97f6ce221fb5921c55164697f09176f76f65a234f517196cdba347dac1570ee4

Analysis

max time kernel
0s
max time network
130s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
07/06/2024, 08:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/app/index.html
Size

20KB
MD5

c7b752acf6d1e10f3aca2c67b1ccf4d3
SHA1

ab793cb43e0c2b5af0fdcbf90d0d29d5d3e164f7
SHA256

69b9f99f6611f953d94984ac35bdaf9e9817f689e1e3614976bebe3465c613fc
SHA512

120addd79b7ade4f35b426c02631c8167d81080fde30a01b989453113f7547784e525d53bede41ede0c9b3caca8513060753ba51f75bf6936d32ee597d642576
SSDEEP

192:8sdqpDNDPkFHmY74+/qmtRCtmK8W9I2gHHMlxh8B39LJ/Hab48JgJnc5w/93mJ8D:+WNaM8UnbjPk89+mppHL

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E1A0E401-24AB-11EF-8A04-E6AC171B5DA5} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2364	iexplore.exe
2364	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2104	2364	iexplore.exe	28
PID 2364 wrote to memory of 2104	2364	iexplore.exe	28
PID 2364 wrote to memory of 2104	2364	iexplore.exe	28
PID 2364 wrote to memory of 2104	2364	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\index.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2364 CREDAT:275457 /prefetch:2
  2⤵
  PID:2104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
bc106b1284d7fb175dcf273ad145ce89

SHA1
842cdc3af232570fbdee835f9cca4da26dc12ed1

SHA256
21b1e856bbdc1b6a686ca60ad1e71e10c8cf51c6330c2634de96aa91abfc783d

SHA512
eaaf544059d00f3c422c62f3160588b816d1c53a4aad552ca3ced9bfd7e49beaf1092fc9275c25e2e2398179b82c664244f65531eaa87b1d815b3083d496f1f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
c08de2d2059c3ada8cfa599b25eaabb1

SHA1
3338a40ad6f58fdcb9bd286cb7501bade073da61

SHA256
142541e2be747ab2dc213e5f94173e6629380a62ae744e519e0ad2fdf44b5c71

SHA512
619dc347401012085de61b38fe2ec1ef90977b82c162742dd0b6c18df0dfcf907cebd59e43b89356854fc03b08dd0e3c1b51189f9a1ae020c748de8822cb9c4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b3a05a1d39832f7746ef0bca9918693

SHA1
2d4a9f75a299b93b229e1ca7165e7fa2b2044757

SHA256
31f317b0d95e12fa27fd6cdac7ab629794d335595b102d001bc9a450a3b41dd8

SHA512
e055f3b6f7dea5a071950d6209fd59cbf468b682b3053a2b948abfdfe39a5839e58d0f9960cdb4c8c0929c2693ca3f8947b8d195fcc3261bf8fff2626734c6f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
40353d9c8c82dd0fbeba44c3a939eb19

SHA1
1bbef4e189b537c6bdc363f3d8c344f3eac1a71b

SHA256
615568262d4af09f484dc1500ae6015863216967db0d86c2eeb32a4f291c24de

SHA512
c66f1efb7c42bd86547c69828b4cb3f34b22e2dcbd5783048b9c705beaaf3cfa39d95cad345b5718eb1fa6f43af1e04d2df3daef382b6dd605288571c2d2d5bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d40e29e941dffe6367ba1b5c1d011211

SHA1
3507a921ec12d7a39924281f4cbcf94d772fe61f

SHA256
dbd2d33254b77f7dbeeea38bcd9ed42c9bc4c61d084d2473aec9034dc1f14c73

SHA512
ce7985e003fea9252a9879e8cb034e1b686b2c7678df7eb3994df67f2b90a5f9be65bc1d1a55339c0355886c6d1d891e91ec362fa4f32e6bac6eb66f6c7c52f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
63e2474437e97bf6c41dfd511c1d0887

SHA1
2879dd5b057bb1797a47ffa9862df18a2b6df2e9

SHA256
86818656497d17fddd665935aa86f84271fa7a7c94db64a3b2a972a4a49d8e4d

SHA512
adcfd8b9f38595a9ebed8b165c8c847ef638b244df27ed917df1428b721b60bde3c33bf1f584297e2b0048cbf192f1e89ed25a114d8e04a7fbcdee723b97b934

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9cafe7dfa785f737d946e95ad0e38d67

SHA1
18262ddf435caf08b445d8064d590bd8df0e1d99

SHA256
eb2e760b25541f307ccd955c78f90e06fe59db3c9d4ebddc584dc181e6f72638

SHA512
4d3975c2a4f4866b70a7e7d6af7b3b0fd8ae0aa7a74fa7c17a0fe933354a2e9dd111234c6ad1f0912ffecabe63d67f5ca3ba25062a8249958b2ed83747f0f8ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b3db44d13543c8c6145b29d6f8424d35

SHA1
e9e7d6be3da2a37d6d91dcd3db1b3347522af277

SHA256
d1f61983c3b0bab70fb8a48f7d7af2006e0f5d5bb9b0895910164f4e1188b964

SHA512
1b4deaa1cafd280db400bc65cde738051f4bb9a747835135893dd35fa32e18d80e9de242fa33f4f8f8daf5e0e13f06d64f077a0ff0a1c3bc587309cccddcb31d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25ba9a7a557ae0d5e19e7a69a0b2f445

SHA1
811ac41816651e1dee254b0f5c6ed4d9a4157347

SHA256
09307cef38bebdbd842035d78a3ae06c086122c3ddf817d3ae99c24c3cc1e5f8

SHA512
cd83d3df6643d76f99892fa05451c3dbe48046db1e1ecf3b805d7dfc0ac717ecaf33eb5f229153b378a10b5e49a5f66efc36a2d2e9527e722d4600664e15b764

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39182549438742cee434f0ee6fcb5932

SHA1
750658475b41cd2e02b599adc5acac653c845d06

SHA256
a035d407031d8dd27caa1639cd1a149fb0ba0a1862ff29e30a14644a4dea283e

SHA512
11183cf6459d3bd36918bdbeb28cb5bbefe69d40202c497a03bae447b2c934fe163493eb3c9fbb8b0ad16d3834c59ffa1e9d22c3ba9298ee632dbbc660899c64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fdd08e1bd4e40915fd6ba0772c9e02fd

SHA1
ee2a87e0a37a6f2935e314e3a012445e62d3ffd1

SHA256
b5b40590f4336a3e7f2ba82a477f3951ffa49535d671922d2887faf463597613

SHA512
b578cadc3092b4a2c439648494b8756e3641269747c1bf00922c9c7c2d0a7016314d462b31c32e32319e648dfb6b5dd8710087fd880e002982a0feaf701c2c53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b358474d4bae65dcc1f45f7a2997497

SHA1
341dc42836479f26d1fc02a2af50ba35e49dd088

SHA256
a5ba3bd94e4d841f1e0fdcd6c2c3053d7740bead55f2f331f3d29daf37b1e8cf

SHA512
5f0ad862358627f80d15de59723df0423ae809dbeacd8fe5b72acbb791c1651592c8b16afa3a7233238d4d5f853d3eff0103451ada0b8af5e7d408f4ac8f478b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da55f16b305a2c9fd7974ae100f96555

SHA1
dab34ff24576b93329c654e3a42bad6c0cda5423

SHA256
dd1bf5c87d14e7f52fefdfb9348e42122439827fa710115f93a7bd744c491615

SHA512
b878e78de8c3208e6e7fbd876ae01e4ec066c7f369fb7e68fc83530ac601bc0dbd5007b6a846a8800e2c4473305ec4d402506e228746d7c77da25f49e103a083

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3fa7110f388cb337dd80148944f3950

SHA1
4afe66ae0e2bbe23c042f7e1268fd63aee4da305

SHA256
0304677dfe13582485cba4e08c05b8b6fe0d1f9bd15a3c944d23ce370ea56f49

SHA512
f7075d77a809bdce153987213bcfd323bb2c037994923114fee3c241e530efb23c64c9310ca0862351ecaed7521ee9925d342327a6cd3d031ff7d53bb1c14f96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f7ba019bab527ad8d750dd13558828ae

SHA1
0a7b9d217bf950dc66af208f915f8f59cc63f086

SHA256
a10ca36d5b0943ce323751513eaef24c2c33f717dc0b7d1a177e4870de1b36cb

SHA512
290027976c1a26640d966c3cbb7b8f9e5364dc22c3942b6b6babbb3444642d6a1c1752a0336cf56b10c44aaaf57048962831dbc8dc21e5ace2c0cf011fc8c618

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
320de79958223545adc7c6104fc6fb12

SHA1
d1091a4d322759c1a4bdb43f694812aeadf73ca2

SHA256
dc64288fc92cecb8d02695dfaf41833e633ce1faebcbd408ff1e70c2bfc3f863

SHA512
3537ca132918dde643dedeb73b09e1c9138021b4122373607b44def9158296a31e6a9615e21ef6d2b3eb9e81c69fd6a3c395c553c6e3b4b236701b8c73edc5d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
025f017083f8765632caf0ff383597eb

SHA1
c6f6bdf424462abc9eaad0ac02aa5b8ed6e7b0a4

SHA256
d27b1ebffe2b1a27c76d256223e66c686095d37f801be8b3c749e70c7f137867

SHA512
3ddf104fe4c416859eda4843b353ba450bd74bf3ce5ef1f81e4f63ed0c6def0aced78e32cdb1a2d6be520d5e85857b8e8e393a6520a2b4e73b44d3c9761cbf72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
bd4e50e5eb30e08f1a7f6835bf2c2a04

SHA1
aa3064571698f78b94df4d1ba49e755f71dd959a

SHA256
402ff194cfe5f34560c48c9d9aedfb19e5877e2146f82e722f586be8879297a4

SHA512
02fae5317ab183ac6debe92694781cd4e20029edec425feb0aa1168756a8fe7e3a1ec754c1d15f6923f91e1e2bb6eb7b4ca016f4c753916305be77f58da64bfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE93.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF03.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF86.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit