0c0795955730ac1988aa527cd4dc21d9c8ac7ae9d4837b5e63f50e870171ec87

Analysis

max time kernel
139s
max time network
143s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-04-2024 01:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

software2_17_6_23/lua/Newtonsoft.html
Size

5B
MD5

ad42f6697b035b7580e4fef93be20b4d
SHA1

32faaecac742100f7753f0c1d0aa0add01b4046b
SHA256

0b8e9e995d8d77f1e4770f0f79665aee6f3f70247b3735422daba73df4c3096f
SHA512

225d05b918519458a8fcc1e6493a4e854c004da76f6250b8f52197f47094f71ee984725c31446a1967f0d55f4dc74793dd44d932f2bdf50d77d4288d663bf1ab

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000008a671c8ac9395da4377f1c567e0ee0f59b25a104ed4a81cb4b0f03eb97aa636a000000000e8000000002000020000000c7f26c1f63d0a735761fb9631950b130341f358aab123c84d86707313f79762e9000000094a78a1772ab19bf3288d09668e8225608dc077b6fa4ea24badfd0a056efb7b2db07454ceba2e64ca820d10431951af2fa806ac24f254a04c7731ab22be69dc8711b18ac215ffd329eefe95f1f2f9cd8720341adedac0add940d1210e4eb3d515e284971dc973b7036adbbed89043cfa4e77f01ef97b1082631cdbbbae30f27120aad0da15b95e4afe1e0d966b5f5b1f40000000042c3a4c87f31cd2c0cadffacc55ec461d15c03ba22ada6ca5ad6d6fe121c7ba0810a19688183bcd010562af70d3a0037d73d7f44c9fff13caa2c96cfa9afae6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a020e0abe695da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D729B321-01D9-11EF-8859-DE62917EBCA6} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000002438811e5a85d0a270ca354d2ea7ec35c7798be8bff99b2ea6781a00a0072dfc000000000e8000000002000020000000e4a39b28e4031327dffb7ad90d50c8d7b5c6924ba5a84504c6429b875cbd04132000000019bd218e1de974dd504081e7f1dec0810ff86c0fe75f616a8d2e073948532bc1400000001c1a50d33c52a2184673a7f12ff10e8243594914acb97545ec8dd7c62dd6f4398f51dfbe9ef9e09e63b7d05b1283e764f4abab13e659500b3045fbdd7371f225	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420083939"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1728 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1728 iexplore.exe
1728 iexplore.exe
2812 IEXPLORE.EXE
2812 IEXPLORE.EXE
2812 IEXPLORE.EXE
2812 IEXPLORE.EXE

pid	process
1728	iexplore.exe

pid	process
1728	iexplore.exe
1728	iexplore.exe
2812	IEXPLORE.EXE
2812	IEXPLORE.EXE
2812	IEXPLORE.EXE
2812	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1728 wrote to memory of 2812	1728	iexplore.exe	IEXPLORE.EXE
PID 1728 wrote to memory of 2812	1728	iexplore.exe	IEXPLORE.EXE
PID 1728 wrote to memory of 2812	1728	iexplore.exe	IEXPLORE.EXE
PID 1728 wrote to memory of 2812	1728	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\software2_17_6_23\lua\Newtonsoft.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1728 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
014299a6a645dbb5e3da7048ca7c95d8

SHA1
eb3cde742e8f46a9563a8dc6e05fa2e9c9e774a5

SHA256
bc506a3499a490cce31054327fbc21be9444733b294e4fc5d3152dcab16a6c80

SHA512
d02b6e7f5204a39069cf56b4b3d7d84563e4034db9856c4272a79f0dd41e5c47a3704bf449d01ce80632d994dd72f18e0f5f0d4ab2b67c78ed99c51db82137ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
36c1b9d8cf2916db98b953e2f02e496e

SHA1
647e7e5c2fb70ff9b3c2c9edb3db78fce29958a0

SHA256
2d9260b2868b806c705363a16bede1f5d0af801aba653cefe03652f1dd260ee6

SHA512
b46f2b08dd9c66d722e0b451367e5f14e8c3e2dba9e24784bd8ca1f0eeb3a5fda5d2f28c9286f4adde3087d4369c1f6d9a84c1214f3a0d179e8917f99857ad39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bcf6733b2b32685ba0aff68e4ccb0a62

SHA1
5e6bb9b3751171b727884db5197bc8aca78f2e67

SHA256
5689b4c832d7b13b8845173a59cf85c1b0a0aceb4d058644bfd68a911db816f1

SHA512
a499b869a14aab9921a35d5c756a6a1122d0ead3c67da2a40234f81194137ff163dcefc5bd006f362463c41d76edb88a5b5991b1804fcfbbbf4cd7617897f4c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98c01392fb8ca443bcc9291e949f8897

SHA1
61ff6402774530308cffb087bba04ed9e4a979ac

SHA256
14c84b2c77b8e1422869cfdc3994ca6e71e6ef00e7b029a44950c5a221d8291b

SHA512
b391b8259feacc92ecdca7e9e1cfe7560d320d4647cc5ea00213d9d6d7df17e9a60cd2ecc65b602e3af381a230cb36794cb240343a5aa2400a8c596440a49b77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf207a58cc31f82d5d6462f221a77d08

SHA1
2ba47ffcebe92be7fba999b2bb3cea7f1919a8a8

SHA256
ce8b3c20f938fc06c23961bfd5cf3b44d9bb8a392478072307c37e47cd4da076

SHA512
7a3c539655384c245f056f942a5cca17ef1a03709babe5c92983ca3f79bb3bffeba6c20f31db5f3405b463b87115be7b19afd57b5040bd3240e035b9d6ff11b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
83706910927c9e53b3624a4f676ebbd6

SHA1
b08c722e7c9135f53d00a3ddb844313749de2238

SHA256
f5e77b54840309e1121100e18bc58653634c5e2cdb7a45169e4a0c0237c9c58a

SHA512
81e5ec52772a4bb3ed234d540ed0248377713c8fd334dbc385bb9db9a1741dc4a1b79307f029c686037842ac94510137eba2f5722f5909c86e1249e59929e323

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c193ac23120073d13c86cd72513e43ca

SHA1
01e00d515ac421a60107afb65a175b6d0c27e867

SHA256
d84b14cd3cd71c98f98da5526ea1d9420a639495ff8e6c5d685f3ca398b81c8a

SHA512
98c3b594b889269385578aba56a717304cdb94cc7765d07ca3cea9bd6d461492d82a3d0c4d70d74e5e1031dc45044b54e6a5e71a5d80bcab4907a160cd5160c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a468f4b7fad3f363077572a3f177ef31

SHA1
51e3ed8c4cc76d36196cbc3c90fb3a317dff2d9c

SHA256
fdedee2f10af794ba115b100175cc22e6f9f533078bfc52aa6ac8cb58a52fad5

SHA512
0e9f07316ce71683cdb6329892102ab1811e1341222424260701df03e21b5a60e183c0f982506e0077687443084e19186ea7cfd1773e0fccba2f8832deb44790

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6fa97aec2fef615559a9be4042fd39a

SHA1
7639cd1d2076ea33c859319059cb1cedd5f406dd

SHA256
ce1b788647eb582f0a8f67bc35914d61321581b98982f4e2f70de1a3c077007a

SHA512
c77128a65b20ba4d9bf272fa0b3b12493c80484b9919480a3b5f9a4fab164018ffec4f1c98c172d6e57c05cb30316cb336c8fed9bf06e027d15bf6ccb5393d38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e035b77880c9b929f4827ab6235bd48

SHA1
36cce20af050dd92ef383f474daf9a6d46216011

SHA256
961181c1fc5bbcb6ce23f8fc069d5e43b4c5115b3a0ccedf5b7172e384eede41

SHA512
33e8c5a1059108d27842b3abb87862869eb3d280a9f919801ce1534ac63a0fbea3a2db7edefa951ce672cbc0c5ad1cf2c5202ab3d1c896490ad77b13a84ab8de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0aee08d3e9d1b9c36902b4adc6f82d37

SHA1
423f56722880043c519234330d0b46f20ebebca3

SHA256
946de9025f45adf4382f9b187da55b6c1bbe761d0e588a48a47bcdaa914528c7

SHA512
bf078d7c0ddeb9d1df10e44bcefa8d1045ef423dc52b9d7ff3903d649cd62801c45171cd0bafcbb9eb502d467be43b7d7ddeb355ad1e6870e61cf2fbd31483fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ab8a56c191c0aa52647d93cb74a6736

SHA1
c0fed1ed2a8fecd71a03131c1afca6da4dda63ca

SHA256
928358a33d8fa0b9256a5bd95d2b6ed2cb01a9feb686be272eb9ed04cc9d0636

SHA512
da82f8d543ba72a5931e57666f5f45547ee423e7cbebdd52d2ce9430638040d141528972f7a3ac8c30ca8c444f46a13369f91f29a324e411f0398ade6fdc99e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f61f73787e56a91053bc56a1e27e1ee

SHA1
539e7fb515caba8b04f0d7b7bbc33d71904efc24

SHA256
9f53d4ff8ffcae41484ba324ffacf38da91eb71726a4028bcf481aa172902189

SHA512
8405d080644c84044ec1780616ae61e3d1356f44c840fd8ee8bd0afb97f82d48b31bcf3fbe154407c55a83831cffec69566d48447030d83974a054048a0b9ab6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
06c3652afa26baab2ce2a0a8b30bcdd7

SHA1
7362ed72b74b89c7d6543b3f6d30e8a6f13b89be

SHA256
0432939aeedb86b807b39e98d6c9bd880d0180f55272f403efde0793d6c3fcc1

SHA512
6e392c3ec17d0375ebb4d57ca98d81db6af712f993709fefdf07013844d42be0639f167c8b202fab808e1c6e5ee04f924c3524883a85b48f62633f32796e2860

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabAF73.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB075.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit