hxxps://google[.]com

Analysis

max time kernel
11s
max time network
34s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-03-2024 20:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AA8B8C11-ED40-11EE-A1FB-E299A69EE862} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2868 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2868 iexplore.exe
2868 iexplore.exe
3036 IEXPLORE.EXE
3036 IEXPLORE.EXE
3036 IEXPLORE.EXE
3036 IEXPLORE.EXE

pid	process
2868	iexplore.exe

pid	process
2868	iexplore.exe
2868	iexplore.exe
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2868 wrote to memory of 3036	2868	iexplore.exe	IEXPLORE.EXE
PID 2868 wrote to memory of 3036	2868	iexplore.exe	IEXPLORE.EXE
PID 2868 wrote to memory of 3036	2868	iexplore.exe	IEXPLORE.EXE
PID 2868 wrote to memory of 3036	2868	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://google.com
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2868

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3036

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
719545123c79f44358349aa542e510a7

SHA1
979470603e7366d25bfc408fbcb9edcbd0f83e32

SHA256
89020d9c9f99675632b1424b5ab338e0d5b8cce9f65f307070349b03ba7742b8

SHA512
a2619cf73324e574701b837cfaae4d9bd0ce0965bf6c5bfe849f968913f2fc461e1367c3054306ad165503e70404abc44619007001b2eccee93af9b8bebdee22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e4ed8da55733a3c5bde87e8c885eb87d

SHA1
90d0ee8dcd21a20152a9e771180315ff1f13111d

SHA256
260fc73427e966aab60794880256964eef1c459ec0bcf8cbe85cfa4d5f567323

SHA512
9de7be758058dff48f8e199ee3e51bca1f45ce4c3c938137d77d9e4f61421c69105c4a4cfd3650217663793e2b4cf625bc84e51bff99969dddf5e89fffd6ee0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0c6847c4b7a5091921b96724d0eaf959

SHA1
e070d38ffb8ecc68acbde661991a807cf99fa6e0

SHA256
1415de7be5b1ad104102cd98015e7df787a03dd77e1e140cf95813f514d56757

SHA512
3796ac52f3cf2e5ab370d503dee3a00b6fd9ae13cce513c185930d788d723458e6b5add494ad152f0af88ca5062843aa34226c212308bd47df9b0abcfd94b3b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ab5f96781078cc079ba45c5585082ddf

SHA1
4af9301626c3d6c3f353ad57aa8f0e446455f664

SHA256
fc515c10d4b3558e4beeb839ec0c4f62af0b7ffb395f445c85a30644220275d3

SHA512
6125f35e50801d5878b38f1799fbb4b16a6276a975c373886d83b74f12aeaeae9f6bbe6bc9bf6afbda23913971991acf9643f069f21c5db57958e2cf225cf939

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
1ba320f38897df9bd58a23420d8c08c4

SHA1
e956ae7fef0530b51929a0623d7b228d68b6249d

SHA256
dc373ac4bcedd7a68702c8bc2e0bbb2642dd0e42f33e515f3ae3ca352b318ce7

SHA512
6c59e81d78f7bb62dd050b00fd0831e989b98c8deafdeb7aaa48ddbc2243e6be3d55e8892f85a05c43cf5b168ae1d54ffb0f72dd1c0db5661287cb8c4e33211e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
cf549e54e1dcb536a53ed48156cab677

SHA1
329d6600422e4059878de41f723cf6dc4c23d66d

SHA256
91eb5756c6c6037757f86299f74a491209edb1d8c317300b954fbe7ce4f778a4

SHA512
c3313d08cf47635c34aa351ef80d3604cb9894dfc7ba21bb68c8f7378fd209cd626e4b3b68beb0512c0b6a3caadf959c9539cf999d88478f500a3cb2676c0055

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
a84b5f0a9ec6d0a62c791a34d53d0df9

SHA1
816d5fb16c170d51e3394d8988f28975ec6b14e2

SHA256
0237a7c9f6e2934af9dd05297d13049aa87c8563260f66bae87b26e84fbe4180

SHA512
eaf4bbb6cfc4cbaa5bb502c1b201aff97e24d04df2d68f58ff51c2faae60160f7d98ae341b035b89ed622556ff9c403f3a232d237b666a0c3524aece46d6d533

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
add1bcec45299e22596dea52037f5abf

SHA1
8f01a2aff8293330b26bae1f527a45e78db8b66b

SHA256
9eecdda1afbc4fcf0b7ea096c477be53fc8b4350c1d5bad7fdeb8beda3909cb8

SHA512
1dbc1d0b8dcd0507a788b01c28648632c436138910b013b746872f91ca14a0dfe0a82d18c9399b8bffa98078425b0e2508a5ad023d2bb7f3351925daa97c5957

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
7a96f3193cbcb359aeb8555c6842e098

SHA1
3249503a5f8179f1e6285cfb6ad92eaecf509f05

SHA256
a91ce8b6959034d8d2e8830b526c72f3b79fe0f4af1e209690ef123340e886e8

SHA512
3c2b5e9e288b25e4b8af24d2f5b7529d19c4b153eae34c3db81da56c7d2c1a3aa592705ffc331aa395cb3d303884a0a7257caa1ec433673e21c0fc6ee6f51347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\49CWZ1TF\www.google[1].xml
Filesize
99B

MD5
ba1272b0bb296cb21295b7d163112522

SHA1
52e295c102549dd81aa2ef421cb34ff4749ed4d6

SHA256
ec637d52ccef529f99150a42888f1b9d826d5134196ffdb34fab32f905785fe4

SHA512
b91b8ae31d603b7f0136464644bf6241469321c9145b4d9c3f65f14b15db803840544e8fce27ce2c16579342391f6a5dde28e8b6ea3617c42ed32c6529cdd426

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q905y6j\imagestore.dat
Filesize
5KB

MD5
641d041f4d7d8d8a8209f63fe4366531

SHA1
3d94acf8cac7fabe93b41bf23d0e2a658db07a32

SHA256
d50c6a093bc8f537fb101f68b64020704861436262a4f81dc43cfc065d4cec03

SHA512
e059c350aeb6bde0299c940f794f3716602c9ff1dc91e954138a8e5e4a46f6ed3359f84dfe84fee3c5f44d9bb5f3f8c57221661b8a54bcda826221623996b39d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\recaptcha__en[1].js
Filesize
499KB

MD5
48c590d47c8b1868cecab334e9a34cbe

SHA1
5f1a9f94294ec337f657ac2ebec1c74e097ce5b3

SHA256
f3756825df5194a174b7a55ebd3b484c276766eef21343d34b053b98ed386801

SHA512
24b9e42bcebefcb81d2dc8760256a63e84846c2a49cee2a6b3904eb5dba4551dbea599e0892c7fa6674e32d6e047ca31b396add5467f6d3fadfe8f9b3a72a6f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\styles__ltr[1].css
Filesize
55KB

MD5
eb4bc511f79f7a1573b45f5775b3a99b

SHA1
d910fb51ad7316aa54f055079374574698e74b35

SHA256
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

SHA512
ec9bdf1c91b6262b183fd23f640eac22016d1f42db631380676ed34b962e01badda91f9cbdfa189b42fe3182a992f1b95a7353af41e41b2d6e1dab17e87637a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\favicon[1].ico
Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9E07.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9E06.tmp
Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9F07.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit