781a0bdf20d323d69cfe7c3ae6829ae6c2c461fa00b707ee9849bbc1dbb6d11d

Analysis

max time kernel
117s
max time network
188s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/04/2024, 09:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

libavcodec_plugin.dll.svn-base?id=8328c31dba7c71ee20ee32f1a735d639f9e43928.html
Size

7KB
MD5

a192d86b67760dd513430e36d35c2500
SHA1

12ed24e5ae7dc3c6fba7b218a7b47929cd7a9f8d
SHA256

781a0bdf20d323d69cfe7c3ae6829ae6c2c461fa00b707ee9849bbc1dbb6d11d
SHA512

656173c7da99de2b78104865481ef37dbf089006c5791dec2dd434e5edffa17e37d2e8dcd8c074be38126235b8c220ff66163d9df1dc5dc6e9b5ca6a9b983238
SSDEEP

192:Z0vTPMcMHyNvevPviOvevCdvMXrvpv5B/lo3sv8vZvn4vJvYNvZvdUQE8uI:ZkPMcMHyhbXl/WE8uI

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 309724654092da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8FE66BB1-FE33-11EE-87F2-6A83D32C515E} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d94d2d3723739f48802cd6414eea5c7e00000000020000000000106600000001000020000000d6cdfe76ce3555c4e133cb90a0a5a4225a0b07c849af204bd0f1c045cbc27553000000000e80000000020000200000001995677889617e1562e1aee6fcd230367757010b7fb341482b7425e10b84181120000000efd8b1cda4116133a258622366cfc56c6376fdd2968abc492082c61c39dba31e400000007b791375562435d6c32a5710c419fac80784e2359de13dba2626edc75a58f2d4946c595ed0d2537196ac01fff3a01a94057d8bedcc9924d895c72c3b37c26759	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "419682659"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d94d2d3723739f48802cd6414eea5c7e0000000002000000000010660000000100002000000035a7a856ff4460453274cea716b8d91613d6c3ed65d2a368fe37f2728b32e640000000000e8000000002000020000000d95140980fd3a4114ef484cb3c6532c3a0c2d70a1a3c688948b0065c82f58d359000000004da0c8c26771c9f7b3a3106daf982be57fdd92fdc2f8dcc9e6a583cd573da140e51ad105f85c2201c0a1226c242b5d11668bb69fb6070a1490213084696ff36836dfe695ce966bfb61f484a67ee1a8856d15af3968f8c6b91e7aabbbad79dcd0e95af5a92b9ec44b2dd33b54a2ee8bdede6052f2e9cb9b7547c7a11b5f07bacf3b8963cff87b651ceea3459820f5d584000000075b30e36e6bb83588717ead7df22db4cc8ed6ac5e9874e85c05de8100a360f4a17f35e74033caaa0a2588dd1bd5dbaa08291e8abfe0d17a7288e47860628279a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2740	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2740	iexplore.exe
2740	iexplore.exe
2780	IEXPLORE.EXE
2780	IEXPLORE.EXE
2780	IEXPLORE.EXE
2780	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 2780	2740	iexplore.exe	30
PID 2740 wrote to memory of 2780	2740	iexplore.exe	30
PID 2740 wrote to memory of 2780	2740	iexplore.exe	30
PID 2740 wrote to memory of 2780	2740	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\libavcodec_plugin.dll.svn-base_id=8328c31dba7c71ee20ee32f1a735d639f9e43928.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2740 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
473e5c447c13aad5edc9eaf4b6dc434e

SHA1
ce378255130e798e60368496de12b4738392832e

SHA256
c94a5c8d1941440a4a6538455bb6debadb3bb3784535138489998b237ebc53aa

SHA512
05edd83f23686357bf79a70edb4d3775142d108e31399f51e1682c30027e3dc8a0b2add9df1518a96be5863bb5dbced6ac7743f084b735404cfc87571920aad8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e4fd58b02086576f94f0cdf4184e5ed

SHA1
eb857ace3cd42b88776093a86948ffe59d9e0140

SHA256
28bcbca4853bcb3382bde83f34d916b51bfd70993457d3c35d912d7e096512f9

SHA512
cf678fc76cb303169086b05b76b88477dd0717b7058d9237b070d50e08e7a652e69c9b6c41e6d631763a11c7038813eb842b04543de25b3567c6ef2c8b412b34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
92fcffeccb09a7af3d7863c30f43193b

SHA1
023fb8f68af1c64c17bdcd77643ab3f09d194abc

SHA256
074093dce41ebce64b2aff41e66103fb417c66e09f44c3f84d742a80a5430cd0

SHA512
ab80b8a9de4c443f43be49ac41f9bb16ff4d7dcfafadc42706447868c8435d99fe46b37f1cc005275e7a10d720f7738f35a48634298c227f16ffc3596ada3621

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
434fb38bd66f77403460efee48b3b0fa

SHA1
f759256b9256cfdb062406af2db7830d455abee7

SHA256
cd9ce352b0f1ba59998d98e355e8a7284d2ba10c9dd9ca980608ef54a536afd2

SHA512
1ae053da0422b11a98e2cf9ad654c0519373c970ea965e6099050086f4491fa2d905b3ebd4cbe4f355918a29d06f1174cad57be6a8155c951c44320ff4836ed8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9bd58a032b76af3b079013e99653d639

SHA1
81b6ae1a7971d16c2e6b859768ae145afeb698ad

SHA256
06b4872f9964d7fbfa5815e2a4f7ef20603b252d1fb63531d02d8713c843e2ae

SHA512
4967c334d82e36b814107932cd35218055db42cd06ac56b0503b3da1744523c57103640f6cfc1a9561c0b89fee27290e809e96d929a1a1aa107ced5f8729d9ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86e7b3f9c255c6fb61eaf4969bf5e9ba

SHA1
e3738c5272361513a24624c1c609d09b57f9ddae

SHA256
299f2f2194db358b09617440e3ba2dbb1ff1a3a24f031baad71650e1cae03443

SHA512
0e1bc11a6c548c499ebc3e6d5cc6ef87ad1d1afa2025b12c724a3cd24ff01e01efe3ba13bdd6ef792014eaa4596b6a08430258ad9a1d87c9e1462259faa75e52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3438bee37bcc14b9025fcb270e4ee921

SHA1
a3d8897d7d19e76e2748e13d6f4c4007a23e6e37

SHA256
8eb56c9f13f409cda497b41b6c1990b36ec55b7c0753a4977ab0d77a5e2f6893

SHA512
c83f1bb4e137aca1080ce4aa0a8c833753a521a02826c2d27319af2e3041876c16a547996c55d08bbe08c0afeca3c0eb305d3cb08a4efc556a03f4f0b3952c52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
622331d594397c03ec266e43dbf0c977

SHA1
b367a3521269eba7e32dd20c3b14aa3a43dc6851

SHA256
12c787db258cbb4b8b5f5b7b6246c39b3b8b3754b3c5a904adc6a55e98332a49

SHA512
b7c49c50638ee7bf45b0575f8a9ffd83111dc626425475292d1d905d2718576c762623aa2339f2806235b456bbb6f67d5473035560dc65d9f63ca899174fcf59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d8f8a257c16f72549ed0008d57a440e0

SHA1
6c1d23339534fd7c807ea797298248edf46f10cb

SHA256
6213238225bfa92f3c408690e389762087390f38b0e8d96bc2336bcf59f85e8c

SHA512
167f2bde0b9df52215bc845075b1ca90eb769056095fa6fcb57a0f2eddd15379e2f82553c4701ed2ec73f8f328a2ebdea4ff040691b412a51b0332c64af6b0e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b0633980ee879a00fde9e4168a66914

SHA1
30f4660f3cea701056b4493e5439d57701878ba0

SHA256
96148f57c467f12b5ece420737550b2a4e89670eb92cb7306727843a15c9be91

SHA512
e5003f0022286458c0ffc5ea975397456c8d561e0230e43af947596d9460aaaae7cfde39c393bc8edae6b1f9e8cb5fc0448b6bbe6af17aa0ac4b250377bf3f9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
de8f3ef8f8845de1c9502b37a0ddb8f7

SHA1
6eb28ac6d5f03091a7385205d056570f52836cfb

SHA256
82e7a6a44d7a31c8e32ae40ba9ed011508dbdf657e6c5c2658a2c986e55aad2a

SHA512
ebdf94203e065267aede864b5b3dbfbccc4cb232f4194e42601d5f3cdad1536c324631736e37c722df189c3f7ca5af6990696d098e2bd702a143a6c4b7a83572

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
68cfba99eab2ed7d29bfc308c93ec5a5

SHA1
91748f13540a736cd109c5ee948a6e9372c62e19

SHA256
a313102430983b6a6b795650e741283f96497405fb5742ca9234d04d65a5542f

SHA512
2dff956a9a5118fef36515ff786c657663552dcec8c5d8fb1dd7ed02e4ce225c78125c0e65d009e3353d87fec83ebae58f432c1f0513248647d9410a7ec82347

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
681d8c9e91a045bf7b51d325479ef0c4

SHA1
94bad3d6e5416d7f4d07fffa5bcbc07325fc123d

SHA256
cab6e32729ad0c7715fca512c0c29403ddf6d7f2e80b3d5ea40fee8db80f0335

SHA512
0be26029ae2a2846449d6a0b945758c0bc28ce03994099e1c9f0257a0548f3f9dbe8a914b9502e869cd3b97a0fae4a9adfc4d9940c545b9edea5009a58321bcd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5edf8a4f0baf58a1a1876203e59aaadc

SHA1
e38ec38c36da1ef9dad1b513232970d5e1811271

SHA256
2e3afd58acbf4dc5ae8bba0118d0d5bd5ef3aa57f32b3476689f1b106bbe2ac4

SHA512
0957961e6856c7a2ab90857b87c97eec799b520291cbbcf09bba57e72bbea0efc5d4b2299dfaba8961bf973c82610d8defd3133b5a26dc8bf0d80ce7b95f15eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e96872c810aff90b2a36983ebffaabe

SHA1
b545855c612c2520444386bb012d5f82e22f5480

SHA256
90a2ca40b4bce07376444778845166d5a5865c15ca47a195af6047a63d26cff3

SHA512
1eff279276496ca58566668a139869a70a269a02faccc9163cec10a5c3343d5ffa29a453b215c828998a6771b8dc27047ace235baac80be2f34b43b902744991

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a260ec46f67d8d7d831c99c0327663f8

SHA1
736f9f8528e8d02f05c2e060fecc736a11a63862

SHA256
67a6937f599f6421df089d2a8fe59622ffbde4550ad7d4861ab7929798683a17

SHA512
cefe81592e1e2116863f4714a6cdb6b78f749a9e2f58760346d794d8f2b5892d125c353eea0e063ca5b9b935136ffba582e996b2c974e4d97ec39537e438bc4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab29A3.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2A96.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit