756b3c17d28d81b66a24532b91e34f0aa54b9c7519b0f8fa6dd2b65474d60555

Analysis

max time kernel
119s
max time network
131s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
14/07/2024, 04:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OEBPS/Text/capitulo_8.html
Size

54KB
MD5

e1a7182b8251e0016c25fb6c7409dded
SHA1

15ede24e63d45351aa89335cd6f8ce72e349285d
SHA256

118f8dd03167501ace000489a057b049c05f887fcda43f414f2120cc58ce1f77
SHA512

112e111a78adda5a3371db3fd925d2f46f4506818b9915c753cba57887861b1ee48544081a6f73e4929189c456eeeaebab283ba6920e5a7f371186d73a306a14
SSDEEP

768:PGbH/DwQts0S5wNEO4zHzCaOM3y4hQdWXCXgTkpXuVxjrSMm+Lt8DOqDr98Nur/q:PGXts0SuiO4HzIWyQTklcYW8HF37q

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f0000000002000000000010660000000100002000000046f9fe7591727bccd3a6e6b53a7d4d2e342aa0c2b42007c05b8580e869c7ac9c000000000e8000000002000020000000a49ca01507715b2d273d80b28b2a59705490048e7cc2646d271fbfb858523b1e2000000071defb4085958dc9e1afbe31c699f8b312df562a7a7a934705078b8f2661b24b400000002f7aeaa4c94ee22541aa98598750456e47e83143b6a8d5a568f16428c20cc3cbfd94cccc3ccbdc34a2e68b0ac3f14ff89281e6b35349df527d7931102971733c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E5DBC941-419D-11EF-A372-5E92D6109A20} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 808556baaad5da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427095059"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f00000000020000000000106600000001000020000000d6d9bdb068fb259e089036946312c9058f122d8c728e508d6ced6f529d47bda6000000000e8000000002000020000000ad4fdf6a749faa8eb09f3226dd7953df8a7895ee994ff766b32f4b7d8c191173900000004d2fa6cdf9ab9845a37b0dc51960a565b47763b874f373d1626702b7edb66adb092e4a049182395c02e0a8a4bd44967c605229282b7dc7b90dcc1c7d5759066c7033c5f8152201c328f61c5562db0d6980296123c23354218ce849e1996a4c7171b20f94b9cf36fcf473ceee5ac0316c6f4f66fb1e2f88c70a61a0168a5e7b421fbffd984c9e5616ce62bc5a4a7b504f400000001cf89af06c701fa725fc002a68517b8481da2a2667d156be163a28ca388c771bc1864eb6cb2e78f47be97409af387fb65cdc1cab1caee3e4248612f32f52d1e1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2352	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2352	iexplore.exe
2352	iexplore.exe
1984	IEXPLORE.EXE
1984	IEXPLORE.EXE
1984	IEXPLORE.EXE
1984	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 1984	2352	iexplore.exe	30
PID 2352 wrote to memory of 1984	2352	iexplore.exe	30
PID 2352 wrote to memory of 1984	2352	iexplore.exe	30
PID 2352 wrote to memory of 1984	2352	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\OEBPS\Text\capitulo_8.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2352 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be0a35756edf8aca39ee91d99f8a3656

SHA1
eea1414b32c46373522288d10df675fb2d0af3ee

SHA256
b91a684a4e54f0a8db0024b2ff4e8586b957c378f3645d256fcb3b9e8e2e7b16

SHA512
02ff4ffdb39bc42fb77288e493bfd917596e5e8d85943650d28793397cfdd033930b36e41609921b99b2586025dcd2c7e61ace12f47fef4e78069fed714c32e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce646a5f9a3d1ea52159075d724c29ba

SHA1
d91b1203e9af4882bff2b53c7e339fc3f39abae4

SHA256
30166ba2e2199db82ac889956e74d463fbbb02d5e66eb25dee901c0660badd11

SHA512
bd1e3ff81b23ef95cdd852705a19cb3017ab59e6cc3180f07c74e5b17e1d4e605eb4ad2f288f99eb12834d7defb02f7992c853cb5326e6cc8f8f2eb19fdd594c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e843924231b79e884c43321009134a6f

SHA1
af4e1745a7615ee554564ef64b8619943bd65932

SHA256
810d69d307e1956bfa1a24b5d5febf1e192d9deb939057dbb24d6ef9dbd0ecbb

SHA512
2bbef4ccca78230057de19dbefd183941d5f5b43488e2907583d9d658f274d8fac22faeb7b414cfbec23569de9128de4b086164051d96056d5a2a5eff612c59e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8312c16cacf3ae91840948af5494823

SHA1
e9e7ac660da493292a33593749a3cc999f7595a6

SHA256
4c33ee1900b7c352650f3dfea1e63e87cf4c30faa92363693ffecfb86e60ee9a

SHA512
f27eb829c558ab1ed7e6d87c26d8133fca7efa802ef439be67074ca6f6380be30a83e2e3572bfc4b8d4fd46d5acdfaa0053d5b3195547c5aae8b696588d0c9e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bdafdc46ddca17e37419e07b44a6c5a2

SHA1
ff22ec4de0f00728bc316b35da4f42f114f36f37

SHA256
fb52280eaaf1f54081b58889faf8ae8a26764a134b18b651ff5a3f0ec7ef3074

SHA512
c60b82c5caa1037fe00b75ce003e08679b62218da681570eceacc1b7c713f70fc7ba5212f9ddbf620128552a16c3f7093f37b9ac5131a0d7eb0505d1e61ccaab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10d55478d8b8a9a5c677b047fe0725c6

SHA1
eddfeaac6f552eca744f493a298aeb7d1c677d44

SHA256
773a82c7907439d6e2c29091aebae7d91b684ae02d62bdbe8d358a53d0630c5e

SHA512
2b2c175a0bfbe8385f2b25bb61b736c80c1b71f3c4f034d10a027b348c30df0985ee169b429bbe8b6e0b35c28ae2f721cae2da0d01f55dc12e3044353558a2db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
afc84849a48c6acbb3d086341097dbac

SHA1
d2c0e589dba6e3b79820f472602589d8fb9d3237

SHA256
b222af67b477243d2a98317cd8ac7ea84a5339d747fc5eb0f8391ab9b2e66d2c

SHA512
128ad8533cd6319b26638f6138177493eccfeb31184ebd31bbefce1585beb7e38719dff315540fb835d72b96e8d7ccd73c2cf339a77d11bd14c7e3a7fc4d6d12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bd97724c97d4656b84dd9a9930409b48

SHA1
9a7713a28a9a58b56afeccff2bd628ff0975af0f

SHA256
6631cd92f1cb50b33422c04f0ccb1b7fa00c49002f73de50061be89ae40c41a8

SHA512
65f04eb65025227b784bc10f4dfa0118d2595e25ea56c41174c42ed2333d5c20a289908f50db3abe167eadb1c6929519b06ec822b01b1911b211e1ebe4493adc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1387fb8815eac640ed5e02917c60b9a8

SHA1
c23aae335b0537bf20399da43e93fcb36736ad2e

SHA256
e3a137042d8d6848cf162336cbd3e65421a698e4771164a6b44d23914c0b5669

SHA512
006d26b58ae5e0c64fa8c8944d073026a5ea1d85ccb024a4d9b5a1bdca261775975747bc31e94441a3b0b9b91b5cfd10cf52a08a55da092def7883fbdee7980b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8442bbf02d223d043e8291956620721

SHA1
8d1d00fd758c2e4699d93d07b86b107a5d7af7f6

SHA256
a703fc74f8a2b85a703244e0742c6117c47b85c3ddec2f64d4a674d726a2e3c8

SHA512
0efffdd3564689050181e449797148ffe1afc4e678ccc004f8e1ff8c7620661bcdc740c8245dfbb24987904af61aa98513652e2fcc026d0a709a998b52575b9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0307c971e94d362079f5f20871d312d2

SHA1
c964ca80dc870263dc7087db26f52bae5b3891fa

SHA256
cab91217e60d9f70423eb3602d8fb40e7b8affb86cd1b18e53b91a3ba9d609d6

SHA512
9a8b2f65b18b5bbbbec6ab407d3a9b6b87a3293156df6bedd2874d8d731fea2541dbb06bf549dc30787a81687aac47c17cbeb871762028e4bf9dafca6bd03de8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c23c3cabf0ea863f02371b072dcb0ea

SHA1
f7044c5dab820ffc866e531f9972eb9b92a0d3da

SHA256
7206b1842c3e5f42feec9a84a849112eb1cfc2fed3e4e5ea5c38fa071f738c55

SHA512
67ca5ef87bf32babfa7592723ed4a87d5a844aa1b74e081f90e73ed6706cd9c3acc87696c30770b88cd5d052406faa07bd970e59b460e1484077a9813a535d77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f30dc9576a1687099a58982fc1d4b956

SHA1
e6d7a709875c18ba2f24db6be888ea52fd24a53f

SHA256
f0d0321bdbaf99092ad73be29f1c5c0f07be4b09ddbb390fde8d550dbe0894fd

SHA512
3c2092c9e6ec2ff6e9c5a8b065640e51c6c1c762cce7d816cd5a641528c225810a4ae6324fd3ef60a23edda82ed8e7b0669e103a396fe129d28a59578b900b24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b66dd6960bca64b56a7ac2fcacb5604

SHA1
5dd106e21ecf6579a82b78556ad4d672575f5abe

SHA256
d6aa773e1d6e0391a807a66b2c7d1750120c7a9de7b49ed1a7113f038552b433

SHA512
dcee8ff3ac8619e90e76bd2425a8cf243c34166deb1cd86c81e1aab3f767dfbcae775ce3616178690938f6f88debbcea1ad0a1f6643b8e86be82c7bf8390b167

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f80ffb9196c46531d61431258249583

SHA1
fa31dbb4787a8520aecc0f804c297b1d1613b814

SHA256
753437d483fefeab6027a9df3e128527cb71bc75f354d30126bd8c002ea2f710

SHA512
87f0a63f861c49624a1428986c75738389cf14362a32678ceb705702837ad33c8aa29f38638f1c6de68581a09b00f4ef9529e709beed84cb507c71cb80dd61df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75604984fcc8bb837fdc42f2c7ae8149

SHA1
fac1677e2edee57a910598337acdbc2dc299d8d1

SHA256
5bf3566c5bb82269ed35788fcee107b26c84998f0e44790feb7071631c61a93b

SHA512
61534972a2d0357d82d771e97c106f252ad26bb6b979885bcd68b445b9487fb66ba45787c3ac6f45dc424f84f05f172bf0a6c12f389d004e5e7cf7c9576816ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e92fcf76963a67c9b04eb3d175cd9661

SHA1
482ea75446034eac2244a6c5ef04566b4147062c

SHA256
8d524d279b38f4c58564568a31f4450c10c7720fb548f808810d3684a06e6b0c

SHA512
0312a8a873a4bc5d858e9b28dc252b8effad7c213e86f001bbe8ba52d4ea38cff9daf8cdb9fab6ab1a94a54b9c632d3d336e09f7ce13c8157f1125a38326be1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCC09.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF119.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit