5895286337726c72ea6478db683e7ace43bf1f6d87f995b0a8126ab85c527a75

Analysis

max time kernel
120s
max time network
128s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23-07-2024 15:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Debug/monaco-editor/index.html
Size

986B
MD5

078fb691917e14ba84655dba574c5854
SHA1

38c18db0157436ed71aec55605663a7a33301a6a
SHA256

ef442ca60d435c6b9893e478a0544b9696aec21003f7b414a56a6902c6ee47b0
SHA512

f9dca44c6e4efb972eb5999a7d2de1232365b8d5f721a74efb33c2fe6cd687a577df663d339dbc07c75efb9342910dda4b7d0b21d582a025fb30da163553ad97

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

IEXPLORE.EXE

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{81829F11-4908-11EF-B4E2-F64010A3169C} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427910503"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000ad60c05fdf4c65a2efdec77b018b55ea2761f520027ec9bccb1823a80ed92464000000000e800000000200002000000039411c8ccf8d4fa128d92a0c6caaf1dbd1fe0a262fc354877d55dd881ad2effb20000000b1740d7486bf2d192549769db92269bd1a616d1a8fe70ec0541eb9ed91a0c1a840000000f804845b05d703fdbaa44b6653c4601e0fd2eaa6680cdd20f7e6ab78fee231786b73502b4c87fd20e1fa73ec7679084040bff60d218eeb4d5c486e67bfba85fd	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0ed275615ddda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb470000000002000000000010660000000100002000000088313f04a7742cf1b867b29fbcd74e43cbcf45d42400a409ad0e64708030a331000000000e800000000200002000000062779bfa6def043e4a1a89b2a29fd118b900b5047cf3c56f53830db6fac75dc4900000007473062f5890c08a1bef14a2f3d49e610e3db2931abdc20a07d3b4e2942ed89f3ff917de6756b16c509d9e5fea70e2460fbc1e8cd56faa544c06ccc1f73070152f421b1232454b5256dbcc94ea833bf718a5b0f58fde2d1c2f70a2f359f366ecf0a5f4ae1c62800d4ecf63f10ca07fd2f9c0449d43e86d846df481c57e8efee8083c5eb85681ee9eda310d30d86183cc40000000e23e4a854477870961cf690a16d9b2990874bc6761c98702ff4c6d21aa1533c8e5a1d0a8362784c2292e5f3b0ff47136034ab36e2e0e2462317a742abe26ea61	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2756 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2756 iexplore.exe
2756 iexplore.exe
2680 IEXPLORE.EXE
2680 IEXPLORE.EXE
2680 IEXPLORE.EXE
2680 IEXPLORE.EXE

pid	process
2756	iexplore.exe

pid	process
2756	iexplore.exe
2756	iexplore.exe
2680	IEXPLORE.EXE
2680	IEXPLORE.EXE
2680	IEXPLORE.EXE
2680	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2756 wrote to memory of 2680	2756	iexplore.exe	IEXPLORE.EXE
PID 2756 wrote to memory of 2680	2756	iexplore.exe	IEXPLORE.EXE
PID 2756 wrote to memory of 2680	2756	iexplore.exe	IEXPLORE.EXE
PID 2756 wrote to memory of 2680	2756	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Debug\monaco-editor\index.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2756

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:275457 /prefetch:2
2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce50e9617858d8d7e0a9d0d2a96f95ab

SHA1
f3f7fb69196ae9a5159447c122706584521e4ed5

SHA256
69f0dabf48c36e8b0bddaf767790dec89ac461d60302ef2245db5de368997b0e

SHA512
7085b5f6d9b05b45e516e355cbdf9139c5dcded45e9b044797a104f05eaa70ab2a26f9c3b99c02fe2d90ec95e05bac9eea4a00383ec989f61b344e07cdcc2c98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98c7a4dd686afca11db02328cef88b31

SHA1
65f6bcc09ab367b18b4e986d00352ae970b06851

SHA256
ea7a9a94fe268ec8889b2464b0a0fccef187de44866310c59ab9cdf93aae772f

SHA512
96886795b1022601b14c59845e422686d86e1eb6bb88b1d35adcf2e57e26550f19d22b40af67659e15ca97bde301800ac9ea9524730e50ff35a1b2e6cb2138c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5de9eb65c733207a9d08f9740a47edd9

SHA1
b2668d4fc2ef34dc8b2c09d70c8978ed2966a371

SHA256
f088fbadc90a67f2e0290abc76dc95b7943e66843a0d242d30eb0e56c6efbf71

SHA512
ad0d40b76d833103ff20d4211328509191c359f8b775a6e36d2862c3dcf104d8ded781c53149fff7b9e1982b5885a4feadaf5c7c9a5c1f7b7fa903e8492d72f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e82aad225393d6fd83921b1d044db6f8

SHA1
dd7295e7839ecfc6f1c8c4b970c54b9b1767d61e

SHA256
18878cc63eee7808db51a94684566afdf962e04c9776b765c69f9227965b4d9f

SHA512
62ec00128ba01591123cea7256fe8118732cea0f65830415afea502cf1d508b899ccf82a263df6bebcfa4b1bc1097b64169208c98b5d7cc624f07fc360d533fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1eff299aa13f3e5b0e1d7e54551faeef

SHA1
dd4bd3721c004d68989151456c49b1c63138d9bd

SHA256
ed6237bfa63563683693d0b5510aa4dffbfede53f38d1552b003edd59e5cf419

SHA512
40e3c2b4b14b66a778ae575190e19cd033a238474a4cf26936327ffcd98a634e82f2c7e2bb4e4f5be2c764012558ba6d0de19f4fd942c75406f0b4fd0208e737

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e3c6f7e94338e8da2695b1622d19132e

SHA1
fe83712123e48cf883be5a1b5abfe2153d4c0b0d

SHA256
e6e2b026912261b9e1d6a0fc9eb01b783c0fc8cc2c88e7e48c88869b28a26a19

SHA512
7218b0c8c90018da3d32d035b7b7fa1e4a60acfb08d66da129ca95710c54dde8d726051c0d9e0a14776024f60cb446ef1db26b4a0aa796c7a56d4029922f617f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ebc9f0c7f6bdccf1e170ca4d08a0f84

SHA1
ae23fe9af05c1540c3f25316f61a8c7389530286

SHA256
b6dd747bf8a57bad3a1728e11f2dd16598c413688817b9ec8a9c7ac43ab4328c

SHA512
b4b7ab8d7c927d50c42e76fac6b452d7fb622e3e7b1710bc9836754bebe41b4a20db3a54a3d51be0af566c032e81a4b7434dc5ee542d33ee38ee40d5711642f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
436a080b1c1f01fed61d9fa17f85d6eb

SHA1
650a2d4b01859254614163f0ce9759d10ce7a455

SHA256
eebfb247b66eee606904fadd56af3de4c6ff9ff4135c86526fca14040caa9d78

SHA512
7a2a64267cd2de2c6ebed03791b8b38557cb2a4da1790bfefca841a3593f735bf55252ef1a5ee058f3b3bbb1bf06ce4f774952a0aa3e1415c3d0fab39a0d5375

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f83b87035dba4f1b6a1be3092a1e366

SHA1
87fde5ccd3f89ae150ff834000508552a6b87ed4

SHA256
53867cad700a436e0c59586e9a32d80787c218e0f5879f29f0b2ac130c3ccc7b

SHA512
6e838067efeda0971d0bd1e9f9b1e22029b96df31f88335442d77a7e16e312715c98a13b51aaf70564dfaf4879d1517f855e533e7ae6722f24d2897f0ed7246d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dff072ba24f234ea88ea49658360e899

SHA1
ccf5f933f3b89c287932e0c8b796b3751d05346e

SHA256
ebdfad80dda3f7c0ab28efe27731f5249eb04e64ba02a805971828bc870d5817

SHA512
23073e562561feffa4dd7ad7a1c9ebcb61bb8244315b062f4d2ac6c50e28fc55e58ee76253d4a754207965c9225e6eba289bb2b9ed35a20ef307eca1008f1c1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c3c26abdbf863f67cb9a5ca139efb86

SHA1
daea7823d5ef76838524c10ffa0bee2f45f663a9

SHA256
e583131301cdb429813d60f386dff58c6d3e69a171b0932236b9cd62536f0491

SHA512
dd2f1f192b0f610e355aaa118c2dc3499fb5ac35d6673cb23f87a0af2f77010394ed692da5fc3c1e25fdfd0851dcf2a04ebaa5ce73f63320985194b040bea758

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c53c4c02e6b806d1f5692d2f3764074

SHA1
3f7a0a5ba261f5ac36b0091c97f8199af2723d21

SHA256
458e8f5cde63eba6930fe920f38a70e4bd0f32d9eebb1e17fd5fa1e38f867f9d

SHA512
7227bc00b5032941af04c3f00d0c8d4544c8ae803da71419c2566a964720f7c959976b209df450fae9d17f67b43b6f728d7e0b8623f41786519c95808535cb74

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF8F2.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF9C0.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit