38fc41fafe9ab395516d47f9f7a22c7cb7e8989aa3e88b265b8e07a151bb5dad

Analysis

max time kernel
120s
max time network
141s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21/04/2024, 15:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

admin/FCKeditor/editor/dialog/fck_flash/fck_flash_preview.html
Size

1KB
MD5

7ef45060517479530aba44a078f4cc23
SHA1

70c8546f8e50367bd7888897372fc08f84d5d37a
SHA256

02176fa8faf5573b5679a742ba9e8d1fe550cead0de38bc0d68a1ee4bc921544
SHA512

f5bf2f1d077a49b24d577710b24f27c17395e77fefadedd808d858c1e00cd431747294d4048fa4fc5cff19c29d4328cc0199a159f4121b270fc7106c93f90807

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6904E101-FFF2-11EE-A6D5-5A791E92BC44} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b0000000002000000000010660000000100002000000022583cc242f04eff92b45956ac8c5c04a5e4bdd169e1e15a6c5f9fb9c86e0829000000000e8000000002000020000000c9b69e7536627c8d5c59dd9bd871123c4f843ac3f7afed2b06fd2dea544f50112000000044cc841eb8365630ae0eb9edd797ad5efaa286af217c69cc04a40361f0bcc220400000000eb4e1f63e0e981c1f73b845cb4ae896a3fe9118c24dab57ecb2068c5dc78d188afbc553c3dd2bcfd2e0adcf31a559836424417c8a9ee9070d842d1bc184a4f2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0d7183eff93da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b0000000002000000000010660000000100002000000017794d9a19a8ce87a1e33b13f4a0cb28baa25437733f00e4de7b94d2c35116ab000000000e80000000020000200000002a5cb1c41954021df849878a8e9794024532ce04244efbd219b87bfe5b032aa390000000832953b0be16e69f50bde230c390cb602ee9f62ebf3786440e037c6dfbb3a628d5a7372ad4fd1e3633e21eb29c5fe9c22a9edda9f157f9a48db478468967a67f2bd951504673ef16ed424d68a1616fffe66a24309f93aa78dcf78f5879f40a0de9e3dcf9b59501440cf67a355a159104a0b9a51c07860655231bfcea6d1ac03103d297d7df07c34e09cb908f10756fff400000007b12a173fc27f6493e26a82970f36232d39abe63c5e0010d3384b7c055144ade36e7f4c073d8266abe9629531feec1de85a44a75dbfadcc4f0ac7a0b828c1555	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "419874581"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1412	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1412	iexplore.exe
1412	iexplore.exe
2816	IEXPLORE.EXE
2816	IEXPLORE.EXE
2816	IEXPLORE.EXE
2816	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1412 wrote to memory of 2816	1412	iexplore.exe	28
PID 1412 wrote to memory of 2816	1412	iexplore.exe	28
PID 1412 wrote to memory of 2816	1412	iexplore.exe	28
PID 1412 wrote to memory of 2816	1412	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\admin\FCKeditor\editor\dialog\fck_flash\fck_flash_preview.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1412
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1412 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
04a5f5b0bd9886f9de5bb4412f603dea

SHA1
10e134850bb5bf2fe64b4052558ac97f0cb535e3

SHA256
f7a49f8a87cd7d4bfa1c5884ebe3724a8283e84a5de28ae7e75e5f878031e2c0

SHA512
c3d04eb28b646c350f5458e917c51ccc7eee89bfb99624e5693633ad388e81d8959698fd8f0b86fc41108bc5a2811d87b66ab0562954b591c44ab6622d258aa4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
348931192ddb60db4c65bdc84aa6e768

SHA1
71b31890d31a1050dc2ab5fb245ff12af45d4143

SHA256
e3e685fa7b352d160b61489b16ce559e5b1646709e49f45d0395ff4653e89764

SHA512
ffb64586cc2167cb99a2de8cde59d2edf656c2fbd94104448e8e787b19591abc32e7a697d9e4b162d7d6d34763531a3d6290575ee760194d4c8574013aabcf7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b131620c0211c77d017e4fb232c4d2d

SHA1
394e9d2d848b96955b1b49c827e1a8a534e88906

SHA256
fc9082ec78beca31c9c8d1ba180af9a279bad261a140438fbf7f8ba41dd4b1b6

SHA512
75d776366e4059eec0d6c991d1eee20ea8a4ff29c163a4d6295ecc477f013f65c4e1ac9e084e1c5ce91fd1bbfe61807d42f2409c221f487ce0deac7bb9050775

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
030ee13e363ba9e35aea45def5ea0531

SHA1
d8b18a59c9c159f7ba8a3f9242b3eaacbc445a1d

SHA256
414a35e0313cb5dff7061f10f2fe935515edf4207ff91b2d3d22c8768ffc0af3

SHA512
f6be1ac2c25cbaf455dd7eba42b60f667daf25316dd183c9f9a488b05d0761a1fca9158d17c9379d7c83319904533930d90844973b974abe93f55867ba69cf79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2999b6a7d4145db7e55aa819263fc260

SHA1
a87987bae81f36b7158c4685dcd0134486929ef8

SHA256
9d8aa515e0c46f54d1849778df3464bbfdfe330358b1c0295797be5a41a45dc4

SHA512
0b4a8ed1bc52644305c4abe3477aae30915c50620a21a847666f637bcf20b560b9b0c6539877bb23f26a6b6c6d57362b61c4ee13170e1d08a0c2c82a5dd19aba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ed17b647d77ca49c9b5cd0aca7278f7

SHA1
50b2cc4a38cc578fcd468da445ab3de91e1e4aa0

SHA256
c509bc1c0d93a3d5dd8c34a9bd0ece8b9ebc8b10cebc26bbabf9feaee37b90f8

SHA512
8f7af101f5c739a27ae94aded3077361f31f5f842cf0ed6ce990c6c89aecd99fc05209097bd0ea5ec706cd0793475a4cd24e6023e2b4478f949337e3909270c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d729a479a377342ff0f28be6cf54010

SHA1
be8d421650e3cae32faac22b622be11c2d0f62a4

SHA256
03cb1df2fd11ed9a833faae2e3858618af19903cc6f27ab2c561a6d61a26fb6c

SHA512
ab470c3ff781480f1670f3267d6e313b81c6a16e3328856a4790d778c1ab3ddf5306aa844fc7e124172fe2f813122fc95374e78dc788f3a5f108f52c935b6379

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f90258dd2b61ff5117b40b5509e42903

SHA1
9192773e099f158783ef556590baf14da0cf5d37

SHA256
3c9aa13bd54b6dcbd9eba90a1a67467b683c1197b2c294423fd69cc62512af6a

SHA512
80c991d712c251bb8c074de52dcc98115d1757adf429fe36186bcc6bf8143cabb3c651d8c4db279cb3eff1d03984eba72da6c66347e933aba54b237d51a8d711

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf0e188547f4426911770ecf9d78664f

SHA1
81fa91ef07555a2d13dbda5c33152653dbf790d4

SHA256
7736921849089adc7743a15c1727675df3ed2bb4e83a1fd84fa15a11fc9d67c1

SHA512
57e6046f05d4a81a8d41cb66e97958b5f614431ff7e154c6a1d18e1c25517fd9b9b619f939977e9903628408dce82021b2ace5a4288d2ade576daaae3ce7a9f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f01151d2c586af0ad65ad1aa373d6913

SHA1
2ccabc7ffec96a0f3d6ab8f37d17bc2dcc7f1ffa

SHA256
a2f0cbe36fc130a935aec7c8e9886e373f8824dcd20b8acccb140d6cb5815dce

SHA512
592eb520faa8a573dcfd97328ec75dda2b53b8499c5f07afe59e074251d5cd4228f9491e7ce9dbfb220a7f2b6f269307e3078dd5e22ed4da9f463fc40d06b8ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8251b9ea9dbb6c022643368d0a84f880

SHA1
edd0726966705c8c87173660615f369ee4a177f4

SHA256
00192041562a555d503824d2007f1bb25df3a223a9da9a0e2bcd83501bc59630

SHA512
546a2bfeb6abc8f051908ac35f2459323c743b24528124baa9a424dce1ed2398ce0b9d1b1ea7b61890137261bb2f926fef440c10923722ff073c5ca1dd0ef5e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b186883f05b811272cd49e8b0a3eb95

SHA1
2d6b6abba67fdc66c84a591e9ac232ddd8b557d0

SHA256
18294d9de369e4884b094c0bd979558d013d863c7aefaa16949bc685aa575fe6

SHA512
4ac7aacdbebefd329f8fa51842701c8f66a16946d99765f2c9e61b46d809dee1815634e901c841f16809aaebe9bf61381207e7b965bc74fc9a5df11b9dee9bed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae1b41c99954a391650d1fe709318723

SHA1
674420734ffc3a65fa17feb41f59d90ff4d5107f

SHA256
91bfdebfeaa70805c323a6616b11f7e6ffd344553799c1717c65667b81d6cb20

SHA512
a64a53e93388a32f7601b7a3c6720f74e97543e4c934a87ed27e351eaf63d6e8af96341af62fc9c5d83226855d2796988bf00fd02626155eecfb90f40429d1a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a9d67d069157973cbfce97b497114d8

SHA1
2ba52f78062465a8a02984a3f90815e67dfec82e

SHA256
ff8bfa27d9b6e24c4f847a75361b47c358011a1374af4fd636cf94c32635aa27

SHA512
c55f42df753c71526e936ccaae2a260e069a13c07e782bceee6787bfa8266f28662d34e084e9dce325feafc083c432709ba97d42eee2c7176e8d39a3d780a1c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c43d24df8cbdec941ec06e2b6f86126

SHA1
ad51289826d38ff1b7fcb153e9c57fbcda19d4e5

SHA256
25ac176c12b033647bf3b74b50e96c5778829874e6e4b657bef036396c8ac141

SHA512
360822797843a1fff84e423990e8a3f20d7558bfece36ddf0dcb0aa9c1b4a2b4e4b58647f7bd3be56e456e1af42c0d2a88819f90025c8dc08d58dbde7f714700

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE3DD.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE4C0.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit