b81019d16d83197a22c34667c770345df756242aa5f17cca00f418a5d0360ea0

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-06-2024 19:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

akcms3.9.6/cache/templates/index.htm
Size

1B
MD5

7215ee9c7d9dc229d2921a40e899ec5f
SHA1

b858cb282617fb0956d960215c8e84d1ccf909c6
SHA256

36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
SHA512

f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F827DE81-2E70-11EF-AB07-4AE872E97954} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e3475937c558d64b8e38668f1f6a0f9e000000000200000000001066000000010000200000007ec52b0458577e6661c8ae590fe0dd1093b2f443a9acd97aa3f17a307fece0d5000000000e8000000002000020000000f7567fcc1b8d0738afff8bdf5a82742bf04b38d86b5cde10c3a0aa48798de6902000000084bc2bcc2a986535a920e2c913feaf11fa9fff4b321b9de9e93544d507f0f7794000000038035fc173089a2e18d4a631730a21258c6bcd694fd7384bb6f10f037e043254976feb4bac974f931d5bf72e325177223f39bc210fdf298449c1ce31b7f4e89a	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424986714"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0b5b1cc7dc2da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e3475937c558d64b8e38668f1f6a0f9e000000000200000000001066000000010000200000001c182925ee05967e61cb085af1d8a15d219596c1ce56fc7e99d70b7a63965742000000000e80000000020000200000003abb7bf13b9c5832ca7641757250c7e7c8958403cd0a03b764a7dadcf391022e90000000cbce9489814a75b3506b225c429744239364f50edcd5c9d1f86b5cb4c6aec3136135c674e0e1f97d8967efd4d18571c7099466accc68c780e000020b8faee7f742721668266c92ec34f20215bf4c9221d888ce3b7d56fcd35a36b67e14e05a0f7e2cb90051a5c61dca19f302761a0245b30252010d8330b757e6c5617e699c87d7ecc6846d952de65a753482dcdaad20400000002370a3d6b2b00c909d25c34941415aae3436cfad388589b8d5df898a5317a97063901d6ffc631b26f39b9c974b598c22b33099145168b58a8db06ac10b4f847c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1996 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1996 iexplore.exe
1996 iexplore.exe
2292 IEXPLORE.EXE
2292 IEXPLORE.EXE
2292 IEXPLORE.EXE
2292 IEXPLORE.EXE

pid	process
1996	iexplore.exe

pid	process
1996	iexplore.exe
1996	iexplore.exe
2292	IEXPLORE.EXE
2292	IEXPLORE.EXE
2292	IEXPLORE.EXE
2292	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1996 wrote to memory of 2292	1996	iexplore.exe	IEXPLORE.EXE
PID 1996 wrote to memory of 2292	1996	iexplore.exe	IEXPLORE.EXE
PID 1996 wrote to memory of 2292	1996	iexplore.exe	IEXPLORE.EXE
PID 1996 wrote to memory of 2292	1996	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\akcms3.9.6\cache\templates\index.htm
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1996

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1996 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
179ca59012edf294003d5b681066d477

SHA1
78452ffaad1e1b23dbab6bee180a1b4832caacd1

SHA256
4d6c933768bbc13252ab137d43c214f5b165ecfc372927e0f7a417dfa60d8648

SHA512
36efbed94b68d3de47d67ae6e9667a40cfd41c91a553a565225418652afc3f58db385d6991132c6bee2a7b8a843f12d985b2d171bda72f3b4bda7db97a33baa3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9fe27a59230f76f47cc02b4572e5d24

SHA1
36df7ac72abf9c14febc67df8389464953306bfc

SHA256
c97aa0571bc674e44dee21be13558b70f61656e12d41429aca4a485cd9af1766

SHA512
490643cfb83456959c0928213fd413ce5109ab56a0af8119f4b0316af970aa09c139e37b72ee36d755b240d9dd86d7635337cca6e8171e2597db7eff8464927f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
54ebeb0ee7796b3068b2e378f200ac52

SHA1
993bd8d21218ea78d5047babafd0f56022133e65

SHA256
9d51d9cbc4f3ad6124f8bffbf913e3d90c3257edbc00205eefe343fe1f865ee1

SHA512
fbabc7050db06e73395947da6dda6cc39193f2cdf2501e9f951fb87fe0debc6749c5fd9aa2e92590b153777a69c93b5e3dd08737f6c6dc8e41cf45cd39a7d44c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
717496d37a5d2ffcb680b59b6395290e

SHA1
4b84de7a30b66145bc82c61f0533960f2490752b

SHA256
c310045892179fafc8b4d11151ace744e4cb582b69271c96772b1b77fe9258c3

SHA512
b95373b5cc7d2b900886563d4b21d70c7264265d580952d09af0248d474e8ab846a32bdf76b24b116249464824db5c59dac38515b73ccf9e42f89f9d8eb50e20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f948417bbadb53de0eb5c976a0abf80b

SHA1
b799658c1ffe41545912713e6b8c1fdd45fb2694

SHA256
687499d6ae17faae189fc02bf2e396f1c3310893ac5b51223baf631b924bdcb8

SHA512
63a4691276d84deaa541cee36b85f10148caac6829b07aeab47e158c0f91ae195ff53645bc24d5e762b08e1692e5ff157c4359c80e0eceb1a2f564216cfb5064

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4207d6a7a36913e24b3e78cc11db2a37

SHA1
6973fe5715ba8a67670db32937bcaabc2df1463a

SHA256
47ed95e1585497eaf6c891214a6856883edda545439a3dd45a9ea0c2f21c8c3a

SHA512
f0f50aec7322cf11c26dc9007ec7963703f450495016b15bd00a36994a3c22a9553e427e3bc68a0b78998d4fbef637e860c4062f029936204e1d276761fa8c21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e31134b7cffbaf970a96c6cb4bcbf4e4

SHA1
194350a5f34ea246d9dd82670aa98736749af56d

SHA256
92ad8f188c6b7bce1dfc59b5aa3d8ec7139940adaf61e6542b0fce6875258da9

SHA512
78184f418c2eca47d47d2e1d8ee0c9477a52e90d8f54b125bbc01e3e86f26b5c21149eb899309e113bbced5a2b56ccec92afdcf719b7c44ebfcd01298edb0704

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f09b33ed18a032289554e4da3eb930cd

SHA1
1e94c294e23797becac8f687c2402495a5efcbe8

SHA256
39f122a32c4b8fcaf9a48bd5c3a25b4b66fb43f52766df0dec9782cbd02f1cf4

SHA512
abbc4e1529d5a4ced511516ee9901ff3ca670cee564e3cc3cd8c9a7cff7d640f9d479b607b4024f44fe250bd481a839b5003759c4bc54b6a9746d6a9327a11f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc752b634338c6b23cc33fdbb4f2337c

SHA1
2967af2ea03d46d55806387358eff62602483e26

SHA256
808294a1f1b8bc624c7a7639235d3eee6b269755d9c3dc498e0958732cd27a80

SHA512
6439acea462a25baeb358f3c61213cbf0349ed613698542ec93061e64be5da4bcae3e717ccb521a53f2dbbabe709d284ca29599a747bfe53d06483d4ae938639

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a75efe2d5390a69a26b046b839cc8d6f

SHA1
cfbef3fd5c646f95bc3744f0082c1345a561f47f

SHA256
7fbab81bc0f7213481810831e3e0b7db2d00a6b12427972da7026595b179fc8d

SHA512
cccad8a4865ebe53aea70435cf15168517638cdaab44d6c06718ce4d236c45d82287d265e64311b9a762f36850825a249206d7c0bb1039ac0fbb32dec9d7abb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9eb2606865a4686f4e20b04a27f4eeaf

SHA1
c53969c2ef565b5113974ce5db8413a85a7fe47e

SHA256
e2968ac6e6875bbc0313d018bbc4a0dc0813ffca505a11a57619d71c63559312

SHA512
db5c67eb876c9c626f44190e9fe07973a9d6d0355a3da39a77b5c52f461ac6fef19735d2e8cfd6a31e8d2d172bb695ef5333edf0cf1acefdc590abea5473ab74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72840f92b28b8bb65b1d3d32fc214605

SHA1
094b187bf3b99729d35ed6000357174eff950c3a

SHA256
a24900ce78d62c7aad1c5d61de818ff9e0bff14bd165c27da81bd808d4c2b7f4

SHA512
c12d22a579bbf063ca60169fe6ff17ee35b33f8aeda31ffe0d37d18f8ee51695d7c3bc43df1a1294790be8febe1aaabe69b6a9d6263135425db31063d57563f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41a653d3f6d16fa7db6281651ecf6440

SHA1
95f68bab27408aa40d676bfa5eec248be8951ea9

SHA256
04569b7234e1647dc68875fce227dd32719652231285956642b6e0c3ca4d1fa9

SHA512
8edaa86b8ae70388f9b0db0bc9bdc89cdc6f77847917bd1286acb0db1b9d4d91bbe20ecb653d097bfead11faf8c4f34ea44a32d75daec60a17874bdb0e010c72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a60e4a88e4924838fcd3d15e79278ad

SHA1
a7df791cc836bfdc38d4bad50468f7d16fe7d77c

SHA256
6732886cddddea776825f8ef1805e3dba307419b5841cb5473d1d5133821446d

SHA512
fdf9ccd46e5bb29dbbb1dff83adb89386962cbf1656013f6da622668c603067b3e7847799bc2144f0b55b10ca3dcacadcea9d06f2efc137da6c7ba06fd385a8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f7c6571a1ac6730f7186ddcd5ba9fa0d

SHA1
0e02ff3571f9eb6e2fba7d251599bad82a6bbfe1

SHA256
f3232c2ec5a8c78dac794632a04c3fd6b2f1c480c4d04ce27136a1afa3b3aa59

SHA512
87803d49bb002fec9e792e058657ccf8515f7461227b2e19c14691169c2230a1c50c40a5f3a751e9172cd6135bd74f3e424038834fc8a22fc00417cf69335f45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab403C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar412F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit