9b20818b9b3f042d684ae99245791264cb31cf8496bc369231b31c9df44db655

Analysis

max time kernel
7s
max time network
139s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
07/06/2024, 02:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83acd84b3c19ab54641863d423b1bedd9e9de4b258ec2a6143666f78e02475c2.exe
Size

1.6MB
MD5

b7beb32277476ed209d3baf76c91abb2
SHA1

83762bb8752dc651d55e4e928a2edbdba4a2301a
SHA256

83acd84b3c19ab54641863d423b1bedd9e9de4b258ec2a6143666f78e02475c2
SHA512

bf5c01a4900a87c82e7caed99e4d609e00703609a78a89af532d87c2951d5e4479c370fc46da184a64f3adfaa5db5fd2d4f88ac7168396f720316be221f0944e
SSDEEP

12288:skZ8dC0blEIvV2g20X/A4Ct+yu6sBlvhcmHXF:sF3lEIvV2gZXnC46sB9b

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FB8FCEE1-2478-11EF-9911-62ABD1C114F0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3020	iexplore.exe
3020	iexplore.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 3020	2028	83acd84b3c19ab54641863d423b1bedd9e9de4b258ec2a6143666f78e02475c2.exe	28
PID 2028 wrote to memory of 3020	2028	83acd84b3c19ab54641863d423b1bedd9e9de4b258ec2a6143666f78e02475c2.exe	28
PID 2028 wrote to memory of 3020	2028	83acd84b3c19ab54641863d423b1bedd9e9de4b258ec2a6143666f78e02475c2.exe	28
PID 3020 wrote to memory of 3036	3020	iexplore.exe	30
PID 3020 wrote to memory of 3036	3020	iexplore.exe	30
PID 3020 wrote to memory of 3036	3020	iexplore.exe	30
PID 3020 wrote to memory of 3036	3020	iexplore.exe	30

C:\Users\Admin\AppData\Local\Temp\83acd84b3c19ab54641863d423b1bedd9e9de4b258ec2a6143666f78e02475c2.exe
"C:\Users\Admin\AppData\Local\Temp\83acd84b3c19ab54641863d423b1bedd9e9de4b258ec2a6143666f78e02475c2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://degogh.com/
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3020
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3020 CREDAT:275457 /prefetch:2
    3⤵
    PID:3036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
45e78c7f88e13196595f48073d56bff0

SHA1
2bff8021ee2edc4db22d9dedf3d61756b2de0627

SHA256
d5c9009cf808ed75c8486c1af0de8b442edb6244b464019d119344ac86dcab70

SHA512
a8c85f6c806e3303e2f92662f7dd73cfdb23a2b331570b9fc4ae3ec519375847a4bccbe436f81ef2cfe4896d563a5d785e16a2112d25c8e6e7a9e2685a87359b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6476834c5ef1786085309f830a32e600

SHA1
e8255e3011847c88341426ddcbfe4b0e3403efb2

SHA256
19bf7b8767940f2cc9830baf1155cdaed8689f81c4554a2c18ccae524128c307

SHA512
d8e37a772e74a88df7ab5f4f71127045b2d8b2a09afad460cedcf285886d49a3ee4942d2fd7179103925c52e47496fa6dcaa4bf681b0e087137f7a51d929b49e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff5ae16e5b76270decc6f6b8bab00582

SHA1
98eea30b5742e79eb0a3b7c702ae37315a92e754

SHA256
5b1ce27567896591a213ed40456dfa6a0dfa70ea753b5260fe294e7cf2a1e033

SHA512
f4ee21e033e2d40c374403106f6c0e9de5f67543cfa50e37eb4c5299cffea7000999b5bc8c4f108757420e420b9ff9de0ac1fdf58cffad41c2e05f26dce4dc2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f81dfd9dfb86a2fe360fd3299a9bccfb

SHA1
7f3c8a353ffa98f60b18af75445390bf3f7af2a5

SHA256
b8feea57ea74d06456af2e92b9f2a813281f752f46706fa063ff741f2c276055

SHA512
d9fbec2b45b88af401c06aa5faa8c86d7bf4b9635fddfba245e954bb89925d830e1e841cab9c61485184aa7f02a20becc6f0d61cf4196170f50817062805f8f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e72a45632911b1ecad873a4d0ca10fbf

SHA1
38a91f4f724d960ae3b93523be2e32e43c4ac0c2

SHA256
2e850ad3c6f25bca6c8502a73dc3d2fa6884c84f471f10a5536d8b6955cf83c4

SHA512
f829bc26bcf4c2a846a18717bb2be22d279b9b777cb74c72f3bb775c62ef29b841c35e0fd1ddce62d7a29bcaae32bce9d843115d3fd334af015c7e79ceb54236

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0fd7a2ef031a845b0ecc12581f7da64

SHA1
1026b9c57639152389246dfe48ab30051dcaff5d

SHA256
2b4f6a274f838dab2e87d186c1e33bc02687f6c44f9f2654de5b588afafbb5b2

SHA512
52867af74be11ed0b14355afe0fde6dd6f34e8d7ed90ba1ad7340a810097106e78dc8ff2f881f9aa7219699d5e039cd849c8ae2cb705fa074205ff7916ee0017

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c5fdd8a84a1acf15ac9080d60a0dae97

SHA1
ffc3bfe44b89a3ee0a7018c6e15887279eab6891

SHA256
c513c3bd1252ee5200e2b1197afa1bb5083aa124e7252b6eafe542db9609390d

SHA512
0f4e03144ff6a9d6be26fbcd66a510d5a6921d84e84f1538863dcbb0cc74780a459ba7f484db210b2013f239ab0294772ebe2e83b261791b1083ede612edb06e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de2d72f267d6158a92d537f656d336ab

SHA1
63dd9ad2acf72430e716ed03a9fa6649686df551

SHA256
84e98420cddd012d74dbba723608e24c0ee794edce1249fc803de9ae529a7ba4

SHA512
e3906500424e45bcd8dfbf4c65a08f996d22db5ae0157b46f5fc98f9868d8c4799b91c46ae2e59fdb7d58b3e7ee51eae284a964c53d58d9426e65d0e60f715ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0a70765de4e0423c46945c72068ac7e

SHA1
be262ba6046d6704e01c224bb439953e875ab4db

SHA256
87c33a043372cf3e470da97009e8c988a60fbfcf7143a22cf966095eaeb74523

SHA512
4eabe9861f4427f771621e70916b4787a4155583aba3571a3aa0aba3b1f2a90258c03a4419e2a8edd836aab725cac44c428491a9dc2460d5fa5c5aa3f03a6ecc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
85d2b9312e4d072afd382fa5b3599e50

SHA1
4ff49f38ebd1da4aeb461d936fecec9fbc6f030a

SHA256
a223e951a98ed5771b88b93c461b8fa3c0c286fbdf47bf52020a3c7738bd0149

SHA512
c702b3111d95c3c2e0715dbda955ab69fa6cbd08510a2bf4ae58e02700583a24769c3454a9b7f6e66505fc2d4164ac1258b8bf41c1c9ff939b9be3057bb138d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
457ebc546451c910c55470c23e673aec

SHA1
4a250ada004ccf6016dd8dd0c9b34e7604785e7b

SHA256
7dfc7475ef81d07e1b7f6ccd75a3e0361844342a92c878cbabb1a603964bae5f

SHA512
5fd4e0baf1fa0fedcac27b8bc98c65420e14bb1a3ec47bc22b80767a467767ae0c0e7dfb227ecb3c573e12e9596442b364f372c538f5f480f12fab3126941be8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc7a675a357dc47cf12e29f178ca095e

SHA1
55992977111c960101239e7ca73cd49ed8eef745

SHA256
e469101187c82d063d02da0a54bae8b9c989a12a5f1548c058eaa7d31826ca14

SHA512
13ecb9472ba4b6870da13f7d68158b15bcff03e305d4d86668fe0ad19bd373c2e51b573619c931a1a3c6da541434a52b51b15773c7497078f616ac30f4ebf998

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53365b44ec9cbbfdb43fd92a8df3d0d0

SHA1
72d71f24d3439579a63d1886caaf6724ecc03f16

SHA256
022c2de603719de2a14a6c0f28923d768bf8e3c3a85290a0828e3e2dbf5b4ee1

SHA512
a21ef4dfd62517d48b99726d0a9ae2212c87832f57d5fcbd6591f2d58fb070196e1e9f9250e3c262ed3bc75ed359744a2c341d3bbfd55a53754a117a268e400d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3fdd956cc665890f83b97935c3d6c5aa

SHA1
f090839b5eb0419ccbfb1d7c5fa6c4414bbfa357

SHA256
6d394b5f4c978e75fac8e68989df1cafa122d972b8be02408ac78e78361d48a3

SHA512
68f59700f7701fbc20105d0fd9ced542927add3889c353a7adcdb5165ba290b44f791d3094474ddd63b1f623d9c484a0c763d20b9b890dda16beafd3e82933aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81c3fe9a044b8058b16c681b2c9c2077

SHA1
394a74e55564d42d19cb0d53c1fdc54b88e106d3

SHA256
a96b57b4ba9e8260e94ca6c238a6dd29e780808f7f51868494eb5e49f4d91d43

SHA512
68e19d82abe752a77fc46925829950dfcf11688bc59544c42a7f27f05cab67e8eaf16e244291c55db295cf5d9ed5371927c3d191e7a3d0f6a74b795fbce31b51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c754c4a34f9b90eda5a7f7c86e03d6b9

SHA1
f6532eabbc295c98bd6bc9ebac4862ebc5bddbd5

SHA256
376ee1cf5b10abc2024afb4a71b40039b84edb291a3875dadcae52dede72e6b6

SHA512
a88fef611db3f6095ff2723cb683309f9c4bd0cd27af5ba21d28dafc85c588cc63dc693c5f18fed4665127cac55f66576f60d34cbd398b11a2e4d1c434ea301e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f235314814e5f7988bd803cdd85c5589

SHA1
6895d50355aaef0f18586d726bb56199725d1cf9

SHA256
d7e103b7c35d735b8d59b2d8fa61b36017c18a560f07b439d4d331fd076c8743

SHA512
c7d55da603258fa96e561985e544a80b730956e9ea38f8934496b23ce894243f9e5a64a2545f3c5d750e63f85b0edd4b9361cd5fd8bb65cfd505dd1660125d2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4de236193245e2c74b6f31b3ce301e27

SHA1
474876b2a97256948f4cfa1b4247759e93112bcc

SHA256
a805b6c6ea831e4cabff32b117a52a49dc8ad3ab6b284cfcd9e2e8ac136b0e38

SHA512
0c7d09ac0153e51338a18e03495967f81f82a1c6202e4a57d07aae21f4de438e4912e81fbbcff8f9a47815f3a3bb462de615c805179b0c1f5efb7b992b60b6fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e933024a380edaa66abace968b5630a6

SHA1
f43803adb9e1279e53eb3cb80edbeb6e54ad5931

SHA256
613dd98eeeb210b5deba40088cda3f1eee79cd6935158e6eefabc2fad9891651

SHA512
de50c1c79f6bcd33416c4cac1e9332f6c58186484655bb8b1f024007eae52946bb1cb6445a4d901c1d2931cf1514ddf4c5a2bb3d27481af85e648775762ce273

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
42d4a0e0552585d70ccf6079750eab9d

SHA1
25dd3340ad84b0a4ed4a4941bd42ea0a649d694c

SHA256
b4afaa313c623c58e3bcab1a57090f1e3501d99dd4d52c4848771b90afc92274

SHA512
508e3770d169152adf80a332876fc952b61d8374e96c4340013f74514f5c31d97d209b336740159bc0c442d31698ff5fa3b6d802d746f0ce399cd862c4c999f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2E51.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar30D5.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2028-0-0x000000013F7E0000-0x000000013F97F000-memory.dmp

Filesize
1.6MB

Download