0e4e4f59f694ab26cd5025b26ed6bb766fec44248643977f7c6772b0125940a9

Analysis

max time kernel
119s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 00:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa83cd91e7d54136b5592ea943c8b7d4.dll
Size

20KB
MD5

aa83cd91e7d54136b5592ea943c8b7d4
SHA1

1bbc600b9b1f65c1433cf94c9f874ec3cc30ef94
SHA256

0e4e4f59f694ab26cd5025b26ed6bb766fec44248643977f7c6772b0125940a9
SHA512

b352cdcc55e8fadd50a21935b7bcff39f7085429cab0b57b83587e76cc5a7d99d5edc633e5fd0c36daa9d8e83bf485ef95fa910c106b1f81642472503fc56017
SSDEEP

384:WNjP0muqbc2NTerk3/o5NY4Moooooooxoo6ooooooooooooooooJooootKvoooor:WNjfuqrBbo5m4Ni0

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A92E86D1-D5CE-11EE-9C17-5E73522EB9B5} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "415241275"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1928	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1928	IEXPLORE.EXE
1928	IEXPLORE.EXE
1112	IEXPLORE.EXE
1112	IEXPLORE.EXE
2388	rundll32.exe
1112	IEXPLORE.EXE
1112	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 1808 wrote to memory of 2388	1808	rundll32.exe	28
PID 1808 wrote to memory of 2388	1808	rundll32.exe	28
PID 1808 wrote to memory of 2388	1808	rundll32.exe	28
PID 1808 wrote to memory of 2388	1808	rundll32.exe	28
PID 1808 wrote to memory of 2388	1808	rundll32.exe	28
PID 1808 wrote to memory of 2388	1808	rundll32.exe	28
PID 1808 wrote to memory of 2388	1808	rundll32.exe	28
PID 2388 wrote to memory of 1928	2388	rundll32.exe	29
PID 2388 wrote to memory of 1928	2388	rundll32.exe	29
PID 2388 wrote to memory of 1928	2388	rundll32.exe	29
PID 2388 wrote to memory of 1928	2388	rundll32.exe	29
PID 1928 wrote to memory of 1112	1928	IEXPLORE.EXE	30
PID 1928 wrote to memory of 1112	1928	IEXPLORE.EXE	30
PID 1928 wrote to memory of 1112	1928	IEXPLORE.EXE	30
PID 1928 wrote to memory of 1112	1928	IEXPLORE.EXE	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aa83cd91e7d54136b5592ea943c8b7d4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1808
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aa83cd91e7d54136b5592ea943c8b7d4.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2388
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1928
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1928 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e97c2ef06b16d43284c576a81c6ca2f

SHA1
6ed975ea16b750abe6a302363e360d7db4c1ddd9

SHA256
a7bed5d3576bf405562128843a32281af86f0324e227be14055aa2cad9266a4a

SHA512
074d2072cf6071645c5459340a1ab63aea1ec5dc98573d45f9b9745cd5e443ad766a2bd529cdf29c6080a9ded1460ab574fa871b4d101fa65835ef64b48940e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a594ab0a65dc2d3afa51141ed37291e4

SHA1
04c6e6e304b3b3423d78ecb3e517a4e975cccf5b

SHA256
5fbeae38715b4b7df0f405cbcbef906eccf5f233f599300eacc55fe161307466

SHA512
2283cf45818702d7c7e0ae833297e55613ef8f6a261e378819671bc932a02894420b44c565bd68ae16eec41d41c79a660c9e38ae6e3fa1ec0d32c772648be5a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8083894aba9a06e79b54ff7dd7bc5b8

SHA1
c4eecd35876445e92aba13253354ee5b7884c480

SHA256
91c69c6ea96d9dac6ab5112e83121719db2835dabe5e050e8632339268933740

SHA512
e0b79aef0f30f2cb95098c1b6aad18c2e1bc898abb27a4ea98cf1c859f66198cee07d5855e02d5be0b64842727f82bf451c3dfcf243b26cfa84b4a74e6edf06e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a11878e140f0f9525c86aa4d73bff83

SHA1
89a6693c19e0b0873cc637868aa5a79b3a5ed584

SHA256
db268d666bab4596ef7c9bc0b8aef17d58af75483ff149a62ff1a0c0b48a3d8e

SHA512
922c5ecd90b845a581002ae32357a006d9551891a34ed6c739a28dcb3eff8e7b029e8939eab11e5634a620989a484f14a417d7f7020f93ca016dab1731f0459e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99f684445e135b359ef66d0773b2593c

SHA1
f37d703b85e146e505f795b177d93267f59a495f

SHA256
149d1f322f2ad4ef9f7d86e6b43b030788627de7606188396f84fbd2eea3ffca

SHA512
ccc30b62bd74e62a28470c1f62a378a9485bbb49c76646ff72be3f3299134a009e4d457d14bd388c19e3a34bba93e0fbbeb389af356b9a092755f7ed316aaf94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cec731e37320ee66710e63863db1a597

SHA1
d02ec042201ca8cded339e2e76df64f5aab8fa81

SHA256
5fcda455403ed3f23e9d465db01c1b88ccca8e9467d20935568e0a0f7cb1e780

SHA512
8bbd41f3919edbbc7236c7a32e4a2d5bae527ca3507723e675a5cc7b319be7452ca289d714a64d0f7137f4e0dc83640052efafb3c942e6e5ee0c84870d160684

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
878c4d826c3a9d3cd377ed12e533aa95

SHA1
cac26b74238d87d9fa6b2dd77b461e4a2e360973

SHA256
719f207b9384c6ca6546d8fae6e04cde238125842d62f418d6029b124d016212

SHA512
06071c9c4f3cd52c60f5a6d64ff1f52a27ec7c4783aab74af3214f4761f25ca74fb4f3613982815b466aa1c2610e7e2f79ef5faa1814a6890a0e502411641676

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ef32f5b38f4349ce44de1cf2c47dba2

SHA1
f81466ad27e8481e3a5de925f85e98b3731937fd

SHA256
b135c2fd0bcbfad996c99d1ec1a57ea1c95a3c3bfa511416c3db958b346bed22

SHA512
88e28397e049e8a7b615b0b06bcf7202d8608c7ff9f983bd93410172fc1b199ccbbe15df7a063c23a876aef8dfdf21a37b021ac08a0badebbeabc29cbe446987

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
636c826aed30bbd0e49f4c1aa93a5e9f

SHA1
67fe4ab789cb1b0568c11deba70da87713f844ed

SHA256
5d12681ecebc11e0d439b57932ab63fb3d197fa8175f60afb909cf95463525f3

SHA512
b868b7517e598df64e4e2d5e861b921caa96805bf4a953de3a3ed2ce051c07597c393b3ee6cae8a0ab8171c8d8062df759cca335338f5c845c82b1c343586285

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c49c979c2b5a7c493cdba9771900489b

SHA1
cd8052c066dad1721844c34ccf45f41aaf4e3812

SHA256
679cc9d8ece17c7d1325c11678cb1267bdc3d9b3543d7e15de9af4016a2b2100

SHA512
80411f90d39802b1eb9d0b27f6720ce3150eeaa854b7beae0da77ba4bf7b7631b040ae6f560020f8c490b1329753fc5c2da2872db84d34b8f0af2d0c9e0c800b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1a857cc5c8960677cbb0e58b0425580a

SHA1
727beb29560560614db9e8aa227aa0360265498c

SHA256
4305e253e9b332837a25b55d03a9317395cbfbc39907b07bee71ee3aad998e71

SHA512
7354a23ae9cd55bdaed3039efb13b6d3ade8384bf4401b8d0ef1d56ae182e24d1b5455aa5f25c72fbe4d811bfa30dfd98ca0229e80d6399ec0afe10b8b482f16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f340d7a3c715f098dcbda9b9b4ae526a

SHA1
c0a0c8122237483d7363e511627e5f44e45b2681

SHA256
ceeefa791bd0f9baf84e317208ae537c87e6f5f0f388eedec15815ccf19e2d69

SHA512
e07e5e137695209b01b92ece23d84f8a850ce36e2664e913e66c5f27bfba1bc3a39bba65bf4c417ef455cda125099be0da6b7ac4c9c9128771221cad384a50e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c057b586e4c37a056ff643113f1de60f

SHA1
1c15375689d9e3400935e23a1e237e474edc184e

SHA256
d40754788056be4b6e92eb5a97fbf21de830d1d2a7f8963bb8b40b65fde84e17

SHA512
da304b775f5912d56d0c08168a1081a32abac02971bf768e12511f2a5d31f22f9a05e4f08c00876d8c2f72395c855788b557105df725e3fcb9a7f57e4044dfbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ecfbaf72276bb3116c084077eb707b67

SHA1
a1863646b05009c6b53a43614b3bb649734218bf

SHA256
2591dbd969fca0bfab86f2b1d2c07bca0afe782951681b3e5ef01018a16da783

SHA512
d06f6c9f0b36ac3dc2976b11b2d3f684e9dc05ed782745e5a849668f062a3b41d4758079c8256bf1adb409deba3efc9750fec60609c156aa97d381f1a61cca79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8b919aed46eba0bcccc3fe055a31af8a

SHA1
e2b65062747b0b789e0f7bb73e92745d153c9021

SHA256
4d8a2de5c7bec74f4d21e865e73b03a08a5ff44ba5549c51b507af03b511d10c

SHA512
aa7a54c347231f4a2a2e747493213b41888653a0d1ecc90d5f79ed475c0b74c771868b2fca215cf7837ef82a5e6f02a3c1bdc6a837f077279edf7523f9337072

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
59cb00bc03ff1b0efe77fc827b593f8d

SHA1
f51581069a463a46ffd1725d31031c91b7808270

SHA256
39d53ab772eb6df145eb7d587c8df304eba285dea6b3a86d1252d522695bd10c

SHA512
5d7a8474c741e3413290124d6270d7a007f3204a0c37e967eba67c296da93c3280d1b640db303e56f33e42d619ded5087c5b38c1f62163a2e3c17768ff1d7a30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c60fcf82eec91061c3f38c6f2605939

SHA1
3c8d001bd708cbff0fb720727a82afde6c89e989

SHA256
1a140e40f8e23fd3c58d82bc7784b40f517b9ca8adc9947baef180038d2224bb

SHA512
1037afdcb2442ea827fb3457a42a2f08be4524f71f5e53ce3091ae8e1576aad20385929e077e7ac17fccf6616d0820c3ec0227748386bb4211d3ca92ca4310ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2DCC.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
memory/2388-0-0x0000000010000000-0x0000000010008000-memory.dmp

Filesize
32KB

Download