c3af8a1cc69a302db7d93211e9b7790954d6c83319f204a53457bdf2ebfcf877

Analysis

max time kernel
121s
max time network
147s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/03/2024, 14:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Lossless.Scaling.2.7.0.4.B5/Lossless.Scaling.2.7.0.4.B5/LosslessScaling.exe
Size

956KB
MD5

d671074cbe11c0b285c17202f24b3b54
SHA1

b769c7094f21b16fa928ec865b816cc9d3091516
SHA256

89111d2de9481adfadd177f4837469e147c5928502d3f59b60caa8b2524cbbf6
SHA512

77e822452f27ded64fe9d26b8140e560717e238760fead998059a999f044bb3758800c8564a44c9e10cda383993fd67f13935995e20cbe92313e45db98129d81
SSDEEP

12288:2ezEDS4MCLSyf6mOuGyW38yHJc+CKtOaO5Z7WhaokVt2aVjEB2kWzIcTqqGDyjty:P6tMCLPf1Oi32Ovz/caV4BFl5GhW/

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b0000000002000000000010660000000100002000000020c7263951ff724c3992acc3567d46485a379e63444bc1b2d3cac62a350e3a15000000000e8000000002000020000000abe9e933805c26f000ac3957fc22344ca4a368d3397e5e51de7a8766dd71227c90000000dbf4997319de12ba3bf165286cf39f48a1d7b1bc68884546365bdb9ef04d38cc1d2c6e017e70dd333db9a1325da3734c800c0bb13561aa6fb0758f9aaf522d66e36923f73b358dc1998936249eb1e3595b54626af03ece6e6265e3819fa8f6111ce0de53f57517eeca658b9221fec09d2d24c0fd3fd9fa7f909455f0055574c47d3b24dcd14bf0066e4937f85056b27740000000631294844f051e1e5c6c3c61557d9cbb660cf30de94db787db877de9de2a25a019927402fcfe70113ad81a4ffc064cc40fe88f395b1f3cf514caba5d9f22b592	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000005019b8ba073199d93c51d66b11f6d7f980a5f73cf65a020d62fcf8104614aee6000000000e8000000002000020000000905bb2e85067504f87b7e57d7d1e750850b2b4c7f2aaf7d7088d26d34f5bf56a2000000072c50f2c8c6a481b87875dc2ddddbf399b032b221aeace28acf8167a5cae67e84000000012d53c7b6cfc33c0807ecd72098bf4a5d38b446e0cb83d6101f79071157a1713d50ef8250ebbc34960b2a96f414af448d2555058e89904144aeb009c63fefa64	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 101d348d8d7fda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "417626716"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{ADF10091-EB80-11EE-A336-7EEA931DE775} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1876	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1876	iexplore.exe
1876	iexplore.exe
2584	IEXPLORE.EXE
2584	IEXPLORE.EXE
2584	IEXPLORE.EXE
2584	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 1876	2184	LosslessScaling.exe	28
PID 2184 wrote to memory of 1876	2184	LosslessScaling.exe	28
PID 2184 wrote to memory of 1876	2184	LosslessScaling.exe	28
PID 1876 wrote to memory of 2584	1876	iexplore.exe	30
PID 1876 wrote to memory of 2584	1876	iexplore.exe	30
PID 1876 wrote to memory of 2584	1876	iexplore.exe	30
PID 1876 wrote to memory of 2584	1876	iexplore.exe	30

C:\Users\Admin\AppData\Local\Temp\Lossless.Scaling.2.7.0.4.B5\Lossless.Scaling.2.7.0.4.B5\LosslessScaling.exe
"C:\Users\Admin\AppData\Local\Temp\Lossless.Scaling.2.7.0.4.B5\Lossless.Scaling.2.7.0.4.B5\LosslessScaling.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=LosslessScaling.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1876
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1876 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7769c2702c15c112b5ecd2f91f1e7dfc

SHA1
9a70589bf6e8e40e2a721d7a54d19769b1c9f484

SHA256
28449d4d249066d2331cbce5e0eeddf4b8ab526025e6e50948d6c55df3c0043e

SHA512
d5588f079ec903ee087c0bd2561a3702ed0061a83526b3a93ec1742424a5756e15dcea24742ba0e53d3a518871a495088f2091d8b968c016378b11d0235e430b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
57adb5fffb81d6dcbd13c8d06b28de81

SHA1
e2def3d3e7503ac47bb8f93f273bcba7a98b81ae

SHA256
d61e05e98ff6b9231fcca9721bf64f36a723ae548be4551295f684dea36796cd

SHA512
c7c7a93851296f45b75639087e0dd422d2f8504ff4edc0b7e79d390e08066353cdcc4672a3e82a608e8183ec9530f56c3ea9611908177e39ce12fa8020b4bb59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
16e5a119817b12427dd4a3c4f19c0fa1

SHA1
b758ff4cb0aabbea0b7a0fa9d462f4121fd30838

SHA256
139d8c06eaffed2b662bb4a025119198c1bfc36d80716f2e185fae93df9c8769

SHA512
91734484ef5fdf17cd24aa63deac41b99913b7fdb96a0d172c0c77ddd150eb7b7f44ad8bac5acee88acb3d5a7ed0521b0d09b585363d125e587fa5c7bc5a3175

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0f64f0721194587505c947796896eb71

SHA1
291c41ddab71bc4a05bc8dad91db71140094bbd0

SHA256
a91ab477edc8ffc9c3aed858e33c1a066f9bf621ceb0e82df0e4e1db6856d014

SHA512
aeb961f6bd9ea05061d964a7d42b6b31ca16641006f7b102bb7493c57c1591effdf4ff57affa29303aa9dc930c70d0a8163d14890b5d031e12b4367b98d91818

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
00055b1bda799f0a65b4b8ccf8e60255

SHA1
cdd7500dacb7ceefbdacff93d182a2b2dd47c7b0

SHA256
9393b00b1a5638f3880d68205763a8a2cb965e52942b1eb9e03c2fe3cc265263

SHA512
e376b9af800c17ffdfb4e4c8e292c6297fcf8dc299b589b6a714f5b72108e828c7b9172a63bafca1be0cb867f036d196719bbe92fd7068f1292f7fd016b6af99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c220efbb248cc2a16d75ba07ac860387

SHA1
95d23dcaaf387928cbca7dc2b65d4bb2132081bb

SHA256
c427ec624e892f3f6cc509645ffea292fd5f28a16269560fecfeb42ae205ba37

SHA512
9438ea9584c38339ae71fc33ba1815bb5cb3c2d82b4db5829a2e8784ee5216f3e2017a386ce33c97b50ff9172016549fa67af1fb53502caee3406ec8eb3b5fc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5692495a4406453b355f46d9fb7c5cb

SHA1
22c0e8a98513c84b471c820d28052ad6edd3becc

SHA256
6c28e0b4a763a7336e1584d7344abddf5b516e7e01697bbf72ae8ab86f1d82c4

SHA512
109337f5a583c04aefe1bc3c4335312c5244444e9f7d9975bc85f903afd333dccce5571a6ba04250c02dc0af4f28f354bd0f3f94c051b9585a807878a751fc09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9209719c2b4c676ce747533c0667802e

SHA1
5dd1984db22aa4a8d584bd82c8aa789c0bd6e444

SHA256
8619b2d8b07a02c1e6a63888a9e7b9bacb72b76dd43b51ae02f273eddf90e5e7

SHA512
93dfdc440587f54611144a86f251372d6c2ce9dbd53f88266cd70bbd8d635d34945e960eef50dc8c16de287363483e489973cc70878e23691ada9b9f8ad460e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8d32e648d8216765da4f98f46c4554e2

SHA1
0c480bcafbfa9372bfc442303aacc6dd6c024540

SHA256
411603ac3bbdf7ef901216d7f18a1315cdb81eab6d846d3bc70a09842ab176b0

SHA512
b514cee1d7047f6d773d1509e0df74fe56338041e1afc6e41ff05c4572ecd1388a64f77912e6ec106fdc10200517e2789be20667d49f35b8a426c927f838b4e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d27a1df0d357ba579dabfc4e721ab0f5

SHA1
340ee7bc5bb37ca7ecdc7b90654e77ce3d861de1

SHA256
1dd02f693c32ce1425f019525a94105abfbf2cf8b8b5f3e80fccf2f53014f2a2

SHA512
c5457396829e7a03a98a2740708a2d4b94ccc34cb2a430edc78c0cbc80420fcad5aed623225b0fc7b69916403eebf8f27523d6d6ed84fb9b5ae1f5bda7cca9f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
313de765a8f1c4c623f6b3d08a573aac

SHA1
7df55f6b04621a36f82e17a1f9e71b8c447873ac

SHA256
9a471a4048cb6e2b6d9727cbd4c26209a63e3550fe10d98e2691871c5e257c72

SHA512
374268c525c8ac37b392b56e37159230a6af8f800ac1a9af09ddf3def62726787f23d79350a1e522fb58d04ceb18a3d484d22a26afd6eab105b86576ecd695a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9eec7c045fe2673dcee8cecf1f6a7b6f

SHA1
26901330afd12bf36c238c71bc4b03fc16d8f96c

SHA256
7125efa2310960ec26be5a72ba55dede7a6ef52c3189a5c01addae5a0e9341e0

SHA512
b738500078d1a17199c6dd202407ddf4a6589d1797317129aa386bae8358a73c40140dc28a0087e0bc697e373ace698a8a4cd2c5642a2943a76da1d987184323

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4dcdd788c3883006db14d0e51d97596e

SHA1
06b51167c23192fa3c77af09a6bd6ce8052dd36f

SHA256
bd2177fbcc1bf33556cb0849e5d82f0e32586ac0fcc827e6f0d6dcb6e45ba677

SHA512
e0879a6d7cc13baf5786ed574cb0ec50a9fcbf516169105dd9b52efc93fccb47bdae02aba5a0ab2c74d8f25b6f74912c4f1f57e6d76a4fc26cc80a934deef671

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a55769efa66971f7c93d0f8e9f027c09

SHA1
024353a25ee7b1374910bee07cd7a4ed75755282

SHA256
9b4edaa7195e5877fce89512592c933fccfb3925bf44b8690f723e34c8b80cd8

SHA512
42878869c1872d809e297bf4b5587bd6606abc4be4c2e62c28e1da6aa0cef4659795c9f146e2324b5e4cb52652ed0e0d24582baa04b0e1af0c7e4647465897d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA9ED.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit