22c50494781aac013ea42e9038bc6c13f5f004cde6516f9c378e0414add86cb3

Analysis

max time kernel
32s
max time network
134s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18/04/2024, 00:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

libequalizer_plugin.dll?id=8328c31dba7c71ee20ee32f1a735d639f9e43928.html
Size

236KB
MD5

5506661d9fda024d9b399e47c8b330f3
SHA1

6f4350476a4c2376d9e309974871b19bfc6b33cf
SHA256

22c50494781aac013ea42e9038bc6c13f5f004cde6516f9c378e0414add86cb3
SHA512

0fe8812bd6c836390960de936fa5521f1fbb950ec8ed23384b83c4731339a58f8d31815360315807afa995c27c5828dec7fcb75e933e0a063b4adce72905583b
SSDEEP

1536:sh/55A5IlJ0NCvCMMVm6O5IN5y35r0cRY5qmwDdCK9GvNXuBqwHLaA7MC9pvCC5E:sh/5UIlJACNgfa702kjXkr+C9th56h

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F92EAC21-FD18-11EE-9CBB-52ADCDCA366E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1308	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1308	iexplore.exe
1308	iexplore.exe
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1308 wrote to memory of 2032	1308	iexplore.exe	28
PID 1308 wrote to memory of 2032	1308	iexplore.exe	28
PID 1308 wrote to memory of 2032	1308	iexplore.exe	28
PID 1308 wrote to memory of 2032	1308	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\libequalizer_plugin.dll_id=8328c31dba7c71ee20ee32f1a735d639f9e43928.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1308
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1308 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f0a47efb42d9402accfd948be9524a9e

SHA1
2d815e5abca06bea9a449b8da3b4772df1022ab6

SHA256
72dce9f140a956c7c6f08d5ef5006213b14e162bce549e200271804371598cb9

SHA512
275d1d74fe43ba63789ab6395a0cc953a6e24431e8b0afe1336d95b29cfd61376ed8e6b1567c3008c2be13b60bebec9c4e0f5f7974a77a90d2e621830e0134fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
70f953c044113bff7ea2b58748dade27

SHA1
ba0d8b831da5d4dfd05428ea0c213a35c3cce76e

SHA256
fb10b96e6771171523f36d9dca6651362d86c0fff0b00b67c138bf4f17d10156

SHA512
ffd3ddc852e6950aba9e54a0d4b5af13e7dd88c10d0d38f8e77cddc6894a724c205d8ba230455bfaeb6b0be6a5056261f4963faa334534156c30ddcf3ed7d3b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84cf8400ac2a455c60f1ef0a1dd8ff56

SHA1
2d1695ec44c8eeed480ceffeded2fe3762195237

SHA256
8798ab96fe8d812f0764092a16e00a017b3b8704c0374eb20ba674b5c18f28c3

SHA512
0910d7807bffe8e4ce8bf3ae084e72fb730cf2096a679736626130f67d9c0f865dd6d1302d764cb3df820d2250cbe880fa6a08f8412dae126aa1348913c2cc39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7eac9613b7325b0e27250a1ad0c9f205

SHA1
abb869f212c4898ff47ac2b6927746eff1e2b875

SHA256
12f58b4c7ab6191abccf64ff31b1c588648269f2c3d67977c1c16c4cb55584ba

SHA512
19637dc50082444ef383c3a5fb7d7b3dc2c5009497d42fcb10bbedb730c3ad513112b60b4078a0dcdce3d116457c62deaa09f4216d2cb2c32a9b96ba71005000

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b71d92f23fa419166ba0a5c8e4b858bc

SHA1
2a58110bcd48da8401a6df79c2190c646d6e90af

SHA256
8d7c1bc9c4110161d828b3e2a797e7950d4e450ee2361844996ee5d215a50bb2

SHA512
5a6b2ee4e797c631d7d86726aa3aabce9dc69c774386fd91dc9b00346a8ca9511307b559e50ba56df1ba52c208cebc3c2bd3e8bed1ec1aaabfd64e6219a4a365

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8085243ec36b537f980dd2be318154fd

SHA1
97514358dbb6e4fd17d86739291c4373b6a1be85

SHA256
59dfac763e0d45858594f0a1b4aca1a4b5f75d6ba23a462c982a6534ba59cacb

SHA512
7c3e0af5635ff3fab02a37a3765b927507adb53ebfa318e26b7c13be5aa6549b40899a0beeeb5e3f27f3bbd4569a244569047545e82cabd31d41fa74027c57df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc5e3af9348892f154ea644265517964

SHA1
c684a37b1ce0755292a00591197700df119f6582

SHA256
8bb5a82d364c6adaf1eecd996d5b1d89a1d1d16bd2bd77cd993b9c9d5f663738

SHA512
8c9e1617774081ac3e4b974ff81c554f1f2350bf32e98d9d3b0c37b1420ab228750e5cfe8595c7ec6876ad7dc538633ded97081a35991b1c04f28abfeaf36930

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a86d63f8962986bd77bcb47119511bef

SHA1
ca5989c782bf7d91b304c6ee207d79830ef6ed0f

SHA256
286f5d324ae1f61379235621dd5d4d795cd2a33f0f88b5393a1752543083c057

SHA512
d3bbd76b8e2ce4a0856ad1d7e0eaa47c1f4e5866f10ee97b847756c8b066152adf1e7ba34f92d74a880f3527e39af1e762da5e4f96b6e07c23268f74b9aed2b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c15b6bbed453d9d3533fc1e4d869b2be

SHA1
f178c98541d886bbb6ae6c628497ab9b42250cf0

SHA256
b4c6b6d91de3ea7dcdcc2dcc16dd94c73dc6e643cc7c557ea878a20db6ffd58a

SHA512
24ff21cf898fdc82842d132d72991fffef3c06ed5089281de25c86d3ccdf5397af067aec2af89017904f32d40c02b612831672b06d8a56b8dede537217c0d7d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dccafbb0990edac0ae0385e3a0bf6e17

SHA1
408e5d6066f0e35aa7f6c361bd13761c767589ff

SHA256
23a1c8c1b434f9c608c6e233bc1d95f16cb255c22e855392b2a41581f63635bb

SHA512
4af80f1b8909ed2df328e2285c0bd6c959866a3c3621b50e26e7ddd58d9d7a5b20dd40e976b9a80661b89db547f5a6d6e23459dbfdcfb0873ce4cb8ed1d19047

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
00c6e3bfabe1c490654376b19abf7e77

SHA1
f0b5fd5bacab40248e1b35cf3af1b95f60bb6608

SHA256
3a68d755c4c557d8b71afd2323891e05825abb25e63147b43caee70ba0b49c37

SHA512
f088c22732d77a4a0a5e056abb6ad17b26aaa8ba98d1fc55234507c347b4fd3e558d330349d6daa888c467df76d1a3e2298662ee90696fedf5fbe70b3a535dc9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af0960bed4a05bca6ee51d4f22110b61

SHA1
1b1a283ffb4d8f67d8fbee89b73f22c431c26551

SHA256
a771c5095710a150f97d274cba6453307534454322ae4ed64078669025787851

SHA512
b4bd7d4103eb9a8b686d8ffdf867c6ee926d3c0a301e87e2d29fb25f525f95119e2119feca12ceee8a7f18ccf682da8cf1f2e383b08d6641b1c59b911bc761f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
23d79b7e6a60d95f75417ddb8bd741cc

SHA1
7832d5a6f722bf2d8573a7153a49394a61a6ed0a

SHA256
19c3430bdd33f9028cf6aed201432046c5905fe1ed3150aabfd63385c3794a17

SHA512
d5392325beaf0acb4f67a31b0d4ccf14a0be7477fdd6a1936b4fd3e429eb323cfcfbb75d8467783229a0080f055d07334c3b19db4f38faf8ec16f7ad41a2d016

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
61cfd9e3602aa474dff7b8abc750c2ad

SHA1
14da331cd619575ef4ff6ac4c28cb87a755ede11

SHA256
d3f0edb3fafedcbc7c0b234b4087ac2cee2c6c732beeeab6a0dba7e6ac3145bc

SHA512
a440fc9e451c16f0aa76b6f72adad150db525b7f56a4d6303de6102ce6755d32fc4daf7ca4fe4025f6669a96890dbd1b86f7bc0cf42e323da5c94cf954bac2a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
431163e8d8c56dfa56ab785133ff9d9f

SHA1
718d4f03d7054f849ba378cbae53850ddb89d175

SHA256
e4c5f02b1c212a3ff56ddb483a837dc95f9fcef258950211877eacf65d725e03

SHA512
0737c4b6989c3a0fc60a2a9548e791bfe1668d66555887d77f24c1d9303a875cfabb648242afb9f756ee1530f40cfbdcd750cbf1a7283192fa84d0940762b058

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e4a568525baaa29ab075b47553755a6

SHA1
db85e117f9fb92bf59260d3a7d30808f3e6443bb

SHA256
290472846f82d8ec400ac2d411e2399cbde4aed8aa3206e4bef35bd25c3f84ac

SHA512
b9b65ce4bd2021a62c3aaadd691d8bb00569603eef491109290a669c022272a4098b775fe1194406a1cf0eb5047436f758ae854305bcd8856284a34f05c0fbcf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c6aba064baaecf27a35428a0b75ed403

SHA1
15b36d8a50c4e993a8c038caa9575f4931127e49

SHA256
faf9c47895a15e72434bf6b3cc48de8302922f72d36378e1ceae01d36764d919

SHA512
3132976d26bd14bffbf7d8ccea244ea9e8682e677b1f7a019aa939a12407adb9dc8181e926982ea1fca04e19957665394d2345d0366ccac544d01f2ecfa4581d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
40cd9e314971f57cd43f11eb72a7a085

SHA1
fb14f5b3c940610892c4c397bae1d19bdb191d19

SHA256
910234c1fc73689c1af2b7f9bac0c57b4478ade63f22b5c6b8f666774280713b

SHA512
11853bf2269f0ac25259328dfd2954f684e4592e64bcf921502a4faa0e24e734c3fd59f78fabeca70485217b566c0c86889b6b1f25730ebbdb83f1e20f184ff4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a06a557c6fe6c4a49d0086b37bc7449

SHA1
2afc1a96fea155b9c39317e083ca88d227018901

SHA256
55f15b9c77217ff16ac604909506f9755e2f4d078766938f05b31957c16d5f68

SHA512
597abe023971f356b4e8762de0ad050ce7eed803b2649d74ec0e6cb53192fd6fa0740f16736fc26855a042b5035d6761f40226001f86b94539c68785084b328b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA6CC.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA826.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA85A.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit