hxxp://getmygateway[.]com

Analysis

max time kernel
357s
max time network
358s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 10:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://getmygateway.com

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0D2DA911-E2BB-11EE-A4DC-6EC9990C2B7A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0fbd0e1c776da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416662220"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c600000000020000000000106600000001000020000000c73f49155b9220ce28530de7f2a685b2526eedde24bea8fa57c46bf00ffc430a000000000e8000000002000020000000b5dfd1bc0fdcd40154ef3397f236ab4ef2b17f716037a2306420d28bd92183e420000000ba85c1a26c0402bb0c61832d02606587c9db5b94886e38ab8f3baa78af362103400000002d3b2cf4ecd4306fb65f754f4e92d80eec3d12142f733211c1409cf918ab09b6ecb9a133c0a858aad846ff4a40040d38cd028f9f55f3cbd5cacb37db8f3f7cde	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c600000000020000000000106600000001000020000000d4087e700ff814ddb273f9880b378662873359980947147ad85403abf26fa086000000000e80000000020000200000009096b2a0ed4f68922f56fddf007e4e040ebbdea44837c97ba42ed7aa2768245f900000006bb15de630397925332312cba81d4f9f6931ab3b5dac2611091ec8c7d0a9c48fb5d4903109f9b1cf459325c346811d409d2500e305f67b2336e22c617376edc51c1d08f66c4cb4153a1f4b859255dd3cb94caf266a16b9e76e6b1d3d25234c0e185c7d9ba9b09b3c4c1938d376c07821fa084ccbb22f99cac76a22d630715f718622538317a37782fe30dcef7289d2a44000000094895692e1b98f63e0e8b38f2e4f46ca7d94eacba3bbd6ec6b60f4fe5c86b98f254e3727a79c3354df59e9213220d126d604f3eff47c33a99ad87e02c6671576	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1888	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1888	iexplore.exe
1888	iexplore.exe
3044	IEXPLORE.EXE
3044	IEXPLORE.EXE
3044	IEXPLORE.EXE
3044	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 3044	1888	iexplore.exe	28
PID 1888 wrote to memory of 3044	1888	iexplore.exe	28
PID 1888 wrote to memory of 3044	1888	iexplore.exe	28
PID 1888 wrote to memory of 3044	1888	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://getmygateway.com
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1888 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a4c962ad7960aaea45e7921fc506944

SHA1
20f356f6eace15a5ad9367a48a4b89aec77f134f

SHA256
dbe26d4cb3f41a0f1b27cd5c586c6eab1f658dc6df5be17240c77f69791f6db6

SHA512
800c29c39706f1a682c21152655987ad386de91a29547bf930f6856a3dc025f583040866bea0cd90b9488ca87a3b99e4d4aea93fab282f323e1c5362eb0a4ff3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
37ff26826e66bdbd8e29ef993b5f85c8

SHA1
ff465a3d812aa0bd451d1a2ccf8cbc762ac65f8d

SHA256
831bb5865d535294da47b229dfbe259f6b603331169ea7f09eedf5bfcd20e90c

SHA512
1dc12e8abbcad55a07652edd49f1c5e22cb835689e95f718a4a4abb81b55cf0fa1212b140687b64cc16becf3767ef7a9986736d96489af16ee87adb64026375e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
359ff1f7d38a499cbae1c58a33d4e270

SHA1
5031206424fa0d857fb354457082cc70d6b94d5e

SHA256
817777107091e655a275a0a7aca2c534cd83baf1750053480054e61e342dc80d

SHA512
2755612c39b242b397bbcd3a65de1ea9068c736681400069c54f5d7554c801761c4477035bd140620b64af1caee855ae5cec8c88d23259c4bca3d1935d98d604

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32c317e6f74fdaf53ff1b523bd1204e5

SHA1
64511bb60d20cfd73b5637da429154d698c6eb1c

SHA256
f59db73bf1f015798ce76576706c15f0625637c11f333ebae5caff1aaa5f6812

SHA512
4154cd32895c4b644529ab9971446087a4d224867e5fef4e8cb718cbb02ce1e4d6bce633b9f04e6a51057f9b836c9838d252a79b29b51285990d0efe3a1eba8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
785dbf2922cb49e41f974beee91a08d2

SHA1
7cf2dab685a4886874043a9a42c9905f388df8b5

SHA256
c087f82413d75e57076fbdae55aff723cf537f6b4ec5fa5e42beef2697726c61

SHA512
4c51a53312ea7a45c241b586727d806b921fcc125004179d7ae48e8b14d582379f6808e7576180260ce942247a3cef23ddad7a1641eb17e659c11fb652ddab20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2440ab3ee745e7ac13576a22cbe6531

SHA1
1b00207497eb4a6d00bd02af282e3b4f883f4a05

SHA256
914f1a4abe6fed391736c75d42ad8ac6cd3277e553c91609db6e8d2e0c4c3ef7

SHA512
d67076af7d7eaba92d2f6808b1906d239b2ad18aa7fcce22c2e65376cf15f322bb7e54d56824669519971e75d1e0a08b3de334bfcb76db5894efecb1fdb43b33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2697ee51f305f95723bc95ae5c0031d9

SHA1
e1683c92212bf13f1dbdc9df86f6d48cc2edba13

SHA256
9d2485407dee81d701fe0e0015e750ebf00add329f8fe1f0bd537199d1146259

SHA512
462370ba3eb4c5f2574bc8852a8b932a2ca181ef994b6e714259a487ba140f85fa9f78e4beda26038de4261a76248ccc70092f0d16e3fb05154211c29755ed04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7a36bb92d95cfb8ccbe34b747cf435e

SHA1
8320986e01212996c7122c31535a40159f9b9474

SHA256
0d8b674b8f57eed63ed120915ea2ab3cac24c4cc451439836cdfce6c60e53ae7

SHA512
b4e14ad4b83fdd3e6f3c5988a4e419f01653440de395488a297fa04660dda643a400ceb99e4237c45758c4837805db8cba3c795ec6bf7c5dc4e46f55885d59d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
02305e110de5ae33887f6644a2c75ba5

SHA1
c89ce7918d2973f19994098cada0d79dad12eec6

SHA256
889ff98594928f12e14372f393225563e3a584e4d01ad736e88f68771a0bbe28

SHA512
c5f55b9cae3cd36a2fd3f2d09daf4229455a9e5e19d756db30c83131080e5d9bba425fe28b7330c7a5204f8f049520409c7a0515c68c2fdf293c988247f76819

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
884f5bfb02ab074efc89c9277eeb1bde

SHA1
e52b82347980e1889c9ca9cbe3e4263992dabd50

SHA256
ac3ed331242b9a308cd39cb5966c5f2a0f7c702c2e26ac224d8b0a1959f03455

SHA512
2d408a4c5bfad8abe6dc004bb2650a192addd37239474979e72d665f9e2d234ef7fc313aeb7c5e4d2c422da58ac8a148db777affd3db9f5e67fc4683673f2c2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae9e1918ab2bf48bd96b92ec6ff5adc3

SHA1
6610a5ec0ed158690463610e7f631dece25b4d17

SHA256
55e100665fc98ab0b516b3a0f0099f60a098834aeabc03437933e5434b3d81e5

SHA512
b299e17f40d9f75838a6b43305255f0976874e12caa5e53f27bb8aa0e9384624e9144451c926280655a90084c0c006722907b991fe28cd55151394072a7abb52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fcc376de2725d46dc73250e9d0d3086e

SHA1
5b45f80fa395181d8678d5895e17214f1bac39cf

SHA256
f61e9379ca81cb393d87da23a3d56f384e2c304c41727ab34aca61e4df138b04

SHA512
c79180d2da3046b3b43f43b6e0bf053b94044b187623ef667a6dfdc1357d2783e2ac4110cec571b2df30adf03b877463f31190a993280eed5aac8d28d0ff66ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
42ca9ceed881e52e4ce80dff36eb397c

SHA1
fe278afe77806d174e152a14e81b40b6c29ace5d

SHA256
99c0705d09cf295d4fe0a536f684f690a3d32a7459b699bf72c89de7d64cfa5f

SHA512
0789db715c5a0888f41546e0b877cd85db4d0e457d5a19b58ffe5ad5f0698d4ecb52c351f2bca4ff8be8215720e0e25b495acbc704ea8146050a76b7f1afe201

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c3b3e06562bdb24d591f98787636d380

SHA1
ef101ee9f444a43bf80aa58440c3bb6eb95f9260

SHA256
4064d43396c202287ae0147412c46647393900e130f922dd31e86a93f109a48a

SHA512
b8242a49f56e68eae21b71c0465c3e4f2fe953f7193cd6db42ce9c12d0a42c4d04280a2436b3b11e3f6286d16d9a5e098da2ee0fb18c088cb370c849d000bc02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
967ad478036a5eb9f5f7c41a6071f012

SHA1
71e368f482daba589aee2bbf41798118ce8719aa

SHA256
5804c0025342f6072cd179b1b00b186584c72367e648c2c434d0cc0c3187b49f

SHA512
c31456fd1778218767fbaa4b98e09a58b18839a24bf63afbdcb25431c53ca9aca48f243cadad819c89c99e0528fcc137d38631b7eff67e87d47f53abdfb37ef8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c476a66ef251cf337fa8e49a4fcfee6

SHA1
915d431d44870e485b33a20b3361ce64e7d62f8c

SHA256
8daf8846a17b4c63e039bdecfa723dde19e30496806357d9ce461e68d4cfbacd

SHA512
2f6aa5a5f3b71d8139b33ed4b7e190d6f6b5921c623e2b5665b085d028b0844943ab16484d7c8b34b006494640c29cfe6da118ef64a46b71391cd4afc87e237e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
abdf66f58654edf8334c8c50408cb4d4

SHA1
71c0bf53f39add2938ba394934d114f9ff22010a

SHA256
6aa8c3842116775298f74b7dcea8ddd65659fc593569c88d2afe1e1caaa900da

SHA512
7e6d162f4244216000afecac997c04d78fbde7713eda2e89dd81a89cde5d5d15eb0648cf00b6313c201581e1ffdbc48ba85f872f77060f9e1f70a266965dd505

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9cff87d3aa35968dd8896621a3440b80

SHA1
4a98a5e66a1106f86532d146f207fb1cec5eec59

SHA256
c02a59012e69c19c1ad017769649ed5e6618b69ffd373bf2c55661498671b523

SHA512
eeb8e9abfe8fdae461d777825ba3518e118eac5c56d59d38749dd3bfedf94174a7155491a2c8712215f3068a7bfaf5007afc5be6f294dafd45198d80a8156623

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2AF8.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2C29.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit