5e34bcd64926afdb1516371dc9e8ab352b0065f53ca9df3f1ddf462a94c4a357

Analysis

max time kernel
121s
max time network
133s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-02-2024 03:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a0c5e97f79c788c627e104735f4897a4.exe
Size

12KB
MD5

a0c5e97f79c788c627e104735f4897a4
SHA1

8aaff303b0e9961e38efa89f78ed2a3c82a0a4a3
SHA256

5e34bcd64926afdb1516371dc9e8ab352b0065f53ca9df3f1ddf462a94c4a357
SHA512

1078f97717a209692335ff73e0ab9d542ecc4ad2afa074e0234d249f492b6531e3654091c1384e8d600bc34b49852e59bbbdbd49c808ff94629d4dfa99c986b3
SSDEEP

96:Z1c0Dl/9gSyElivs0b+onc/cfazZ+hnf+on43bFRr4Yf2baAg6FH3aarHHuHHo:Dxdyewn3ucfazExf+CKYo2dFFHzLOI

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F021A291-D2C0-11EE-A1EB-6A83D32C515E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "414905528"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2296	a0c5e97f79c788c627e104735f4897a4.exe
1136	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1136	iexplore.exe
1136	iexplore.exe
2588	IEXPLORE.EXE
2588	IEXPLORE.EXE
2588	IEXPLORE.EXE
2588	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 1136	2296	a0c5e97f79c788c627e104735f4897a4.exe	28
PID 2296 wrote to memory of 1136	2296	a0c5e97f79c788c627e104735f4897a4.exe	28
PID 2296 wrote to memory of 1136	2296	a0c5e97f79c788c627e104735f4897a4.exe	28
PID 2296 wrote to memory of 1136	2296	a0c5e97f79c788c627e104735f4897a4.exe	28
PID 2296 wrote to memory of 1284	2296	a0c5e97f79c788c627e104735f4897a4.exe	5
PID 1136 wrote to memory of 2588	1136	iexplore.exe	29
PID 1136 wrote to memory of 2588	1136	iexplore.exe	29
PID 1136 wrote to memory of 2588	1136	iexplore.exe	29
PID 1136 wrote to memory of 2588	1136	iexplore.exe	29

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1284
- C:\Users\Admin\AppData\Local\Temp\a0c5e97f79c788c627e104735f4897a4.exe
  "C:\Users\Admin\AppData\Local\Temp\a0c5e97f79c788c627e104735f4897a4.exe"
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2296
- - C:\progra~1\intern~1\iexplore.exe
    "C:\progra~1\intern~1\iexplore.exe"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1136
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1136 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9fe3fcebdb3e2845a1837788917099e0

SHA1
82566e6f4468fbed7e1604319054b8eaf8954224

SHA256
31de62b6beaf9d7808d75589cbe3a7d9ad8f9084960c90469e50202970ddc5f7

SHA512
b5c8bc7912bb1dc401111c0a4cbc352b7322ba0668487d41033474005a4376edf2958f5e1da442aac1881194a8d9c3366455abadc2e77a208f2cc63968e53bf1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d75463f098aa886480031ba73e12f9a6

SHA1
7b730b00c6a75f678670fbe4217b07a8db06cda2

SHA256
81cd4206bef842e05a1675364d5c0ca59c1a667dde07ad7fce163318b5bccdab

SHA512
9a732167ed546ec50ae1cdfb19b006a10e6cca1d674044e2516da72064dd177240395282656ba9013d89487f793b6ac551e2e8987b50ed2222b3f9ac7b4da0b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a0df9bfac76405fc19f6d6d690e52c06

SHA1
b9f3f19084521173744533531633f111eee60c56

SHA256
f51bd64d99c6dac0997c59be4abecc635e7fe37801ab178137641a8a56be1275

SHA512
3e191464988fba199cfecd9addecaa3e39d37d32455b698d89297ec76e1b77e44817e9972570526e2b4a47f6be165df06718c6457f7780d3b64342e18438ee50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d066d9ffcddf4f157416d56fde78b59

SHA1
6fe2979c3f0ec0f785a716551cfc12a31a047a29

SHA256
0acca2556f3ccfafe4b4098efe83f08a8eaf8abdbbdcc2f792b644b8201dd35e

SHA512
fe916e62b406537804cf804881eeb57ddbd3395c7252fe56ca501c06c423e77dc5174fdcb34770be1c14dee1692601f3dbbe92d753180c2ad4b087bb9f536839

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c3f4fb77ae212fde47585a3e8a3f2329

SHA1
44db1e02c70a011e7b6a8844554f6b76501ee99d

SHA256
edd90300f3777dca39da837636421130a25a452c0019cc91ef980fb0502a1312

SHA512
ad56d76fe19bf0f0821ceaafaa941e5b52cad52e861ac01edceeebd9c75c275532fdb46c4f1ebbfd843d50e3490576fcb1dcea33ab6aec64468e1ff0ee878dc3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c058e41cf118c30b6b0d8d29726e2b79

SHA1
bedae2bbd67011946a34902bfb375ee770cabbd0

SHA256
a6ddc5fae5da178b662656445a1a38a62884581aea2ee7d6b487b944cbca6f85

SHA512
c74d95cff9289249c0ed9e1ce170b9610cab326b4be87af42b4bfb24c7894966f0a02d035c858a3227d4fe8773044365e9c71ba76a89d15284bb3548660be42d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
68729b94fe1f85fe608377226d916b88

SHA1
4805ed22cc84a511fd483eb3d005f21dbe12e9d9

SHA256
7e03c1faaebccffd7f471280799d4f691c3b856db14377a4852ff3135c3103c7

SHA512
8498dbae46975ccfd3433e5f97be7a629a27052e9c1891f7cbf26ea225dc27681482ae4372a6403b15e860c2cb9c462fb757a18bd09e8e4a52c69056c1e35998

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f62a246679a872743541df116f0a0f6

SHA1
9954a2ec7ae602ea7f8f3bd5b569f79db3a6b743

SHA256
45179f13873ee744e831cd2b332bd01af5817a3703ca2471cca7a0ef05ce30f7

SHA512
7abd8f3237aa3c44d3370d07f384bacf258da0f1a4e230cb35c9bed65c51c420735322b3270ab505ab3307ea338e4b4789d8cff859ff9ef6cf19d4205c845361

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d67e1bd58677f9ccc5edff62005078ca

SHA1
9377f9f38c453dc6dde03210ae0ef69a957a936a

SHA256
6cdbc02b3f7846678b4807d488854d6fb152f71110ead0465b3295b465411f69

SHA512
97253619f183ed19c80f12726c5d1afaa042cb69d1f42b5d63159c22742f43dd1825ad0acc8548cff60c4ae9620e9d2c99092550e4d4e332249e79ab0ce3b65d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
37656d6d1502b0cfab6ad41eea3f4c11

SHA1
251cb431b966230fd336f88bd3940358412dd164

SHA256
521342772adf3d996a483cab124ce4b932f1f5705d854c419b198423d38e954a

SHA512
31977576df3d742568ba201a4025e4740972176b8389a63945fa9e3c5d5dd8669a4484ff158579db4a0670f0f6b80c9497041e1260a00c14a6aa1e016079b572

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
068280decceb4d7f466be9ec80ced959

SHA1
ab33aa64958d7cd43bffb890462126d8fe9efaed

SHA256
09b998695b1ed5baafa747bc7242e2dfedc99159a983c4fa67d18f6d90b6d6cd

SHA512
c1b304497ec952abd08bc6f070138f0236239bc15b8a5c823bbf9d77bbeb9f8ef9c053034036ba99de9d6a99050d57adc15cf6abd286acc35f058b3fb34d92bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0af0e42d2adc2da33b4a49e32227d0f2

SHA1
54fb3e62bc359b4a0e693e1346f7a4ec5fb9c32f

SHA256
4eb0d4ce3d0ad8d3f2c798390e62274fb8a411c67ef6cb8907fd30744067efec

SHA512
cbd077f10903830ca0d6c01d25ef7739903d6ac9600bb701c0447dd2dcfef4a9ff9d25acfde9fd56e34428556ce39dd5f5771806b68c2d9402a045dab5d6108c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a364ed58cc7292629ce91eaa83044f5

SHA1
cf338911247f806a7f2a3cd8e47b71d627dfe06c

SHA256
48c6d3c40739e445d963118dec730321ee13c13efeecd9c86ea633dc0771c4d2

SHA512
c952f87c20c721c83f0cbca0473df174d3ce2eebc71e50878efd533f906af9e220c8b5ada3f783c644a415dccdc72ff74d471706e62dc893cc6a6bad114b8439

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f356e77d236d1889af9f35b7146528d

SHA1
b6b59f6e7120e43b61a81cf0c2b22c71fcf9b916

SHA256
c2dd47812a81a80157f4ea8409a53f4006510f5f028b84a833ed2d21e3a3dfc0

SHA512
21252482af5cc2ebafbbc3743d4078e69eabfd3f2ede6ee3fcd7f6c5af6868ac0ee8e8654a6e666f87f29ad5ced93da12bc525843e796787a541fea566af6162

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e520b0eb2f703600f5232100e992d4b2

SHA1
3dbd266dc914294151b2ec461bc61ce691400fb9

SHA256
1b9f12b5b56e90c0abb9fd762adb0a3c5e4d6f8349ba82e89db07e2f9766a097

SHA512
6c628929c4a56fcbd98b5494c570a3e0e3a51808e529b43ea08df854289610cf76522211c826cac3282a4ded7e6a439b67ec6ba602d4b1e2876b2f34d63126b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dcb9381669ed222e1e1862eb2ff52184

SHA1
5e90955a8d89643b4cc421a5bf7c1879e1c1eda4

SHA256
50c45372d91b43027ca4bc256869a3af123debe9d6a98a459de55f0eb2640c72

SHA512
2e986c5b1d9b2a710d55b6fc277368a90bdcd9a587fe3f31c4d27a57be93e891adb5e8958922e3a2ec44f78a47d0463791f849c60f2e3a520550a4f4ccce1f5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f6da5793e4f5a88ca319e280e0f8ae03

SHA1
9912bb885e6c9057f823c7e508f6d77eeee17d68

SHA256
a961aef6f219056e0e891ce6204e2cd022f26b7d0d4f2c7010eb4cca10a31a76

SHA512
0429d1f6ac366df59880ab8d6308ba92a8171ba30ba5e482c30108eb9b567ed58a95507008beb05ae45b9555c971ec6c722c92d6fd885ab232eb5e10d02885a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
425da62c195e18c59269b844409500c7

SHA1
851df5d7f5ac44a36ddfb265f53f608a5a743c8f

SHA256
e8baf3ecb7e0e2aad55ea650c7cb295c4a40ae7579cedf80a51905d5ac28f1dc

SHA512
86543b44a010e4d92b743a7a1e574f0de3c46e362250b8063eaf6d2cc3f37d810afac95b0109414c8716b59a7ce71d1a981f22bb3911ab8543cfdbc488168457

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f90b78b582005068e88d793f964dd07

SHA1
6372f3ccdd7f2cabb005eef8267866143100adb5

SHA256
03ea7253b0c8550f0d82524b7acc1fd25a910aeb0ca7690289bf5aacb83bbc9b

SHA512
348eecfabbb54dd914f58f8d4d90bb298d36b373d5a00308c12f8b70faf450cd8dd9bca3e192a9dfdfc05f64dd15a8b72ffb74b9171e9ea25081e581f841f4f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8E9C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8F5A.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
memory/1136-4-0x0000000002B90000-0x0000000002BA0000-memory.dmp

Filesize
64KB

Download
memory/1284-1-0x0000000013140000-0x000000001314F000-memory.dmp

Filesize
60KB

Download
memory/2296-3-0x0000000013140000-0x000000001314F000-memory.dmp

Filesize
60KB

Download
memory/2296-0-0x0000000013140000-0x000000001314F000-memory.dmp

Filesize
60KB

Download