ac597c69333f99b6d9f7b6deb58c8f19aaee37c6a2fc5c4155559c0531b6ceeb

Analysis

max time kernel
134s
max time network
134s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 00:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Crack Beast/vCRACK/[email protected]
Size

1KB
MD5

0ef73e68c137dce476f999af5edd917e
SHA1

39a2bf1c43abb8cd4ad0568d86ad76ceaaf36e60
SHA256

13e87503fd59f5b825258b51a447702d84ab1da48affc79e489801de6c937be5
SHA512

4a44666bbfcff29085268ac3c460186feadc9c897c6e1d6716e5b8c7c55528a457f8a1ed1d9cdbc0902ad3649c99e51d54f82a7e3e0eb84e5e7c4cee6fccde48

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c600000000020000000000106600000001000020000000495c0060b6bd7a3c679a5b387e4d8b2f20affa51bd73869ce31d3bf476fbb398000000000e8000000002000020000000080f9983b02908f3075a413f339c8cbc6e1c1e57018b89ce48e9849aaf800bc390000000465ccad05ec196a7c640ec1caace13d9a558f0293758681be0b1895d94f8e7d268c65f6ca93627779a728173f64c97088ebb1be4276c9608ea2baa3b738be446c7c01f3176e87a4eb1340f1bda09b1b7ced962ac3917205f3ca43aa4a01a9aa07c17151ef392c270c1a9e86e728d2da0dcd4cd4401643eed283268d12686dc4bf4144677cdd7696629e2f649378d57b34000000018baeef2820675ee63a442665f51515ead4c64a01836de086cc73f9a367f3b2377cff96794499c4c5d789418cb9bc9bd10199c257a803519b0b84f80a9c26f62	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9032021a6f76da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c6000000000200000000001066000000010000200000004e76892b4d94f7e6e47abca86a87f8a88b9b20d60520455881182a9b6243a288000000000e8000000002000020000000737e8bac45267121dc253c13fa18fea2cba5961ae5d9a6559e3e484612353d20200000004d5367313615c3433722e393b0b53d1e0b4534fca2cc09c1eb4cdd4914b0897a4000000067300cc882b7af07834d18437e41ea2a099315d5a75625d5776ebff6e6ef3ffd86339824633a190a4b43688e03558e5de05829a2fc1903bc2a56c84c28f6a0c6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416624087"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{45892401-E262-11EE-AF73-469E18234AA3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2740	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2740	iexplore.exe
2740	iexplore.exe
1540	IEXPLORE.EXE
1540	IEXPLORE.EXE
1540	IEXPLORE.EXE
1540	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 1540	2740	iexplore.exe	28
PID 2740 wrote to memory of 1540	2740	iexplore.exe	28
PID 2740 wrote to memory of 1540	2740	iexplore.exe	28
PID 2740 wrote to memory of 1540	2740	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Crack Beast\vCRACK\[email protected]"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2740 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1bd4345544abc66c2bced7d8ddfc51b8

SHA1
0eb685b8a7015fa281020f9f03198fbe8cc1afeb

SHA256
32ae37643fe64c1e8a9543492056069ffc62eb1408cd1323c9bf905a57c4203f

SHA512
2e50ced2a8f90270fb6da7cb383a9459c248886fdc61ea4100036d6efd87893780c8bfc28adb6e667c2d0d29759ff5ddfb7736455eabe79306322a6410e90661

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b053107f19937d8df77e0b744ff6a538

SHA1
68dc6f6aaecd331e33ff5a72ff543998b846442e

SHA256
23ea10ed0ce6518153983b92305cfa79ac5eaa3d3da699cd4826e7517fa951fd

SHA512
6c04c1dc7e876a68859c4782455a72be52eaffd23c8f622f7188d7ce6ab8e224e4aa1e2a4113e1407ba3f77ad7d95fa479ca37794130dda602e2eb94ae30badd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b7efc4ef466a487b0df37e24639c441f

SHA1
4a4a80ef17530e3e2534cd321855128d91cdc352

SHA256
3ca68cbfa288f62e725727a78763eddbb71cae72fda2f6d12eaafcf3f15979d3

SHA512
941675a1b53e89d2efbcfbc5d8359ae07d06c4860ea9ed687549187587c8fdf20b53c540f454098ac7d1e6c830a13cbf2d353d4a0f0847d0ac527889e6395e67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dfaacd06280fa6f1276179a32d85178d

SHA1
1aaf6c9c6ae50f34b026a3731297d4c4748e4951

SHA256
9438755b198f73c518f62208e4e3437242ec612be104a8b38988d21d95dbcf07

SHA512
c113491770f083235a4c0298675bc35886f9a9079cd4bce1902d2f536a0a62e240aadd967d18f62b7c3a863b45f250a49f94dead039937fccb2b485886c42c14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8072b2653731f1b01d5fd3d03275aa0

SHA1
365b564e772f4a9b84e92af42e62cf83a303e400

SHA256
91f286f7424fa8a252e21168adb86f34475eed96e72a739be60385b9030545bf

SHA512
1a4f2ecc3ebe2628f4a2ee3195a9c44ddb58eb479b594e7dda81994c0ee3bcbdf7593a5c9c3c78b8d10cd30af5fac42e017c3a3c59a71d2303b2ba9e46a41c35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ce61249992fd3a7db76ba00024a7453

SHA1
fe663a18229d30cf85d58337d6cfb43809ee1c99

SHA256
3c8e3f3c49dd059f5eee4c3469ed84cadaae0e5dcf5fba6d16f6a5a2278db795

SHA512
e1facb62ec02480dbd6fcda8b9b86328f74c847d42bbc205a40a220df85e9f58029b636bc21600aa483a67eeaf99bde442154068408963eacfec90a114b02952

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c4fb4cb0e6f6abb978bed6cc90d7bda

SHA1
6799ff33a7fa805b3c6d0f4b27b67f54905649c5

SHA256
6eedcfe322f7814757cf609f485e4b37e61be26bc731e4f4dcacfbd9ff94a080

SHA512
9ca64ba1d107c7bb7e02d43dd82fc4bd3e4a96971bfc0eb8154006e57adae67d1b13f1c4d4608aa589f7a45618d459174b4899f3aea75f3c69cd6f8d06b1b73b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
319c6d3eba25eaf69bd7e485a64df51f

SHA1
3f2dfaf940adbc54e4b3ab592ba63786e32d1b13

SHA256
cde2564679219f04bcaf2609260589a3157f491271a9275828c43423b6ef6247

SHA512
482a5c6653fcfa7543f1e613c4752d59d2fe8de49fe26093284c28796ade4840149410e01fd307395aa6dea4ea20f8939c72b92bcfba252afa55dc8e55710f04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
681c630afbcff701600d97f81a4c224f

SHA1
a991bdb45486b5256ed7bb512f61645159f05292

SHA256
635f242f60b6e0b61af0b15d2b563f5768102d35a093061f0e2d5130f58cf9dc

SHA512
071f37a94f25e16782de24964c5b955c831574b00ba246007503b552de2be7178869aa51b8a8fc5447e303afb9271e2f189106aca4471946ad4394b79cdb55c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f0b4b99af570a2894e49f3c33948c74

SHA1
10972852333f719834d342021150dd524da32dd1

SHA256
7ea7d1b6519c3679db048d8e68b235f0e444a9c6736541bc9e6589bc91bf7124

SHA512
9f1c3b0fdebb7949dd995907550c4a39bfd717fcb30d6a1d1bc15fe3985ae75b32e2748bee563c306f1cdaa77dc9ab119b4a39d3f50c2af690eab7aa66da5fc3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
615d0dd05af4dc3197afc870240bc4df

SHA1
f4bd23a6974de00226354a7426f5cf0852e13ddf

SHA256
8cefaef5756e97afa04d0fdfcac92ae073b9f64026ac820324d20501c8a5741b

SHA512
f42752871677d1f22da25028362f29f93851e767019d3aa424158b35346f7375db5834d7e992cce5edebe4920d4d2bd8983476e86353c5a36f34aa8bba49e091

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ea3452a376005867b00ac3192f9d940

SHA1
7b63ed47af187e0bbfffcfbf8ffa91671dd6b6bc

SHA256
32310497f4b7f02562e7b4adb8bc3ac653be26d3ff02c21c1421ca2dbbb048bf

SHA512
b3e479baf48dcc5d71720ff914d2146841956ed2f6f05647face1a1b1289d4b0249d1f8dbe0c108311de014676b8b4e04ff5b21de4506b5e7a9af8fdd1b7e6f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dbc24161e7fe5a6df67d50057e47e4a6

SHA1
b201824e8ce391d08a661b831dece66152e24f35

SHA256
5ca115a04e95d8295c2333bc46acb902e7ed27040f9046d3ebadd8940a3f78cb

SHA512
e8174761931872179b783e7e61e73dadb283355649b8bb868caebb41dd14379c00d232b29d1b553de6378b0cf1879ea3faace5da3d2911e1dc5705e6120548e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d30d6b937f1bdf0370e4f405946dbd3e

SHA1
21964f17466b428e449441fdb70ab550e4a1a36c

SHA256
6b329596b1a9e3e75efef8ea5cc21e0e14ca44a812b65faf141fda994d042fc9

SHA512
51f0cf09dfd98c10686bf6e10a8134b51c0705baed77a941b4738660929aebae337baf44e337bafe824e26ab15e2bbfd8ef000e9301749a0f2a5719ba8e9c2a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2501020be96f670658521832f69a7e01

SHA1
2e059b6166fb9fb92b910452d96609128ccb7b33

SHA256
51b0700aa56e31f625b22378fb1143fc05f82e3896a56977fa03a85761e3618c

SHA512
d65f7421d2c49574a6512e0c4f65435cc2def7a78599085ecbcea6faf3dfb816449d3a11757fc5a5b4a4c692f86f690322c70959cc95f4b68e195ca4207230d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
57dd61c04624a33f099cfee5d7df5673

SHA1
d5ed3dbb1c96db4e00bb26d1cbc8001c28d1088e

SHA256
753d8e04c5779210168fd3dd381f7a5327b18b3e364b1b3a9c2429d704ffba52

SHA512
a754733bbc3077e1000e7c185f866291e3c158914d83b38a6c0035d118458b8d80cfb3b9bbdf12770a18864818c752edb8df62b084dff0494412f377a961e041

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c2ad4bd2186e26eb8bfd011201171e5

SHA1
5f6a041611cdbda9aff729703299817c2aa99f7b

SHA256
37ce8ec0623371c31dabbffb57641cea6b9f672a70d48861efc9b303efc3ba8c

SHA512
8633a670677511f491d098fe11c8e4a7f17f88e4d7892eb6e7d4fb6c80cc8402b9957ef6a5eca82d8ad4bf31b475b9ec2673dbb9af4ec7dd72d272b29fe7598a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3778.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3835.tmp

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3859.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit