b9bba1851218aa1955eb857a89dd240c064636cbe048ffe5ea7a5dbd0829d59f

Analysis

max time kernel
119s
max time network
139s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-03-2024 13:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bb676034bb64be721777a0d14aa12ef5.exe
Size

365KB
MD5

bb676034bb64be721777a0d14aa12ef5
SHA1

d180cdbf93651160bcdca83402312b523c7d3922
SHA256

b9bba1851218aa1955eb857a89dd240c064636cbe048ffe5ea7a5dbd0829d59f
SHA512

a00a680fed10bee7e4053750272dfb34baad68bdf1848ec6fc13e7757f649fa8a462e5726f00e5bed7af9aa84976351e52f98a4383b83f0aff3c2630689ee08e
SSDEEP

6144:75mV8tj9k3lytbg9nLj3SMtRDBLqrkBLIUsyOMi3kFQAh0ebUwk9QGtUbhl:FmGtjW1+kBjjpqIkUsru0bwNbv

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d94d2d3723739f48802cd6414eea5c7e00000000020000000000106600000001000020000000009559c0ac7bd9887d51e987d91f8374b71a0e8670d3250181b3cc3c54e09616000000000e8000000002000020000000f042f96cd401dc36276f08089a01bf2e82d9f55409a69776275b493cd5b1770e200000006ec95550d5d98ef4bad16454777f16bf685343d56677495d6923908c34d0abc140000000f16985a8ed3047dc5f1721885b64bb06c4479b709d705de3fda278c576196a30405423439131ce34601bfee1265ffbf917daca521687b83ec2b8603a53579fd6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416067089"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{64012C41-DD51-11EE-BFAA-5267BFD3BAD1} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2098793b5e71da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d94d2d3723739f48802cd6414eea5c7e00000000020000000000106600000001000020000000a0c560856e4345a59962298abcf61cd07f4c9f5faa8abbc570893f463a65f0c6000000000e8000000002000020000000ea449e60cce927539fce1d3cb79fbb496cf4b40a68abf9c89462a76818ac661690000000b208e60dc7dc88fc553798ed0c3f18e9b285e21b3693e39ae9b51a691665b1de6d32b93c657ba884be136ce66e58cdfb5183128e584c78b3b9d070fe9abf5aaddab2b5b527510f82b7202eddb116846912211dd21f9c304edd69fcae8360082977f8720929c0ce53c7aebce8a7b26d0855876d2569c50abfb99c9b40e31b243c0efb83b22d27e4b4d4718a316ce39ffb400000004e74f53b394dfb1efdc361ed992c2c997a6267e278b3fcdf4e9bd12e7e0827ab4fe71a42c8b7a7758a58d719d50d49cb71f6ab3ba19912e048706fcb4a263f09	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2208	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2208	iexplore.exe
2208	iexplore.exe
2672	IEXPLORE.EXE
2672	IEXPLORE.EXE
2672	IEXPLORE.EXE
2672	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2208	2320	bb676034bb64be721777a0d14aa12ef5.exe	28
PID 2320 wrote to memory of 2208	2320	bb676034bb64be721777a0d14aa12ef5.exe	28
PID 2320 wrote to memory of 2208	2320	bb676034bb64be721777a0d14aa12ef5.exe	28
PID 2320 wrote to memory of 2208	2320	bb676034bb64be721777a0d14aa12ef5.exe	28
PID 2208 wrote to memory of 2672	2208	iexplore.exe	30
PID 2208 wrote to memory of 2672	2208	iexplore.exe	30
PID 2208 wrote to memory of 2672	2208	iexplore.exe	30
PID 2208 wrote to memory of 2672	2208	iexplore.exe	30

C:\Users\Admin\AppData\Local\Temp\bb676034bb64be721777a0d14aa12ef5.exe
"C:\Users\Admin\AppData\Local\Temp\bb676034bb64be721777a0d14aa12ef5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://support.tattoogizmo.com/components/com_media/.../su.php
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2208
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
608c6647ce7b87832b1fcbb7c5a0bfb0

SHA1
5c048f84f27e78bf2bb6da4ded900a4045b022bc

SHA256
d52765f2ecf9db7ff28da1cb9a9a11aa4e871a25952da61bedce5fb911a27290

SHA512
212a1245d42a3843b9523770822395258e3b43314bd807e28e5c9539bc3bf940e5739de3253da2d63a81f28d2a91bc993b425cccb8843b6370456299a5775c44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
80acb6eda4ba9a12a8cfddc7d7d62663

SHA1
6179503aade693362dbba3451fa6c0ac8ad695f7

SHA256
e7ba2d8bda3c85b915d82095c6ca7529829265df2897d88b26b86dd2acd29ce2

SHA512
11f76c10430a12b66beda3a74c8d2cf08084065dedf7aa60c2a6e3fe5bf00dd93b7694ff44663c2281b27cddcaf492feb3786d6f8845848a14d860eba2838d85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
26c790d389ae1d62aa669b699e6388d5

SHA1
818022cc63af7801b1b124cd00f1a82168c3d636

SHA256
e79e1b0af454d7120e94b44832a3395a7a82f1a3044aa8ebc2768b7a21c8b3c7

SHA512
cdf83af132cf496e85a903560e91639c4ed35057a6b12b3041374ad1c43380ae9688834752aaa7c781f3020a11857f066ebed82fac9326895d91e95b06285f77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
01ae1e9a4de31a17c837484ae7861d1a

SHA1
32e98e9796897e8ccb1e92856dc47ef24816e02a

SHA256
9218801c06297ecf42af89d135c0194c3807b937c1e26b2ce5a67f843f95775c

SHA512
4834d38104242381b1c2285f5454bcd2083941387e4a4b77216d7c890f867ab3dae27558407c90fe567a8d72d2c3a4015e750a8028b9934187210f9715a86e8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c2b5a536c3de8b7e072224cbae13b93

SHA1
e67dcb78e7690979c90e82016cb935fced7c9048

SHA256
04f1cf7b6846cae9c5d5644c41852102f03b51666a40857fe66dabf8e8d95453

SHA512
62f2dd699cc51a696335496278b6afac8c338faf1351846303777d2bfbd8e34b062ada99ec29c995eefd878d66301e61a85c37fa7ed8a8b2209eff7a5331bfab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
89d58805b18253ce6aaf0bef5dac6528

SHA1
afc0ebe0b15ae213d789e4425be0b51300f9bfa4

SHA256
48a61ba6eb79d4de508e89576f89627e9ca78fb61944e635257cbddc81f0ce98

SHA512
9e2b2ddb0ff3b352ba02631267f2c6a2c06606170263fecb99a0d5757104f3d16e3f61bbff0e61f8cac8992fe7ccc82ff121ecce90715270e51e41f60b920f19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
150a4847db458a130d202411a396a8af

SHA1
01eba2af0e951ab18a57c87c5da89794578cdc95

SHA256
aa0adb604e071c8cdc7728f34db627bbbfd68209b2f9df7f0a0cb9b4f6ac35e5

SHA512
09d2853ef31a14eb43aa29edd4f26028f511e263b6489879a37e47b83bfde5b55a584aadfb7fb521a423f56ca2ad77f479e812843f1324104a766fcd72345a1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
193941ecd8ab0f65f5393088e1e7331b

SHA1
379944d340ac0166141f0999d341c0a5b9a43b1f

SHA256
81fd2a9f825800d1a356f86ca4b102ba9750537f4967f05c550c12a54a5b4457

SHA512
6d7ececa41ccca39c37cd7bd3e754752aec7ba3b49d4e7b1f5a1426660ee357eead18ce8e23d76ec83b06d8713bfe82eb8407a78b6e33109edb488751db7ee45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dec6c45961a2b705b16d7141e10d764f

SHA1
57f97f0c86e988b4b62b2c8f442438d4c923c2ea

SHA256
28163341e87e0143c3af5fb61bcf53ddb145a20fbc34e0fdd1143294dbb513a2

SHA512
debb1e83ed1c1b8a1fd727697dc9ab9792006abd9794ca04eab5d6441ac5ddcb949ae540bbba6f9cba82f5d37f288a4b734ee4282f4c21756a9a60d9857c21e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
50ce425b0ed6c03474fcc35ab7db3892

SHA1
82217e44f038849b957ebbc949370e0ebb3b3c3a

SHA256
17e424e36e5939de0289520c50c2813665c9245bb7c8c110ed3c741330dba75b

SHA512
cf4dca7a23e8d1cfe6a076825391e42531a88ebb848edb4b39b34b481e21b3bc4dd52bf90a1ac6fd3f845e8f3291d747833e16d2c00768522187eed698c44764

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f82f8c8869d071ab9f44e5c4faa811c9

SHA1
737c6b6bcfa241354157e6ffd2b6a7755a9b1d50

SHA256
7d0fdcbee5697f4fdc5a6eaec49f8afb03b4486b2d105b2c8b8fe88f0d30e245

SHA512
5fcb6b440af2394b4daf602b3e08e0f73e2cf2eec6f05b2de3ca900813760f62856c7dc2e3c26dc2dca3770004804a74f201ef38bc27287d28015a190e1205c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aaf74ac2bc026d6fcba5cf0bed106e8f

SHA1
d0b87377a7694e20c5bab55327b31b403c9866c1

SHA256
9af04e289c61150b633329b056b59336f01d83ca5b827d090666ff4a2bd8447d

SHA512
5b2bc9be361b3d92273102e291464634cf2402ce87aadba5afe35be3764bc614149bafb018b39e4b0b9caaef77c7325fc488ab159d6f7a3cf554f3c69fa03d3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c16e3cf5f59e836f1af0d2475d89de74

SHA1
9f208b3d344d732c754bd5b44fd615b717975c7f

SHA256
8796e3e1a590b1ed38771edfefbc0fc00dcec18375f7cae126cd9c6a45ca83bd

SHA512
ebc420aa1b5fb566a6254d46fd6c2cd43cedc336a7dbd68c4d4fc236644ba5a242e819edc522c7f49d9dacea307488dad59863de9658be23ce2ed1aac52b4c13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d118cce38cb74f38d1baadf02140754

SHA1
b95fbf97267acd88377b63a4d2e3529097ce53ee

SHA256
a6106ae9d6dadd6140e7a9c177834d777e3053ddf6639b3e242104f23be55517

SHA512
fe724acaebf786a3e568ce7ff6765843bcf40c6124ee00c67c51ff6960eac816eaddad33a01b4ca1e195bf808c83968abf7786abdaf943d42f8f73d7443aa6ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8115.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar83DA.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
memory/2320-1-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/2320-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download