655ca39beb2413803af099879401e6d634942a169d2f57eb30f96154a78b2ad5

Analysis

max time kernel
91s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10-04-2024 11:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

655ca39beb2413803af099879401e6d634942a169d2f57eb30f96154a78b2ad5.exe
Size

489KB
MD5

8f7205aaf80ce4b5d0ee8f00369f301a
SHA1

401d3336eb33cf82eecb5df5c2ac6d5f7f78aa26
SHA256

655ca39beb2413803af099879401e6d634942a169d2f57eb30f96154a78b2ad5
SHA512

1de8e8e3e4e8356067365571e90a812425ef18da2b7c210656f79683d41d3943e7fd052160978e370952afe8b14555a51871bd2c3923294c5057a8bb6d82b47d
SSDEEP

12288:747jVWnPp3kS+U8u40Rqk84MjKZ5x88tb:+IpIU8ut3MKZ5xP

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 37 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{02EB7098-F72E-11EE-BD28-4EA1437444E8} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004fe61c3a8d7b1b4583659fa3775963b500000000020000000000106600000001000020000000e85c00ef460ef9361371ad3b902690feefbf64fecd4a58cbe5a6c354cabcc227000000000e8000000002000020000000321d255a972ec58dd0c196787c90a75970a24853e81154311427f881e91a47de200000008227c99ae410cd5e21afc5a6e7c477b581cdfc54a744402e03b5052773d0d83a400000008d02368944fd85abc8ac883c445e98fed5262c20f2e64e224a46492bc41e7901dde468a2aef452421f0d84922fa938c3b5ced076d42ddab5f823300d93e0051a	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff5800000000000000de04000065020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 905770d33a8bda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31099706"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3612671201"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30c058d83a8bda01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004fe61c3a8d7b1b4583659fa3775963b5000000000200000000001066000000010000200000001293ce634b799e113042f0cafcafbe0d9134df175ffee7fd5619d345a563f54d000000000e8000000002000020000000516fdda653893723680899636f2e6cdc3c2451df5b21da26f70d46c2b554bd4d2000000035da2d9d44c9355d241953de50e9d5d486b4e6b84ec850ea4fe96bacf6ec456b400000004fc70adad4c98e46f58e2a8a5cb9d48cd8af7c72515c9150623390adb67b07af2a6c395222993a057afe3f07bb1ec799526c0273f19921ee3457d9d987d4a2c2	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0f151dd3a8bda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004fe61c3a8d7b1b4583659fa3775963b500000000020000000000106600000001000020000000a79db6f1bdb55c11f0d6216e16f660bfe1bebc8a3f12b1ddc93b26b34f518ac2000000000e8000000002000020000000e8736c02a3f3b49cf8407425331dff30173c30292abf4bbe99bccf84bd352441200000003560411a35c1c6decd2ca543544cd89ca2d973f95a412af142d6947d783ab0bb40000000936ad39703411579491601ac7de34adb7ad8ce8dc52bcedf2762969fe52c9ebe4740add9584d5e09969ebf9f4333def172c440d944c86cf57468a2b2e8ebd5a4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31099706"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff720000001a000000f80400007f020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3612671201"	iexplore.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2568	iexplore.exe
2568	iexplore.exe
2568	iexplore.exe
2568	iexplore.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
4196	655ca39beb2413803af099879401e6d634942a169d2f57eb30f96154a78b2ad5.exe
2568	iexplore.exe
2568	iexplore.exe
4080	IEXPLORE.EXE
4080	IEXPLORE.EXE
2568	iexplore.exe
2568	iexplore.exe
2712	IEXPLORE.EXE
2712	IEXPLORE.EXE
2568	iexplore.exe
2568	iexplore.exe
5084	IEXPLORE.EXE
5084	IEXPLORE.EXE
2568	iexplore.exe
2568	iexplore.exe
412	IEXPLORE.EXE
412	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2568 wrote to memory of 4080	2568	iexplore.exe	86
PID 2568 wrote to memory of 4080	2568	iexplore.exe	86
PID 2568 wrote to memory of 4080	2568	iexplore.exe	86
PID 2568 wrote to memory of 2712	2568	iexplore.exe	94
PID 2568 wrote to memory of 2712	2568	iexplore.exe	94
PID 2568 wrote to memory of 2712	2568	iexplore.exe	94
PID 2568 wrote to memory of 5084	2568	iexplore.exe	95
PID 2568 wrote to memory of 5084	2568	iexplore.exe	95
PID 2568 wrote to memory of 5084	2568	iexplore.exe	95
PID 2568 wrote to memory of 412	2568	iexplore.exe	97
PID 2568 wrote to memory of 412	2568	iexplore.exe	97
PID 2568 wrote to memory of 412	2568	iexplore.exe	97

C:\Users\Admin\AppData\Local\Temp\655ca39beb2413803af099879401e6d634942a169d2f57eb30f96154a78b2ad5.exe
"C:\Users\Admin\AppData\Local\Temp\655ca39beb2413803af099879401e6d634942a169d2f57eb30f96154a78b2ad5.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4196

C:\Program Files (x86)\Internet Explorer\ielowutil.exe
"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
1⤵
PID:3424

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2568
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2568 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4080
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2568 CREDAT:17418 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2712
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2568 CREDAT:82946 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:5084
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2568 CREDAT:82948 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~DFE8FC1ADE0A43BD0D.TMP

Filesize
16KB

MD5
162dbc45097dfbf74a21dd3ff6ebe0b5

SHA1
cdf3c67914039554eed57d7deb93f144c9ad6393

SHA256
df85cedc84453ec43437ba4d2a7267a6bf68fe5cd50584fd93f7ab2b59bd833a

SHA512
cb7f0da244d9fcacb3824434a22f36e65d07e96a830995e117b3fe769ed550a08f5885a5d6702c77b0d7cc3e66c0b1302a58fd6206968a833dc3857b4b3c1c70

Download Submit