6ca4ecd1a1b57a50d86c35d7e773767a7d839ddb88b5b509ea0ddfd3ee4c4676

Analysis

max time kernel
82s
max time network
173s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 14:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LICENSES.chromium.html
Size

6.5MB
MD5

d18c09a075cb6531d7ffd7c3da77bd4e
SHA1

571f29b6004007111782bf5727c4bc9510cca286
SHA256

86f5222580a4ab03dad8ea62e6cea22b23454dccf1c77e74ae0e0410a13b16fc
SHA512

091cd68e12633919fc6100b606f3002b16f4b9c7c6d7c820ff20e31a3b9ea690c8a1fc90529ff3e5c21e8d778e254743a8708049830c3bb046eda8f2653000b7
SSDEEP

24576:8P5K5WfWSJiJjQlaCmf2P6e666A6o69/kHPZQHpuQ:UrYR

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416072037"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 706ae8c16971da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EB4027A1-DD5C-11EE-92AB-EAAAC4CFEF2E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d182698a4727943a65bc6c9ecfd0fc500000000020000000000106600000001000020000000dc6cad99f69af53629d3625c0182fb59e785511f95f5cfa81a513c61b7859da8000000000e8000000002000020000000dedbc291d73a1bff507417675672cbd0bec06a2eeba7999a5618f33c8fefab4a200000002727165dbdc15b854273a69a330d99f2ce319632e96f4e2796b6ca50f706fe03400000005dbd917650a78c9ba369d258b39c1bc3853c717840f53701a422dc607c47e8b6aeade0317e0253944ee30abcbe6536a2e86b1b035f7a59dceb913b59ca8e3804	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d182698a4727943a65bc6c9ecfd0fc50000000002000000000010660000000100002000000095783f45320252f59cf2d3c15f3b741727e9fe10a7db4e26a3c437f3a1ca25ed000000000e80000000020000200000007520bf77b19779c8c6a0e33f504d8ba6e7310ce2023e9f5926e58b6d77f16ba690000000db492786614442df2a90c8ead6914c971541f462d2aeee879d577d150b618882f3808d2878206d68f7f49c84d1bce6b0d4941ef30ea11e81c6867c5f212ec2dceec5b1b46d6f09a287ce4367b03f3ea593d16aa189fbc9004bec61177a575017cfcb8c8aecd24752e167b9b4ddb3d96a8ee169dc064ebadcbe8b6675cbad502c27e5b20529b65fa5f180af1d4606c003400000005dbccdbd4bd9963c370035916b3cfb114138468ad99dc67ad112d5495f0f92e9f9d79934eb9a191f66399de1002b098b6db6827eae927ce76c14100508fbb959	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1200	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1200	iexplore.exe
1200	iexplore.exe
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE
2568	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1200 wrote to memory of 2568	1200	iexplore.exe	30
PID 1200 wrote to memory of 2568	1200	iexplore.exe	30
PID 1200 wrote to memory of 2568	1200	iexplore.exe	30
PID 1200 wrote to memory of 2568	1200	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1200
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1200 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d942a4f3222ef96f706d13924550034

SHA1
9d8915afec4cd27524aa7778245e9036f3e39573

SHA256
88a7fcf2215195d9f79a92f5cfcb52d3e6f49901fed3519c7beab90fec8fc29a

SHA512
50e967d05b22d72c14ebbaf3da60d07feb946b9dc91dfbb287908efe1fab5f280558ce9c95c890d669f763ffc3d0a850a10a6ac79edbe356462422cd37b20e33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d3418b40ce5eee62f506658f14bb1065

SHA1
36f039a4ecf45204f8eb6616be1154f31c440e61

SHA256
8e6c5da395010dabb215978ac226ca848a63e121594ea90dad9d2515d6b21013

SHA512
4e7f9cc38f953bcd1be8f92464e92cf95af9b3672fa5fea94d71151981119323ff0ebc8d1fa321a93b0a1b92d710d46f13cac5c7399ebc0092add5663b0e5682

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
105a995f43a3582488558528264b1432

SHA1
dbea2c11807f7deaf0fd64e44fe709b231edc399

SHA256
2620f957d3eba954d01165338765e1765c4554c8545fddcfbeb6577c2275b1fb

SHA512
4254124ff45be4207b280929fe88d7ca90a505cd29ab078726ea13341b896b496b2edcfed7eb9ee9a524cde0171b57cbc53d78fef4c3cce33620c8163dffa6b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c5a42333397412b80da7d4ce2c99d78

SHA1
a347878c479a65897c7c23642b01040945334e2c

SHA256
134398325f33003741151aecd5ccc9ba5f9066a16ff516d3cf999ce9226b52e4

SHA512
f885d16ae4ae849761637214843b3708b45e4f68faf6833265db4ccbc64c484dd005acbd7b0daefe08d1e6e6252f89fb1d43a1d1cea3c35cfc40dd6b59397121

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62177bd7756e6d28656f146834b725d4

SHA1
7201cf9fab229a655c1dd2f6674698d9df04f514

SHA256
a3ba13724e714e53ad37bf22d1b974d86c08f443210dd6c3c557030078d18168

SHA512
29250cf9f0e7c5024037acbf37fcd74b10a2fa80080910ace0d23758998f14905f8643e1f331a823037374143c3c2b99378736e1a8ba967be0cb9cf8e9d69a20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ceb4c3860dcd3827cd50bb6a84373b7

SHA1
489ffb11ca6313b884901f2e8dff640f07c27647

SHA256
c9ad0b84be91e20e8a613cadd40c2f706bfcc1075acbc8625da9f45549d3f18d

SHA512
e28ee082c373f5c2866d60600b83c603109d74829e31feec3adcac732c57ea1cf61dd6fc46f613f461befce127fb5d460cfe6c6bdbe79e003d847754d4593779

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cdd7e790c37f26773eafe4d0e898eb51

SHA1
e91d4aba68b5cbc5b71452c21bc3f5bdff173ff3

SHA256
e21dcf713f599df58b0ce337609e10ca9cbbb86712b770ed0d165421e27cc15a

SHA512
304c265b8308fb426af0f6811744a6687c130cb07f3ca89f14a2d26c37df26dd9d1c6138740f599e078445a19566b609ad91ed71ec058264f361ebefcea23a7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e6944dad95d76b5d959a51c235f6de2

SHA1
a364c621fce68ac67b2281d0e1b5acfb74c801dc

SHA256
c8684787db771877ef35136f2dccb22fd7e53ba63b17ebe3a60d4f72d34f6fd8

SHA512
64aea88da5c8352cdd9c56fb7d2c8fc5c1950355e2c2b2906e5e4f96cdc96a4ad55f6dd970319c1b305b93460901f2a300ae435832c929b3d05b2313a458e628

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8438cc3f373f84e3c36ca2c748ff375

SHA1
eb52660ab43b0a4f885a8a02fd5d11bb08033acd

SHA256
969583ec92137db30db1da0572f2f78c7e9a8cef96d5c924c7b29e2613758b8e

SHA512
d93099b4c67e916897a0e7a9795ac1d4723fcd9769cb630986677007b8bc76415efb93aff49eef50c056a21c1484d3cd0a37c4f61636e1b26a75ed370f8d7849

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a39535f29a0c93c40890cc1456133f6

SHA1
93fb74e3d87a8c31d3092029809b3e32d601f7e5

SHA256
c9c477f4e6223c424d1b7dcadf13be690f81837c128b1a277539a1d802ccbf80

SHA512
07aa54a7e82466faae87fec269b92da3780723b38ce924a3c359c6d049dda323ce390a6ad30692a692f8f392ec52ca125176f76ef2c1e587b5507177312ddcb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
960fb27f7fff4412ebce2efe6e1b6732

SHA1
9969d5e4253dbf51ec236893293e2452fa9c6cfc

SHA256
f07b331cf7e70eb0ec669cf351d3c48d2723db526148a92b387c8fa4998be89a

SHA512
a44e466916928e292e793c6a7cc27373225d75e6bd21e89fa8c2331763637701be8ab0128bba0822fee63deefdc87a2e0ed7331b912d9c444454b0f36a0a6b72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4845acdd58853f3cf90ed242710d448b

SHA1
c5fa166fb5c2c739dd4c856800f8260a1ee96cf9

SHA256
2dba90d558be8a72c595fc6c83bece76a5c328a71d42901672514cca45262abc

SHA512
883027ef06bd97498f000affc5aa131a2dc5b7c973c31fa5f6381a5b0e7792ef0a2aa6971435867d112d562a9b18ac93e86fa3aa4c1d692410c9091b6edd5779

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
06396e0f1c6af7771ff1ed7c8a959478

SHA1
e116fe370c1abf4e602bd0274a956ce1cae6efac

SHA256
46c51f7969ecfc4992a652a2fa8affe7d28cf76cb7cca4c7ea1ecc14e2b296a3

SHA512
87525c765aabb8e455d720af70aecd6a506c511e958f01c50e0afc58ee48cc84dad62b6105ef4ba16345ad43445ddfc6e72462ce3a2868dbcfa79550ab661175

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
61caad59aa1c7133902b6cc15c818e84

SHA1
6a29224c2557b890ef045d88312fd830a43296c8

SHA256
6cdbec295592189e06492badae3e9b2689146f94983f7d4e555c65381c60a715

SHA512
53484086210f961ed056087d3a2f2793bdd162daea91932b055d86042763a1c0926bcfa8fe288108c8e84227908cbd6e7c6faec2f5088374ff9c9e68b31c86ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
baafbce88fc7ff72227a1bd98801784c

SHA1
ce5a133777fd799f128315612c7aa2fc3c52c51c

SHA256
5f6af0c7fab620d96c0223c38cbbf7c622053fbfa1a65943ef232babe41f74cd

SHA512
1c8c88f88752da8f397533ef4a76c397a6203cd36a726c0726ffb0d9af2875f3882aad1183e4b05e92fdc6b04f62f6f0fa1150c15a1ab0aaccb6dbd3d3357036

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1393.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar161A.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit