f6f26f4f3a6832f645c10551c2194155cb9d792922dc9e341dcae0030458ab28

Analysis

max time kernel
118s
max time network
139s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 17:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$SMPROGRAMS/Internat Exp1orer.lnk
Size

1KB
MD5

9ffaab5f197ee38cf1fe65e19d4bb217
SHA1

39ee57d785cb31b75fe79879ab5dfed14eb1a28e
SHA256

6a1bfc7b4d0b3c749f9a5737f7f0253c634bdd62fe812948807c6beae039ecca
SHA512

eaa04c6437eac713912a81b2e11f97cfdc38d5d5bb459d7f4ae94d140b2bd4d74685cda43697f00b6803b1b58da3bef78ca3d9d6a4b9f5e4278ff2451aee512b

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0956006267ada01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2EC6E671-E619-11EE-B726-EAAAC4CFEF2E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "417032509"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000c12c25e2ddfb54dbf19c8710c230677000000000200000000001066000000010000200000006981e0073b64a6372470708398fa8cc57ebfe4496bc48eef79a33ced2baf66a6000000000e8000000002000020000000b9ffb668f0651ef0f2c10da0570e9d1b5b9c2b6941a492fb264cd401c752c51f2000000094a3b25ad254b5d4f514085d63aeaf2dca9e78dbc4b6b40578ec48398b43b08040000000c33572ec212e4b63dc5fb451cd4f2911fb21345ba05078c8918be35774c6cffb602706fc58064d2910c892937ce6ff278513eaea6a6edfa2fb4ffad95846ba55	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000c12c25e2ddfb54dbf19c8710c2306770000000002000000000010660000000100002000000035440ba9aab5ff1acbfe8038d4f134030475663881a77d321e2071fda8af7f0e000000000e8000000002000020000000bcddb3a55072a1f4dd654e0016994ef0053aae370f8c850316fbbf9341b5e251900000001798a8d553359fc1052ea87e7819d5c93d7eb434502dcc7e5422a865e5c9259feaadbc087d6ba3cba02dc871f2e21a5f3654fbc97f9721f01788edb782413a734038cbb3c8d20e4efb006b7d38b02a136f84d1b7dbb3b8fce513cdab4cca496ce3951ad3d53f9ed4b4d761beb55f064e81d819a615be639fa7d58df43c622e280b4f29f51ed3f5f51ba737829d9f439e400000009b13b15906516185a551cef948fce3059c090ed91a178e7d04d492ae005a189bba5bed0d3147b6d2c1a295298524193451e9a6fbdd3751cd9946f598bb436ce5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2084	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2084	iexplore.exe
2084	iexplore.exe
2748	IEXPLORE.EXE
2748	IEXPLORE.EXE
2748	IEXPLORE.EXE
2748	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1300 wrote to memory of 2084	1300	cmd.exe	29
PID 1300 wrote to memory of 2084	1300	cmd.exe	29
PID 1300 wrote to memory of 2084	1300	cmd.exe	29
PID 2084 wrote to memory of 2748	2084	iexplore.exe	30
PID 2084 wrote to memory of 2748	2084	iexplore.exe	30
PID 2084 wrote to memory of 2748	2084	iexplore.exe	30
PID 2084 wrote to memory of 2748	2084	iexplore.exe	30

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\$SMPROGRAMS\Internat Exp1orer.lnk"
1⤵
- Suspicious use of WriteProcessMemory
PID:1300
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.113w.com/?waga
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2084
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2084 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9308089e9ea0786362b7e53109a7435a

SHA1
8036d23ed57f5756e5a456ff9c034c2327334186

SHA256
f64f957a73edf7da7d1dd74e4d70f6c37352454a4b290933e71a00b82f5a2b10

SHA512
5646af438ca0ac83d5129c2f08f0cd6f239204b85f82c2da624d5ba894cac6bd7e1fb8e4281981ad51f8cdb6031994d1c6aef9fb1048b40fa4fb291193f0a34f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e94c9bf1b83f8c35ef13c77a9596213e

SHA1
4d58f545c5891cc1aeb3937ea530b10b6be5b43b

SHA256
96264b8efdc3add7bfe0ed01dbfc327b473a95f1b4daad8ab0e5e93bbe929f9e

SHA512
521dadbc85f3ebd0be16d9a28813cf45ced9d6372b007127c2964ae29262db231e34ef3ff99aa5d8542fec8f4b285be4fcd0d5b3cd06d598e70ed4e9dfb82657

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
05da67fd52dd36d7cd2db8384ba08c5c

SHA1
79595c947feb68f76a40c27f8120244ea1a01877

SHA256
cef2bb87137531c7dc8420bdb4bf69de12863e8e06f412369651529dee43af7c

SHA512
079a138d29ee1c8967a99600696b190396a36cb89ddd8d54bacdb42d5000d02a7ccd0a8c29053e2f2991d2ecc72b613cb9754ae886717b1acec7d3b87c8e83ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
049e870718eed0219e83f0ed1d5340d4

SHA1
5bab3682287a9c088c1353f5fb795bfec423e825

SHA256
2089714ee47399985858abd93c48cf566850e45528c134f62155022e1e2191d3

SHA512
44404275cee5edce0dcda7b48e5d382d31fb8a50d56929dfb3c43cb72db88e5f2b1acbc1a47bd6e66dfbfa642898a3dc1e37f1051317880e11a3bd4ab4eba461

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d69df73f6aa21ad723380dac4ef4c6fb

SHA1
593161ae37e5da8e3aa3e7966487df7cabe68a49

SHA256
ecc0ecf279eb163465e84a163995b0dcc77bba9bbf519fb5d2b3c0b8e7bd587d

SHA512
aa2b11e4ae10f06aeee625fef0456b99fab601ab65586f17f60bad446e6a130cb6288a077fb1eff79337b192149e016f4542706b2a6f2aedf5995e2e587d3027

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc86244d4b51613e7311b7d332ba83b9

SHA1
b171050f3b70bed05e283b7231f8e9e1ae6bfed2

SHA256
8e2754ee0ccd7b091234af38c120604a58342de621ab3cadad31db4f109052e0

SHA512
65b1277ade5a0c32a8ae0d4048369908dd437619e2997430cd58ff8d36bb82a43ebb5f633ac79bfc4603e2e7d288a2993de59ec0a304ece1c0f59b0c57aab118

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ca5eef48e9ee240fdfd5a0364830bc3

SHA1
d890703935628aaa2e84d8a573f1b5dc1def94f0

SHA256
10fee9c8dd424a8ad5425abd6db2435242230c776494dd126afa76bb4dfb1c55

SHA512
260632e00755eb29b3921208c3d16b1ed9a46bc92d88bf6944e34e3bf8fb40c01e989a10a4e5388e87a8ba5d7247853ef68884ba37661bf7878b24550abd7461

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
65015d881a24c90c7911bced85c961c0

SHA1
9601ea56bec58c4af3462e8f878d4e42bbef1b3d

SHA256
f00cc41f69d892d330a6f9aa52160a7f3a07f03cb043a5dd7d479174e03bff09

SHA512
4316c3502030791398d39f0152e2e1b43bf2c470639ccc96b2dd2759156bd8875c72c766173978b42a2015a8e9f41f64ae3ce3d2c96935032e6aed2513e82469

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
21ad8a8235e849482ab15c24640be636

SHA1
6a1941d315f698a207f578b174280049a965f521

SHA256
51d8a70a5c75b6bbdce6855ce1bfba2da89710d53f79bbc0bfb82a3299977b14

SHA512
ee875fef6c261a64c88cd4ea2ed65f093305c766f5e740749d3b26a5e0f20a0f5021c72b172b2cbd41ef3fc86bfb0cfb67157e09d9a96fbb0e134d771bac8dcb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76831434a4e1597e84cb656e51287283

SHA1
1285ad25952ed192d12d269ea5b60bb610d8fd55

SHA256
c2b9aaab090b894f5fe0aaee8cf200182adf844fd476e615236795e19fbdf693

SHA512
537721ba76584fb389bc45c77bcfc0222259703bc44bc219bc87b606d9ce0cfc8b29e451a59cda85fda12440d72e4ca62fb9b98cfb63213668a9b36d7d2446a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca626ac4d9d59172cdcca600e5df8e43

SHA1
fbc326a78db6ddf864c5e64e02e67e3b8d41870e

SHA256
61d7f08dc24da0080283cebe8dcfa603a15c34f56907e6cf7408d341d6251b50

SHA512
1825c39c5cdd09929d53b556797987e48ed6b037887ef1fd17d18fc52403a049f1c28f864e8d24a8206a6a96dddcba63ae1d3e508bf54605a48446e35760e2a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6bbc8840b134592cb455b41675aa0902

SHA1
33ccaef87cbc2b0dabca711a249a9c909c72b52b

SHA256
6d79548d6725908767d03131827d6df1c9850f1eade5ccd650329c66b34e3266

SHA512
efc5b4c9719dc197e19b3380048e06c8f99d8ddce0554b1e92940c24f21f46f36559cf1843d87fb21f1aa5899e769763a7aa4c3ef3ab1704bfec8696d0c4fa3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b0f53262f06067a5f2941c7009c17969

SHA1
a6bd5136ee103109df075f92285de287e6611731

SHA256
ba735b2db889daff827d58e028b0ffdc4e9ec384c7004c15a7bf89f236af715d

SHA512
b8327623e40467a0e1d7cd375f42c47017a4052496019de875472d7a98c7f57fa17280e95a831c8a18b9e0ed9001c3deaa1dd86aa17f7ba4ed7c6d2a93f05140

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20b9bf695d091440034de55fa4a64c44

SHA1
0a13cee88a11026c928aad918ff917a5d1bbf236

SHA256
80a4181f5109b40995618500edbf6a77177f59a2482880ed636dc4c520097a20

SHA512
da146f311932ee5899ba05b3ee0251a234c80fff13e03d57e4ae9b6f50a25cee285ffc73b38e60dd046e9cd0f523dc15d80ad11842f492c1e1c04f12c9a36f14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
108f7af7d2799a8bfa8663eb8313c8f6

SHA1
f3b6ab29d138d500ec77de2a4ab301536ec47303

SHA256
ac609afe2c0f2da1cc6dcedbb5a1fdd118c6d46edb937c3939c5edc3cdedbe9c

SHA512
a39dacdc3e146ffd2db5fd4f7488f05e0b438c363d7041fbeed7d11ef429a789aae59ec6772f7e4a5dc5cceb6070a625accd284cda315b484d8b78f7d64c50e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d443ab83fe92a6da9d2462c7b59ec37e

SHA1
f63fe259623e1bd80a328c19bf641c367bc3dfcf

SHA256
bc89a36cb099361da940f633f5bd4a8c51cf81fec69832e1b92ccc8e3705464f

SHA512
7ea7101998db4335548529c8d0919b021ab264549c479bbe223ac83b69caf16adffc3fa26b676d651dfd563f3c4276ff5a3d0a084155a390592d9fc8f3051b3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7844.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit