372b81cb23efd1c29173c72b812793d0e2b60cd4befd8c6917a206830a4c5af3

Analysis

max time kernel
0s
max time network
135s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
25/07/2024, 14:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LICENSES.chromium.html
Size

5.1MB
MD5

6b84319ee8a0a0af690273d3d2dcbaf4
SHA1

857ca353e0582d100dcbc6cb6761bb4430d0cb90
SHA256

fc2a256467fb4d4ff72be6c423e5961e98b418554deeec296aded0e757b9a585
SHA512

26f9842bfdb429ef132cc1a930da9187071a339927eda402e8d54b5eb9e03067612cdadc3a2dad3d0977f8e6af18c05eab6ac91720221c6a0104f96638f85a8a
SSDEEP

24576:yd97B+mnLiLsrDy2VrErjKCqzkU98wwg3QeXuh:0P+mLAqHBCuRoeS

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1EF56051-4A96-11EF-AFD4-EE88FE214989} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2660163958-4080398480-1122754539-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2080	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2080	iexplore.exe
2080	iexplore.exe
2692	IEXPLORE.EXE
2692	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2692	2080	iexplore.exe	31
PID 2080 wrote to memory of 2692	2080	iexplore.exe	31
PID 2080 wrote to memory of 2692	2080	iexplore.exe	31
PID 2080 wrote to memory of 2692	2080	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2080 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e178dfe1328a85ec77524f6ba790df94

SHA1
461194d4dec6b0e85b9c82da654ea3a709c15d21

SHA256
f7c5df4e97511067aaceb54911d3242e775a5090e8ed2df96ca364331a9842fa

SHA512
cf5c06aba82d7346dda98d681b589cc5e55a978e937370470c2d0b6b75a69b8325c13a9e97ff0dce9c2d219eb11ec55ac29e2b8696638dc5649da8feff05dcaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
673e105a047624d2f7277a80c1cb454d

SHA1
2de7f93390e995ad1213b8ec11b294f7dec17139

SHA256
0802f859cce4269aa0fd718b6116711cac361a209475a596b79eedf1d2ef9fb8

SHA512
0f4966862afe2cea1008f1dd23b2b17eb2b35e408cc1f7ea267dff9760342f050d0c59aa5821b50943302a3b8c9bdded5bbe0204e509a0c881108310d22aedde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2807f9caebd83c11789a8748579f9c8

SHA1
d105fe96890056fe8cc607d325a184694c870596

SHA256
01c4f63dad0551ee36b5f01215b2b4b4272ab43223b8f367223bd2728f7191fe

SHA512
24d759000bddbb1d5f1d69dc7148ee8ca1a27b1591e9a35e5b18fbb8b77ad1de728f4dc2a4f421a640b4598ae7ef215cf44b5c9df6974c726c3623581ec5b4fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6af12b4a17f809c66461ce8ad2fa668

SHA1
cb74ee1b5fb1b6d1a3887d8fb8bcf2551b4337a5

SHA256
a675042bb90cd54b4630af68de12e63c8d7ac3fe1e61f1b167d69e5391d84278

SHA512
a60cbf951e1b275771e89b45b895606027cf76b64184d3260a8b79ae66e933d281e1bf5f07ba976df3588c7be798ac0abe8a116262466c37664978fcc92c8546

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad97d02bde870e32beeddd7e31018c14

SHA1
f4d89f862171c25a6e13dbba216cc6186a77bd9b

SHA256
437232001001c6b80aa55afb7354afd99fdb0352240040aa8b6447a2c2ff010b

SHA512
8e4d6fe1b3da423382506f64b858fd890f2e7548d5a6de7ae6e1d57a7a05a735907ea8d06992aaf8f9f6f45f2ceb5c83730720707f52e7bccfd7d05264c8a305

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a1dbb317c5603fec3ca0033c5195fb2b

SHA1
47df6b709f462fe2a95e6237a06822aed3f58cd3

SHA256
9fc59426724c8a54cf2bc75289ab571521d6d976600fa1a7c3b7bfef3dfcde60

SHA512
7b19fe880956640940be3578d59091e85c73e23bad8ddff17bd2d1758b5589068402776878a0a16a647d496e8b17c27384047cd2dcde24acf4e66ddbe231c487

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3789b3a06920a6c1430a6c9d0f13e451

SHA1
15ffe61d8f9ef4955b3f01373b556615bcb229d7

SHA256
d407e1ec867c9e93400ff263a5887c15e424ba2b24455e4a4e634ceda663efda

SHA512
dcd852a939f96be315480db60286aba1950a7538a4e1b86ac0cfae69a9f7b1dd2ce91b631bbb177ed9ae9b5d5ac024a92b18c0f6f9c3214866d8e5ff4bcb8bee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b9f2c46901213fe0ea8515e97efa582

SHA1
f296754a86af5ba231609e0f3995cc7a86f71c55

SHA256
c9c87ed251060db0f1e58100b9a9e0aae9e16153772a9fcd4a80660e44718089

SHA512
202a4c721875c0f986466e506c644656a85e2a424d5bd9fe77a4edc25ed278b245907d8f02ec9ffd5fc5184db214a26138247ea575bc62548efa3ae0c546c1d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b0e43db36e7c59844a8935744d324df

SHA1
89c2f1e022920d1db5175ae73ea82d825994ad67

SHA256
1982c3d3ddcedaa8f37f8701bc27947e647c13d90885e5313750214d4ebe053f

SHA512
9ff8f8b6a6c1826f7f11eb2cf5c28f744ce4fa899b9e0d5763a20aeb3a5c11f1b3f7f544e252733faf42d38636613803fc8d1018236c1b20ee87484d4ab9ce19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
562d2e75f502f8a7f869830d317ee3c7

SHA1
c5c186a8f02f0e99484c2b80ae2c35497f1b58c6

SHA256
1aa441b0baf3afe7626127e45a3a191be029e6d568fb9f527a0486cb5713dbdd

SHA512
a69c1e16d6022e0ca74398d2d47fd0748801461595a287271ee238ccc00527dbb0f746652793b550dc87c64680425f0e211d920bf23eb7a3a798ac08cdf5aa72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b4cf5e09ccee6e88e5048ffb0eb14a6

SHA1
def260c84cddee88c2459828c0dfc94718c84d1e

SHA256
7c39fc92a0e667e84151fd340bca67fefe7f0b51dce11401364bc7bc09008f50

SHA512
fe1a2ba273be1c91e0bf4519cc48747d65c4416abb50532832001cba81e012bc75595bba6bd984d3fcddbd679d9f8ec988a0bb53766df9bffc09d7237fb47eff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c5d54bdf84df31ef680d89ad0d38641b

SHA1
31c177532e6fdba0a109208fcc7a50d625b40ea5

SHA256
896bcceffc56d839b710f503f6674d6c3c9ed43b7ffd607d3d257206816602c1

SHA512
5ee4be0ac8ee91674d7b56a23384ed8c18f80be699422f80758b91431377cf745359056e1b4b97e7a068f23c180c18c003145709d3b1ed0ef5b5390063e4c019

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0b8b9d49738dfae4fbde6d30cd8d481

SHA1
6348a534f0ca766f9c52a213758610f7318100e5

SHA256
25f7cfc0725717a51e1f3b160b1191dd10f4c3cbdf73e58e643a533e12e7bc66

SHA512
347deaf0c9ed606866345928f631f28f2af1b5c3b358d1af3f587360df0765d83a8f691729b6bef50929fd984e2e04635dee7411a7ac2b5fd18a35bd1f171569

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
09c88a4b25e63b949c3d9a3c58543806

SHA1
ce7ecb89390d027e4af9485ac4e1211a4c8268c0

SHA256
060aa85534fe572f9994c2cb71a7fb15388d1226d871e296aa10ebb4d264ac9d

SHA512
d68e0c697f1c65f30b1ae01aaea93ee4a35ddb6d257ca37c7c5f961a82b1d8c8d56ef0db76a1ae12b2580f8a97038441b46dee89357fbc3d55f92c6f754c0da5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a06ebcd0455e22785d2dab946adf028

SHA1
57f90af8f681c6ef0c66bb423ed0f1dbf0ba5275

SHA256
9af2a8d988f6408f206f9684c2a403d81eef33fbb1b179b8675e3154dce0c217

SHA512
6ce1ce4b268f915afbdc218e04ee3d5a5b44a8569e7c4f82e106219616a3d0b3d09cea88931ce95fd3667451fa3d4b8400106f0340083803c89c1a838ac7b582

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bcdf6439fe273c9f29408d75910c565b

SHA1
a3ff02a46edd87c93336beac9694483513a0abfb

SHA256
196025a087bcc21f865dcac59a205211b407be4b96fcb9e7babef29a59d90b8f

SHA512
df6f9aa171815b3086783ec8ea11f1accf1ece5c1c88664095ccf458bbaaaaa4c22761039f18cbe2bb75519aa8a6d5da41b798cc88258fa5a0ff5256e15faf6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5cdcb718776e1295b2dcd9141cc4bcac

SHA1
898544f9835a3c60b95e91dacb9350fda6e44ff5

SHA256
4996db12557c1a8e942100b56a0050a82cf0a99401bf75f99927d58d6f344ed5

SHA512
0b51ca58ca0a0adfa19d927cb2cec03a06768c4623404bd8dd8e7a328ffc833c895d0cc3366806813ba77d779766712f1ec6e542391d33c651c55733e69a7815

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
485b261dfbef82a5487d265cef9e8ea3

SHA1
1770f23dba1923a5563263c03891e3123b111412

SHA256
11d6e851d1e7291c0aef35ddfe02c1bcd3b64250340564cfd4d00d20807b3f6f

SHA512
b1a72a7cd8b9937d72473a34364dd8155ccc2a9dd8f77514982ce3fbc349b321545b08c5ae03d171022dfcc3469b801da9871208bf66c4724335415d7b474ba7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f60d1610e3fb103d8ad0d120852b7e9

SHA1
5a0667afb8fcc8f794cdbe602d1d183afe06a6ab

SHA256
434395b511a1af9fb6c2f6d9f3d07966c9cc24cd71de401c5b9f2e7e7694248f

SHA512
c3fa559454e90b35501af7000018c85dd0d965395418d7b4ae2aa24840aa5de01a94071fb931ffb2ec8e51615f957f32cf786587b9ef94491a82f89234f2cda9

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFFC3.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar26.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit