9f2bf14e31ec6527bf34cd2a14a107dcc70ec333301c5202cc3d11696b39f0ba

Analysis

max time kernel
119s
max time network
130s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 04:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$DESKTOP/Internat Exp1orer.lnk
Size

1KB
MD5

9ffaab5f197ee38cf1fe65e19d4bb217
SHA1

39ee57d785cb31b75fe79879ab5dfed14eb1a28e
SHA256

6a1bfc7b4d0b3c749f9a5737f7f0253c634bdd62fe812948807c6beae039ecca
SHA512

eaa04c6437eac713912a81b2e11f97cfdc38d5d5bb459d7f4ae94d140b2bd4d74685cda43697f00b6803b1b58da3bef78ca3d9d6a4b9f5e4278ff2451aee512b

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d9909000000000200000000001066000000010000200000004957bfcbfdf54c3a8bda551255c0987e0936de66fcedf401d46a7edd2a331fc0000000000e80000000020000200000003d5625ab09acdae78641ccf50aaeff4195a07646c572adc0a4c99f35ebbf279290000000ecc3e21207bf8dc8b426d58df33b7e66383aad3e1b929d21ff4f6a12a6087312ed901a98d96475afdc2a8085b43109e7028a264f066584665f265e81d918af03009ce6089a432174b6ca2f94044f13d502c11f101db2e38638d0f63bd5b767e7dc6912ae20317cfc6fd4bcff1fdfd5eebf1d7a2339e15147096b8321844065100fd71601282cc8a7dccf011bfd66d252400000007cfdced022d39bdb793bd5f80bb2f426c03761821c17941719a6dd297e1b33eb4e106b60d8bc0f92fb72d90ab05b17b087328e6b93b54e48d4d8279683dd5db6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FF24F611-4585-11EF-8732-52723B22090D} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90c6f1d792d9da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d9909000000000200000000001066000000010000200000007b69d67a88489f0044d36cd6f8c5c24a40be94047b6f12bd432715dfac97383b000000000e8000000002000020000000387b1613c71914843e5404065b7ae8219575f91908c307893ac7b93d5ae25a00200000009a5debdc367470a4e57dcc9f2bade8145531244b9ba77ec02e1e66bbe213c7214000000006a67346eec2fa57950be7c774e22f7142bfb4ccd92bc52f3525e1dc81735d1a4cf1736b9b0abb62e216d9f2593a44fa5c1f7e5d3198acb08ff65e87e4ab9dc9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427524596"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2684	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2684	iexplore.exe
2684	iexplore.exe
2820	IEXPLORE.EXE
2820	IEXPLORE.EXE
2820	IEXPLORE.EXE
2820	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 2684	2872	cmd.exe	31
PID 2872 wrote to memory of 2684	2872	cmd.exe	31
PID 2872 wrote to memory of 2684	2872	cmd.exe	31
PID 2684 wrote to memory of 2820	2684	iexplore.exe	32
PID 2684 wrote to memory of 2820	2684	iexplore.exe	32
PID 2684 wrote to memory of 2820	2684	iexplore.exe	32
PID 2684 wrote to memory of 2820	2684	iexplore.exe	32

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\$DESKTOP\Internat Exp1orer.lnk"
1⤵
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.113w.com/?waga
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2684
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2684 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
595c4e60a88a37b5e638954209611b3c

SHA1
e747a19602e2ba6456d241f681dbf1c17eeec76a

SHA256
583f57b5a723618fb05b6e2c61009d3f438b100970825a4e763f82e458c5f7db

SHA512
de5f8ce2521d13512ce4725af1a33df219473f91c2d620578f90a3a53623461684b555101080c48ffd32b623abd2edb3b0baf6f14edc1912722257b67d0d60d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39591e8341f4525bf77922c09c928153

SHA1
2b72b93fcbf6a41cba99633ef26fea588b2ac78a

SHA256
f671027447af4eded263bb4f974cc450ef8d6ceca8b0d7dcd6e815354d5432e3

SHA512
131804758283bbba4f1a4095846ecf1813d280e8700fd6169b9f513176583c87a5d04d60cbdee8c829e100921aeba9acd23dac742e31ffeb370152f7ac15d6d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
746e981c68b4bfd9c6e1f5a140510330

SHA1
76fdae5935569a4a901add00a6773bea1ff94589

SHA256
c7c1e9f4dca685c37c40e0727434ca16497ba30f35ffcee2df70e82a41260b1c

SHA512
c7c41e2a3d304b7df45d774baaf0550dfe07f9cdb0566fb0289eb8519a0f235fab7649e6eb0be93917c048b132ac11ff540e010f7f835cc895581b8767b0a96b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
32841f210c7cd15c74d1d3858b337c2e

SHA1
272b40a9f49de75010abf0a3e9ee899dcd709b79

SHA256
ff91395689686094ab782de602a981449c8c60f3273ea6d1af6f475c1cd1cb3b

SHA512
b697fde24f6ae6ec1b8e0fc3085963f18c5a106e9859b097d46b9825f5cd9427d165e219f654d5ca3accbf0097e36d65eada2f919ed16b8b14f4fc98b10abf2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f211713aa775f7e88c7a5101d581fc6d

SHA1
7faee7151d3b92415253ca8c946671afb6e54524

SHA256
616b63bf3cf8b81f210c36c45450fffbe0b207ad6996e910f18346fed2bbe628

SHA512
94209047f65e04c4da3ebf370f12ca7800164e07bcabe59b1ae8605ce6cf6febf81d84249cba75bf4850952adb69b7ddae9f64f43860acc6575691685c3bbbb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a090e2a0562a8a283f599828cedf8c3

SHA1
9b4454a1e1260181367e6787029248486a20c83e

SHA256
e67f7931f49bef5391364389617ab8b57073845e5d5655d2be8ffe68f280e080

SHA512
cebe1c23bc7dc63c70fb5be0752bbb0dd1cff06cef01496f082bf795778641ba42fab8917c5796cd6ad1ad64de36e68f628dd92eb3db7d1d1ac3f0e69f099225

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a86e5ec84c890ad1510d056a84eb8afc

SHA1
e22bc3f8eef73f83d4f3195bb0bc272a81f284b7

SHA256
ce95bbaac122be50ad6f2e27a9eb3bc99a5350e11eec37bdb057feae0916b25e

SHA512
f7ddb02ba02a5fb9590410e9615e717e0effecb5f3fa6582f025e8d4d7c4b56d34ad557fecdc8e71aca82832e1d9a3dd39490e68ccb6cfabe5b8b2fcc3cea97f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a13d84e0392e9a803ffc3ce6f384c086

SHA1
6dce46e8eec4f4824aa5025f41b1ef34e928648f

SHA256
d5019d4fd1465a75b3f7e308a476d5876c46c00b4be6bf90386947a4eb5f536e

SHA512
05e9fe3399a0a5f297a0a3da7e27bd18404b65d3d9951f92f935744b6f72231066a67cce46c09663e46db136cc5b9984f7335b182c62cf4a8f45816f56b703ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68968a39ba38755bfdfe025375546c1f

SHA1
980195b320cac182a1bc83aed00a76b0fb0a78b1

SHA256
502c0fd18821c8bf017c6c6d1cf6fd0156e68553e121f3469f86dc664ba43717

SHA512
582096d34f6f54eff745daf07e102e980ea25ed790958a2262c0fa166e5fa609363015da8fdc93082c1989dab1d13b7be6eafe12f8397627dc3c14e2f2f65ed0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
80197ade25f079e3856d1fa2228f1ae3

SHA1
29786bd20c8ad90beb29407a6abfa7a83d9aa55c

SHA256
c69cfdb8a3630a976bae1934c894187b1827a1e4bebfbd9996ac814f53641527

SHA512
b93c4d5c75a4a78705d8e18f046bb4964c24e1d955f908ae88343f30d66581cb11d9f228b2aaffe33743f2b073a27fe786401e317f4004c440c0c2aec17184b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
208168bbb6d50aab9ad64710082efd70

SHA1
a0ac1134b458615d49ac5061cc50936e98439482

SHA256
1cff024cc11e847b2e76eaffeab828e5d016979fad279bd656ed4c28d0f666ff

SHA512
5247a7ffcac16ec96e6be1139459852809a14d3c36dd2e5c4e927c421e2291f484f4b237fa8466f98e97aacddc9a167e71c30aca9fde70ee8247401a0a87506d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6be065d80b5bef6a7287cb051d0d2d8b

SHA1
42a771a6df0f3aca145b307ac37e7729515c14b3

SHA256
b17d1faf46c67fe203a7632607efbf3a83c310c9359a445608af11b6dff0814d

SHA512
d089d68a87bce943f824831dff44dec6d7b977494d9d656beb91c37d6bb4f9dc6c67c8dcfa927b410f9903351440db70f839cb1165d0de19d9b5da15eb1d86a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aeaf98adcff6e0458833791a0a741419

SHA1
a1bd8667020a4c9eeb1846ad75b9f8e1d9c3ec32

SHA256
a32211f3bb53186c996f5074727e13c73e97246eef875b8cbb734385eed5f5e0

SHA512
64d3db26be31ef15b47571656f6d9d74fb38183c4e376e0592ccf796f3782a97e7fb4b5ea746a1db7148452a5a8e9c919d0a6464baccf5b849875120659aa21a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
078d9de0d55f2f782bd639da5195066e

SHA1
a3633b7947ecaed0842ac69bfdb734090509a6bb

SHA256
bc5d4a9f9a21af5b3d58c8e5d59aab6caffe22514e2d0cc3de57ad144b222457

SHA512
c546cabd1a0e8148be3846a48a61383198b71065c35373b48094726b035f5fb05fd30624fb4343ad681f4bf7234f8d1377330f4b989da167f2d1e7f4bbe35def

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
24d3b23e8891976bd64a6a3a3acdd24d

SHA1
6b5bb4afcbee2067e6f875986279c1b0c0f2cd82

SHA256
f75da421c0861a66e79c15e0f4157477d257731cefce906d9a52665c542f046a

SHA512
38cffc88e31e0ed04a9c220228d3188edd41b7264b06bc56c4135714b5c5696d9b14dcf51e33dea0168a2fcb78916cbc8b68e20b642a1bbb36558d1cb09c09af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21db2c9496e280ed7ffb4b5863b495bc

SHA1
6509d1f58e90cf99d7283dbd91a6a4525a001595

SHA256
53a567282854de6df6c92cde0225e9c31bc0da69f4bedfbb8ba72d1c86dcc23a

SHA512
4e4b7bee2d48321cfd30937d3bff34f60a488219b553f486c2b6415731cbb38361f3904db557dede5a17926a2abdf0973feeae842a2bb923626f18cbf3f1f848

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e3205de9869b7f1e3e7afc8b14182341

SHA1
1c92e04f5d557989e2dfbad4434570665d6235ac

SHA256
1cd8162f14c0a078c20d1e6fa7b578ee3144aa959fa53472ac0ee91f731eb279

SHA512
1d4a1fd85771e5eee96bbf0274206f5c30347193030590c4653a0b9ce501fa97a99e20e9b2aa71fc8c363e7912e8f1c7fdc0dcf0c2ee7fd3b0f994f65897543b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2EA1.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2F03.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit