b81019d16d83197a22c34667c770345df756242aa5f17cca00f418a5d0360ea0

Analysis

max time kernel
120s
max time network
143s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-06-2024 19:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

akcms3.9.6/images/editor/index.htm
Size

1B
MD5

7215ee9c7d9dc229d2921a40e899ec5f
SHA1

b858cb282617fb0956d960215c8e84d1ccf909c6
SHA256

36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
SHA512

f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80e790cc7dc2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F8171D71-2E70-11EF-B238-4AE872E97954} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424986703"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000003d899c26ba12b4aa78f7ae25883d11b000000000200000000001066000000010000200000005805cf37146a201bdaefc724c5ceabc0fc66a8952c1aafa4f20bbefbe7f82fac000000000e8000000002000020000000e4947dffb7589b8e49148d3b469abd10fb743320518dcf6e809e3480dd61dc4490000000195d42ba50bcb9f04744b5a1b8a2f7d8461aef1a13eeb82e0b6592d449d5b71bbdf14006244bd80f79492682311a96e3685e4119a52e7ad08a1610b87599ac3d89cbc53067d7112077af0980dc100b832911c8f622e297df1ac6d6acc98b2884d5f1f0b224ccd61de4febea0de81ee553b91ad974975c38311936fe09f2bfd0fd01f20b765d6e7832092bda74f905a5040000000b881937a242212385a3f79252178f4c0221bd3b1c41d0967c2a696619918b9d4ef294c5d9dfcdbc6658544a30e691ba83b33995a5f53176b7c170e6d58899dd1	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000003d899c26ba12b4aa78f7ae25883d11b0000000002000000000010660000000100002000000043213e045bfe463cb3caf77fdcd22ff7c35d679971f674bbd7bd49c79cf399c0000000000e80000000020000200000005d1e33e450578e683a491d4d130d95e91f5d323a1964ded71df662913c9d65582000000004ddaa3085b064a4e3a6701cc2af77a0de0a42396448c1484185aeb8fbc8af9740000000f7a1876baa98c4295da8a080d12f812986ddefcec887d2ae3b4ecdc27b3c36189cdbba4e01071e67d56b7fa1368a2dc2768d991afd46b55f1c1a1f95570497de	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1896 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1896 iexplore.exe
1896 iexplore.exe
2944 IEXPLORE.EXE
2944 IEXPLORE.EXE
2944 IEXPLORE.EXE
2944 IEXPLORE.EXE

pid	process
1896	iexplore.exe

pid	process
1896	iexplore.exe
1896	iexplore.exe
2944	IEXPLORE.EXE
2944	IEXPLORE.EXE
2944	IEXPLORE.EXE
2944	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1896 wrote to memory of 2944	1896	iexplore.exe	IEXPLORE.EXE
PID 1896 wrote to memory of 2944	1896	iexplore.exe	IEXPLORE.EXE
PID 1896 wrote to memory of 2944	1896	iexplore.exe	IEXPLORE.EXE
PID 1896 wrote to memory of 2944	1896	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\akcms3.9.6\images\editor\index.htm
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1896

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1896 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
61de2d9d4b28db3c1dd43b406f1690ad

SHA1
25fe64fa93d8a081fcc6e19fde97b481fe0f5ad3

SHA256
a058cce3d79402f46743aa59ca7a74456c262c5a7050e48ccfc0e114120b97ff

SHA512
6aaf909e372aadd794200dc4390955436eb57572693a4cdbc23a59c70add29724bab471cd674c4a5d490c8c409847413de5245f939ced0456bc23e5d199ba47b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
27cdc4fac5b390eaec4f62a926e5fd4f

SHA1
efaea43e55d9f4f510350acd85de09e54d6c1b09

SHA256
f458044b0a09f10349dcbfcfc3d4f3d7acfa472b85d00462b50bc5285fafa366

SHA512
9e0ed0bd1b8fd4cae7b2f94b59933597ccfd5005c232c7a32d863de57807b1e8bd60f6da0084da9a0ae520a6ecb1362927b731f6f023b5d9b1c655a796fe93b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f8d191fa4854f778f42164b17d3f7ef

SHA1
68d015917b71994a9622f126401d0dc864a7c3ba

SHA256
a3d45999c262b9156d59c7b434cd2ba6c61d1e1ce1f4947b8b92a6860b3fd462

SHA512
51f2cba0310e485b51603afbc239691f244ba38356fc8e3be426d3c77c97ca0ffb9cd146f117f9f5b5e5e2b4779ab151db73d43a84d59af749f2f8aa517bd87c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7851e1d86e6e56aa714deb221cf6bd3

SHA1
8e745ce28db93872ee2308521462614fde8e3fac

SHA256
0f49f02cd4f9388ea4ae5685450cf3db32f03b9131c6da82e886523c5d3e041e

SHA512
88c22321df7dcf4a2920d7e733fa1de0c954f612a460f17158c8ad3b216d7fee19025b12c2be2305eb4e87fc390cfcbdf9ebb7736acf5931446ac95283667dfa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9932e6f5c7f594d3eb0e76cb10a19bb7

SHA1
9ac98ebba60eb6afed1fc62bb2b3fda05dac5a08

SHA256
fedcce725811188e9d7ddd73b88b408ccbf9261ec308c69771a92a62bd04b5b9

SHA512
be29933ba432251a546b707d42daf67222b37243eda1d2b3966bb4fcaad0e6bb1e17c61e04d9ef7dd640f0b1594613181d553744510418f78d48fdfb2fc57ec8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7c72570b13e52b64e8e26105d2ab586

SHA1
f92ae665731c603dd42c591b9e30fe9ba34ecbd9

SHA256
b937dd89c3b451faafa221bc6c5f1b0b88d600e8ba2250934d2f04a330a3f7fe

SHA512
50d87b0524aad995d755f794d57c2af57f55cedf4e6d256fdd43be82adce2fe5781ebc22c42d6848ebeed07eebed3cc7633d9e23e4cbcfddf0e5cf550c55ff57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1efb53292f4c549160132374ba903d84

SHA1
44421b1381cb153c365bd22b2df7cee43a5d9ab3

SHA256
7812a6483db6ba705ed333fb9e9fc83cb5bee5d2d3af085630c862184a54c35a

SHA512
6815350a174ba441b5c74b6d9f98cb323117414674f55dc528b6d629f027e92d254351889e51a310e60439c15b70f926fccd245c6e81b00eccb4091db33cc818

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59ce97092eeca27e26d02eadba2f4334

SHA1
7a630435e04e5d386efaaf57a08ff6c9143aacad

SHA256
dff92197b2133305b95b1cd0efb04e9f9d48e8a014307a2d8e9a40525b5e81be

SHA512
ab61d1dcad2cf4026f8f2e750e7266a61a9267f32c23e78a1660ea58d21d07368dff6b32abccc5408396b2710165b3d1d002f19086c1743e2cba28d1c0278084

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8f844cec1cf4535add5ceb18fbeeef33

SHA1
9a2b40793def504047d1a23fab4310749f776578

SHA256
5595cf79fa5a02d036e93c82cf98d47f7d3c45350a2b98b55f3959b6bd4602ea

SHA512
9439a3e9ba18f1c1f0b8d22d7cd4d5a4248bd4abf2fe9df8bda49b3544d522caeceea9baef27b35040400897a70ac13c32c85316d03d4bfb0496645b2c65c875

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
80643e45b0a84b2399ebace4d2515a32

SHA1
3e13be800b12dae7eaeec5cf9441ad60a8e39896

SHA256
397f1163d09efd06e8e50d4d1c5532f8b949cf408cf3fa1a2b47bef358c8a6c6

SHA512
be32c117b6b873f86347831daa1c4a0458a2d9c080ac121f06ca15efdd21814d004235c444b25c7ace47451958152f3c5b32b883eca16c37b52f99de6f2af477

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
347e4cd8949e992bc30df9e99757637a

SHA1
72a70ae4a1b2de80aecf3fb371b6e223f1c50066

SHA256
f8679261ce14be478bffac06def3f0e8eef8f4d0b96a02a7ab1b69aa6599ed7d

SHA512
95182ae3d672198f0447667abe804e848308a64c3264707d4f38fe7ec93d7e83e00655dfd378a853d16bda2d62b68d6fbc932c9d3d539c26d86566baceffe561

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7bef3e6c8d957327d13cce6c064d5af

SHA1
80b7e5dc8c02bda9b1310a127cf69fac633fc12c

SHA256
c70e78d50861c37cde083ff649b8e20f4af4ff62dee99a1647453ab209a89ec1

SHA512
2b8f84fe63e4c525c69c9454705b7f80e5f69ba2481c03e2c03191f9860675c81d920582b91bbcf421b6d4cdc1cd45dda5033ce5fae928a8c3380d0dcd827525

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b637554bbf6db98cfb58ef5a836e939

SHA1
6fcd39a7444db1fc4ecf0cbd216c4ef8937116bd

SHA256
d45e009a6e68f7afb718f17b5682c849e6ad32e7f774bda46e7178c1490b0b64

SHA512
67f02b33dd3825028b3c377b0ba3af6d5b558752e39311ad907a444bc41408a177c847fba11663f66e13cf52ea0c5acaa7500eb4fdaa0835f47c979f1ce41129

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9beff09889f829a129146fed99ec320

SHA1
b3d4f2a723bd7a3e8ab3844ef2f4be9a99fa9f6c

SHA256
becb95379eee71930f51f725cfa398003d8870a9606cbe70681d615c5f0c4512

SHA512
9c05e7d83e964214bef332cdfc2bca2826d1a003647e17db8eae5373fa0edb2f55699b6daa1c56ce248d93de149c35a21b46e90c81de0016724b44d3a7674af7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2e59be349afcde18f2d83538a490ce7c

SHA1
c621fec4372678120d431f27a0736dcbbb6b154f

SHA256
e4640be0e2cc4e6f0378d239ffcd4b02f654a72010d3470001ba76d83cbdbe21

SHA512
0dc0e2c1d779463014e6219fee265a211f678fa7ca84957add55046ece84edca3f6f2d9063e49da20537666990f035ee7df6ab163109fb03e2a2c47cd24a25a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab38BE.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar39A1.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit