58465648d792f118660ff7515e0b0350ebcfe576e19fcfd05a23b58c45770a3d

Analysis

max time kernel
134s
max time network
128s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
04-07-2024 17:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$STARTMENU/Internat Exp1orer.lnk
Size

1KB
MD5

9ffaab5f197ee38cf1fe65e19d4bb217
SHA1

39ee57d785cb31b75fe79879ab5dfed14eb1a28e
SHA256

6a1bfc7b4d0b3c749f9a5737f7f0253c634bdd62fe812948807c6beae039ecca
SHA512

eaa04c6437eac713912a81b2e11f97cfdc38d5d5bb459d7f4ae94d140b2bd4d74685cda43697f00b6803b1b58da3bef78ca3d9d6a4b9f5e4278ff2451aee512b

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0bece1c39ceda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000fe505f931b35879067a9548da8e646ecf22f42284c858ec6d2806709d27a4fe7000000000e80000000020000200000007fccbde0d29d9f009ec890d0462e8a848d7a9f2f324456e15d1d358261ec9cc420000000c365c48d9eeed67ccc4b7faefb287c7f93495a1c0f664467e7568d492fcdf44640000000e276380eb61a4d18fbb34b23e7206fe21344ac312bdfd4dad986d56eafb5a1aeb95dfdc25dfddb02c339e26b3f3e360b49b63d8b0f031679b393c5975384d41c	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000000eabc52de5c879619897a706fe1b4865af265d5f9ba34414fe74d198d39d4ebe000000000e8000000002000020000000ab262dcd3ecfc9b3335009b55bde224f4a20aa6cd9241b9605e3dc869860d66090000000e5cac955d9cd2ea45794001e69fe9b289bc4431928c2fce508b5ad94db216ea087b55b2fe02bc91cfae18eb09b5dff846fd479e5c1002234f5b62cd13cc9b5f8ae37e7a39327c85584b9d026f9545b6d8f1f99eade2f8b449038b66e0abc0f327a4f77d47e19a771d446dde192293ad0673fafd4203dda90fea3464d37a42caeb998054431982f101e5aa450cdbc7c6940000000358bda3e0379eba4251ae4db9f5d60d5ce3e98a3f6eab80fd2a5f6a95484ce0226cce3808898dae6ddff9df3858421a8d4b1ff6ea6fa951f0ac4f4fcb9fbc390	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{453770C1-3A2C-11EF-A1B3-D2ACEE0A983D} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "426276596"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2204	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2204	iexplore.exe
2204	iexplore.exe
2972	IEXPLORE.EXE
2972	IEXPLORE.EXE
2972	IEXPLORE.EXE
2972	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 2204	2412	cmd.exe	29
PID 2412 wrote to memory of 2204	2412	cmd.exe	29
PID 2412 wrote to memory of 2204	2412	cmd.exe	29
PID 2204 wrote to memory of 2972	2204	iexplore.exe	30
PID 2204 wrote to memory of 2972	2204	iexplore.exe	30
PID 2204 wrote to memory of 2972	2204	iexplore.exe	30
PID 2204 wrote to memory of 2972	2204	iexplore.exe	30

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\$STARTMENU\Internat Exp1orer.lnk"
1⤵
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.113w.com/?waga
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2204
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ea9b3b3a68791a0a7ccec6721057701

SHA1
b61b01701ba231edc43fafef8f949d5fda8bbcac

SHA256
ceda6055903d832e94380a9c8d482482bfce8b1a271bb248ec4f2bb14d389891

SHA512
63f56fd02d8c34431ac9af0f6546f70558ea6d1c976e65dbc3245fef71814920dc1a1613acf8790a3e35aeda645127593c6fe1a6144dc1422576dd10b17d4969

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
200eee7d160566adae17fe4e1103cee6

SHA1
4fd375a291a33cb3966698e008e99412f99ec85b

SHA256
9c208dbb32a3573196a4ed36e808392fe238cffb37433c35c99c82477127fd78

SHA512
75d8b35d7c8783e964f70362c18174d33d014e10973187bbf1b68cc518c0ebce5f921eb807a5534823d5c4f605ea13303842675b206613f5d9e544234e5f00ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8d0ed5d9b6ebdc36b82479df128372e

SHA1
accb51223ee45f3319cf75e36bc0b74c61159e36

SHA256
a24646907f37af1101c4af8457863d351df940aa6fc40ff48de43fc8d25dfe3f

SHA512
9623d01daf619727cb267225f39dac6fea0430789da169ed7d785ecf4d2ffd7d5e81e7a04a880d87cea322ca5dd45261ccbeb4a7d40781319045babd00236bce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1877fd268fcf70b76e91e08997757939

SHA1
2248d58be43ddb691e1fa147bb31c2b6cf1d41e4

SHA256
22591adbe023c73a21a60447503db04d6f78cf7d2cf3e18e37f600b373122263

SHA512
f32f96c86bdee113dc893a47a54a4fbf09f55f6abed0bc5139e2abc0434aca6cb0f82367eff56fb1f77c3498b1a3ba923b6df7fa2a5d54c656942a8f2b27a6ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d0707749f545db8bacb708b3a0474fa

SHA1
f188054dacc5e4b3c00ac1836129c0502c373ee7

SHA256
c5cebba8a9fcc9e116a1cb037b9d563264bb605f9f4fd8132e22499786d9e980

SHA512
b619d80a2355b574487231cf57ad87f79c193f97de42e7b101e4aca798992c8156224726b936517e3459087aa09ab8cb8e34c74b4935910b9410f20e33f669b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
926933519e7ac86b5f13b877174c9a25

SHA1
b5ab91745af8a5f6899d27ff5d1a89b167b645ae

SHA256
777fa7f942f5b8d250d272a79be0eb78b1a1cbc6722449b8297f7774b38aa32d

SHA512
368b71490bc6f45557851d59aca7d8f54db2cb2f3dece07ba613a80e32e8e04dc00a9319d7ffe643049a6b7c9f61471a07ab0c77bf9e3bbf43651ee9d2b60804

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d157e6b7be187e68b307f5e3248e63f2

SHA1
f6f26cf9585219e7ed227e058874ecf79a9e7e18

SHA256
4629ab3ab94ca1759bdf82153fac3cd7f5c1e11e7fb9fce041c0582d821123da

SHA512
6bd9c4eb1cf53c7cb45f161d227ccafa3e443e2c9423da2793bde54d444c9a779b1c6b3f04c7fdfde7ea0e02f3c089006a58b6d3f0e9cc3736178a731fb061c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c018d4468c58d851bcd53efb3fcbdcec

SHA1
525b292140ceee8e462b6ae6df8dc1bb889ef6cb

SHA256
18c4f1950170963cd15ebe4c8b10c917001af9700b93e35863a7fe3ee1735f8c

SHA512
c13b0043e10a708dfddd5d598ca8d8d510f99468bdb7a64722f8e826bb0b29dc66b4c26ba49a115af239780113fec96eaed73329856be3c00ba4ecb66315104d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8263745d0a455bcc91259f8f7e6739c1

SHA1
907b35fda4ec25e59dcdb2d9559967b191860654

SHA256
d98438351e8b7fef125cc5de2d4d8bed5459f591f8543fc80cfc02d543462a55

SHA512
dd8f87919fe6dc632142d9e8d371fa285cae4a335735fa7ea249c4890e3f4ca8337fe694277439b3946102efbdc13ce3277d4c2679b47fa6988151acdbc4f26a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f1d81cc78e33042a047c1092515884e4

SHA1
5c826f2aa330118d96ec465cacb1dba15ba2f8ee

SHA256
51a8a6a509afc9cd88d8d3b8ed2faa5b10d383bed23b8cfa2c611110846df499

SHA512
27c53c988bfb8a5f42d4a82965827935ecd8dd48c17c53f68035dafd72c6a6f030c5a70f9f2ff0b2f575c71c5cf3179230b3be76b6315e717feccfbd85622946

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53dad6db1fdae1743e6f8c7aad00818c

SHA1
00ff2830b8cb41d79428a901c4cae33744688092

SHA256
23600f751724d08965349f8ae3a01f8ec0e5318072dc558f9212d3904a31df08

SHA512
b0a000800f615de2c358c8b47088b0a8c0d3fd925133447c019f3074ca4e364e0b9358602985176e3ccfef0f4cf87db9bc92d12831c7b4e36ecc412fea418dd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f9183ed60c18fe9c4b251dd43ffdeb0a

SHA1
f4d7da7cdda2fb4415b8d48a65bbca545d3be305

SHA256
038fc2fc0ad3505167b619245515f652da86aea008f177f0b2c80d449caa434c

SHA512
002773de7823c7360662a528daf722867a412958b27165b7ee931132917e554db98c4a9759878ef11f0453aefc72d5179015be6838f2573bb3640f0bbb1a18f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1cc3e13a974296020ebb4276b1953cc6

SHA1
05996ea1f243818dec7417bc861b3ad206a1a6f3

SHA256
e96e8b7ec30856d0c487433fff10a35fde71471fb3a1ea23222cab10b91769bd

SHA512
27621c2931188e77d6fd316238962573b3cafb107eef8a088af57f24e0d5c0bb456fb7c37165d17d2095657fffe7e3ca9f59fb7e68127392794c0a382884cd86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ba8f950f8e268fa7f3317d140591aab

SHA1
0016674d28bb4c6b98027f58e7c50896c0eb92d7

SHA256
d22186d8ac4efa23e54189fd980fd4d30f85e311455259c06e1afc6b9d365a9f

SHA512
f2632ef1a1633e5a2b4721dfd4782e80b0ee316fe053e5fe9bd95218d381bb5d847139377c4045830188877e30f81c5c46226830ee0679a748cd42374bd1f957

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b643922f78eaf959ea280dc6b39378f9

SHA1
aaecab18e5f01f913de401826b12337ec71286bc

SHA256
37bb252277982d3f09b792b4d91a67a92c27295a9b46738540caf47d09233d28

SHA512
cfdca47179add5bbe3d0b63327bd22733ccd357b8820de321caa0814df791e839681a2e99dabf6fe258623296a4251ae778bc92dbf7e78efca3d5199a5d0a70e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
017a520c13492acaa9dfa788e84514ae

SHA1
25c6960ebfea488ed1958be0fcb84c589e9afbec

SHA256
6bcf8408188ef6d023987711322f3839d8b89dfc8a4e2dc7d3caa148b62e0101

SHA512
16a40ddfa8223d5cc3992414470d1cbacf8581f2c495e5fd71525afd58e50f5dded1aaafe283a06d0beb51e98abb05333c4d23139a50b41f29e868c168f9864d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
530ecef7dc96a24477f9a68c6f871b94

SHA1
4ec237d1690106634e04e819999761e8e1221b9e

SHA256
08f66d53ee4596eb7fcf66d4804a09ca6129b835a7bbb089b18a042c06117c84

SHA512
9e6bf4f087307cf2c2b0218a5931751670b86caaccb78bc89c3670f81c414a74c442b525c4bd7ca309844ee238963ee9e024f2c4dd350264eccccae6ed16a438

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5DDA.tmp

Filesize
67KB

MD5
2d3dcf90f6c99f47e7593ea250c9e749

SHA1
51be82be4a272669983313565b4940d4b1385237

SHA256
8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

SHA512
9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5E8E.tmp

Filesize
160KB

MD5
7186ad693b8ad9444401bd9bcd2217c2

SHA1
5c28ca10a650f6026b0df4737078fa4197f3bac1

SHA256
9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

SHA512
135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

Download Submit