6db9f6442d46fbde0953f8bfbc36bd714e5e31a62f927563594cafd60724d3e0

Analysis

max time kernel
136s
max time network
144s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
20/02/2024, 20:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$_32_/ui/html/FinishWithTasks.html
Size

15KB
MD5

0dfb3f52914e96869923b3f5321a0444
SHA1

25f43ef75f32e94a408c72fe4f375922b459e679
SHA256

a7a31ce1356f27c8e25feb584f514d95d93b65a3d757d51bf4ce65e22ab5f7b0
SHA512

c3abde39c9d006e59e0a249a80822c5809f61d4d25e576c45cc319d88e03a707deb3e76904db03d169f267dabe55eb000093445db8938036bcac22480f877ce2
SSDEEP

384:S6XkJ0In3ipi2YeXHbiD9Hmg0bug3HsqvkqI7bO9QUIXGXgX2XeiF:AJ0Iywkutmgcb3sR5HO911

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "414624767"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb80000000002000000000010660000000100002000000001c01584f58b4ecd8d42dfa41ba9e7f42713bf0bda249622068a350c63a83cbc000000000e800000000200002000000025dfa64f122c7d6c2147b82553681c1f19d79e077ba0e4f6abe8c1912a28ce8290000000cee6440313d0b06b5e7d70ff4dc30719f76a29af787d35f25dcb823d2a0e4a8c54bb124a8fb33ff4f0191963cbd5d96b5139dce1582be5a65201827e47e95ac440ed85d2276bd3dd36e1ecd143a11ee84a0beb25599ed2e526350cb31697880b4e40d138d00773934ce4cfbd53757d70c694b330afeb80d562b86b9014169dbc5df57188c9eb8a05dda1bcae7b27c92040000000b6f2c9030f4a2c98219bc577e3834a69e636508e02a5bbd0e3fe009aea5f20364de383b374ca6334d4c250daaa6db7b69e2f23075eaed7db0e00d18454c91327	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb8000000000200000000001066000000010000200000001d108e260cdc72d0fc3fb6d4b0bdc692147f2cb21a59ebdda240dc5576a7ee6d000000000e800000000200002000000055f3f3aa47c157e92d937b9108a2b667e524b6d04d36d717f8e58c5f36d5b25620000000ad200921ef7feacec900cb4e1ce33adc119ea7728df13e95c0448ea20539452040000000af0ad01d42e4545df09bb176a5eacb667e4d079a8ad2ced3241b1375812b74c300981d6ff598e171f861eac3196574a9f2fa0aac94bb0a312a19c73757600484	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0e16a124064da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3D6C0171-D033-11EE-B9E8-EE9A2FAC8CC3} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1720	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1720	iexplore.exe
1720	iexplore.exe
2248	IEXPLORE.EXE
2248	IEXPLORE.EXE
2248	IEXPLORE.EXE
2248	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 2248	1720	iexplore.exe	26
PID 1720 wrote to memory of 2248	1720	iexplore.exe	26
PID 1720 wrote to memory of 2248	1720	iexplore.exe	26
PID 1720 wrote to memory of 2248	1720	iexplore.exe	26

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$_32_\ui\html\FinishWithTasks.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1720 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
43606238e3b8b01d6c3c287841a184bc

SHA1
be38c67b56cb26a692eb0f9aab1e9b9513a9d973

SHA256
a182e177ebfcf4c22dbb8a81590df879bb34666f21d2bf32511e045334ad10ec

SHA512
f3d500ab144fc14a209c3f9f85f25a60673ea448b9af315ae5073c6224ff4a8781c810aff65c4a68bfa40c9e2eee80f110c5ab0e46ac2b380b51293f4e20f3c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5618aa1a8c9ef3af02cb6a4f70794ae

SHA1
37c6063d68efff5c1746eff8e22339cd35dd3a32

SHA256
79e160858c9b6c8c9ea2180cc9516f32bab99e9659554c850b14ad3a068e002b

SHA512
bc54b9aabfdc4bd1ce266c6a884f162a200770f7fa3fcaec9bf7df3c8dfc7e8fc14ffe3d383103d8217f76e77d7e356c1d685fddfc43923bd6511278df7a043d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
43b5d90b0a6feb0d8171b0de2f74abfd

SHA1
9b1b313fd093ac1c64b9bd154df4be6ebbff21f5

SHA256
979ae2b48fbf7688fbfc1c453b1add8b9c4b0a9287858a62278efa93c5372452

SHA512
b62fb0602873aed446945662dd4a6aefd40946eb152f70f5d616da16c2f6a0f8b73cccd8e6026761c3a1a540bcccb82e7b82cf0360e4a61a2e25c7e1db63a117

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e646160ee30634a386e5070e4c9b493

SHA1
8dd291ee55bc7243fc40458036f1e71f651368b9

SHA256
6f239125d09256891f3230e5737100fe1e9d06c863c6b2628dfede7b76661af4

SHA512
a16965a66fbefaa432163807dcd7cbe659b3912ec078b7c9da82b101e5740dd4c72235a7b03c0b29b4e27a91718cbe3db1ae4d51dbc89cd0947ed709aecdd1f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52d8907a6ecfa3f602ec5306d60a63a4

SHA1
7b6870db547e3117c1ebce664c87c282b9fb0727

SHA256
314d11880011b54a70a5426cb62fccdc9588857df9e8d9d6dd3c7e25ceefa281

SHA512
282c2517f3004de71c2b7650de9c2a20e9532f3306bea77f16423a0f494654ddfcc4d586545504e13ed9c72a205717cb545dafba039f583f73c2ebe2052455f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e3bbaa8dbe61b72ea6efc272e8f30ab4

SHA1
290586c1e9ff04895c6c7eb02bcace54e918c190

SHA256
50bdde8cf31dabebaa54e2d28dc8974045787f569e7cbfb9647f3cc2622ca90c

SHA512
a5676f725c86b85aeb151fc0e653322dca80c0d746a90494174a1e78553946281411fd7e7ca7747c047d743b70453269b861eb9d4fdc6845d4e8b0ca4a4ba9e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
04a8c628bfd6e2fc2735d5f795020b68

SHA1
b32c90d6c21a92a05fefaf7505a1783a0c7f50c8

SHA256
41977625a242bea7ed89355dad6a3a90681e1143eeb7c2cfc8ec5724f1cfe82a

SHA512
d8333364114e6087bb5ee87f0d8d9a1ce1a3b29bd6543779b79aaa20a82d69b371d7352a1febe060c28e24908136b54ab2c5b96739836ca69fa85c8ee2d78408

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e82be503cdf9e8b8d80e4ce95434505

SHA1
d34078e822c943e4757abeeb7ed438049848248c

SHA256
fbdedb7def8b5fdf683fc330c84593c2471f94763eb6ba278dbb9b83a56efb39

SHA512
50f94283927a6295a902d59610bb9296a0f5e2d7f1dcf14ef19edee5d3527a160a8b28d559acdf9aa82280fb7d3660509dc8c01d126f84d7d899ffd048aca19d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32b34ebb391ae8f8c0a067070c749688

SHA1
46e2982f1c8ae0f7a6195670b07626097642684d

SHA256
25bf81d8c2cd370bda5cb6189ad9400fed3dad0d7e54b4552bad2963490c5f51

SHA512
8ef859b4ddbc4378008b525823ad7831bdb4c2f0bf351afdc9b7f447e76749a2afab735078b283f920258d0f807da04835b53b6a708dbd660140e2ef8947b646

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c606fd02f2525ffb2c9fa95af9a2337

SHA1
e26cbae75e4b4efb62f3add3a19052038c19ae9a

SHA256
cf3a2f5c7875e5d3c06b0bda8a900d6ba1e4bff6919fe3f05b7e46c38cbb4448

SHA512
913d180f6736f54f9fc4d019377da31e7517cd27881373018f321b3bd79ed42366d5cd8479437c4a79d5a913d82e32b42aeade32972a7ba6e029b62beb9682db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
402e2c8b523776613c66d6c4c2c1e3b1

SHA1
6610aa4ab02d44b7775057ead5584f11e08c2c1f

SHA256
7d2a4c08a436829785d6532e37efebaa73d7afed3816d043874f6f80ecb6516c

SHA512
7738a0a03b9f3e9f691b3681a9950e48c347f27b8662a3df66bee930ffc9b9d13570726e0e5e64bdb660b52d71b60fe138505de9ead0219912e9b72149d6a1bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c66b9166ad3a912219399d6815297cef

SHA1
c1c8da4f0dc6e35eb308ccf71e3210eff8f1aef1

SHA256
5acf8cef95ede733ada15f1176663074a1f5e9eafb933591aa8fbf00f104423b

SHA512
7c014701fb1b3437caf7ab220efb079f700f70cc920b076e553d593113d0113ebdeb62046b49293bbc451e948671e3d9183b5985b8c979f38d4d4b7665ac20bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aca21e912f595ef5e7c28fe592b11af2

SHA1
c6964c1e255270e8ab78ba01705088a72a2f4cf6

SHA256
5a38d45c4d65f21818c4998fde45e9cfb7821758367aad5690cc73a5b41979b6

SHA512
5257ae93c6a2555c73801af9cb83d7fd1732d11dced8698016a683160df144b5328df72e191f194eb8179da2eb8bb0cd87f97df2eba8336d1fdc20d45a29140c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
625d42198df43969926323f5b748743f

SHA1
6bc50e6db7154aab541345f779f4d9bddd84684b

SHA256
287e0c9ddbff0e4d698e04920ed8ace3d2bf1135535b3d2bcdf185835f706d69

SHA512
10308f98752040606246178f337b7b70ef5964b2b99f059e531ebe9d9823a0c058fa1d12e9c778dcbe113c0ab8d25fe559016085111b1173e694577e801f8c89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b57b8a1b210e79414224e64aeefc206

SHA1
cf42c3f847d9e988d14a2778ed027726aa197148

SHA256
97360505b3074dc279ca2ba911910ed2119addcfa63b785efbbff37e95719330

SHA512
28089a54898d87af86009129aa1c324006d7f7c6f951c469a6d03b3496cf17f20a1cfe6ec4fb403571b1891852b941be2b08983fc61ff5170634ae98121ee589

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c74203d7545d8d65d4018629692104c

SHA1
df1b2647a81258b90c91381c822279b5456546fb

SHA256
47ea5c56838a27dcb77ac140fd1a5aff551f2697af3b9d07a084de20c5ad8833

SHA512
701dda1a18817600e03d8e459e7d1fa02ec8b0f2bb66e10d8034483e255105d90a5f23f7e09c66dfd7e36b0ebf634a49e8cc51c909438a5df40a878d6b015f16

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD885.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD935.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit