1e848b50a2c3344b77b89c3b4b33517a665b140495a18bdb8f34595652ee8b97

Analysis

max time kernel
17s
max time network
18s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-05-2024 12:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Avatar PSN Tools.exe
Size

139KB
MD5

18183e2be4fa30cf4f818c7969e4ee57
SHA1

165306852c3c78177eab02b42bed228e8aa0e2d5
SHA256

3b1076a41323f422a14c4496c370678d3f083d9d731ad9aae6c4676a3f32cb6e
SHA512

c419c0f9c38d78b21d66b65237107cdb791132f060195e60c496e2b0bbb33d1697b4c79e8ae0c5166daaf8020e8ab4d1f995a92a9515bbe0d4e81d06f280cb67
SSDEEP

3072:cIzgaYv9HoBifPBPk0AH1a0yIdi3IQox:cEBqjXs6

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0602CD91-1CEB-11EF-9371-CAFA5A0A62FD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2208 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2208 iexplore.exe
2208 iexplore.exe
2516 IEXPLORE.EXE
2516 IEXPLORE.EXE
2516 IEXPLORE.EXE
2516 IEXPLORE.EXE

pid	process
2208	iexplore.exe

pid	process
2208	iexplore.exe
2208	iexplore.exe
2516	IEXPLORE.EXE
2516	IEXPLORE.EXE
2516	IEXPLORE.EXE
2516	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

Avatar PSN Tools.exeiexplore.exe

description	pid	process	target process
PID 2100 wrote to memory of 2208	2100	Avatar PSN Tools.exe	iexplore.exe
PID 2100 wrote to memory of 2208	2100	Avatar PSN Tools.exe	iexplore.exe
PID 2100 wrote to memory of 2208	2100	Avatar PSN Tools.exe	iexplore.exe
PID 2208 wrote to memory of 2516	2208	iexplore.exe	IEXPLORE.EXE
PID 2208 wrote to memory of 2516	2208	iexplore.exe	IEXPLORE.EXE
PID 2208 wrote to memory of 2516	2208	iexplore.exe	IEXPLORE.EXE
PID 2208 wrote to memory of 2516	2208	iexplore.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\Avatar PSN Tools.exe
"C:\Users\Admin\AppData\Local\Temp\Avatar PSN Tools.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2100

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win7-x64&apphost_version=5.0.5&gui=true
2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2208

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:2
3⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e6f4a024e41bf5fc9ed711eb105cbc5

SHA1
e871b1529db806d70598f8c06488e59b6dd23c5d

SHA256
2bf20a8878152ed51b9f0365d9507a76e14c3d2cb383bf23ee9e51f644630848

SHA512
39e922ba52f745c337a97afc42eb4be0d4007e23dbe604185456d1e0150933a3ceffd518d563e8fdb7b06bad55d74d67ae7edecab62817f8b1bae4338fb2c777

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e6f312bb72b4e7a8b2c19c67ceb43e5

SHA1
15c3d30385a0775ca5d71495bad49582f975a650

SHA256
3ee949817a5ab18c31a0e6dbce03aa3a453db7d2b0626b90127e48a3777c87d2

SHA512
09567d29ff1b6571d34bf54ad9518ebd88ae16295c5892941ea95b119b6d6b38732eb1d25284b62d76453107232fefc759bcdea326db880196decbdda11c52e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
944d61a2fa539eb6f48ecc6673833953

SHA1
fe050d631662c4d8ab184da978c5c62f4437fc56

SHA256
b05d3d8fe1c768b00acfb07f665821a9b91d8e78884981fa09c23129b3d8eb6e

SHA512
1e39bdc39410e68b3d1f25c2998d5be820ad75c4a3628ae485ae8361530381d519fc015371126021d393e950426ca2e0ac70b4f93dcff13da91092b4006ff562

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6377fcf23911df215d98331fc11dfa44

SHA1
996573361f69f3b47ff7660ffca8e25739417068

SHA256
d94b8b98e20b92bdd0f5cb86fae6787bb6576e6529e8e76b02963cdcc5c8e15e

SHA512
331096064ac01b9edb437ef5e3fb77b6e54a6acea37e674bb198997f05debcb6b4eda47556fce04479e513f180bdaa573b8ee8a6ff75aba6ce6f43674fa34891

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c8f4f7f4ebdef801d323b24eb15976a

SHA1
3925689817c4633d9fc7ef5f44604d53cd0d92a8

SHA256
d78bdca6e01c0106c7307fe2a17cb1cf252613c262dc48e3f08af984809327f3

SHA512
daf00ab4765667ed4e8d02b77822c6f3fe79f73b063b97343790a9cd611a5fd639f1573f63a5e63824216ff5d1b6299089115e2348f75b5b09b3639310ade6f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a069ab8953368f3d740006ac3fdfc243

SHA1
18dee130a04d7d1f203e029c99ca2e6e619f36c2

SHA256
a841a9a331e59753063698ff5f094e7522e583ae3033d7072966191c7f898f26

SHA512
119ed631025ecc0d814d32670322d8cee5463d58cc57fbec2e87120dc400dd3ad0296135d8f0bd172b84ec8897e7084a16cae031bc80a58af88ac2e898bc5dcd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52f0d311815e8b89df56939fae8453d1

SHA1
3f3040d84ab31bb591739d0d38a1fb805c1cb0c1

SHA256
06fa110227e4026868b0e198e5f8a29cadd6734635629d1adb53406768637d12

SHA512
52486fefb18f14f799f1782d5b23671d3aa725a04595d5ae5aade0665c88282fd6a19c9196acc6acc191aee11aa196f59b93d8da4e8756a18755618036a5f1d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cded664ee65eb8f7546bc3efd5b8204e

SHA1
4856c8d74f107d16ba1fa0beb322043428a30ac7

SHA256
3b8e01d55c07659a3aa62b85f05426f29bfa5eb8d855de51103ec4f1f85b8351

SHA512
f0617da3a79bd3c72b384c60c84664fe8d10da72a8b57ba665e680e336da4e533030f7715f02ac352d93c8d4658dd48fa529be65122273ad8b06ebd296b153e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
657a6112325935d598dd8cd5abafb609

SHA1
a476c84ce9348ff7baa3ba35642ec70bd8da2342

SHA256
c667f4e2802abb58f3da389cb0f0c08fbaff125dd4c386f5640ecefc5b303f22

SHA512
737ef1596e9a503887b8641803e2e546cb7db18d893d41f91373b6c94ec3467b5b30b85a82f9c8028f0720ca3823821e288cb677d4845ef68a7b3292f72194e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aafb7ab3c34e2f85c7c7538765594950

SHA1
1d693bab90e855411a60a4ca416603830f95cf0b

SHA256
8b8408ffb65926690025ab1b52d2ca01bcca9278f3e731d9f74a906e7ff17395

SHA512
75afbc834280708e525d06c0d5da327d421ecdc23c7f27493431908783d6ff3af3cd50382213949131f504ffdca0e1ebdb1b7d94929f4f6247c7ae6b382a150c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
edc2bbfe63e7510fa05f29b97866c4ce

SHA1
b8adb4cdb2bd80331df38c02d119e3d8e24c0328

SHA256
11e751cb4cefdc8ed7fb3082c95c625144a2bdbda3025d315c2a505523c85d6e

SHA512
03308eef006e92c06cc9ddfd9b762acdd1865a11c8ba0ff1ae9eddeda4d9f226647a1d4af8603e6ddff0b8c58c9afdd2869db92766866fd0fe52d52739a2246a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8832fc7cf02e03b12db402c998b9acbe

SHA1
ffeed4bc6324325dde033be9e31eca0232878691

SHA256
c7d6160ed3b514d140b8ae8a30348149474dd748f18d97e4626fd8cd0a5c1537

SHA512
5df43682d539a71136abe61175d3e360e0f116f02278dd55bfc3c158204f9f75c401ab233913de86dad2d925827ed8e03bc004ec2a0afad293acade5440cd6c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c91fd9e8c805609da87380ab39c3d1e

SHA1
4141aa242af957b67a50be58b78a87166e851961

SHA256
5e929d4e02dd8a865d47acbe59d23810d1a3e31e02b595c448eafcb53daa01be

SHA512
ec5b6bb2d7d2c69a985859e8bd958ee38311635953a70e941a73b718b5d0aa81f73ddfb7e34163596dc95255a6c6f2ad3138dd01ffd0a1edba0817085de17710

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4d541d7156ac0194f089335d4ba320c

SHA1
46981cf29be476c67ec47f252e3b22112c162355

SHA256
dd01957fcc7ec594f22e9c632ec2b76b079a340be2da0634d71ac94ce63acb93

SHA512
2483f4ae200802dcb7bf5a80e77b3c25187762884107fcb32270dcad1f6b91a3a5dcf45334db32623257f16c3598d0dde572490992cbd96839edb1590ce00cc9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
840d1e237e179774c451241a3f5dd88d

SHA1
daf814d8d117f9bc21ead40827266c408e856324

SHA256
ecff4cc2f5a5a6cb4f1b9153158a2ae2bf65db91af44cd394c206fe476ef6505

SHA512
8df4cc7cda94b17bbe72103e4c51d16c05512fc478b5885bba3e852f636465d335b9ed8982ce99032fbb44af6e69a06d97ff4d5340cc1d207dcdde00eb1e5b8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7cc1bc697213c72496305c9b82efa449

SHA1
739e9d559faf2a8226f13479c9ca4b328ff7d8e2

SHA256
d2df6bbe0cb4e8b6dfa9ba2663b7f5f13404b21bf001264604f8b82b40604096

SHA512
8c6a32749b8a8100fd12d208fda43d6f4457ded66ab8526cdc8911853c7c7d4eb2166a95b7c3aeab11f3e98f50e04586332e7c62ca10feecb9fe6dcba65f2980

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fbed3252c1411e68e4d1fa38b3f5a3b1

SHA1
bad0422a7b6e052582b257080ffe3c6a8a58e00e

SHA256
6488f07e67e268e8a9260787668d6edaba4a17e4696ed933ae5fe8b59e4c8ee4

SHA512
10359ad5b2ca232ce22621e2a3cbf69c088e52a53a66b838eeedbed5fd59f6fb8c49359cad1e10af181cfa81b7af408b0aab87c0c69c8e314d039dc5901b5e5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5beb706c3bc45f8b28a3ea1c8c98efa3

SHA1
22494282889c915385498e1831f57d73a8012a68

SHA256
5847fa7e7208b38c0d5d48ff922299dd10579ad49499abcdee6c7aeda01d7140

SHA512
b8d99029df91043e1cd37e7e94c87e1c7e60021e806ba56fce52633324474dcdfca31ac2c9384e49bdea0d327f9ed189726dfa9a86b84b250930debb151b541e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6fb0bcb214345662a2b0478952d8eb13

SHA1
77fbcd935bc11f49d33eaed1658484b5b6b506f6

SHA256
2cc85ccca04d41dbbbbc143daf3882c8594f2d8fb2d75bbac28dd8f4e7484e23

SHA512
320796ec19e9758ac9f5c16ec62f827f9c917e47e911ada7e018c1cd406ca9c5694c94bdeab7d03d49e958cee96421b12158e149a81cff224e2dad85bb64259b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3140.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3250.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit