5dfa9e25d9c2a43654cfa643d4760133fbe38d3651eb3ede0f499a7be1f56c13

Analysis

max time kernel
118s
max time network
145s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/03/2024, 15:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

de4ed0b9580ea547c615a338bbec0faf.exe
Size

1.4MB
MD5

de4ed0b9580ea547c615a338bbec0faf
SHA1

a18e958d15586fe22d5c543406185bfb20865435
SHA256

5dfa9e25d9c2a43654cfa643d4760133fbe38d3651eb3ede0f499a7be1f56c13
SHA512

48fd4f3e89b94f51066537c999b0a4243dd32bc5c9076efc1ad4da36f154738da1e62e2daee7549da599d11c5ebb0a5c4bd9d16dbd443311cb16418a76a1e4ba
SSDEEP

24576:bhlGr/4p6qO4pDlPJsZtZQk5p8hulbEwfDpBzjRvdsxlTShiVNd:Vg/4Qf4pxPctqG8IllnxvdsxZ4UT

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 10 IoCs

pid	Process
2836	de4ed0b9580ea547c615a338bbec0faf.exe
2836	de4ed0b9580ea547c615a338bbec0faf.exe
2836	de4ed0b9580ea547c615a338bbec0faf.exe
2836	de4ed0b9580ea547c615a338bbec0faf.exe
2836	de4ed0b9580ea547c615a338bbec0faf.exe
2836	de4ed0b9580ea547c615a338bbec0faf.exe
2836	de4ed0b9580ea547c615a338bbec0faf.exe
2836	de4ed0b9580ea547c615a338bbec0faf.exe
2836	de4ed0b9580ea547c615a338bbec0faf.exe
2836	de4ed0b9580ea547c615a338bbec0faf.exe

Drops file in Program Files directory 9 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\soft204407\0720110705070719440720070707.txt	de4ed0b9580ea547c615a338bbec0faf.exe
File created	C:\Program Files (x86)\soft204407\wl06079.exe	de4ed0b9580ea547c615a338bbec0faf.exe
File created	C:\Program Files (x86)\soft204407\MiniJJ_12318.exe	de4ed0b9580ea547c615a338bbec0faf.exe
File opened for modification	C:\Program Files (x86)\thenewworld\newnew.ini	de4ed0b9580ea547c615a338bbec0faf.exe
File created	C:\Program Files (x86)\soft204407\d_2007.exe	de4ed0b9580ea547c615a338bbec0faf.exe
File created	C:\Program Files (x86)\soft204407\a	de4ed0b9580ea547c615a338bbec0faf.exe
File created	C:\Program Files (x86)\soft204407\tt_2007.exe	de4ed0b9580ea547c615a338bbec0faf.exe
File created	C:\Program Files (x86)\soft204407\pipi_dae_381.exe	de4ed0b9580ea547c615a338bbec0faf.exe
File created	C:\Program Files (x86)\soft204407\seemaos_setup_O7A4.exe	de4ed0b9580ea547c615a338bbec0faf.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 58 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007823eddbcee3e149bc4db86b21295af600000000020000000000106600000001000020000000fb661e59fab8fe3ceb40a017587fb40a0a855a47ff6be9373b8b9972065269cc000000000e8000000002000020000000121887e30b13b0a5dcd7fd25bc449d93ced58b32ff62154e2ee696fd6239819f90000000fc971a3e2f0c1e2fc65bdd8e2f9cf0dedc74f38de8b10f366b83da1664a0b98cbeb4836615f47189754176b607b3af19eec96e5e988ccac2c7ac841c12e409e8744a70ff50ddc73f999ff0dc97a9fc98e793296b5803e9386d04c46fdaaa8317d8cca8a547d22e5532c789f7531e742724b97cb8fcd0a40d8504f25fb3162a4bcd95363c27a384396b0eb60f39af01c24000000021100c9fb0ad22d71956b8a33781a6e44c5a62a341b2fe808aa228534a72266715a7c2971144ecdbb1c0bda135191d4d4c6b749b6cba32beb77420f0c79fd4d0	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F521F9F1-EAB9-11EE-ADFB-52C7B7C5B073} = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F521D2E1-EAB9-11EE-ADFB-52C7B7C5B073} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "417541371"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007823eddbcee3e149bc4db86b21295af600000000020000000000106600000001000020000000495494a460024d5e73aad98411f7a2ba22a8d34e0a96d431bb474d07cfde243f000000000e8000000002000020000000e4f60ca71ad1a0047353e2ec29ab7ffef2d16abddbbd5fb67bdbf58e53b0459e20000000a1dde85ae4c446db9393f53782c722c782e5c5d1be228215f7a0c28d650cd6de40000000d2f7968f0848dd33a12710c28b92810426ac2c302a0588fe76914d03bef2c114a004b489f44ca9bb1bf86fa8ad2ed3514e5051abd8d2dbd26070c6a609af4ad3	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0c485e3c67eda01	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2836	de4ed0b9580ea547c615a338bbec0faf.exe
2836	de4ed0b9580ea547c615a338bbec0faf.exe
2836	de4ed0b9580ea547c615a338bbec0faf.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2460	IEXPLORE.EXE
1792	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
2460	IEXPLORE.EXE
2460	IEXPLORE.EXE
1792	IEXPLORE.EXE
1792	IEXPLORE.EXE
2468	IEXPLORE.EXE
2468	IEXPLORE.EXE
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 43 IoCs

description	pid	Process	procid_target
PID 2836 wrote to memory of 2888	2836	de4ed0b9580ea547c615a338bbec0faf.exe	28
PID 2836 wrote to memory of 2888	2836	de4ed0b9580ea547c615a338bbec0faf.exe	28
PID 2836 wrote to memory of 2888	2836	de4ed0b9580ea547c615a338bbec0faf.exe	28
PID 2836 wrote to memory of 2888	2836	de4ed0b9580ea547c615a338bbec0faf.exe	28
PID 2836 wrote to memory of 2888	2836	de4ed0b9580ea547c615a338bbec0faf.exe	28
PID 2836 wrote to memory of 2888	2836	de4ed0b9580ea547c615a338bbec0faf.exe	28
PID 2836 wrote to memory of 2888	2836	de4ed0b9580ea547c615a338bbec0faf.exe	28
PID 2836 wrote to memory of 1976	2836	de4ed0b9580ea547c615a338bbec0faf.exe	29
PID 2836 wrote to memory of 1976	2836	de4ed0b9580ea547c615a338bbec0faf.exe	29
PID 2836 wrote to memory of 1976	2836	de4ed0b9580ea547c615a338bbec0faf.exe	29
PID 2836 wrote to memory of 1976	2836	de4ed0b9580ea547c615a338bbec0faf.exe	29
PID 2836 wrote to memory of 1976	2836	de4ed0b9580ea547c615a338bbec0faf.exe	29
PID 2836 wrote to memory of 1976	2836	de4ed0b9580ea547c615a338bbec0faf.exe	29
PID 2836 wrote to memory of 1976	2836	de4ed0b9580ea547c615a338bbec0faf.exe	29
PID 2888 wrote to memory of 1792	2888	IEXPLORE.EXE	31
PID 2888 wrote to memory of 1792	2888	IEXPLORE.EXE	31
PID 2888 wrote to memory of 1792	2888	IEXPLORE.EXE	31
PID 2888 wrote to memory of 1792	2888	IEXPLORE.EXE	31
PID 1976 wrote to memory of 2460	1976	IEXPLORE.EXE	32
PID 1976 wrote to memory of 2460	1976	IEXPLORE.EXE	32
PID 1976 wrote to memory of 2460	1976	IEXPLORE.EXE	32
PID 1976 wrote to memory of 2460	1976	IEXPLORE.EXE	32
PID 2836 wrote to memory of 3016	2836	de4ed0b9580ea547c615a338bbec0faf.exe	30
PID 2836 wrote to memory of 3016	2836	de4ed0b9580ea547c615a338bbec0faf.exe	30
PID 2836 wrote to memory of 3016	2836	de4ed0b9580ea547c615a338bbec0faf.exe	30
PID 2836 wrote to memory of 3016	2836	de4ed0b9580ea547c615a338bbec0faf.exe	30
PID 2836 wrote to memory of 3016	2836	de4ed0b9580ea547c615a338bbec0faf.exe	30
PID 2836 wrote to memory of 3016	2836	de4ed0b9580ea547c615a338bbec0faf.exe	30
PID 2836 wrote to memory of 3016	2836	de4ed0b9580ea547c615a338bbec0faf.exe	30
PID 2460 wrote to memory of 2468	2460	IEXPLORE.EXE	33
PID 2460 wrote to memory of 2468	2460	IEXPLORE.EXE	33
PID 2460 wrote to memory of 2468	2460	IEXPLORE.EXE	33
PID 2460 wrote to memory of 2468	2460	IEXPLORE.EXE	33
PID 2460 wrote to memory of 2468	2460	IEXPLORE.EXE	33
PID 2460 wrote to memory of 2468	2460	IEXPLORE.EXE	33
PID 2460 wrote to memory of 2468	2460	IEXPLORE.EXE	33
PID 1792 wrote to memory of 2704	1792	IEXPLORE.EXE	34
PID 1792 wrote to memory of 2704	1792	IEXPLORE.EXE	34
PID 1792 wrote to memory of 2704	1792	IEXPLORE.EXE	34
PID 1792 wrote to memory of 2704	1792	IEXPLORE.EXE	34
PID 1792 wrote to memory of 2704	1792	IEXPLORE.EXE	34
PID 1792 wrote to memory of 2704	1792	IEXPLORE.EXE	34
PID 1792 wrote to memory of 2704	1792	IEXPLORE.EXE	34

C:\Users\Admin\AppData\Local\Temp\de4ed0b9580ea547c615a338bbec0faf.exe
"C:\Users\Admin\AppData\Local\Temp\de4ed0b9580ea547c615a338bbec0faf.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2836
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" http://taourl.com/6jb4v
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2888
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://taourl.com/6jb4v
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1792
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1792 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2704
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" http://www.178gg.com/lianjie/10608.htm
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1976
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.178gg.com/lianjie/10608.htm
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2460
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2460 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2468
- C:\Windows\SysWOW64\Wscript.exe
  "C:\Windows\system32\Wscript" "C:\Program Files (x86)\soft204407\b_2007.vbs"
  2⤵
  PID:3016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\soft204407\b_2007.vbs

Filesize
293B

MD5
b566a54eab5e8daff8fc41c15e118c00

SHA1
0da846216b0a7f0f7ed33fa6157a52a0f7ee5f96

SHA256
d82153baf87ef46156a03e87484fd9f621d80ca49e706740474875c490e19fc7

SHA512
35a2dba15222720f6daffd72fd66b245596a824b31c4f932b5aa304324cb8c86ea75579dd77404c4b005774ab66c5d842b9d1cd50ce268f3059023301110b210

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ca433a5fe166c4424b2aaef3b3da4ac

SHA1
a0d0384cbcebdae011f905c47ff0e231716ce9b5

SHA256
ac3a2358b394d4756a7f4c5a2f3dfb0e3fa6b5b47207debcdde16e288427c6d1

SHA512
8541f7b6f7ed8ba6fb3e88e6c87b60822aa4f984b87811843a6a53e57fadab17a2d4f4275606cfeb13e7ddfc9fb6c8a2e3271b7314b3ba9c40e052d3f96e58cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8fd718bf8522729686112192a6e2d325

SHA1
4a8303d481d22881a2a437b858147c9a9bd3755c

SHA256
8b19dc783568b46f3dc9c5a39c7eb271741289cff3e77b8b4201a3d145369443

SHA512
045d229bd76bfaa89c3628d8ccc26bca2dbdaddcb460a202c260cf1f29753f951c177299fbc35de867409bec9e6e39248fdcd983ae898000cfb1d4a76dffb830

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6238774d714fb3bfceb58e2a19c1235a

SHA1
f752aaf225c0c77c56cad1510b6eb83b78c3680d

SHA256
362b87258636141334e1b71fb1b7d3da7537b0738a769466f3f54771b7e26129

SHA512
1bc5bba6b7a0754754fb6d12d8aa25f505b1c382ad53d899a6a80a6909984620b730ffbccfd79c5b5d22806e7540e60a548e15b8afe4157000e3291bf98227e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
13a53bd0655eb51cf67c77c891ce4c59

SHA1
ee0756352533bf3e190594faa769fe7e699b8c2e

SHA256
866a186bf63c6c1b0a7a62b07f746f03d2a1bd81c188415bccb619aebd5e94f4

SHA512
ce5a7260a382d5c4414573759528f05c71c3ace155cfb2bed042378d0f899c2fcffdd379d0447bfcb83cc828fbabf0ebb31151429f368ea3438b77721be0cd55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ea82af3f79bcba1f16664ce56a1cd4c

SHA1
860657417fb43c9e7e239ccd6437d22279af0bc8

SHA256
e842bfaa740dbdccad5e151cfff04421db5e5d355cc9174d51ea33f50fa7d87c

SHA512
c51d2af0964b95814f2a3fc825c66444e52ab1ec2b0297f4757a31e206f86105a1e97c674cf9b2715c062cff854913cdd31673f93865f141d944625a189c2131

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
57a288b5aca682818d3ee98d5ce6f541

SHA1
ab9f52707fde5b96de36cdd3b56cadff54bae150

SHA256
dc4eaaf843fa8f624f6822f0ce8bbe3bed8e1136dd0a994c875764569eb93b71

SHA512
3666b1dbaeb94ecae74843e0c175b1beab2136b0c55496629767d177f68a8c9eaf1fb67d12549628acda75a7ea0bee32e1e5ab771a3b63f64ab3a991a6f3a8f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
adf8c6d4dc7283c1706ae927c1bcba21

SHA1
b2ce2f0fa06c44773df6403ccd75fa246d4415dd

SHA256
55d1ef08b08e09f89fe6daa9953eb3e3ac20286f8be0209255cdefe8578b5661

SHA512
e200799cbe0a9edba516348ca9d2414bb3508effebb6991d136edaf31dc88799de1e55da436d0e9f70940db2beeb2b1b47bd95ee981aa02479c8e0353158b3fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aefc908d7e4cfcdb521bea513b67ef6d

SHA1
f2323e3c9e4c6c794103c1eaefb5f4ce7fedb546

SHA256
3ae5ebba485eb6cb720e597bab6e0db94fd26232767d5b9a579353b242ba7d03

SHA512
ce351fa3e33efc81326b197efd905b153b51921b54c9ce2f17e2c03b88d27c3469008fef7c906bbbc00d79da85f553bdf808f059940cb71c4e22f66cd550e78a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a219f8e39965da23b30be96104993b13

SHA1
a8d37e4cb91631ebae45c30a96ea0940ba8f2df6

SHA256
a3ff3592dc85eb697e3610ed67dcf5f0d24bde15948812850f3b28a641644bae

SHA512
e9e0dca6e9d910089b92373494287c8e3eb5e966cc4f05e218d7418d7a3969fd92e0e4306d318c097db2c5696514c5b923d850df37319600e1acae533c920eb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a70f4dd253c8a25353b487420375dc47

SHA1
89972c46f2c23b6f844ebc0fd348a53c5f8f1cad

SHA256
dd6c9d10ec67319ae4686e0cf371c13088640a4595192bad93891ae0476ab4b3

SHA512
bef23cac2af447f81973db2d733e948e24546faf092760faaca42c229dbfa99ded7d65412b30675df2c170e3a118aa15394d143f2d8cb6dfb3b40c9e241e27ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
37840870f1f2b737558be34d6c1ec824

SHA1
7c0fc9f9b446af68875f471aaf0e97d0f0681ea9

SHA256
b425ca4d91d9ce0e14eb3065156578de64cd9e4f30c94649a239ad63392c86a0

SHA512
47aac4cc9243093e3728827691b3b7b5b3342a3dea3adfc5a38b5a66a9deb605090ac9a041ae55b498eb434a5b7c85ffe3293266bf59e5ff58ea9c7b312b0d99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
94e8648c166d562a10f0a6e4a3b0201f

SHA1
5d2c55c97ef0d2331b3f076e0ddfdd593357ceb2

SHA256
bf34e43f4945659ffacbf23b3500e0aaf3f34f0776d01ca81420bda2e0b1a81c

SHA512
2e29d8fb442478b13c922dd492578382c4279771b0bc555231ef25054854ce9c2aa458b15346a822e70c13e23e48f2a24e0ed2f1ae5c6eac55cb922e80ef482a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F521D2E1-EAB9-11EE-ADFB-52C7B7C5B073}.dat

Filesize
5KB

MD5
cf851a432023f87150e3babc829316e6

SHA1
4776bf98f61ea21a5a313a5c8edb399c40350af2

SHA256
3621cfd0ca9fbccfcb04926adb5767af46c1d8026d7e4faa174e02712a11c05b

SHA512
5f062b16848d82e84393d63c16ab87743f8738df8be9496f59bbaa1b1271109be6cc071ddcb720d372b39ab98ecf31f6b78704f3bb7358fa187bf2e4bc7fdb66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F521F9F1-EAB9-11EE-ADFB-52C7B7C5B073}.dat

Filesize
3KB

MD5
79f5d9b64a0b461b6cc6f7f9f13aaa33

SHA1
b9a9729be341e191ec64de4ec8747abbcdb54a83

SHA256
bd65086a3930924a7fc0aa4d0e2255e745d0bcf8c9ffaa92bfb01fbd5d85700b

SHA512
0c29b661fd40aff323a9b6f018ba25062d8bedfcdaab5c78401346126ab4e1550e571e12156414686c668b265eb9baeb42d42a1c152d1f65b8c8813a1531521a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab195D.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1A6E.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
\Users\Admin\AppData\Local\Temp\nsy55BF.tmp\FindProcDLL.dll

Filesize
31KB

MD5
83cd62eab980e3d64c131799608c8371

SHA1
5b57a6842a154997e31fab573c5754b358f5dd1c

SHA256
a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294

SHA512
91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9

Download Submit
\Users\Admin\AppData\Local\Temp\nsy55BF.tmp\NSISdl.dll

Filesize
14KB

MD5
254f13dfd61c5b7d2119eb2550491e1d

SHA1
5083f6804ee3475f3698ab9e68611b0128e22fd6

SHA256
fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28

SHA512
fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7

Download Submit