38fc41fafe9ab395516d47f9f7a22c7cb7e8989aa3e88b265b8e07a151bb5dad

Analysis

max time kernel
118s
max time network
131s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21/04/2024, 15:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

admin/FCKeditor/editor/dialog/fck_find.html
Size

4KB
MD5

6c4f7f058a702265d37a30a023025e27
SHA1

e2969746f29b1d78daf9d573664e6465ee4c2876
SHA256

2a4ec38fd47fc26152d6913ff2a01c99f89a0e3288d99b0cae8d64545956b7c5
SHA512

d407ebb206684c9cdf685547465d1cefceca439364fa57e0fac8987dce313a32eb662ed77684213dbe88a826bdd3930cc032c241e261a29492015c67385c0d2e
SSDEEP

96:jVVyO28Qa37lA2pDcyy2bmYH5FKjijFcONcOiAcZ:Qu7lA2pBzPFK+Bc8cOtcZ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{64AACDE1-FFF2-11EE-A293-4AADDC6219DF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a96069000000000200000000001066000000010000200000002fa92254ecfc18160056c4f703a5f1872d6acee55827bc02a34a18277799e118000000000e80000000020000200000005f4f32b8f0eb4e5535fe464bc8c8e4cfa8257b73c49d8d32160612c2f4ffb6502000000037cdc58b7ba04affc1fb622deae4348745b7a3287fbe4a67da1397921808d80f400000008eaa55bafb031cccc5b23013c577e03c747ed3519d894b8b82ad5f14a330e5f1c1cdd6debffdda2d1a73e3aa997c91bf3c83efae8861c1c9855b0ca9500b6b52	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0d73639ff93da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "419874572"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a9606900000000020000000000106600000001000020000000de0ff32772e1b2315384f726863bf45c2494cde13b7f07817886d6d1e3b1bfae000000000e8000000002000020000000042c11689a295fc188b1c80fa7b5ffd43c5b519af1061f5fff9c2903d7a757359000000013519831fb6b9b1e4ad777beecf9850f2b3fee47534d20b4f553df8d5981919fdf0023fe56e517c85bb6f74011691b4f816f603e57182a842fef3a6d7fb32803c7197ec322056e9408a80d127155a73821069d655f1e749e8bc4e3071a5f2b3fc5a6469dc0f8d40bd4b22b12d21b81c8f0d1a7dbe6ab7dfccc533224be5eeca1e396fb8f8e3464a80e2339999d8da3894000000049447aa7a72601291b063904f0ab903843352df712ec72345d1885228d4365de2fb5fc6daaaa6cd6e744dac2b8f3f5cf2befd5ae8ea98e85296910b741dee0e9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2156	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2156	iexplore.exe
2156	iexplore.exe
3064	IEXPLORE.EXE
3064	IEXPLORE.EXE
3064	IEXPLORE.EXE
3064	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 3064	2156	iexplore.exe	28
PID 2156 wrote to memory of 3064	2156	iexplore.exe	28
PID 2156 wrote to memory of 3064	2156	iexplore.exe	28
PID 2156 wrote to memory of 3064	2156	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\admin\FCKeditor\editor\dialog\fck_find.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f0928c953ba8b7c1dadf4cdc250ff6ec

SHA1
42ae6b16b4260fcfdc65eabcf0dd7e5514cce4f1

SHA256
01775d562cbd26d0fafc6a964360eaca195526272d4c77867083fefebca893be

SHA512
b6579762af7785b0fce10b5a91d93592300c41dd35958de8c20ebd38e9b72829af9d658bbb7618bf984e282950d7937db1bd8d821cc40e4c106fe7737f6a718e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f181cec7a8e4f2b0b2bb95fa40b2a7e

SHA1
87f96b7f639b4baa4322ef2215f1d068604a0259

SHA256
55865b7b5283b1d863895145934cae4911a8ee2ced1c6aa6397d0a73794489a0

SHA512
0a0e870f49315ec5205f92d31eb10be5266b745743b68af0b3dbe870bcb82fcdeed25a9059942f2b4f8cc8eab1c32c7c7aedb86c4ca495e651f46285b194d81d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5d77e2d9ccb11708d6dc3ee0762bfdb

SHA1
7491a0f83990c6cb712901fe272eb40cc80e78d6

SHA256
17009354b78e0b2248e7260a32db0db421f3ec3c77e6e53559002eaed0363996

SHA512
d674046bcd9b79f9687d8a533a3321f1eac956a0975d3b5e748e6eb69790b974a1e08a45733251c270d11fd926f48e1234638bfaae4ac5b8959fff802eefd5db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2882b95c05d2f9dc15abc0a8fe9f6c6b

SHA1
5e169ee1716be12f4bed1e61d1fb6ec30414d97b

SHA256
887e9a4a7022bc9b717b0fa2e731227025b4fc551bd7307bf88bb652cb9784a6

SHA512
d5d3703578567d76a5d5a8388f5684fcc86eb057ea229c9d114046dc9b08ce6db97b0bd7771b58eefdded25313bb037435dbf69a553a2e236f4056b0f14d07f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf66e92a8cf2b66f24474b7f2f52275f

SHA1
7edc3f88cccf6c911ac4160820acc7a6a6b8765d

SHA256
9c69c30472171c2aaeba120646bde835953dea93f28b3823ecc8db71e79f5c39

SHA512
76849809a70855ebb359405fbdcb9170859fed61548324251561e0a5eca8f27438da6cc87c5b2871d97885067dfcf39df416bc27d9b8badb6872ec4e8098e996

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5d1997235da5d8c211af3bc7e4e3e6d

SHA1
158030569299fd017944058c4742950a6e1d8ec6

SHA256
c2887f8bb3e3981b8e51d5f5ec975e51683000113addeb8301a912ddb76674b7

SHA512
bd21fdaba577097c4b30a28548e2e605e27ba50e97bfb610dadaf22ee723c267b41a03c9b8bd43399eecad559400d3b9e9599fe1e3646adb4d869f45a186205f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a099534974c2393108cfeba35f838224

SHA1
b3d4186022c6be7a0f5c643a144a584480ae8c28

SHA256
bcb52ce6f83ea735073544be040bc910aeed6ac6800a5585c532ad550b3f0185

SHA512
5bccfebafd55dcc8836c06f1d3f7b2ae6865a7da14a3e0811379adc67ac996ec805b118feba824872c2dfccc41c2431798c1d692df31c1bd2d8ad98ddefa1491

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8cb0e1fb722028491fee1888449fe050

SHA1
35bdc6924c00d0ac123a9be4b9d8a666b773a9b0

SHA256
596bca19cd3d09f32278cdc92c01af8f900d3e8b4727ed39bca476280649a9f9

SHA512
a20749fb0d28e6fde7b25ee66f875e65db1013b10e80e47fa1e264599a04d925a8a05534c35c6e052b4e2b45c36fe1710efca867e6faf4e214228466a9e64fd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7eef52cff6641dbb973c5b5dc9bdac76

SHA1
1f9dbba71d2413f35149185641fb290b75a1f413

SHA256
56feea3c71732a917d44a10c22f39ef9a05b6bc7d59867b2bf3fed984f93b2c0

SHA512
9ed63428e7b459e133ce2ea2b7a5632c7f8ed90997a62987d7e69824b1d2ffc15661185b40efb423f467786aad36dcbd27631e01cbddf7c9f23a288cb8bd6a58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8bf3ae44bc562a41c78dcbe0222c7ec0

SHA1
966827dd69c3c860da2ce59343adb7b9256fb92d

SHA256
dc8b4fa929806f98ceb3a43a08ff3dd3fa8912b3e9cecfd1b72d1f85e48dd3f4

SHA512
11165d7a73c67876c588714f7b490e54f91e052803c6f9b1ab72baf026b184ddefc1b2a043609f600620bf9b318219b377569df2b3696ca0709927cd4d7c74de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
70360083e41c8541299aa39db528535c

SHA1
17e8d9c54797086933b08b472574505f61cc2d8d

SHA256
61a6c3cdbe11bf4da482e0188f0092ba0adc63e1a4afec8e310d92b6131e2f9f

SHA512
825b39db5c6599cddc67fd58610c03ee43798b996f8ff5058b4ee03a069bc9e34f60f1fc0cb7eb8def1ee5c338b6ab2d46b4c8c8ef75022051b591e8d4a25e29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
abd5efb48d09ddd5acb0f555b8011a12

SHA1
1317078bc176bc6f6ecfc583b07bb08f9004e4e8

SHA256
0886797613cd48a0d04f482692e17eb39bf52c0948bd21ad792f94bdeb1baabe

SHA512
9abce260dd76a5a2b8e7089a9dd9563ed3e015b4f8a3d1f45200faad72a1218e06b4401504310fb2a27d8c590a537aab001a17a931a21b107bb0ca9fc94c9e44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd83a9d4a91bfecd78dae58c0b411f0e

SHA1
a8cf2aad6e61edfff82ef5c422fc8471848529fd

SHA256
184c4a95db2bb5028451e1b023c808710108ec8cf4f94de53f2ba78e463e5729

SHA512
aa1cf97109ef222e646d78078fea92bfe85f540d3b8cd3280982cbe71432933dd7065173029d195efa7396f0417b6033581b8a04ae3ceedae5b5b04a01b30be4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7de021058e2f389374e2b9b9ab0ace5b

SHA1
538875e32b3d156f01e12856c062341ad878c0b0

SHA256
5911bb06c7d6e3d8ff7d9223471d21de57e90d4ac5d7db50749f46acd3e40264

SHA512
8f803b016927d87fd364eec2c318d14e6888de2256d4498a5b750d32ed08fc5147eb7ac313364868baa27438d98dd6e57feb6d2efd203c212f1fc02c411f466d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e1a985496c18668d490708420f0a556b

SHA1
a32edada493a9520ab269a715d0edd2078ec7d49

SHA256
326874f5d28fcc706a0dd2187bb541e90c078e27f97ea90d2d2f97b067e1ad73

SHA512
7dcaeed76c98e8c3010a4a53a1a9fc462620f69150b64eebeb2cf1857c84f8ce0d7f0b84e5381be78990026a6cd2444138fd4c7ca47921b099e0a012ccc235f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c01478a0a6e8d274da3c4f88e5a15cfe

SHA1
1806191f2b11c620ece54f756377779f8bac003f

SHA256
ce134552560ec90cd9f4f8d3f744f8885e4433d97bc2c224a354798ec87f5979

SHA512
840a401ae0b76004fa1cd3b02f5593d15731b8f32d4d848af05cf1aa3e989d2119eefba810cc21c9f69dc15344ebfffc2f400cccec44982eb9c0f37e6187dfd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e529f12dcfbd9bd63e2441555029c870

SHA1
eaeb4e102e2fc7d9bddc9bd62337219f87c3e0e7

SHA256
d166fc734c89605040c3b416f3ef0608dc3750c4a2a39f6f4a058027abc7771d

SHA512
86d833230ab510f65cd9373b32e177379b31d7d5c58b7dc7cc1c35cff7d95674e20f1aa98f93e36c2b2f908641bdf2e04cd6504c8d9ccab60362258dfffb1b26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar31B3.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit