249bdaa4332b3e1a3a2148d4fd587a42bd48615af556d1c72da51c55bb2ca697

Analysis

max time kernel
120s
max time network
132s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
01-06-2024 13:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LICENSES.chromium.html
Size

5.1MB
MD5

6b84319ee8a0a0af690273d3d2dcbaf4
SHA1

857ca353e0582d100dcbc6cb6761bb4430d0cb90
SHA256

fc2a256467fb4d4ff72be6c423e5961e98b418554deeec296aded0e757b9a585
SHA512

26f9842bfdb429ef132cc1a930da9187071a339927eda402e8d54b5eb9e03067612cdadc3a2dad3d0977f8e6af18c05eab6ac91720221c6a0104f96638f85a8a
SSDEEP

24576:yd97B+mnLiLsrDy2VrErjKCqzkU98wwg3QeXuh:0P+mLAqHBCuRoeS

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423412193"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009f667d865ee967469240b8e9ffeeb1ca00000000020000000000106600000001000020000000427175b0090ce63ae9e66b32d237b006400ffd0d113c02458dbbba8468ffc6fe000000000e80000000020000200000004548c122ee28aaea3a0c5b6736abdaad43eb2440762e633ebe86261c837a7c2320000000b3492165f5d27a4d6e6bb42541a6db1af27e5edd4f689ddec26510208993382740000000ebd89f99b7964e4191637a1094885f31b6da5100c4a4dbd4f3399896a333d244914615cc802b1f4971e2fe190dec63b3d89f565914a0d565f7aa02d63380f4b0	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b05ce3e42bb4da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009f667d865ee967469240b8e9ffeeb1ca00000000020000000000106600000001000020000000f837369d84920e1f84b47d0c4be5c8db674b95a509c65a3770a2b1ddfc5de39c000000000e800000000200002000000014d3fa74b87e8bebec965cd3210f96743192ab704f09cfaeffa05701b70b08e69000000089c3560e0d47c9787f6698eecaa7017c2bc9ab40a052d979fb6aab2e94cd4f34d0dcafd65389030079315363863e0c794939cf069bd57ca89a1f55e880bfd193af703cde20e6df75c093a002d44905095329e0489e59a1a3e6a2fcbfec107b89ea800e70851d1df515af3d259be4b152c7fb8d9b46b1c69e1c8ace881ea4b6cd179ddca5d8cad24d3a4069210c1aab3a40000000ae69f37b7d035a6cfbb3a15d107fd6ab357ffff0fdb17d0956215f533646d0f0558e78feb8996230eb1177c71e3cae47448fb61048a6ad89f08d2f439e9d399b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{10393BA1-201F-11EF-9BF8-4A0EF18FE26D} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2292 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2292 iexplore.exe
2292 iexplore.exe
2040 IEXPLORE.EXE
2040 IEXPLORE.EXE
2040 IEXPLORE.EXE
2040 IEXPLORE.EXE

pid	process
2292	iexplore.exe

pid	process
2292	iexplore.exe
2292	iexplore.exe
2040	IEXPLORE.EXE
2040	IEXPLORE.EXE
2040	IEXPLORE.EXE
2040	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2292 wrote to memory of 2040	2292	iexplore.exe	IEXPLORE.EXE
PID 2292 wrote to memory of 2040	2292	iexplore.exe	IEXPLORE.EXE
PID 2292 wrote to memory of 2040	2292	iexplore.exe	IEXPLORE.EXE
PID 2292 wrote to memory of 2040	2292	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2292

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2292 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ad132f512796d3b2ceab69593c4efdd

SHA1
20e26feefe940c0b08593f505db5d0785e837b16

SHA256
29fd7caf8c7fd7b08252dc60a4ad027b77fb564f1c23d1be6936f490cf2615f6

SHA512
2bf1e30389c24bfe4a9eb988193432cd535a8b3ec3027d2de5901daa784f542ca02dccecf07f5d3e0bf1f497c8e861ee8cab4c548c192a06949181cd77d2c80e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d18d2213be3abf655f10add813ef2a68

SHA1
1e243092ad4f5b3242ba61219c8fbc0ee2169102

SHA256
d559bb10396219d24edd7525a66fed08712ec7b6dd0080a954af2145731bee1c

SHA512
5bf06fc6a36fa617af47a285bbb78c58d9a28ec8bbb21aa5c8e7cc18457a8b157335361c730f4cf24d61300e443187e94fcf72f9fb6596caa79bbc555f09bcff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3cc1ffea0757053c043ce447bd3e9b10

SHA1
13b63c6d5ac9d13c127db83336b4c0a9dc3db7c2

SHA256
4a87c42664d606b28a9898d7892b4ead4235e8081d0ddcd26ceae9fa579c794d

SHA512
9479239f7fb6c368b35c9d20caef2e527199bcb1d7551fa9b7ab83c0a30e7bf0c53a82b8c435c2ef93ad445c3a005c6fee208f486c7ea33f2e2cfa4bfb6c5f2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c4e00e57a94ebd0ec3e63c15916a3cf2

SHA1
15f574fa8f3a804b37dc06ed23b131893b33069b

SHA256
4c031be44ee33fdf5aabc8e926025c5ec38f1ebfe2932fadc1d100bb6219155e

SHA512
11e323cba0d68595b27788a7930c5c45d71a69413830a1f90c77ed05a6bcd24ea4c3575cd5defa8534308b32a6ba45cf12532e57458d3d5c39c6b3727c1ae340

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3572bbe3b9aacd921bd76a31494be9f0

SHA1
69337a39d353d1f85713bffaf697fdcfdd0be69d

SHA256
50abf508118d8a102d07a810caefd17ac1fb5dcb6977a6e2854425bf2693ea7f

SHA512
6ecc084f2befe663a1603fea408aa87bd37179eed27db8cba07b1987812c030369376b2140f1c26259e4515819fe21eb2b51fb19dc9dd0fff427d7c37a317a13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98fe686237710e6a634ea8475a8fc63c

SHA1
fac9441cb34ea7e3927ecf23480a4fb6b2b7f34d

SHA256
0ec01a70cf42ec4b03456b4032fa616011e3e43f92af9949cea8165356d596ef

SHA512
5bd7fff86c3f2dd0dc53a0b0376db85c3d5cc5ff5d812903757f504561350defbd7f66627318cce6067b34d28ede30701a69bf872c48c6ab9743f9f918ecaae2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d8be99e01f3b888db348dc8bf582910

SHA1
b72346918da7cdf3a2ab1a8b58a9e99b2cabbfff

SHA256
e952d851fadd64db501cc7347f298bf6e39f0be7bd23e9337c8f3b7e6605052a

SHA512
3f4123e212f676bd8218e35bcb5207d8122aa19ab249556d282534979f25e2bc828a29e65aed816c2b8a1495c183a92857cd5222637833d9ddb6077156112689

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a9791a86e331787274bbcf7e1154075

SHA1
43c71ea3fbf98c57a8ea6b30e7f2752237cae4bd

SHA256
8aa2a96e2c893ff16f8d910e3336e86293f9d2437adf2fbb07d7ee2850b69601

SHA512
2981a027107d726f808e0168533bb1fc20d56115c60e5d92c79f2b4ad265ee9694bed5abd190fbffb83e52667d4f40eaee53f6c07ad5fbe84ba903a5dbebce6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ea0d254cbf7c23be48e4dcb1f65224d

SHA1
00ad2af1d5eb320e71be1571f5da72ed0169208c

SHA256
2de9b3a7183aaa11c7d449aa2b67514a3fd4456759e0e1095520b84a190adfbd

SHA512
d0d39be8a0cc179d995ea62689c227491d5620ef6861ea9b68707538515b2cc6badc60ab37d9afc425dbf68281ed6f6e5a0f4627c2039daa3ed6f4a57ea66816

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
13820fa7e8d554d3f90adc9f6cb8a81d

SHA1
62278fdbe18d25184d4739bd5535fdc1898e0de2

SHA256
16094b36e65631f4ffafa9b6f40d1a6b83e30a6088ce4fa8f781a75b8c5e015d

SHA512
8b6ff5a8378de44fc65bc72c8cb8456063f4a0f9bd77e75e72cd1f1aa406eca4ccc670553492a17929722de8d968c5c4a0a8a111bca488a6ef5f7685f77f283b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab313F.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3ECF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit