hxxps://collegereaction[.]iad1[.]qualtrics[.]com/jfe/form/SV_eJcHY0KH1MQ9Xf0?Q_DL=flvRqjA1lFsyLtR_eJcHY0KH1MQ9Xf0_CGC_xAeoMSgITjc2138&Q_CHL=email

max time kernel
0s
max time network
12s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
29/04/2024, 18:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://collegereaction.iad1.qualtrics.com/jfe/form/SV_eJcHY0KH1MQ9Xf0?Q_DL=flvRqjA1lFsyLtR_eJcHY0KH1MQ9Xf0_CGC_xAeoMSgITjc2138&Q_CHL=email

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 14 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://collegereaction.iad1.qualtrics.com/jfe/form/SV_eJcHY0KH1MQ9Xf0?Q_DL=flvRqjA1lFsyLtR_eJcHY0KH1MQ9Xf0_CGC_xAeoMSgITjc2138&Q_CHL=email
1⤵
- Modifies Internet Explorer settings
PID:1700
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1700 CREDAT:275457 /prefetch:2
  2⤵
  PID:3004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
78bcd6d88eb271d1fe13bc47bd94f202

SHA1
6b49287b7b225782f3b30ddec9f5251787aab586

SHA256
ccd4e56c06635b9e15bb53bff4bde21ea44dd28208b77c5371539ade104f8729

SHA512
debaa77d7c1a5ada6d2bbdf88a76df2ee3abf29b0be61237a347ed3eeda2941106d599d92e703700ba6d105ad8c9e4b4978b1452a346a270e1e8afc0d1cdf21c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b02efaf41e7370936d230f10a76cbff

SHA1
7349087173c5768e87f9be1b1c6a1de0cd5107cc

SHA256
30138ffaa3d0003c0e125e5b6bb09fe45ed3b7fd26042c102a5fcbe6795f5c8f

SHA512
e60d7cb243b24e164e0b58b9104574effa5cbbce06f238559c0e0984e270b14381fee11b44b6c24577ea1a215c093b8964ce35b2af920d0240fba01c6484390a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec47a0aabf57084b66bc0dc98cc53060

SHA1
b746b30e481a35d3e09b49d049cf5811f39bc745

SHA256
c0567fc2c70ad07b7d98ee65a68a8b9f2b39ce51d9dbfb3dee5528171c796c4c

SHA512
4f57d900b1d24bbe18afc315a4659f8ffb893cca8e19f680d06f002a2fae724bbe0e9552ffbb4f7da37eabdfa631bccd58d65758043feb0f580e613fbbeeb3f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
993823d9a51151807da29ee3b8f3a43a

SHA1
f469c49a606751d051c8d8a0b219c7b85d87115d

SHA256
b12c7136017657d5d9cbca05dbcfd513670377a6342ac9c7db36e56f29d9a0ec

SHA512
74f074ff4be6648f1206de2549c5ca81480b50ecc02fcd366581289ecebca01c972c4be36c8b89a36db5393f97a21c51a42fd6221fe2b551ac913be3eea81fc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e168addf3044ae12f2edb7d3176528b9

SHA1
0bab6fb9c6a3d731d9ea6e4401aacb0f23e5c751

SHA256
956a63385b478b64102466b558df1e7253da0604cc84b505e220b5064eabe7d7

SHA512
04b399250562f920fc2dde381bdd28e4c4b58cc94d1a1db7cbec45ef7c9c48ba82543f2b88b68977c3960d9e8f94640d73254af91543df3cd4eb0ac3186b077f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4cd129091fda157eaab062b3322454ca

SHA1
71766f64e24d377551af19a77f781925fe6c0875

SHA256
1fd32f4264bc0a3de082dc2198e171799abdbbdeb98ec001562d458467660bb0

SHA512
88ef0692c8f889cf64ff1c63cb1d95191dd21b0c448f799fd79356573fa2a11ea22cf261d9384f5dcec042fe2f7f90615868247f70ae3619af73cede9e5e77ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
53e792ac095cb59e985a4526de95e699

SHA1
32108d3d72833f766cb720f6aa3da1b079519738

SHA256
841556c2f43c0566e5d0b0d0fda8075524a8351a8933d5fa1a9d02530c2ddcab

SHA512
792aedd8b48f6c399452f7736807c4c83db2ddd602b2a00a8b7f5d0d8af7ed70aab90e3673d50bc847e86fbe1dcfe8c40c0a45e4f7beb244c3e82f7457f488ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac2f1551dc2378da723657ade6b0bd98

SHA1
9b28b26f94637f221f64e34164f6f18154e2d40d

SHA256
a9f0e96ba2211cfb159263f877b6b11db06d33e4ccfce6d5e293f324d5f578e0

SHA512
84dc8a947ab36d1242eb07e55f7cbc98a419562f67ac01f5efea720f013059a0410a443838d4cdc2cf3a6d6f9ba106030e00a0adb5f779023fd8fa71d617c1d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
92f97f3603e2a644cc441803d99dea61

SHA1
7782985f11a93f5e98c6de358b2e97f2a2f96e72

SHA256
a45b935bd196dbc1f9ba43d0cbd9f0eb2175616c57d0bf93fa03db9ccc3c128f

SHA512
98a6290b7513b0dab927e1c3ccd20a10a20b3e6188b5536d241d20df755f25640be21470db35093b977e2eb646b2f340ef1a1b87cc297f48a823b78806d98852

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b445bba35578b580ad9e45bdac57829

SHA1
40f61919a452440d9be0dc6526e84997a408add1

SHA256
82891d84728d37a3bd84ec91410d132ebb63d5208086429d558dd66d1073b169

SHA512
8ea58413afdb38689380e089d130c01408c70d997f69b5209b5450af450eda218c0616dd0c9ae14bec31daadd098b993cf58649304b80c7b1c79ea5b82c9acff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a12a21b618f43767bbde7d7e98c7b337

SHA1
e985a0dfe8f8ca4b8c3dc8d88d02afffef101130

SHA256
935bfa51005d813340f3e64d3b4955edbc329f4ba2ff6d2a3ea5462a29c00504

SHA512
680410d6ce3be8438fa72d918aa9e5b8affe522d8d23addfc7deb6db97289d8ce3633862b4a2e57735de5e74ddb212731cee8b8de9bac63a234a43fba207f966

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c6c65efcdbc9c1575bd16b84633d9783

SHA1
8388fa6838d0f76b8dc8473775739972dcb2b71d

SHA256
49cb1cf465620cec02a9e7516a78026a9af61cda0cd2137edc8142ec0480a272

SHA512
e63ff122f5cababa2def161e0577b7985f3e8d9c35fd00f8a418e649c91c8d81e9ce76315d33469d0761409f269fb2187fa3e317768cba2f23507ac124b13d70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b240f73fc6e3c71703e2bcad83ecd2a9

SHA1
eeaa6e7c170d64a98d433d6191f668a66f57742d

SHA256
6a13e85b6eea9b64c53eeb6a1cc148b24be7bcff016563aa4d7b7b1997426270

SHA512
709201a95f81224733624b076d5a6d8d03a05e58a9c0f7858c5da31065d41d079104dc5955599cc5c705d7008805ee539a57f6e0bc7c0a6408ff01e6af20791d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1a4f6302cd59ff07b87259c894c14aca

SHA1
8e753031db778bb57e6652a2165c45a607d22b26

SHA256
7ef57a67668e2f1a648185efe7f326921801ddc1fbeb423b9076ab63e03cffa5

SHA512
c61d63bd4af08740b65037af56c020a9a616dcde1c9d6203a5cdf6697b2406e06353e90794eef5ad584c74367360d5864f5814f713d1bdec6f0401fec5fefca1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
144f5ba44641d1707fe8165de2aa4ccb

SHA1
af38a6d9a0b8305fa0e272c4a372a6f85d76f354

SHA256
121c4ee72420fda57a4d2c0d029e7718f5c3ae5d99d368b63a2fd90c03166a98

SHA512
0f9b3c3a16d5abd7a7571141b0d1baa805d9c3ebaa44ffcbca0c7bb21b623a2c30b5713499d998cce7e6550105ab140aea04c5e91da83a47f30fb4d44fbaa33e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
013645f717a58fb3c0968d4d408e4169

SHA1
b24a4a235ab63720391be4f7f377f94683fb329b

SHA256
0d8ed473e7ca10edca5fb1e8810b48d2dd4a4353d9257d035e4164ca44ef72fe

SHA512
a1356ec0b23d44fb25dd025320a4fded5149eab1c07e389fe7d56a74292c0285265a5a8e73ec6a3c86f0a3234005f278fd00bdabf6ef6bef69bffcd08d07317d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e319da7dad78f5c466132fe394099de

SHA1
b513e23cb3e432829c1de36acf9502af9c25f475

SHA256
c1b2a9235ea0524f5dd15cf0983a9aedfd4851af1ac5cbaf093be0ac77f961f8

SHA512
d239629bb3bafca270c0f435db523958414c90fe0776d6596aa13a8b8fd6261217ccaf554b65d6699d0b0b7efb131955d3a9fae12cef98efc52da6cc58c46587

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca707299bbb60c83f2e02c885b4f983a

SHA1
46aad139278168c278449f018731705c60ae27e6

SHA256
e5f387ed68065ec3dfb1295996ee9dc82d8ee8426dc67b0703fec74c5aaa03e8

SHA512
d4f180807a6ba99f7b331f67933c110704dafb90fd85646dfb7a58665e83d48611119850c1f9bbe6eb9bd9946d83e6ccd1903a01e65dbfe9105b4cbaf8340fc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f5ed9db807f556c4490c5eb08b367dd

SHA1
63124edc7e92a78e1d2e70e9806b11dc7e898c49

SHA256
23a76eab3257d39828f153b00a8ab51d04711c2d060798a7049b4948c33d5f38

SHA512
0681762acbdb3d7b9dafb4ab4d5b21cf78a3eae2592961b51c5d0f0d438c497c29f940219dc9e2c1233c7da9d52f1a27170d52083edbfff576771d9742f83e67

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1630.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab16FE.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1703.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit

Resubmissions

Analysis