461a433676e1cf327192d9f3b69c7d0a5f688b42359f81339f5a61bed9e5fbcf

Analysis

max time kernel
136s
max time network
139s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
21/02/2024, 08:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Global Protect Desktop/.install4j/i4j_extf_7_7caten.html
Size

403B
MD5

b44a3b3bff9b6112fd91d0044d714766
SHA1

cfe32d1a1183407caa77ab5d93f2783eb746b0d7
SHA256

72f47e9a733674019af0539aba9869adbb48ee0482afbd92cba05be78173d766
SHA512

db63df5bbaf485fc8ec8775fe674eebd3c98c5acedd4ddad2f8ce3244edd1bf44b174826e0cbe96b557ba480ce496ff3add5b95f3e008b053d7782b422ea45ea

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d3000000000020000000000106600000001000020000000053c55f82dca538db460a7a86e99ab220d0c231c796135348af877c4a9a89bae000000000e80000000020000200000009eb297368b00fd8af2d3f45b4c5d5834838202c2f0299398b080f9f38dbf90c3200000003abb4e71f3322757719d4828e25013ce19cf6c64d47ea6c9b3d803b2796151f540000000ef4a485ad0834c9959c2daf2c2563559f7045f8045d01a717dba6ee14ac63d6bca7b3cc88245dec213cc42c5aa341942a2ca6bd45dff390cdf48ef9a3f101019	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80e194539d64da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "414664820"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7E78BCF1-D090-11EE-B449-5E688C03EF37} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d30000000000200000000001066000000010000200000005ef4f31292c58ffe4451c96ad10b705cd27cbed3df4353c0aef80d27039fe653000000000e8000000002000020000000b83da9daec4e5e22d8707e7c28115694dc91e7797b47c38e93ada206ecd4c37c900000008044d8f2cd24dc2d0eff813347fd03ae401b95706cac123addde4ff6e82a67bf7c38fc5c745d952646fa79566c0273cf62521fe521bb7517b486489fb6e69bda3ac9124aa0f4c536affa1ac843e681e274f503a7841906462218e0388a74073c82c3a306ea52ea3027a0ef62d3931f4a0a102614e5d4a90d9fd8fe60090003e12a8e821b201beb43e27cf3bd559d62d140000000b206aaaac9e2f040c1d70d5090a89e2e1f6fffecd9b2e9458e9e0757fb7bf26b66afeb7c872f82f554d236b1957fca3fc06356021b6d75a4d07596ffab9d9f14	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2504	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2504	iexplore.exe
2504	iexplore.exe
1468	IEXPLORE.EXE
1468	IEXPLORE.EXE
1468	IEXPLORE.EXE
1468	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 1468	2504	iexplore.exe	28
PID 2504 wrote to memory of 1468	2504	iexplore.exe	28
PID 2504 wrote to memory of 1468	2504	iexplore.exe	28
PID 2504 wrote to memory of 1468	2504	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Global Protect Desktop\.install4j\i4j_extf_7_7caten.html"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2504 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f68d379f49635dd20fb2fff609aae3dc

SHA1
5f9ee514b7d1afc377c008c9cb47d2899b7e706e

SHA256
490e15bc2dbcbd8a07ac823b9857af6e3d9b617c567d9e604d69cd40fa1cce57

SHA512
be3a42086aa97e1572c713d91ab083c8096da083eac7793fb9fedd56543c9ae3491e532dc04d4a1bd708aa896232573d58387be7ec2c799e69bd5f8a6d07de5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1eccc8fbb98c07100080b4f2d6417a22

SHA1
3d0156721eca52e71303fcf609e31cae9599856d

SHA256
053f257e6a36aec6b514b9f3cf6ec90254001aa450bb3242d8b5e14468a8b13c

SHA512
b4eb3d288b422965a5b4a1206cd0b65bdca6f4969180aa7dc3c69405b73cace041dd590487b33b5662439d7b3b650a7bf48d1d4d4dc1a16479af6e0400ae344e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6aa4464a059d21f90aa8a50fad5ae5b9

SHA1
24eb4eec400e3028bdb6b470d5f4571c76ade63a

SHA256
37770c7522298eb0889b937bee26a76ab9c8b94224696fb2a8935177dc19bafa

SHA512
5cf12c8dd021c8feca484481bc836deaef03274c0768e0f5877b9e77effec9792d4ba11a75d2c2d7b6fc158b25b8c96732696a27175ae270a350ba25e106b550

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d45809650e5659449485bbd3d5da8a3

SHA1
b046ef40dc82cca8f0c01bc59a905f85890ae405

SHA256
56f9911d7cae3792ad0f44f9ba580f5daa21676a6445baf8a0198ede9f98fe4b

SHA512
569df14493ea653ae6a482a4bf40c2843af18f97526cd6a35440afe03868f5c4f90de0f6ff5241ef1e071816135626a5d3765412fab425d08f7e3b1d4d725da9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58674328e01968739eda69049f9e6e9e

SHA1
1e3c335b836448b167f7738c9b7ebaa7837b6107

SHA256
dd70ed389d1fba2c03143758ec11f450e97cf25ff44930580b92e942335744b7

SHA512
c2f5d04bcaa94a7c936284c2d835155d34e4e5fdeb0900113651b97065e67fd158863c69464ad0faea25055934881cba43aff27b40cc8b483fafa4e2f64c47ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5b494f17fe20c17bf8fed76afe5eccc

SHA1
a110de8c4eacbf96ae8aee4efcb3b705aadaed21

SHA256
00775f78a466b2d74275dae7e7cdfd7f0c44d2177475800e9314eff1df525737

SHA512
1f5c7ef1032108b8294dab396fd8411d8eb86d0a47168a9b0dcd5f75c8bf2f8eb3732fbeedc37196d645d79ef370033a0e6a002d850597d0e2e15062cfcab383

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b21ec4f7cc9a601190f9a2adce61288

SHA1
e13c3e4539ab15eecdb9c403cd893395e6502e29

SHA256
b585c7245d0386839053b10edcb049db2481bb6c0a54a4fce642a1cedb7dfad9

SHA512
fb12b2abad0933ebbea1d732de5be6cb61c1cae838a7318f9ec4cf35f6ce404d639aa6e5a07963a78530f64c9ee80ca29fa88ab839a314796f13c7d809300b58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b8e6835cc8fed9c68bbe8dc041f411f5

SHA1
73107cf1373adf3dbdc8ff1ae847ab4e2d120e40

SHA256
c842dc2f9ad7072c4e55a0196a2ae5ea5091460ea1d5dec5de85ddb5ddf3c9dc

SHA512
1a64ca7b93964c8d9cbc4f010f233579b130a19a2273af4eaefadff832abc8715e78049a5a0bd82d458d4a159af9df5ec4c66acccd6f1b7e0c940e6aa3b3f128

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d2de56317d8c7f38cf1be1bbe935fc8d

SHA1
3b557e93b2c99bf573c98017933150a63bdd3fe4

SHA256
10b8721ee8627407b092e93a02413010747958f3c6ea11f4ce163c57073f8786

SHA512
81dbfecabdac7953500b418b72818d470f66239ade015bc1313a72323bf87e3a11896869734071162950f877d0239066e2a576c1f6be1cc4a29e2c6c0eca7efc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3bb290aa8d66089b2ee1cd6796760338

SHA1
69c9d5e199fbb315dd069376b0f399b4c9b4ec10

SHA256
e672b663a15549c532027fc0c759f17b1062f7fa3be34a48e48aeaec283900cd

SHA512
b6d6e2c3fd10fe03e46d9665bbe6473fc3e6a44eb3071b12a080903680c22b6b302e799dcac49263fa1da109c6b6db8ef3e65eb8e4f9d0f0b075c87dfedb124a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e2de0cad6930b4b0fb2a8cca409d0f1

SHA1
b21c0e9f720aeb16c3021e94dfa70857947f3d83

SHA256
4421a517fda2ac68f1314697daf2987f4463ac22d8bf1c9cc635cf767fd12e5e

SHA512
b87db934b353120dbdb2777a900441170027e3d09927206bffc6c77e1cd92bd60d07a7d9eed6f4fb8633c8f7c7184de664fe2ceaf64270bca4ba2fae2c1df20b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8795924ace2a557899c7e09b52429cdf

SHA1
c2398c461972bb8b6b0e052f6d08f7a3d494468c

SHA256
e6c067e94c594509c386eb5050a927648df850ff161c673eafedfd4f2ded86c9

SHA512
4588a1694f54e51e8f69bf9ef380279b79a11a76e80e69e099415e5adf7c05590d041a863c6d8803f6e68f2105eddfcd96502cf4219e47b3f2a94b83a1d773ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d447216e2e9a69666511d826af8155b3

SHA1
ca328093976633ae520bbb84006c54fefba8c5e5

SHA256
850e3af2f4cf3a0cb8aa31301a8f9a07c8fca9df37fbbd42cfafb2d1edd6c389

SHA512
fd4c7662611dae05d3ed43275cf69acb255d73e8e50b699123c0e7ead9057a73b6da17c0879c1ffc613dd085b3240e9841ddd8020fa57b612a2ca7f0ce0ebe8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
de4af661597307b70069863525ebcd37

SHA1
9f85337293f496e99db43a565dfc81b96a04a173

SHA256
c7795d1b6fcd23ebfc67cd3046c830d47d17c07278008f1f50a562cc44253082

SHA512
b4087b7bdcc8c2cb5c3c3566bbb932a889949f1dda2897a73284f1b27db294a5c8943f709aae804864ce93856d1d4df27a6120f88f29d0d13238c83972d0893f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2e0cfffdfc2d36d80dbcf8377282551

SHA1
824536992fa98356172a59c3ba3737c27343f22a

SHA256
22afe51b0d0114e2f92c07c27ce9cb98fdded39ede95ff69d52834c4c194ca4e

SHA512
8818bccbb974904c89696f7a67046131ebe20ed40c3fb6c1511ddd9993370669a7ff36e49adad8201bb181e64d6cd078e0283ffcabec40248a4d04ec16a49bde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
66d5707ee9e3850c77080f435bd65f35

SHA1
b85ca09880fb573aba143b5097e8f00dd844e0d6

SHA256
214abbf955dd17686d5ae5a44309b208fffcef82bb791fa21e0ea4c6c7371946

SHA512
3b7490062a695715462078560812902987d61730b27b950b1808860598ad3396705b92000b7cba1728d40e9eb2956535e1a842cca9a1b5e0cb5adfc6d5169242

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8d3eca6413dd634dbe01863b8e86899d

SHA1
168c4180efdb72099fc19542b867a15f7bd14cbf

SHA256
ce3930bfe3154377fb998202107a684207ce5b9b0293e890e1fa0ef39deb7ab1

SHA512
a3469ad3175e22484f1d9576848fba77bdfcd68362c267b59094c9b7260c0361b7c917debb2f7f37271b72fb4f3090abf97de2b6e23ce0fc78f693cfa8747278

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6F69.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7017.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit