857110010656ba4010b2f7c30033a062c00ecab0ca841fcd8ef2725e3c2c01b0

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 02:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bd7abb24e8ffd4d100e4593e461c6970.dll
Size

66KB
MD5

bd7abb24e8ffd4d100e4593e461c6970
SHA1

be13d4c21cbc0c764cfe4107c5d5493bf4c7a361
SHA256

857110010656ba4010b2f7c30033a062c00ecab0ca841fcd8ef2725e3c2c01b0
SHA512

3196d20e079a916dfe93e1f4d27005477ed746f50d9f453b05a3c724c4cfe1a56758cf751e0db35e935d4a4d73657e3132585502a0f2bfc4d76031870bbc41bd
SSDEEP

1536:dQKaouK0rof8925RMehGW4a6cHnP3WqshuqRtKga:dQKaouK99MqB4ar3Cngx

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1744 set thread context of 2744	1744	rundll32.exe	29

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{75DCC301-DE89-11EE-9A09-E25BC60B6402} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416201163"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2744	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2744	IEXPLORE.EXE
2744	IEXPLORE.EXE
2640	IEXPLORE.EXE
2640	IEXPLORE.EXE
2640	IEXPLORE.EXE
2640	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 1744	2660	rundll32.exe	28
PID 2660 wrote to memory of 1744	2660	rundll32.exe	28
PID 2660 wrote to memory of 1744	2660	rundll32.exe	28
PID 2660 wrote to memory of 1744	2660	rundll32.exe	28
PID 2660 wrote to memory of 1744	2660	rundll32.exe	28
PID 2660 wrote to memory of 1744	2660	rundll32.exe	28
PID 2660 wrote to memory of 1744	2660	rundll32.exe	28
PID 1744 wrote to memory of 2744	1744	rundll32.exe	29
PID 1744 wrote to memory of 2744	1744	rundll32.exe	29
PID 1744 wrote to memory of 2744	1744	rundll32.exe	29
PID 1744 wrote to memory of 2744	1744	rundll32.exe	29
PID 1744 wrote to memory of 2744	1744	rundll32.exe	29
PID 2744 wrote to memory of 2640	2744	IEXPLORE.EXE	30
PID 2744 wrote to memory of 2640	2744	IEXPLORE.EXE	30
PID 2744 wrote to memory of 2640	2744	IEXPLORE.EXE	30
PID 2744 wrote to memory of 2640	2744	IEXPLORE.EXE	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bd7abb24e8ffd4d100e4593e461c6970.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bd7abb24e8ffd4d100e4593e461c6970.dll,#1
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:1744
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2744
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2744 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
293647681ecaf0d4adfd3dca3b1ad3ea

SHA1
e8fa212381bf45a8713bb8fe73b1f07e60b23daa

SHA256
a80c633581448345412ed36b12d09c529912560ffa96ec007bc18c95da96740d

SHA512
d25d4004ef05999b5b9b45173a0da979240cb01a0fc21c36cb517c2b1756b066a1b038d890c8f5367937532c5fa399759441e23d88a762d17de02fe40ffacca0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a56d5f09bbd4bc31067125c8719a52c

SHA1
8f80bc3611af949e33e772f15d7ead2d58c6725f

SHA256
462f9a9325a3bbff01274267be39b02529b2f96a8580a52032e496847bf0720c

SHA512
35f427f6b8ff0d07d648734bb2cab9f149239dd27336b898db84f9462c08fae4ee45a73efb1313625ce8b867288c78cd9eb747a2af484090c13a63c1d1c1a4bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1a0075ed29c6550f094a53493d808b71

SHA1
7df704e3fbccfb36be2976870cd750acf81a1183

SHA256
10e961df8cf3514f362c8bbf34d5b0a97af7a3a0bc27f657d04c0f04227077f9

SHA512
7f00df71b896de9d04cf6850ddad289684863aad25d60092d1621261780e43a6216f045b66b6c98b922ba5193f0076305c8ee80506a1a32d628be3d1d27b1b42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d53f5252bbd5a88a6e3a989c41351c67

SHA1
69eda3914c48c985a17b2097f78bcc1c3c476cfe

SHA256
9eb50f343800b9ca03e8430269d4194bf9c144a7a40041904f2090d38d07ab17

SHA512
f47c90723688e76fa6dcd6385c90c807a4eae9e49e79d73b2e57d3d67a454c5726791398315739f8a3ef8bf59f9c744183a15164c91a234d5a94f882f1577f7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5d6cea0df14cd9f9d858ec15d378378

SHA1
dc0cc0a0ac5fd7a9972adb39e30d5fdb1468d718

SHA256
7d5097e20f96db295e90e2eb00095ce25e8c3c894e56fdb0510fb8f77b680482

SHA512
5dd82d5d9bc75d1a64e8923f05bb8275b3219a5b6ac03103e450edc673a7fa1014d03e023e5a543e54cc118987fa6052fffae03bacfc84a33c81d6a658d9e0e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9057f27328cc6d18b5894e150f98ae0f

SHA1
83be0e9252168d37892f515448dc770e3536009b

SHA256
c729f75e98ef5a9a7671e09c23d5f0770de60bf41ab1918f69919880c8e5072c

SHA512
07f9b9e969dffaca85487eb46c9de171693686b05f625629e7f45d49c39f3e105844e1ddbad38cee814fd8020707fe5f3f1d76cf037b60756b1b262005905779

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
47e98acc91e7fb0c8e76e2d433f9f642

SHA1
2be04a3f7ab13eced6a3f6708be9e68a5d48bf24

SHA256
a5cdad1b731dbfc52b4160c2c49c479e07a9b05fd9eb2bac9b860492fd695c26

SHA512
a8272a65acc86975ddbfcb5be8ade7d0955a55dbd1aaacea6df86e10589e339249ef9cbe9e01797e1d836cf10bacab17e9961e911bdb121536f0ae1624a0d9e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8dc62153980629ca74ca81dbcffa1540

SHA1
aa62cb49a06948dba422a8291b45c334f0493832

SHA256
7e4e223b160754924824a11486a98dcdd63b16aec1d84c4851c9cd2c0e46144d

SHA512
e00c2aee540f2a881175b3300fb2c0ec73ef596983e04915267ae2fa53dd58610223d566c30babaa398bcc709dd5c56a9dc8cea19b7dfcbdab6d9499649670e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4fe228f4bc105e5d270fec547726d1eb

SHA1
b6a36e694ba61c7ec9dbcca2cefce16b25ed57f2

SHA256
ba824fb231194f5e326819c4385de572be2382a450538d579ef71f1aa45a7d26

SHA512
660281367e3a638d1bbc0ca23183f983330560162ee975b3bba4748a0a4aebe569f443db8a883847e771017f98faa04fa6515ef53cd03c5660c72ac040c096aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
65fa2656d97842d5c2834a74e454f04f

SHA1
929352bc738dbb27681482d8f471d61d39171f68

SHA256
72f8600bc5fff2aeeb954835a8c9935716d50e14582a35122b2026dff582326d

SHA512
93d5b996af0315bad49d12b5076cca426e6fa32253642de959c4b4b1b413e8c9a2bfdaf6391803b110f28d89e86a2b615f6eb854e0cd5c4886bd52bb6e623d6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab99B2.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9D05.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit