5a18f78f1249a8d577799e285ecd8fffb1558fcbc069075aaa07b269f9b204ac

Analysis

max time kernel
133s
max time network
132s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
03-07-2024 15:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FREE-GBK/adsview/flash.html
Size

1KB
MD5

e2a19737d7d483ce687854625def9d94
SHA1

3f1d2f75fd9ac3a4a0ac0892a0fc982580c63829
SHA256

663581d2b8201c2a1d1b691676ee55d5954310fbf65f1cf876b3efcd75bb056a
SHA512

25cd11e55b8f64a1c0726be87b465919ed0ae0b25890805145fe88027c3ab7311936ad0a80faa065cc4d0b9459e73e36cf156f232b25408c6b6eb989ddf919b8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000005b1322276b27712dd676b792d4a19142eba6b83f23cee76d03cbed65fd34702000000000e800000000200002000000083cced17fb81b4ad820e756b695129bbfeecf9b0f33bdc72afa757c9b60da9bf20000000b46efa76b909e78c7e8f80fa2d0d3fb9ce7b0d025f1fbad15a51984b762b640f400000001d18a7eb6c85b7aa62235dd4aec75f15d404408ffc78396552b24e327d5e56ad8fa0490f283ff55eb1d16deefcf744b823c9a8cf388539923daadfe178f337ae	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426180889"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0d0f0425acdda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6E7DF421-394D-11EF-A0E1-D2ACEE0A983D} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000ea038f5265b60d394c4cc8f854aecd52dba885ce092512989540e567b5101c27000000000e8000000002000020000000a88619f2d35e9b0fbb84180930b435a0ca51558edc08e9cdb7eedd225080ab9990000000113b6b5a09b50a07366bc0651bee7bdb877ac049067bb46d1cd79c58c1ef05e1b6201f3cb19dd57656f98d4e010fc4994ff495be3eafc79dd8288ef26d71ade09ebc3da539d865397496e164ca6d87b496da2bdb206cf765ab6ead64645a83e4255e100787a02f177f3cc511b3b5d5fe8b030cfa603cdc634499b99cf1c61e098bde6bfbbb545fc3354402123b88ce0c400000004baa3766bc77089daddccf129e820c7e63bfd3ac69f564a667ac30b2373a72566c10816a9d63a077272b7257fd8fc7ce909ea09367f665e060542788c164fd44	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2232 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2232 iexplore.exe
2232 iexplore.exe
2612 IEXPLORE.EXE
2612 IEXPLORE.EXE
2612 IEXPLORE.EXE
2612 IEXPLORE.EXE

pid	process
2232	iexplore.exe

pid	process
2232	iexplore.exe
2232	iexplore.exe
2612	IEXPLORE.EXE
2612	IEXPLORE.EXE
2612	IEXPLORE.EXE
2612	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2232 wrote to memory of 2612	2232	iexplore.exe	IEXPLORE.EXE
PID 2232 wrote to memory of 2612	2232	iexplore.exe	IEXPLORE.EXE
PID 2232 wrote to memory of 2612	2232	iexplore.exe	IEXPLORE.EXE
PID 2232 wrote to memory of 2612	2232	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\FREE-GBK\adsview\flash.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2232

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90b3c7bb396348c4c54230c1b2819f52

SHA1
7abf26d906b3196047c9a04f44388ae421892581

SHA256
3f3c405e8f4df9518026083e02be432651ec91892b90a4ed371355814dbcf972

SHA512
0c65a62b39cf93ba00a62779dd4916a0da09f87a027de02f5381ded2ea97c719277754bb25b5f2a7489b07adf299305dcaf31e2a7c32eb7f29be37a1fa22c6f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77b4dd8a07c82956c5f6cd3f5da6d1ae

SHA1
12349f90857efebf76c3d8c638f5ff58c6da2809

SHA256
8bc2be0121402bc5aa2030c6d13dea8a523b75885c587157ee35fe768f68450b

SHA512
1e1abc9134ec4a32c63f2652adafdf86c005296f2e1b01bc82c9bcb0fa9bf40f305c67ed35e0a275ed12a1f910d76e4fc7e2f27060b477c191e37033ef26b685

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e1386faacf275cb668950e73fbbf82b

SHA1
2aec5775e6d274e9ac072eb306361ff6a110ca42

SHA256
11c54a8fda9990dc2066f3209f750451f7779383ecfd240c65b4d7eda2e85ebb

SHA512
8ddd36d6046091d6620ba6ee941becdc7f10eaa088ed4b1ae6826982ab44ca4d63d41f9a160420209aba6d0360be2224ae55cd8fd964a82efcc31bd4a71a82ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
95bde982bd9d5782ebfcae97407ed6c7

SHA1
078d5d107371aa54bed92abaf3a13e0bc968bdad

SHA256
3ebf74e1e17bcdab55d73506ba84891b3b32fb903540bc6ed27254b4449130c7

SHA512
3beea28d5f0284dfcc810105d14dfd43af7379ef39c3ecc3fb76b3b20af690b261f19aa23d3b7c77e93f2f64ae9ab01471a1a42d6c8d8b08dab1a2a301d476cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c905401f9a880bbabcba1422ab8334ae

SHA1
ea35cc6ac15007905fb2febe9d0b260677bed875

SHA256
6cb24725fa47a49f6fec8e1f508e3b7f144948fbbcdd990452dc5ee5b5a85e2a

SHA512
662bab2c886903f4569eeda430e295129a49d97d248fe1b941f89cbd4fe5cc2cf938212f2d1d197286d1c4a7f32f413f38be61233b90f373fd9717caf9ce0f97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
438f5e93ef884182987760fac5ba774c

SHA1
b202a2f244cf7beb86b4935664970c03d8159be9

SHA256
126a25feba4c031b03a93bd5f06392c575ab0dc44c77a4863c9f415f99a7efe7

SHA512
91e87df8dbfa3fdb745ce3f6e26ba9e027db4b7a7163e36b0893751aaa11c8e3d100a42310ff877fe498924f88428c1f9b21e5d6efacec440c7d8760b32f88a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd8f917a53a80f8acf09f72b9421a9b2

SHA1
ddfad595d411c1adcb16e1f94271334a48cebfa3

SHA256
40b4efa6c5f8a976b7653d5fa93035d0b457348b5f46aa961bb305a11841dc0c

SHA512
493190589969420216134941f7e309cc565784012de35e25831c580286aa78c8e48b4491b1878290c63310da831eaf595468a71330e680f98ba4d420431c7adf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33d7b1eb353e351905ee38db6e3a26c0

SHA1
8c0bc4c473614f02fd9362f9af17fd4f114c2041

SHA256
7067b26e37c018d1caf63191bea6aa321651af06c12fea159f626ce50ccfab71

SHA512
db61e1dfedfc41af37603dc2f98d73ea106acde9bdc5ed72510f7490c85a195f6cb833eaf9e16fd3913b9b72b2e7a416eaa0d51ce1d5c18d3330e193878faa54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
134dee5a87222c1d8e4915891c0cf0a0

SHA1
7274beff88fef3cfb6b27b9c9c2977cf16167d7f

SHA256
e83a80275c6b5f8fc92f651f3ec626dce07935a539bc4967a536e57ffe5d74f2

SHA512
f29bda4d60a47744cac4f1efc25cc59f628bd21bc1bba2d873b6b5bec198cc1b9b37180d8ea70468c9c7d5e6adbc6f5e6c7c1053076d45ba8fc3cba4bb88acd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ae0c1a43c63b0cf4796c549238dc093

SHA1
0fbaed649cbfee27535cd16d30da1682ac3c88dd

SHA256
e4f4a09819b50c8cff53099432158104937ccc9a3e7c5f597c4c05a589039ec5

SHA512
43162a05688ebc5ace48c678faed51d28fac7e69a6674e6b186527e54c7df251479861f07b5abe35815a9b13c3a9d947a2193e18e158ea31a713c46bb0b8b2f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ef6d3223152bc46ecc3dfe427f76000

SHA1
87a833bd44d2dd2989b8f7e1aeaf17a15273ce54

SHA256
afc4b487b4034850b7a243584c3a7322efab20d5d39a321ce1212280dbc84444

SHA512
e988331935544d960bb99e404723b0fd13e48469ac915313421ad22f56df859d6a2b9ed763b367b2497611948841f0aaeb0c773f9cac6b1402310d6cdfcb598c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c0b592df5435b67c910c64c43a266e6

SHA1
0da4b20d02df143b6285640791c261b2b6d381aa

SHA256
774a26c9218f59a8fb627416c90467a1710289848a13c8ac18d6d351f68b85e1

SHA512
aa800d0b204164403291c84699c90e250fe205b37ba87ca73812c00afe9f09e1eb0c476d11c84d31916fa02ab7ec297ef657405a2f6448a24e33e3d4f2841815

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
340f28eed19cf55567a95fb84cb9e2fb

SHA1
00a5d9a8b62a6d54a805703d71c64a5beb44a1fe

SHA256
8c0f3a16630bdfe86d32648d9fc3f7a8a45b6bf74b7505e7472552932d2f230e

SHA512
1a0405b862484f19adb3d6849dec7ae729e8eb3e27332fb153b20fcf5248e978e155953f00805b7d823330fdb88b904f6da2b30988e37373e6b007ba25f37927

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
914532a543bba2d2d46179b9c02887d7

SHA1
17dfed5fef3223c68d88b4203701ef8b556c3e44

SHA256
740d6339fe1e194b5fb73cfcba730bab66831ee88dc9ef0ced4f65f20e213028

SHA512
f78dec1b470f8100c3dc9e10b636d29a01d7f996c6f78971c27fa65c39803f45033f8daf220a2cec1e38a2010c4957bf2e3346641d6acdabe5e13e1315acd86d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c505b81dc2c37fab67d0ae7cc235a0dc

SHA1
1ff15f544e17c2b8c870c8ba4852cda4d3c4b533

SHA256
53105d9baf099335882e095e6b6c3839b5b7ad495ebd3163b738d82dcfa0d9e6

SHA512
a871fbd510e32de307f46601390305714a360c945c316e7769efc0ba0da6425f56de2dc54c92f69a40cf411a1d83fbba8a3c7e9144febfb502ca3b07aaae3aed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2A9C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2B3B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit