8df3866402c94fb93c0742ff24eb747d84951f7f84c8ba1d6b1fb07b73527b62

Analysis

max time kernel
134s
max time network
128s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22/05/2024, 11:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

libtiff-6__.html
Size

301B
MD5

c09da00ab140d3d302c220fd698262f3
SHA1

9130e6e454fa769ec9481afee0b4ba10fc11d12e
SHA256

8df3866402c94fb93c0742ff24eb747d84951f7f84c8ba1d6b1fb07b73527b62
SHA512

259fc7e4ac45019f180f9e42b0466f4da13ec23c9ef36cd91d4c95085a43fc74a85040659b5b71a4e7cc616e50874a84b39b731dabff834c8ac7c60ebc02c11d

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000b6862320e3476dd8d3c7a87ad7b8ad4df1c76c7abe8b6648a9257745d7b222a9000000000e800000000200002000000059a1af8d20e0983174467f91cf73561e3b0fc1a5ea2eeabc58b6085e05a97d0e900000001a881a937a7a45d0ffbfae17e03b31368c3658e35af812efa90c00b27362479ea33772b0a21c2ba977a9fc8cf4500e7c9f9e44f1fcc44bf4628521f65358dbf1a6060f05e796db9f191f0d9dd397e411a07273ce29ec812a5d078777f7f1e0ce6676a4687dc75fed1dfd08f1770323ac03f19e65f4fcc113e1eec9104655b92e477bbeb30161e950a8762af7cd7fa053400000007e0ecfa236d6a96728fab21fb7b8e4083bd79c64dd91aa04642bc0e40525dc93c8a427776ef423a7a5d4baa9ec55219a8be6f1b0746f881289e5f8fe32b1dcfd	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FC11ECC1-1831-11EF-A759-F637117826CF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9054abd03eacda01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000dc0fb656df7595445d911311a8ca9b5d2805a9b9a203df94991e2e22d48bf8ea000000000e80000000020000200000005988f6111d0940391581abad4b1fb347d7e58a22178b55ec5db2e41716b9e66a2000000084b6d3e1e8ba8f17dab04c156c271eb70451dd856a57a447ca196476fb21a52840000000fefbfc9bca2e9f3d91949acae6fdee1537b890fc4555d0cdd4c7c7441cb612cfbaa431007b165d90d1dfea22358bbf9d4d13012d6d2c9160ccb94f66e08f5165	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422540711"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1936	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1936	iexplore.exe
1936	iexplore.exe
1232	IEXPLORE.EXE
1232	IEXPLORE.EXE
1232	IEXPLORE.EXE
1232	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 1232	1936	iexplore.exe	28
PID 1936 wrote to memory of 1232	1936	iexplore.exe	28
PID 1936 wrote to memory of 1232	1936	iexplore.exe	28
PID 1936 wrote to memory of 1232	1936	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\libtiff-6__.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1c1a342ccf67229b114958e3eaef298

SHA1
e9a236d5b14e9cfa6e2b85bfd4607f6581b5c4eb

SHA256
a2cfbd8ccf1dd58bd1b65864ec45a9fd6153987ee171e56cffa8915951d77f0a

SHA512
3faf46391d7d574676adab633a98253007432e5d75db056f0910604e52757621af00047193f203668edb65ed02903163eedf62e86a77db418815d583e5efefd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
727e8b209d298270e4da97fcbbf75a10

SHA1
ce84b88c89fce3f157b410cae46327b8bc3d8bff

SHA256
8df2d2efa59e6308c3d5022925c876c7de53e5e496bbc50ab3c626d496248bed

SHA512
f5a8947a817f6497cabe4ab3701b264e4224de5a87245d3326a258a1b4d6f54399f2a826f0f8304138e3fdab18693ece95feb64f67f1c041be98b044be685ca0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ba6732b66cbf7e5424db6c616980431

SHA1
2b6226e100a02d53cbc5404c0b28c792efa4c64f

SHA256
54d4a67d05ea7b4d6dc73616b3c25f4444ad3aa6f6fef4c0f5d0e96c85323942

SHA512
d0d7e95e6c6b097ae8fd136775390a06dde8a863d49dfd5e4c2309e19f42fbc370b9a52074b91bdd7cf9d61d16bf26de8fb3b927189a217e5add183cb800d0f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2dc606b2443f6b0d829972fd0142e0fc

SHA1
6ef4520061283a6a07acd4a02d798e2645eefcd5

SHA256
c55b5717e18d654fa0847b098369e3f7cffe5217c695231ca7da55da05a01cfa

SHA512
219daa2c388b49a774e34061dce0cd7ef0b15b42ed34057ff0bf6479ffa6c7a125ea83590a24319a30eeb5725dd57eecea01038653bccfb6921d0eac7ac571d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
01ab74b226e8d43c5789c65a15805ef4

SHA1
871d3822b04ed7fae1461a58bcf987664f7237c3

SHA256
74b80c700cca503cf6f7ab01b7077bf7f152bd8a87ced20f990c0826cc48764c

SHA512
84bc7e1830aba8aeb6daec42fd165bb6130f28901a358afcc627eb5e1ffca4e1aefd3f8aa5dd90b616097579cfa8a26626f089c03e3aed23e042c40deff841a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d02b08c46449eb51392c8b4df08289b

SHA1
52d016d5b4f2c31338368eacdf471f3c50927bb3

SHA256
0506cfcf16f6be3cd5f9a228b08d1b33b8dd0dab4c2511f5825b4eb038514dde

SHA512
094517ced8cb042efb4000fe2c2ef15db5da3d7fbabc643e20e9ce891cb2590fb5ce18ae1a876ed9d43e423e48d7200a78f170ffeee31e141121c8ea3e20ba27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0595e6df6979bee7dd953fdca5168467

SHA1
d3ea9cf8e4cf1df3ff5eb8c5369e532cceb1b205

SHA256
7ec6ea61bc288a4cb968bc81e4d9ba059f5252421d30bedc5fe4496a0c440686

SHA512
35588742670acdbfa71b0b48c99ebd36fc3d21e7447be85657f12d554822927eef3363200823a0fc1f210c145e6898d14d6c399b2d25dca8db27f7757908e0e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c0873c35951643ef26469a57a7f0bb3c

SHA1
97bd2ecd0194c2a7c87a5a79d5ef65eee3282e2c

SHA256
79df2a910c8ccde4ae425e27bb73f3920675e2db174fada56a624f02fdb5af40

SHA512
b0637da5a1cb6b5f2cb5e9bf17559f208c97e75a649b87cc386f849ad5f71b734031960c9c4c26a03293638116ef3196cd4e613c7042ebc5868145fd2064bcc9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6014542e66b844f3ec360da35c8041ff

SHA1
b458d128bdf90d481d32a7c95d80cadd8fe3ea55

SHA256
a0bc355de0eb3a52f1de0ee800c64436d360bbb611efc3e9e43e8ceef36f68ab

SHA512
3d379ec52845d3c8d49e2818ac3fc9baffde3fb5578a09709fd6be394ff2be2c2805362c890a110cf2c38e42581b1b5603bebf5310bcae6eb9327104095dfdd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
48dacf408e624fef224eaa195d83b3fe

SHA1
0e3a078a25b5d8ef9bee9a47bd22bf2d31966d51

SHA256
a1fcc7963a3357b71caf794a1107c1a8d5ee6741da0a20547fffb4b8d2473037

SHA512
dcbe6fc24b86720e09dc89cf8ee9a023aacd25cbe1117f873d3b89ebccc87fc8763795065a5fc68ca1e87c14e7f38c565f694c296e59a8b9977f6d8a2074ed38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6eaae6ef2815c50f52c523a1219a0d5f

SHA1
05b41b8e80b254572c3d7da13be8a565d4aa4f33

SHA256
07705ed38700cf4871cc6680c843c4421452ec092d55fa3e961b23a4d92e868d

SHA512
7c15fdc1675f2a198cb60726347e0642ae58fdabab3c1731074257e36f54b70dcb8f86f769bc8c1cb7cffdaf47feca00802736f59cf6715c650b964c871e533e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6da15bfd628ce464f75db4e8fe69ec6

SHA1
9183e71b9004133937508d07c867cb4b41eb2bcf

SHA256
12be376e3f6b3749652c8c4562f47ced3f8c781c7e36abc8d4b65bce5c78a48b

SHA512
a0f61fe2ada22e3afe752ba47b48f2479833f1551a601239d3df8f64f19be12586fb6179580fea758f7624913f0cd09030225129b72bb0eb675c998bec3204cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c772494658ce1a9a9a2f9791e1316c4

SHA1
268d8082eadc647b8c201671425b42ec6a7cd9f8

SHA256
3b1dc1ebf2137f1e6b69f8754abfe54f7362c0124327c2b57b2579e8353dac84

SHA512
9b20864e319b38406db980022aa30cc394c63db9384466eed658598b37fb08dd383206819ea76000665cfaf90f6d9cb7dbd3c885c3af1e03b68807e78cef2824

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3bdecc2ba388d8362a758bca68a0eac7

SHA1
97871bd86ef4baa821e5a773712bbbac46235793

SHA256
4523b9cff0cbb2d247213d81ac92e0070e69c075f49dea554507c6df65f45893

SHA512
3e2f15ab331994c4f445970816375ea10824ed9f1b322d774d3ed65c0a254e1ed034c3ea853abdba1edd5c212e47ed48874146982ecd7b0948051cd8a01889ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fffbcf4a7e10fe8ba46b9d0bcb66913b

SHA1
da104f5853306eec31dafc753a6232e4c5b6b6f9

SHA256
958c42898b3a45ffe385b0ea1311103db7eb16960eb286a2efb90b5f780f294c

SHA512
3f9fea202b577283935a2fe1a7c5d73a00835f676eed25fc8f68adf4264cdf7376aa9c66988e9fd6ca9a762b63c9b165b536f77b14431e32cb18da4ed44cb4a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5fa3eef9e76016661f1f31e6d44c9365

SHA1
dfd648a4aa6cc22368d5532b3efe6d348e002d72

SHA256
1704ea74b51ae5f6d1fc9d78664322205c622c6be06c2d332816777008c10aac

SHA512
29322facd9dac839a800a68c82ef4218b6c5b272192146477f9e37c3cf0b75f3f4810f443cc2afd9e129d232209ff97ecd348f81ef6d4caa737157056fc3bf52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1fb1e16c7caa6406a9cf23f6938ae237

SHA1
09ede89b2c42f3ee5ed546727ca864cac1b09f2f

SHA256
ddaba8cebec56332acab586515a3c5c5349ad344b835fbcfe43ffef2de7dcd4a

SHA512
f31651b06d63198ae5a8a833f6fb336add931d04574917cb9de3a0601fa65cb3fb72ef34fbe37008d3e9abe2361b78a856fd2da181710f7e977020ae5863f415

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2436.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar288D.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit