17f57919e1ceda5a05c02513445a36246a149da01b32c09df17dd623a32ec7f6

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/05/2024, 11:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MQ2AutoGroup.html
Size

11KB
MD5

2ea4aa92cf95627ec65611c7aec145d0
SHA1

51c122074c180bae64ea6d726121255f06c9a595
SHA256

17f57919e1ceda5a05c02513445a36246a149da01b32c09df17dd623a32ec7f6
SHA512

40f10cd7b9c598b87fbef337dee9275436affa60a1125916c246a4d7ffdc9e66e7d75ce4f8eb0b88913b850d28be870417c5e31410b70e228948d9fe1e94f726
SSDEEP

192:HR5j5chIGx8/X0HQlyye0cCHrnCv0tS3rqh12YCRor7VFtnbTF4dIE0daejuQ6vX:7d03SfOwNXTijHGhH81

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ca6542b595d6b641ae995911a0676cbe000000000200000000001066000000010000200000006fce438c561e63b22865f2ec5f53add9d19fcc69c031ac162aa6d65efb12dee4000000000e8000000002000020000000e221013cafcaf3bf116b8db11b600f25c8866ab2a5b5e590c4ae68c8077244b090000000883cf68b774d5b7719be0e236b46528f9529702ca0c1bdfd70c70422922bf35a3c0cfaf6355ba0cc07226e47f7e7acdba333a2376bccb6106087dd40eb6eebab899ab7488fd788bf98d7318d9e15760d5eeaa4ab4b9973f0d15b969969d2043348695921c98436f451e0aa28395d0766f29b3234ee80861c2efc0132398df914b0df7f00f8c33afe9fb2f7fad44e537940000000b93f2c66a94bc9dd328a868615a09ca62a8c9b42885c566218f06466c245455c12f03a53f3ce062067b8870f7c4862b3636c036798326d115026de2f0d412e7a	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422541265"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{46455BA1-1833-11EF-A4EE-CEEE273A2359} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ca6542b595d6b641ae995911a0676cbe000000000200000000001066000000010000200000002fb6f18f9cf8f6aa95977061906e307c09f332b97bb11cc929e7342f9f8a60a8000000000e800000000200002000000009b8d6445c08020a2a0b6394c4743024a4bc6a7562b0cd8bd48a64e1939e314920000000e21c455a20fa5a787d119e1b4c8ce28d0afba188152b9642d6255421208860ee4000000049989b6ca2cf573cb32a92093968bc3eb208a93fb4366e8aa33113fb99c1831f57853f1661d93fa9549015ca4b4518c62886522a32297d7bcdbae82b94ef4a8a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4085c01a40acda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2792	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2792	iexplore.exe
2792	iexplore.exe
2796	IEXPLORE.EXE
2796	IEXPLORE.EXE
2796	IEXPLORE.EXE
2796	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 2796	2792	iexplore.exe	28
PID 2792 wrote to memory of 2796	2792	iexplore.exe	28
PID 2792 wrote to memory of 2796	2792	iexplore.exe	28
PID 2792 wrote to memory of 2796	2792	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\MQ2AutoGroup.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
079873ce8af03eb7eab74d419a1cdf6e

SHA1
5ac90e8186e2f1fd2ddc29f2d29acfb24fce4f9a

SHA256
4793855aa574b38f977cc2ffeb68624c5ebc4757a2c91806dd6c5e9fb9d36a93

SHA512
3b06fc2c8739db3213804288f0874058fe944b2e951b7ff957859c9cebd9df0eb45bcad51f68b2b76342e7ffe34359b21e26dacbf9123aa795bebc8586b1e2d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5af09b34e31d2d954edbcd3e6ac72b93

SHA1
8aa3e875525436216c1cf9f843002934e1d94b23

SHA256
919f2a6ad3dc9ddbaae2692348ecdb511524e807c0beaed0d485b9337a42df6d

SHA512
3e3e2d1022190cad9ed94b71e373d223be3bc094c715c5267f6589b2df2a5b583b0b0b8fe02b994dc8aa24394d16d2b896c88c974168be2a12eba24517f64e27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d288f5d3773513492e4ac48a9f0612d3

SHA1
fea9ce69778d078bbc4479a0d7838db3ea9891ec

SHA256
acb810cd4381201df564f7bef1400237405d862605703d25ddea939ddc2f4128

SHA512
ebfa218a2b2804961dc8c54f93af4ebf9b0b5f6bddfd80337cc403a9f662cfdee0cb2644e00a70a65ae28ab64041d38279d5ba197062771ab5b3e00b803d5b91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
906c8102bd639d4048bdd5c891b0061a

SHA1
20c3379cbd7349dda3bea36797c63394a779f4fc

SHA256
9485ffa084ed1a459ff2d27fa0f67be2950c1ead7f3d19db861fe06ebd6f6d68

SHA512
c1f0b36ba98e4e29341494a8bacd2422a72a2ed11c0e6a745d0134733d707480cce939eeb21c9adfe755d666a0e0f005e28e8ac1629fc07cdd95bda05f7d8fcc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a1a54e5126a19bb5388330fe046e9106

SHA1
3be801faddc757f61228019fa6aa1ade99114235

SHA256
29353543b4abff254674ebaa0e3ff468035f0e95a05de332c18e9bb622beb601

SHA512
16558d7c2ca1ee552a166835caf1a9e346b9580f7573fba3f23f264cf29d5d3cb1b8c5de4d75e342b60cc2e6aa67e6bf282e07fefcfb62404b8ef6090b37d48b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1012c9fb82d22bf79fc1b1382d1e3377

SHA1
af35d993288f9d96772609f3a4b4f9c499ec642b

SHA256
232f7965a07a9fc1e6660f30e472786411be9b32fe15315aa5fb2aaedd6480e6

SHA512
16e612269c66c64d176e51109de2433c68554af0a2b14b46435a4f968b99373098175cc87bb324a1bf586cc48d9321547ec44b59aa7f08c37adbb97737bab81f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bebf6531a69d9e6e1f5911c375fa0f38

SHA1
577a5b41de6718e95b3867e6f6951f52743264b5

SHA256
ef8395d2f88010ffee2df37f7c9490122aadaeaab20dd67d2eb7c75fef876c85

SHA512
5e322b53d26c172e4aff7aa2ccc6d409260bba5dba4a3a87b4b46aa2723505a93b0d42f86228b3d629d2326a1da0cdde8ea564990b8a15367d234c00203841ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e497c01f26cf64894e52400b29e58e8b

SHA1
9e527f998cfeb8e5c88ff5d7683b2d7c8fca25a9

SHA256
fbc53e765717f20b15a17bf7299f41c58564c37d3843dbb36af042c29ba2ffc2

SHA512
747cc0ccd69d9f30aaf036af7f5d4caa583dbf4fe1e3339f285cd548c7280a42a41f853fa9a4664e57b6ad124ee9b15ecddcad3621e4febd61e9d0e7135dba5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
80bf3a9655523bfb0aec7eecabd3d1b4

SHA1
94412b1c3e0ca53886123f61c1d42c92826599c0

SHA256
852330b9bf5eaef25cdb931a57066cded092b3bd11aba5b7dc98c114450d6d34

SHA512
18b8dc0fce4c2e5111be21b128c522f5180dfbf545bd5993c830ffff02175392c7852fb687ef95d0bb2aab40a73fccf735981a47410631a3550ac577d8510e0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1377361f0f3e13f34026bd9fede1a379

SHA1
7694fadda6c508470266e17a67d6c36d33d617d2

SHA256
0d6d97aea93b657e7e1ad306fa4771bb5bfcc2e2fec2d6d50433e8ef7c5fab33

SHA512
4b72e23c2f3a89e7ee16315c3b03809bc071d2d5d1e49d8dd3b72a56a675cc72908f0472e2f0e7cc1eefc2667d2749b1f314134638259e15db885e7958214b1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7db0891657a34b478ec82a9eabfb7f3

SHA1
d173651ece2c14fecbfcf86f3642a87e3711d5e2

SHA256
823333b71d8bb469bba2a15974ebf8d4c12dda3d566b074a0b4a0507e865548b

SHA512
5f39d29d75c9787ad06330838f10f61acc2dddb9b82aa94749a99fbc7d3102c4cbf25d04cf46b1a169f9c0ad6d8e9f9b1639e00510a5a66d563181884ba4723a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
abbd7e8df23d05583dc29603c3e13a74

SHA1
939ec662b8a50fbc2d5e2b8b2463f053ffbc0ad2

SHA256
0218db7c1b7518a89a88d6615a5d8230a4414bfe153a28c954e332d5b863293e

SHA512
e85fda6349459b183c4ca4e435ac380453ad43770f19e6cdaf05e5dc6d7a5e8827a5fd9dff3a75812c5d10dbff154af7f7883d6205a5c6c1a3aa5fc3ffe52cb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
77440a1adf152890d8b1b96e27e2ffa8

SHA1
b2ceb4d427e6ed9cea7c1f7877e1928b972ca0a8

SHA256
aea5e07d02d63793a28c517e13483e2a39daebc76129a495bffaa65f1e011cf2

SHA512
0206ff3d4ce5d8e12761db926df5a856800e73d048c9b20919960a29d67aae4e164bc36895bab8e0dab3c6afcf12680cebda82c062ad9a2825c4804a4204a7b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7af7dc6633cff9ced9295396869a40e5

SHA1
df679da60faa10f55e3c6659ffc9f71c54f7299e

SHA256
d7e6754b39596255928105fbe6c33a920ce2c6149f5b0945a139467fdd10547a

SHA512
ed2dc5bb179f427663e760bf51d14efc120277369d6f91440ea7ea3f7cd73a44621f2c621ac905383fe1248c1a016c31a55993dae7accf79855a9df5180f39ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a078c377a22d8c47ec6f136d0c9958b7

SHA1
0f17297b00dad718403996b6fd07080b3ceed269

SHA256
614526342cf1ca8133dae79e37593fdcd01128fb3f049020e1f621e0e10cd717

SHA512
40552324661b37a3fa4c4a1bd592887a170bb3d244564ba7691d485be5f7437c5c1b452b2b5c0a5f97c92ba3d7cff5878416d96ab36105577d9bf83ae9a6bae3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
94b473878599e85afe7ec570c4ea99e4

SHA1
57385a4c920191b49cd26852ee22606e72b8bd8f

SHA256
d02cf6a87f3f45eccbf529102c60c43ce455a8d88ae79704d0ceac27ef738712

SHA512
f4ee8064d28a541c4d0bf3634123327c91d8f308707e64040d878e58fd40a8ba2ee9984e56eafcfa1414b42b3a87581614a3eab7f9762bd24efa61c43f2f3f13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar34A0.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit