a693fff41c4e738cfa6b7f0e9bcf51ae341b276b81189fa698f0c0ede4a8a54e

Analysis

max time kernel
135s
max time network
130s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-03-2024 19:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Kiwi X/Monaco/vs/editor/contrib/suggest/media/String_16x.svg
Size

4KB
MD5

48e754cb54c78a85dcc9aaea9a27847e
SHA1

8d79b23037deb6586e4954305dcb4caee14afbd2
SHA256

d1aa361f33564e8f9d527a01a66c7ce35d73f23417432e80ddf51f562770ee79
SHA512

f6d902b5c73b59636cb71d4019ff45cb77532bf22aab28a8314697e24a62163a94140c97495ad5ce421c09c26e4bcbfe5a815eae27e945c51ccd80c2ba9c3a77
SSDEEP

48:CnN6wkEX+c9Vlt4AFCj93Z0hDC7hSBnukNyhDFtrJGuG2XvS+yZCahDC7hSBnhKm:zJWFCMcfkCFGE6+yZCacJImkArbbqrAm

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a96069000000000200000000001066000000010000200000000b9935b0850e7f53cdea1b7a0d1a9608a0e6efb2a3a6b094ebf5ac5e3b6acea6000000000e80000000020000200000003e26840afceb0bc443efb0c1925d55387c3c8d2335ae54828e4bae152d8d93632000000074466f20d66af1f39d78cb756dfd40fc991523cb5a02c1ff3d080a57b6a8b15f40000000529ee3a2e97c34778980faaee1d82df9c8c8059c0f577f97f90ea332accdeefacac9597984cb519a0ed51bed5ad848e03f8a42b7a0cd143fa4449dcf1edb5996	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E65C02C1-E3CB-11EE-9387-E25BC60B6402} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416779406"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a9606900000000020000000000106600000001000020000000009be1f63733300de9b93ab6ff998d6022fad5bb40e0ff9522c2f2d92370c2ed000000000e80000000020000200000003b06221704f831e0db4ea210fb26a9cc12f5c2820bd38d160d05803f91468d5f90000000efe888d0bd27e909fea7bc096062e8214a355ce4c33f16d01c90dd5b92c520c77e25452d1fd99a4ed49f05c2fb398e3f939f57459be8bb16a79e385c1c800eaa5ccfe11fe31f1ac0d67b440291ba2e1331d6d6ec18a6522a609396e5b99881e8bc7e190ae44b1ac9a04d48a109e6c0ad625403ce33642c24e0b1117c2e26a63b85d77a9153f44df87a9bac27d61972a34000000016c78e7d8f7ed3ae044ef0077721abd40e6eaa00f39c55ffa8e43832e741450eb943d58ce334a2ba905ad9f688f17353ad149385413927a833815bf266be9cab	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0c2d8bad877da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2036	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2036	iexplore.exe
2036	iexplore.exe
2204	IEXPLORE.EXE
2204	IEXPLORE.EXE
2204	IEXPLORE.EXE
2204	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 2204	2036	iexplore.exe	28
PID 2036 wrote to memory of 2204	2036	iexplore.exe	28
PID 2036 wrote to memory of 2204	2036	iexplore.exe	28
PID 2036 wrote to memory of 2204	2036	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\Kiwi X\Monaco\vs\editor\contrib\suggest\media\String_16x.svg"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2036 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd12574c59ded4e77919ac87a41ccde0

SHA1
61ef792d32b017490458285c9f4ab4a27b8b7188

SHA256
636ab3de3d0ca736d144d06eb1867b7740acfb4c774a98ecb228223d92287fb7

SHA512
380ad08c86817c6e88cebdf7ef6dfd68e54ea5b147242bd1cedf615075001b9c934c7c944f0395663a9180e7360ea3223aa1f4d9523eeb6c334520e013a83aee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
721757f63c10d5d125eeae9945d2730a

SHA1
66b64a1306123e9c655f1ea7a04980186c8e5438

SHA256
cdbcdde9493ac8f3cace3632ec6fd9810021aefd9adeddfd7f523e190f59b911

SHA512
b55b0e6c1e4ec657f18e8c65cceb310ccf76ee6c99cb9bb7c6004af8c60d7d72e1080a8b078ed907818f782360d9783c34125d3bdd2444192f0712248c512a57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2f11d72cf87e0ca5c1bea646f075fbd4

SHA1
9dfba3e171b001a1537da9ee697045be91e7351b

SHA256
6dcc12121019f07f363b366171cb9f022757e487753e8469a894cfc4e9a6e7c8

SHA512
06a5991943c3a0991c6eb1cdf8f63c7a2d93cc6e768fca7e9002c678dd71f5a7d7f054cb3c4e5f1d46cc40128958dc4457e4c4de696d3bb2fe5236d131193c2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0a71bead90e8b055d75394d75427042

SHA1
43beb54395c9963a5436ad127a4a3fa3282f89b7

SHA256
f7f54ce66735d4c5455cd29988a41da3d49a731ba0d918ee53a557d3b8148554

SHA512
526f0f546a689513486bfa2ca3871685b242e31d748fecb73e71a4a4cc14862fe513fe042225929ce0a9450f9603f682029f396ca49f3329faa8feef10b38a40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a69acf3db3915420d171b092a017bb49

SHA1
a64d4e23001b1a3138f2e38584963a98e883b0b3

SHA256
cbccecdfde3f1ec7a448a1513cc675905ef2281193cd7c7a0c1227b6e1e10fb9

SHA512
b18af80d8b3f9e3be0510a68132f861ed691f3b2dd4bcdc372b5be218095dcdf3283723f5012f64cda6fa0f41c53474eda57ba0f61127029dc9ed8473ea2b65e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c2a42cab31e7e732704bf4bb2097d8da

SHA1
102f5adb240b9a582b75b07913b6258771662c92

SHA256
794d0664402a1c400e4cecf0aee37cb015e2185cf226e276ca18a8dfc5aedb16

SHA512
9cafb3dc694a5b60fb83552db65a776d8cb1b539910b8918afcca022e1a2f1b18ea49abcd95ddea0c3a6d77071e8f3adea4575a9e4930926b07c8dff2242dd0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da03ff52662b4ba3394686e7994fa730

SHA1
b11a7ed9ced1ff28abc3e44900fe9c2286c540fb

SHA256
603a90bc38db87f4751517308ce271b6e6d2d05bbdfd3eb725dcec3545e0ece3

SHA512
5a030a5fa8763dd23b2eb6705c7bdad5eff5be70ad41f8968551e833851b349d5a301bc4d90d7a7cea3f8c8f01410398d46dcaaded801bddbcac704c795caf7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ebb915d332b18095b4e364b34606d58f

SHA1
b5e7ac36f2693f0ad33ac5caa9fd20b6a9ae083f

SHA256
fcb62d6c2d66a3801484aa4a96bd29dff7158cd12c033262954de68790817f77

SHA512
8e09b0e2342620ceb015121111646a67d6ce51c46e5b9dd852691948b87d9fd83471f5227def9c69beac6689657c8e6eb57c1a21569394db14b3932aff64e2d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1997a93715e2357bf3086444e6c81e95

SHA1
85ddfc3d859a54281c0eed49aafac035e5d0a5c4

SHA256
7b8dda8cae383b5d0609e077eb4efa9db72d231c5b72d3c780c0d446b39b442e

SHA512
a32e2a76caf021ac52e80f136fa382bece13f7eb76b12a283c2108cc510c3c1ad5e4e0629d84e78b3f2edbcc81d0b14b70047160d5cfdc64f682bda2b4474ca4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d9b71c6efbb6dee26122a18d0f90620

SHA1
6a096600316752523d1d5c1b92aa93fce4fbc117

SHA256
cce5567a9c9f148703a95acad54826ce0c5478f4d813c2caf3a320e8bca5c190

SHA512
4967a5b1e15ce1ad4f79ff6c3c4a92d89cf36b12c72105bb2c23cebd27147c035c949d483c52b76fce631c76649f86c5c3fc2ce14da117fad1ba95abd7beb997

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cbcf1f6d4a8294bb8c05982abf88eb8c

SHA1
9e85eeb9df2d11275e0bb43365ef0be3bd2f264f

SHA256
ea532746aebe72cd4d5279e479674c61e86ac352f24992291d7b66e4336507fa

SHA512
e496ea5be4eaff19846a453ed17d548059132883aa03572a8da3cd2e9d94e319e24ecb8c8c2656fe6b74174a9693279854de7f0179ffeb71d3e5c75f2a823737

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e349d534d1c84533a4f655f673bfd01c

SHA1
95078a226b7e51aa2559b66f12d0ae2c2dbc2663

SHA256
8f4a638485d1269bdc67be52f1c2d86960cade93a9bd12a218a8198fd7b55742

SHA512
eed232dc34c4cca7f149ca52e3a6cc60539a4e69e5c44e3ae875db19c1342d52fbe3a2ce780041814f622bbf02c968358ca03e70f011d41312b63738ac4dfe39

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2AAA.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2C58.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit