b4c822819fe100e93ede0

SHA1
a601c8b38ffcacaa61600a1297478822aa409f51

SHA256
0a5e9c9bbe505fc3c7fa9555e51244cc099df29916304da68a4d8b938c347fa4

SHA512
20d29e354192087d2fcf123d680c63b614dcad49a82f47f60cc12f932dee161b68d699e77c225da812f3321c27f64dfcc8d60d9e565aae9fbded55ddfa06afad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c0df9a3d689477b26a9798dd0854ce2c

SHA1
74eee12e117608328bebc8f8ce778712a9990cf8

SHA256
477a45cbc5d31778b0c596e9d817035d11f0e1d66f470e47e9117c13a56d26a4

SHA512
5e53bb9bdc1040aa465ec0cf15d91b0490027cfd3b040400dc95ecdc70e1364459c028fb18e8823bfd0baad4cf90c72deb1fff8b822c1aad96aef012a9c1b9c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a83c0e1d405a7016f86da2e411581520

SHA1
02d14aff00a3b6d79829f57d543c9d8cb0ecdf02

SHA256
316b0986738d16fcf708b94875ab38e8ab30edcce0037e918ebbd63c37a964aa

SHA512
5fa10589f55443f6dfdf8d586dbf0c6f402d41ddf2f3092e932f30b22ae913395e86e4aa4cb37c6b1aa14e0218f816e3e7867509149d3d3e04f34cb782a05615

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0f309277ae89fae9ffaa4125ef56af26

SHA1
bd8edc830fcb72884a0d6ddd764a229d2f7b4636

SHA256
764bd99e966cc4b3b7f34e6aeb8bd5d3a50da8826675cfded37a01a25ac164a6

SHA512
379df4561ad7be0c78932529cceb06367b2c3b605a9f2c8d4af21feac60fa0b838702a6bf1666e539b7ea8570b5fc80111c50186afc19c2e362bc33fcc03dbd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
361e66963e71caa07625884ef17e4aa6

SHA1
8d9984027ce1e31e2d508858fee41071acf6dca8

SHA256
aeafb508793d4a182531c818518b26de64126c3c6f881ca7320f3592a9a5ed3c

SHA512
505d038835f7b593b617ca8cd61e651a305014209e6508d19c722bcb1c608a5d7df8b9ddddd774d65e47b6fbfa3d8465870e2a7335a5e8f4bbc0a860484b3497

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab936A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar99C6.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit