65f963bc3c4466d55ecb3f15295be97eaad188c9c73f4bef241c3bf46d95b4f3

Analysis

max time kernel
146s
max time network
161s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
24/07/2024, 11:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LICENSES.chromium.html
Size

8.4MB
MD5

e400cd908b8fb7c13985e2f5cc7a7044
SHA1

bbafebdf5b067a7d7da130025851eaa52ec3c9d7
SHA256

ee3b1ab8794c749673ce9bd2dd302f12d69f0a1a4adfe40a64247746cc311829
SHA512

e7ca440f0e042d7fcfa99367426bf19899a2b227c6d7b6e2c25d4f1a40113250f21ebeaaf91067d8569dfbad1415d4fe3e5626d7254722f2778497fcb22e5d6e
SSDEEP

24576:/UrV6CI675knWSgRBPyQlrUmf1C6C6y6Z6/678HqBMUpuQ:MsWKA

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{02678DD1-49B2-11EF-B39C-C278C12D1CB0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b70000000000200000000001066000000010000200000002e73a0fb74a66a36504bf9e03325ffc0aedac8d95d0e7751837126aada847954000000000e80000000020000200000008204f721df097798d7744cb6fcfcc3f77f6d876718ca556f5360d4fe187ea3c2200000007d052451e7f3f9262c180a1c4ecbcf017c3e3687e01d36901fb61950257965db400000005766145078d44d5c4aae345766087f92b8e229f0f33944e3ba98861fc32f78304003a2cc0c9846811496dc8a8de3af3f7e5416e6ca3592049f256a99f4371fa7	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427983305"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c00ac0d8beddda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b70000000000200000000001066000000010000200000003064ab444b6d9479f670d324bfa73442e7cc9f46dee41a251f0487641ed14e64000000000e800000000200002000000097156b8763b53b5a49700080fc7ef46cd5995e306d88448d3fc780bc0f9ddb3990000000037ea49a842dd7486a6ecd1de60b433fb12e827524cd50f44cf266a0f84033665c9247260dcce310684f3a05c6a2a77c80f9545fdfb9e07c886c04f286605e0256469d14c2a4e0a21ec7ec44f6f914c131b397d5118d01e379a8f767884b958bbc535528a9c1d8f74931ff9503cf04c87dcad5f8be2845cb551a1d494778ed4d4802d04117dd38a9839963d7cb9b3c0c400000002de7ca4cec3c99ef18f4f5d69f1620598f82aee6fdfe21f2b77c4253d5ece9658b8b45f140b37cec330d3efe4f230fe847e2687d59c3474ddd761841c137a239	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
604	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
604	iexplore.exe
604	iexplore.exe
2728	IEXPLORE.EXE
2728	IEXPLORE.EXE
2728	IEXPLORE.EXE
2728	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 604 wrote to memory of 2728	604	iexplore.exe	29
PID 604 wrote to memory of 2728	604	iexplore.exe	29
PID 604 wrote to memory of 2728	604	iexplore.exe	29
PID 604 wrote to memory of 2728	604	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:604
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:604 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cbe416f9ff835936ec651536aab03760

SHA1
abd029eac9f592a87e557fe86d819516bbaa8df5

SHA256
cb2b038210f32ddcf3bc2ddfd2338e566d80980434e9324fabb24de5e3c91d5a

SHA512
24f48b18a0b739bd3b3488545985257b9badeda405592261916441945ff0d1f9c9af7ce25240cfbff5092c6716286cfa90cbe4c6b8773e0c45deb6800b457698

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
705ec491257ce009b7a3cd9cbf32519b

SHA1
ef040811ae1975da779f309f4905bc542d6e23d1

SHA256
9c4f7ec6263069e74f43073d33a3004c1cd4c0ce6f5e08fde24ded4c1e2aa324

SHA512
986876f73715d18fdc9fa80954726378d854fc1a369b05a67e0b13795d193800c787c5178c35ed78ff15262ab6f68e4c58d94d3fe9941f7520dfb703f9c35db2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
381ceb9afe9999a322509c5cd758fc05

SHA1
1a419604ce74349c6f2074a2c2a63df14be35314

SHA256
d13d177f44d4a824afebde73007dc9b739bff280a26355872f6cf405b519a8f9

SHA512
eb6df93f002886fe0d050534480a2ff9b9d0794d2df6e555d3b114b3975984db648df965ad59e8926c9a177b86e76ce3023244da4cec50aefc14c6f811b8420b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f58781c30cbc7e3db6f6fae836120f9f

SHA1
f70427e4b25961026fffea0b1e0f905603197e25

SHA256
5b0c2f9ae7b0187a9069d71da272517b9fce25e5795c97d9b330ec84d66fedfc

SHA512
2dee2e3157032df11042b60dcf73148ba1b61feada24e5b6e651baec7062fb07aa8c47e21550219af695098bb61693348b795a2dd6c1f768d00ffb8d4db21585

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1eae11bf37797a9241e634065666ad92

SHA1
af4c3e6b0c2ae3a2a6446e3476e9d52c1e5eab0f

SHA256
c62752579592a41271c84de348752116b2996beae8c3f4f08ac4030562ef9beb

SHA512
e68ae12fae162dc5c116252ae6c0ad1c0702673c65b08798da853073539089a33df70b89f202d684db6c61bfe0b4a96a784898a22116307c1fcf04f211b5dc93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
912f6382e538de421a85f4e8d0fac8f8

SHA1
13b5b12ff498c08ec374029967005ee6400816ec

SHA256
2435e7c03c1650fa3d5074690908a9ca187a5dd19aa6280cafc10d52838953a2

SHA512
9f56300fb087b8ea68fdc46f599722a36580269317d54efde008681203426cad33670b364cf3adc2f75794934df790d9d1d611e707d302c70738fc63decf48c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83a575639eb24262594a74186df5be14

SHA1
235817a8c5420d8af220fb9fa2690ff79ae977f2

SHA256
4cd36254b97354657f75119ae9ab546c604f20f51cc290f2f3022ecf79b72fba

SHA512
409e38207a9972adf8876735a440e9c04c9d374e31425500bd1d44865172571539c107ebf26b53074e89fbf59ff055a3dff9202565c0db795f896712a171360f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6b090ee7854716250a889a512c30a3e

SHA1
64ec1d64b219cb8bc1c293828b8cdc3d7a7dfd55

SHA256
14e1bc41c20aeff8be99ebd13c1d26b7328c77211a8c8993c8dd7213ba012597

SHA512
fa84433da122c8e79c4c7c276ea93bdb856b2529bf82b292c83b69ce84a6060ad5e497bab76cb89f4e65387b5b8ca98ae7492ae20e4fb35e4681cdfb882c7ad4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d3409143dd26f32915919c496df762e6

SHA1
ee8d1accaacf8b4d5a182af5287a13230fd0074b

SHA256
c485a4f27be6b0c056d5571bc70314d20a72ca8da703b48ac1ecfd0a1bc55967

SHA512
46a6e60b9a6deaf7a330b06c1c982b4a1ce8330a6125e89296f49e546ed1ca1061c2b2ffc3c6b032c98a9a56ca1958114e094eec48adf5bfe1981d2a7ff286c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72e7d6ee2f56888ee5972543537b837f

SHA1
ccdabee054538154aa871ee9fcf6c45dfc666876

SHA256
d63e94b0f7e5ca08324f6497789eadd0079cac046323e425051f139c66975d7a

SHA512
41f99673ee2e059d2fdced8ecd7985fc997ee41084510aa781ef62b2c895f307f23c5d6f3f22b417b5c93510ff9dba4b16dba46bada3795bffdbb26ab0eeb5c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e9f8f44e5b3fff4ad36952cb77998e9

SHA1
db9d9691bbc7176bb8c1bf8d58bd1a4714b1f289

SHA256
c1fc7900e3435d20e0cbc2a8d247f27671d9fe944c5896f49fc87af290c99535

SHA512
4ab3cafbb396364fc60653acb86a822eda327e1b84dfc45dc3cb05b99c8ae9a5e63b74617292ff29463ead28bc7872e8ee37db08fb2af1752692ec0a9d7d3c7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f980cd1bba96fdd0a9060154bcfd504

SHA1
5c4207400aebe42fd9d5ad33154c4de662006644

SHA256
8c9771f292dacca8af10f380bcdb30f169f52cbc0e5ee418b556024fcae4bb68

SHA512
5607efef7d6376ac50e4d3af3d49cb54d12f123fe8af7b1276265aa2b87d4ba0c2ccf3ae52fd71c045d4b1551b63cdd967e7c4e34211b1c622492764c03735bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
269acc59c4194cea26e644e1865326ea

SHA1
3bec72135cdd8dc4cf029b78b47f7a4aa19c6e33

SHA256
d0c82732047d7ffc9012462ff31847bef9668803f3ee53077644d498bba05dd9

SHA512
7738182f34735bfe9beb171ca8d59bbe070904f3a58bf4423f5e6373fa620aa6898949c2fed643728adc82050d4a77924d3608b4d64576082c76f9e7535b0f5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a6394e2c14c4e051a2de523442e6040

SHA1
de2f807d8af04289920b2dfe93dfd6374a9345a7

SHA256
5e8b001cd237a8560f31a346c3f7d673c5ff0bf996b5a693f459f551b05cf595

SHA512
48619b9ed84e8e46b82f1f1859388a7abc6c138ed0f90889db4eeea86b2d45f1a08df2f725bbd8cef64163d7e22b5407949f75897a4e42a4d4abe7db1bc6bb14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c5d1aceab7197d3b90dad096a3d10363

SHA1
cf6f3f43c98b5912f246b4aef20647248e0acaec

SHA256
4bd80e3d03d313686d3a85982ad73680c0b38d8cf481275b651b1339ef78917a

SHA512
6821a7e0d2487ee35164f6fc5636f246552cd13b39ba9c5c7e8a22e9eefe090af1b92736c5adc4cc558f0bebb39775c99b77818bac1585f908cb69ebcf9289a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1af3c6a6fe4ff11e03aecd687d95940c

SHA1
1911b6c1fee740731bb514ce5211025214ec10d8

SHA256
3e236635b2f1ede5b842c3601fd27367d09748ab105f59b00ab153cb175a5886

SHA512
3e28502e9331e2aa0f44ca3384b87df0d8b1329cae76b977d3a7ecab2109d85045caf816e7f87b3455efd233c24b2b77076a0348146d5feb9e0a5a467092445c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
396c45c1304f1886308c43a64c81819f

SHA1
873a4ccaa0fea1e0302dc961a24b54c9176b159d

SHA256
ec4772c875e3a2a10c2b824eb4822fa3042ed0f7964e22ead0b6e44216090e5a

SHA512
02a1df67167b94f7a937637bf68a1a6e595271db882a1b844e348d5a55b2dcb38500c781d764b2a1314c922bb37b88389dd4643ed46cc36bba40322af7345dc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7CFF.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7DED.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit