68e7177ff545694660bde9569b892e349d6eacf623ad6dd9ee7cc50794de6142

Analysis

max time kernel
118s
max time network
145s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 18:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c695eb6b2b0f242da95bd631796b34ec.exe
Size

75KB
MD5

c695eb6b2b0f242da95bd631796b34ec
SHA1

7ae7ddb534ea74cd94cfd7edb727208dece9b734
SHA256

68e7177ff545694660bde9569b892e349d6eacf623ad6dd9ee7cc50794de6142
SHA512

547d86547dfe02236dcf79ed2ed1349edcf6d95fd3c6ab6a1c92ade248b026efcfb20dd728d0978ddcee7112de1b97f4b11e3a151cfacd6699ac176f3d5cf17f
SSDEEP

1536:16fADFRYayDo7HxFejJRNaINHYARtDT/8uCEdztVa4k:BF6ayc7PejJbao4An//dCEdG

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2724	cmd.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\b231ea761d.dll	c695eb6b2b0f242da95bd631796b34ec.exe

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416516696"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3B574701-E168-11EE-86DB-FA8378BF1C4A} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2484	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2484	IEXPLORE.EXE
2484	IEXPLORE.EXE
2516	IEXPLORE.EXE
2516	IEXPLORE.EXE
2516	IEXPLORE.EXE
2516	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 1584 wrote to memory of 2484	1584	c695eb6b2b0f242da95bd631796b34ec.exe	30
PID 1584 wrote to memory of 2484	1584	c695eb6b2b0f242da95bd631796b34ec.exe	30
PID 1584 wrote to memory of 2484	1584	c695eb6b2b0f242da95bd631796b34ec.exe	30
PID 1584 wrote to memory of 2484	1584	c695eb6b2b0f242da95bd631796b34ec.exe	30
PID 1584 wrote to memory of 2484	1584	c695eb6b2b0f242da95bd631796b34ec.exe	30
PID 1584 wrote to memory of 2724	1584	c695eb6b2b0f242da95bd631796b34ec.exe	31
PID 1584 wrote to memory of 2724	1584	c695eb6b2b0f242da95bd631796b34ec.exe	31
PID 1584 wrote to memory of 2724	1584	c695eb6b2b0f242da95bd631796b34ec.exe	31
PID 1584 wrote to memory of 2724	1584	c695eb6b2b0f242da95bd631796b34ec.exe	31
PID 2484 wrote to memory of 2516	2484	IEXPLORE.EXE	33
PID 2484 wrote to memory of 2516	2484	IEXPLORE.EXE	33
PID 2484 wrote to memory of 2516	2484	IEXPLORE.EXE	33
PID 2484 wrote to memory of 2516	2484	IEXPLORE.EXE	33

C:\Users\Admin\AppData\Local\Temp\c695eb6b2b0f242da95bd631796b34ec.exe
"C:\Users\Admin\AppData\Local\Temp\c695eb6b2b0f242da95bd631796b34ec.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1584
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2484
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2484 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2516
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\$$30689.bat
  2⤵
  - Deletes itself
  PID:2724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a02e8fdda49a98f45f33ab541bd5c451

SHA1
d29f5a6e440b78ad00eb9d2f24cc8d209e80653f

SHA256
90984f10993737b32c5d41c385bca16ca260deab74edcf8b88771f72852d136d

SHA512
3f765301a7eb1b14ceba937701877dc0117930c3c11e4d4a2663b343f87eda35683409841a497085d2ae12620c29ef488e48199ee8c0dc071661d79e72554626

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae274742daabc085fd8fe23c34613146

SHA1
01e8c0517979fb99712b0749339059a1a5c33d14

SHA256
2e9cc36099fd16e060222ab83e5b0efc3810555597ef389cae4833dd9d887205

SHA512
f2246daa221548f57262dc39f9eaa4823598577f1611855bde1b9f1bb311c3b6360d03093bec7511e581faaf1a43bf0e819ec00ae481c2a898380077d8b9f379

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eefab730a8d47302c59f8fdc425b574a

SHA1
10624a97d10038007194ef0711d11d8506f0633c

SHA256
fc65aa0401b178ce2b0c5c03300f161e6a7e4988fbcca36bde146fa8acd79c47

SHA512
74c6aaeb77a6e7ae8494d77a34feedc86290f682df605124ce163bf18f1aa8d522ea5418205ede6b64f7290a2821eb623b430a22663deb06fd77a0b57d76ca38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e5ea9c2a3e2ead75a772bc518fab595

SHA1
52b4269de5b5a579dbab80b1ab10ebd4ef451ca3

SHA256
98d35f0da4589ecbe3e4a3b4aac95dff2f0bd6bc3f5e2aeb586aed739626113d

SHA512
51c3e96e31e4d2c0497fcdcfefcf3c69fe94bce6f6017813c2097ce86fa27326f103551b79b0ac243e5bfc02210e5261c381e63c8d54fe95c8e76a03ca61b52e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e87796fc54f24238a954e5c894f8bc06

SHA1
80b4c5b174865878845eecc5bdaea3530db504fe

SHA256
2379e5357a87f6c25a08cdecd9f2b9dc6abd6101ff128a1ce74665e189d41b81

SHA512
0f4c60e937f5a6a68b72a1d5788bb5d1e7ea71e0584494ad5f6f0229a3189bbef461e21d95eeb0de113cbc9064d3307b4ad055671e571f92f1f233834566b410

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
428667f20c34157f8908f04b9c7b0abc

SHA1
55c36451edaffb64f26aa07da0652e482755156f

SHA256
74145a2398bd6040ca51d3937896967f5f4eec3aadd6749de3b609680254934e

SHA512
9726cc2273a1d39af47cb6ab71517eefb4384f7d21cdc1e887a003681ae2352f200605b120a4be7b2447ffbb2c1dc9955c8f59d097fc73a3440c278821670f45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef893a62f8edbfe7807d0e365f847e91

SHA1
2f8e7c2b6211600a2e12b7ea4dcc66134423d04d

SHA256
e94906106e82aca035a905e325c179a9241951622361141908063863d5f9b600

SHA512
181e8bcc6eeb01ece3772f1b1c2a9a3d1f91a153864d59ebb873011f4e12f9f45af84a0b270ec87870274c5bfcf8e54a8d182ac313596173f7dca4e7ef0e5b14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a81a9f57a28f6253087a8356372c12fe

SHA1
b26f4533b50228e2b1d6f50ac83ecab74620c49c

SHA256
2f54d7db11cd0524d043ea4182b681801d6a77d0c2b41e0ad883464cc41eac7d

SHA512
9aa081d4afb9312ec8df6dd8ecd67a7b76bc6e7cd0859d49aef36fe4cc9e02f70cfda7c75b0a8207a8c7902057ac612c2854a9a027e7a67d529efc7f7111eddb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
53ef28d265b8ff4414d3933d5c069b12

SHA1
f3bbf10b80b106ea99e3edfb517757d323e867d5

SHA256
d4e58908feab00216db1d5d48cf16a059b5a8240dd5348df71bc41065265f8a8

SHA512
43513068d0ed985ed1e1f7b586227132c71bbce06017d9ee7b88f0179307841b178b614bc3ef0167e15bf6faac6e51592049318b7ecfa04028e324aa41135ce1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b626fe9e6a683a4f9fa92f9c82f13626

SHA1
28474e8e189f59b9ba3e913a005b93b0c28d85b0

SHA256
56ee250ee398aa32d27afc3e73562b0f256e25f440c94b92b4eddb03b728be00

SHA512
3d3366e429dbea1d81e7e7a2ec3ab612acfbd1cfd80288c72a524b78f854dd1cfdc2781c0fd9ba1031a11258c198fe461d139206947b54ce670e6fdfbc1dae2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
04e6f297badd6fa56af40d2a0ab6791f

SHA1
3b384afa817370126933c0cac7cb2d04a98be24d

SHA256
0b8607687022d6b065dccb19b1f78fd4730af774cc666a1f068fb74d487d83ea

SHA512
ca077ff3676d3b9020c69ff6d7ee87b64f162a17f68ee4df6301d7957207a8d31f26a20bceeaba591d460102b0af80a13fceffa92ceb7188474410f2e5763d60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e9bd7de1c1a6f3cdeabd53cbba8df706

SHA1
842d70e969ce2d34e5257713bdba156c7c9a48ff

SHA256
deff92c6bc7d7be84f995d2dcce4ca057a33475fded9e98604d2bace63b154e8

SHA512
53247604ac952156f84fad22c19c8fe9e0a1f042f5e4269fdfb3c92a85bf66ed11d8be48a1fbb1d3f14aa55b4367e328e58e6427a135bddf5ecfa7278b923a25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e709214cbc341b84ed7143e4a03cd2bd

SHA1
12bba0d9e766516ec20d4e42979e748cc2a61773

SHA256
1b291a989ed43e96952e54ad90eb43dd33b7fba63e6d01842ae6f191caf5765e

SHA512
d045c6778320ed549900c735e751e069208192325a5478a818efd7725498b542ec0a89215347b348ad0aedaa6dcb84eb067bdc00654176a1980d9ef835c2822f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fba82d023de1a27aa9f0a728e64b3381

SHA1
5a1eef8329a1f96d8368605789b16e26aba41eee

SHA256
1b82278b50fd714ac882304bdd4ecb76ee8b162fb187b63399ba0978b1880b24

SHA512
4bab793a623355081e9beed7c22b9259094c3dee9e6acaa5867cb54a5a86965ccc1586a1bfee851badeda1781866a77facabd301c142d4d7f3be0925f0da39fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5a081d927fd7c0b19d3506ed901c84b

SHA1
c986f9acca8c560a32e4e1b4ff078d862b47c5fb

SHA256
2511d1ea71584d1c199bcc4c2f783e158fa78a3bdafb648b1607ba5b30d39ed5

SHA512
db7805177d292bab36fb26802f33dc8dab559dfd8525dda845f027d9d8ad33e239fc03d6ed343ac582d1c75d2c94bb1a0cc7a5186911cdb486579fed062bc481

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$30689.bat

Filesize
181B

MD5
14f9cab4b3456c3c1a418d71c69c9cd3

SHA1
833f5af84fbcfb36b08027389c50847039e98e45

SHA256
b77c5531fe1025805d6fe140f51182b7f182d0db0dcd660e5f84f41c00378c5b

SHA512
8032ed0edf36cdc320abca0765f229af9129c07d3d07dd679f1da88334064404b1e4288e228846446ea686502302619b62f2cb62db72a12097f36d1151db9d72

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7439.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7A68.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
memory/1584-8-0x0000000013140000-0x000000001316C000-memory.dmp

Filesize
176KB

Download
memory/1584-0-0x0000000013140000-0x000000001316C000-memory.dmp

Filesize
176KB

Download