ac597c69333f99b6d9f7b6deb58c8f19aaee37c6a2fc5c4155559c0531b6ceeb

Analysis

max time kernel
135s
max time network
134s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 00:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Crack Beast/vCRACK/[email protected]
Size

1KB
MD5

6ed85dffa4c38ba2355e0eb6c8809e05
SHA1

893326e05afbad48b6c73facf3bd7ddbd65a4cb8
SHA256

76933a1e9b0f656ac184f7a0a94799794c7cb2eae4db4cd14fca525a552f1f8c
SHA512

0747b310a4b720c7aaf40b88fb1e35903bf27cefe79111771c3776769eafac5198670a0cf4a76832f6df934a6c9aaeb1ec0846f46ac0d520923946123deb6cfd

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a057af196f76da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007823eddbcee3e149bc4db86b21295af600000000020000000000106600000001000020000000a69389654b34f3342e81e03ddabf5cc692a3bc81eb9d1a11098ebf674a6e37d1000000000e8000000002000020000000eb0141dc31fef68d90207b9965096a011f8942353902d0d2f56ae1fbbe7d111c2000000083b7511512acc6bd14c64d7fac6de94b0f4b0ecba0f602e86d38266699eba0714000000035e9faa8c6061e2c4da77ae8ab1df906d3dcdaf9ed0987bbfcbad90f54f8cc51cf7e63f179896635deefbff05fc8aeb0ad730c14306e87f8f22109a367acd9cc	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007823eddbcee3e149bc4db86b21295af600000000020000000000106600000001000020000000e31cbf50a3d87bff0a359809a99ab1c47fe2003bcad4d0c15e873f039a701547000000000e80000000020000200000007e8f7e93945fffb4309d9328df0d93377c979d1d73b4038f533950a588913160900000005632953d36e5575f2a92857aebd4e58bf786944bbe162641d8af1cb212a5ae5b8cfee1398eed19b958ec67fe32d90c7642dadc87f3cf11b5c528d3ea7584c18c0805fdfca219edfa0cd83fe2884abfb5c433cecd38612772c02f717b7c0271f212c2fc9a6d72a9308fc1e35ae1a8dd92e173baa88ea2c697a6b13e42489fa8d866688b4ce50e9134809c5329c781005b400000001cba767f08249c3b63782009d1ff6748fb42c707d883ad49a25a24da2108100c61e19a6519d119fbeedd04df98e43c58abc77c06357cd74e33cc3c9ae6123560	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{44B63401-E262-11EE-804E-6E6327E9C5D7} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416624088"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1736	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1736	iexplore.exe
1736	iexplore.exe
1964	IEXPLORE.EXE
1964	IEXPLORE.EXE
1964	IEXPLORE.EXE
1964	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 1964	1736	iexplore.exe	28
PID 1736 wrote to memory of 1964	1736	iexplore.exe	28
PID 1736 wrote to memory of 1964	1736	iexplore.exe	28
PID 1736 wrote to memory of 1964	1736	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Crack Beast\vCRACK\[email protected]"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1736 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
290208cc36ed36b93cb5a7b27c00af9e

SHA1
ae99ef291af21e158382a6e86ab308684ea9cfc1

SHA256
1e80860a623ef18adb6973564dc21d7258e0e550dfd7a2cb132e3761bc3869f5

SHA512
0a8af908fa75ac3a87d6ec010c0fb4ec38b51f1859f2c29a29f6cacc2662312b8768e2d66aba7e4cefb59650fdf0f5b19ffb675628f9a93cf4354daead56d339

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
288fac5c45b817243da89b50c1e91b26

SHA1
0f4c0c06a695ef9ebaabb027d2b89b8789b5459e

SHA256
3584a6d4beafdf2fbdec5214c3f26315e986113f5083f235ddd862b9380a8841

SHA512
2c708d131783ac9eb47b692b76a16ff230bd5c75ebdac4fa5e193e12128d4af5c882312b4e912cf0e536592e2363615b577a814d1013ce7aa0eb92fb14982d6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ceb291d6898de42ee5afec4fefdd151

SHA1
03fa100e9cfda1803ce5b225247fe5bc8ea4e407

SHA256
f8b20f9edaa82abee267986c2f28492be19cbf0df8f2d6bbe48cd0fe536c78fc

SHA512
dc970ddc1c1c5583be643db7116787e62578f7c3c36fd8037b3ba636245b0a310f21955014dd7398d97f85458ae652b1347f33cbfd5f7c46e91f0b6467874db8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c2766dfda5e5625d159e942ec6730e90

SHA1
481d5bcf89b0ee7b49c380b7f5deff48b705cccc

SHA256
b5d572be2ded57d28fb2c4d92feb2829b93fd10fa606b0f1c764cac5b95b516f

SHA512
c4b7c0255d9c0474a5f2f9cdd41acaebe24c624a9c01b210560249f9bcf1bd725ec47143fc8706e358c4354af989c9f1fb191a55760afd8f0be716f798628197

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
364b15555d4b7fcd13e8d7a94420bdbb

SHA1
b73e57b2dde3debeefd8945bcf4e275ded5d933a

SHA256
6be4c43b83d25786b146e183ed7a2b72c2ec5a40747ed34289d3ee8bb065ace2

SHA512
ccef64a02dd245ba8037be94c0513a3b59dac4cb2412fc5ea12b48310e222126e7b61f2bace14a8ee3db46d40e7d695209d0a2bf2548f4a1153adcf2f1e28760

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51a6a2eca7e7860097307c2415e1d73b

SHA1
23e2fc381d07b7c5a7f37e66c18b3b0b7e4f9e6b

SHA256
ab212bae09d4cec59673c3ba242f8ee27c6b3660a2f5ba002b1fdc864474559d

SHA512
ae1af6bed907dc5b9f67968964eece39f9c662f7b583da6c964d2158049ae8b2ac2947a759a079ce2f1efe35fc355bb3882af6e1da6677d965151d4a00a2445d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71fa11ca4d54a67b8304571ac50a97a1

SHA1
dd7fb1e63369c160d80054914504c98e10bd89e3

SHA256
7f683b4376f2b65cc0dd04877ede7ce25669b74d56736070b3cd749b466483df

SHA512
97e5dd706a856026dea5a47071789f721b9c0db930241bddbb2771f7a3982a8053074757e65b880ed1beac63f2e73391e338f8e9e591bcc1aa7cb358cefcc4fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f98584c8191bd41fbb3db9d1f6f59622

SHA1
677242ea935b94bdb05694d006ec506a4d0cf641

SHA256
08eff8659225fe7fbb1b5031a941e9dc738b4d01945b5caae58d1dfad5d1c1cc

SHA512
72df9c8cbff1658a07ad1a19601cfefe741804a92313d3ddc01a1d87aaf91c51cf683d2b3cb35a7c48474aaab0f4609fe9d293e076fc9a6512ef2e8031b1cd81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b4822343ace2efb4f918c9401f9d9d5e

SHA1
8718aff31fafa3d6c63cc92e67f95cbd97744f8a

SHA256
fb637b9a2de5c5b07c3e1f0eebefcf6a52a96b62cedd7b61f9349729376879c4

SHA512
8336d27cc4a447326e3eadca768a043df94f97d9ac31430959f24e125d2c4d60fb0442cebc8d9bce8f0fda502961c8d308ed3baaf870e80648ea65bb82ea5e0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e21d6d78a60fbfabbfdaaf6762cd343

SHA1
2b40696d3c4b7398b8c2c1ee43a3afabbd27a95d

SHA256
d6ef68cfe116a909ba2d64fdbfb994aa539027ae8972f23fd2c80844797b05e0

SHA512
9468551a58dfe1d55f31572ff755248d10bc26da33334aece680a64aa2ebb49bb7ed7b0114d8e4cda435398e47cc57f5ebe95c14dc0e8cbee3ca3bc0e7dcb052

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb7b36c666edb20c95dd545c28b03d5c

SHA1
f245bee0112099bd30c7bbce66625918f4eded17

SHA256
5de100f7c383e18eefaeef64b782fd5b90c05abfc869e310db06f22ba966c282

SHA512
2c45e4732d7d56d14de8248cbd65fb1e692c112c308079094043c9acf33467df5c409bd65af777c7d5dac36fe2df11ab465cd24b8800af71c8a2b812b2701dad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b390360182cf11d129b61789bf6d3c29

SHA1
c6c36d8003db6dc1e5ae423485f1801863665e85

SHA256
b4287555bf5f81175c54415cf1a98f2180262974ed795ac5e56c44562a70904a

SHA512
3e8ab8c71728e4e349cb397f080ab4dc01629522a849ec1c54f5a73f03e48cae9b7aa8a061ac8040b2ea1ed206f1d540ade5a00bf2013ca912a85acddbbcf401

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
808cc471d6e1770a98569b36afaad019

SHA1
70cea7fbea5a5c0f7fd57a20d6ec7dd08321a982

SHA256
f96ce9078678d7da631426862ec29d4ecca40a9e7c2ea74536b1a85557b6e69d

SHA512
7e3eb842b23a667dd48444239be00b7380f881b1c783b35fcf8ada64831cfc5621bb41187ff9c0f97dd79ae7eb6750f12c5aa55efea8a7dcdf8813a72f483f00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d7f59bb31a0d484d0c825525e30038a

SHA1
4d6e68de7b856e0b49ed453a407225dc25a66b92

SHA256
add16827a566892f110630214e312461034d6183652badae6155429049c28da0

SHA512
9378efe8bae46cc75a2b09454ab81910badce25d8ee840c3242d6451450d540219263b7288f5e31cf79a6dc0e53e43bbe4b040e4d72187e657e3876939711030

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f950d2df28e3af5814c8b67ad6bc3e6f

SHA1
f524a16332bcfef3feabb2b49db83beb2a0e5a35

SHA256
9e5f61c8a32cae3c9523a83e6ccb655e3264127eeeba65b695f244bb04498f9f

SHA512
fc2edec8814ebd51d20229d767dc442958c588886741b503c5312c069ecac626d54b5c39bec874d29dee13c322f2b2d4c3993bfe33ba6c089685000175ec3978

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
78205cc854b6922935f413f1021de682

SHA1
95655dfb6d5cfc98c7ccb70d60b419def933cac2

SHA256
187246e2208e38972a8a277961ded4796f20e8a02c0bb2c16974e9e7c6bd093c

SHA512
7d0641a427ecf1d98841bc9b7f23e6e9136bd2efdfe547ab56e6a4d1b15bfba3ccbce1520be6836ce5af0b2adb9943fe2024d9574d7bb68a0d1a78c244710413

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6D85.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6F03.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit