0e9ee42b33d2ddd4d0c3c49181f02c7c22f64e478b363e1b7281f1296e73ae8f

Analysis

max time kernel
137s
max time network
137s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 18:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Worklog/Worklog/Worklog/add_note.html
Size

904B
MD5

a369a13d6186dfb099abf1d33b2c46cd
SHA1

933514220182235e0c226052108ed56c765e3dec
SHA256

8600cece562d0ea3f7a23674eff8fb41ed69595a42129835c9e04bbfcd41a4b3
SHA512

aed994f44515bf5a52458105ad5785ba7efae155107578e3a12c671677b914ce52e893146b1ff085ca69fb19ed4077cdee8e3608c5e8968274aac2749900dbda

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427576465"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C2DA5911-45FE-11EF-B8DF-E649859EC46C} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000157fb738f873cdaa6e7a26197bcaf6a0f2613193ac7cb4299db5035c26a9342b000000000e800000000200002000000040e2cb428f4fcc23130c46508e57c6da5703fe6e86a4b7340b73444eb9fde59120000000d4ecd773a8bb5d47186daaf00b7095567526186b9473f9aaf9254b07ee38ad6c40000000aa35d5faaae0dc232486a794d3aa5d48a70dc9ea0b84a4d4d123e450d334fc391e1bd57ccd90baf203fe51897eca7a4e0f22cf3dd64a5b3748f621406a4a13f5	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30fbf2970bdada01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000e716b6d8bc9afaab56e2fd208dc122feb32b940ab4db4b190711947223ff1572000000000e800000000200002000000094cd9ef33fd99731c2bde52dc729a1b77f56735e630641abd4beb18b9ed7a94d900000004bbfc80a5592a5ef4a6f966d5b1828941a8331b0c18d96d48848458e78289dbf5074839ff5b7516aa4c4bccdf4967b225872db76e2e66083ac20f24fdd42603df7f8c434e86e78e0e3afd68691b957d7c87fa92b739cf8490dd31dcc02bb1be8c9a184ffdcc38b58ff0240d8944a5ffc271d3784495653b06fa56b5f52525c665f5189e26443ca6eab2943eee09fd638400000003eda8b2d926d323eacf1b4315162481a2f179f0cb22deeb26bc78665592d2a481b2ebcd2597848fe91d06c6bb9bcc0b63a1aa7bcfd43bbd05993bdda192b80bb	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
560	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
560	iexplore.exe
560	iexplore.exe
2320	IEXPLORE.EXE
2320	IEXPLORE.EXE
2320	IEXPLORE.EXE
2320	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 560 wrote to memory of 2320	560	iexplore.exe	29
PID 560 wrote to memory of 2320	560	iexplore.exe	29
PID 560 wrote to memory of 2320	560	iexplore.exe	29
PID 560 wrote to memory of 2320	560	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Worklog\Worklog\Worklog\add_note.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:560
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:560 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dde4543c0e4a8761492c1d2497269023

SHA1
3a6751160db4642add1f4ec879f5dc607f705a6b

SHA256
1413d7fc38123daa3ce446ec6203a75ebdeaa8d214fbc9a091a356cfa751695e

SHA512
07905879906617951baa1d8518e43bc64a95adf03c90bf41a2ecd99b74675c890754e8bfe144a860c2a153fa829c2d68c758d50ba269257ecbebb610af052d62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79d1c131709ac3d44c8dcc92e41ec24a

SHA1
a8c22936c4c3644ddae619ac35c4f42930a19b66

SHA256
d25f5b8589615c4d10a6e377d7bdb4c65e1eb9f193f235650e81440802e40bf1

SHA512
316195af3f565692b952e8722c1eef0724b84de07859fc234224c2832000b778f10b9f9830bc70bfc6a290bf2b7e56fe573b4ca758ca64d646dc489cdb092933

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5e588ef669307d1df491e95a46d3673

SHA1
f0992c8f23228e148ca44f61057bf555ecbd28c0

SHA256
352b9708e64b95bc787bbf192bfe2b62f28b023f33b462c1b300c3d205a534f6

SHA512
706434ef8e69be986c2ba0374623c634ef12cb71bdbfc7aef02e132f7354ed5b6a8b5eae4ed102e69860b06cdd3f45957f705d100c9c1e3ffb3ba7f609418641

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a40d01944144804d75a45a3e9055e14d

SHA1
51c4521fc9355d5aed89ac0d5e3ab058e9f8e1de

SHA256
3b480ffa4fab7f3cce17370bde29d175ca03af0dcbdc2edb772c3839b811c14d

SHA512
e5c6a429f2ffe46963312946ec247fc9a6fb3b9337beceec3d8908524d970fa16fcbc5c423e8593568a8c07a2158a91d1a0b73a83b210387c2d6769e962ed599

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd7a2ce85039945edbf3275b12d8646b

SHA1
ec249bf4da352cc0b860c24a8e489d293e8de026

SHA256
02db0bffb9bfb24620cd955eb08271b6c642d17e81ee781eebadbf33a6874f15

SHA512
bba741d2557adae699ffd9b6b58f81b303d976c09f2b39418dfd722af5a8f20d00ac0b44820d8ffbeb7771df4488a66d1f202d981337da27711863d160c6550e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4bea63628b6b4556a4fd63faccd6f0b

SHA1
5e489fdcbb5ec61b6ebcd1625e18c99fc77ff58e

SHA256
5e51d57d379d843145122637ef6b6cac301f249964ed2ec4d69dee37114c9cd6

SHA512
8368ca9cad8a14d6e3cf0ee6c1de92f681e82e58c98fc2d018188f05c46ca95af42fe54b8c49ed9cbad951b214cca481485060e700d6e7be31ed66f462bc9a85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
65cc0a6b60779d08f6a1e2447f3ff952

SHA1
8c81b04401790501fb9da055b7d0ebb4b87b3edb

SHA256
2f08821379e6b1f7e1df265577f4785768e8aa5df76d631fc6403eb0969bf3e3

SHA512
e1c3f6ef6f73cccd11bf0a641e20f4f35c0c6719376996745fbd5c347b3898930e4294118a12b745ae82070966bf4cfa1b8f6f08228e0b600fc1cfa7d64ab39c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ecac85b921b84fb0efaad8fac2a58240

SHA1
9d530a8c0e2ab9c08256b3c6bceea3d677869b44

SHA256
128cb4880f83f4001d4ed3ab2a6b6ff0d970720d47fd6ce798ddbd08b3fb469f

SHA512
1c321fb919c5a1b013d2a81d8edec26ad8f2d85a460063a1ec840dc1a88d52466b5fcd78da509d606a8a5d405f5bf6c9b155233bca36f955a7d4eaf6d8a62672

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5fc4853d0c6c5add15d42c6143bf01d6

SHA1
f89974d829605724f037f9a17e87c616b74c2d0e

SHA256
8b9543b2cf3af7cd122823f9f0b6b3cbf8c8774e015febf63fe4b1a73826f338

SHA512
42671c2386e0acda9450c1d396641e2dc6f937d8f5c8ca5930329d6e8d17ca851f8105bf8a585aae65c8490bc9bf9e2f60286533816ef6a058a72282b327ac69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a738c417355972598258072d04ed7118

SHA1
3ea1d0f19c438cde54f1ddc42784b24026e503c1

SHA256
4502a5a4b23d45609ffb5b1beb76f236b8704961dcb9f846f6b5dbe1c4ec261b

SHA512
64a92a5844493162c96330695d0a60c87f86b45d5bcb373a559f004129aab5687a4e324aa4d45e8207af4605a1dfa287b082881cf7477e3622dcc5b100c62eb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39154f566d73333110023fc2057fe4a2

SHA1
ed3ea5c43931969aa2fe77d41d9650c16e2133ed

SHA256
f1e617cac136d4317400c2a79cc1a2527aaea3298800010438c6bf18b0371538

SHA512
d583285b81d42c309f485b88ddffb6b7331025c4e7941f8acb60fe2298820a2e3bc66bce87ea3b9ebf29ac49300cf7f4a625682e0e570479a3d3e8f66c40332b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2e112996368b68b9594e4bb9fb8c8701

SHA1
7d09bf1b662274eef796b065eb2b7a9587fdf8c6

SHA256
5d42cdb395d758f3318652dc03c535d00a46c065cf665f165bbd0e13f3adf2f8

SHA512
907e81551c12a44ba3f6f286668b5688194489c6cb2927b931351e334cf10d75cdbdccc6f69cfe93b01b6c021d6bb874902cce1d6af0114e3872d45dca39e0c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ccf61382f2bbd844428353eca80708c4

SHA1
e879fcef405be1a86382c97e465fdd07758198f4

SHA256
a6746d75500a9eb65322051d0a652036bde96ba46bd3f0460393c159f5abd7b8

SHA512
c9f041543bc4d2100f57332469bf829d60e048d86bc1cca7152c1e559bbefe2dc9ebde8ccee854ac6839267bee929f03471cd9eb2fb682f73115819b60a069cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c68d318cbfdb5682e9e51fbfe610cc3

SHA1
a30b7e6202458ce1bd4ba04b86e2ec172149f8b7

SHA256
4de71940572102967a468d0bf7e030c2a8b75fcebc5b71d36c61ee74e98d4929

SHA512
ef5bba67fbb491a322a5f340dcd156b5bfd4f15909fb84645a02339aa67ddd2c80e982bb419a98f925df0ce3d4d6c5a7d4259276af237a893846ba74bc3510d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01c5e8766b428f44170198195ee437da

SHA1
c50b769a85f2c038438fdb8e68b424ee274a68dc

SHA256
37330c2e356a4893babf11e04a77c94ee4a41a57ebc8fff7464005da0c1cf45b

SHA512
1673b25ddc8afd05dbf7f22b63da6cd5332ee23eb923338e22864074c5f352f1a3129dacd573b0777f5cc0d364c74c5a6b17edc36f14de20375f10b14430120b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e882339d3561d9e00c9fca677ffde85

SHA1
47ac6de3029aa73d5538ff3def557001f49dcf12

SHA256
db399460a725cc9d8190f62237df2283306f0a4354099cc32d1893f503d5bf61

SHA512
5ba2da1bfc969ee6ba911a1a8a60868d441b8e7c310c12018958675fe4e8aca82ef81de3f813ddc4ebafe6c535fb699dbd49f283d17c743bf0cda5471ada6c40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a3d08195df8b0a8c43290ca765514697

SHA1
41626f42a27b0885ae64c5b1c90f43fec59b7a9f

SHA256
edb4dc8e69754835c106d2a84d47f2b96ac9229b3dd7978d9d4918897e73fce9

SHA512
a81a8d29e0267c859930b4df6204f31cff8d96d43e4a021d235bca227fa75cfa19aaf09e3bd399ea933a3c836a1c9de7fec4654c0067aedd59bb1fee4847b212

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4711.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar47EF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit