249bdaa4332b3e1a3a2148d4fd587a42bd48615af556d1c72da51c55bb2ca697

Resubmissions

03-08-2024 15:17

240803-spc9laxcpn 6

03-08-2024 14:57

240803-sbjt8awhmk 7

03-08-2024 11:48

240803-nyplrssbmr 6

Analysis

max time kernel
139s
max time network
136s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
03-08-2024 14:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LICENSES.chromium.html
Size

5.1MB
MD5

6b84319ee8a0a0af690273d3d2dcbaf4
SHA1

857ca353e0582d100dcbc6cb6761bb4430d0cb90
SHA256

fc2a256467fb4d4ff72be6c423e5961e98b418554deeec296aded0e757b9a585
SHA512

26f9842bfdb429ef132cc1a930da9187071a339927eda402e8d54b5eb9e03067612cdadc3a2dad3d0977f8e6af18c05eab6ac91720221c6a0104f96638f85a8a
SSDEEP

24576:yd97B+mnLiLsrDy2VrErjKCqzkU98wwg3QeXuh:0P+mLAqHBCuRoeS

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

IEXPLORE.EXE

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CF9DAF21-51A8-11EF-B33F-CE9644F3BBBD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb47000000000200000000001066000000010000200000002d1f3e29e19d08fe9a0c5f74ebb6d8ae947272bb6a7a0b79ed4b4ee8f7d0a860000000000e8000000002000020000000a43db0018aac39143cdd8848438e0ec9d11b200f3206739d1d7243a8b9a4bdba20000000c8f6f96503650a347419c25b4af6be137f904e075e6c012919d14f69f86ce073400000008a57c2c4e3ff46e9343c224a2f186638d8a8ad91a1e809875e7218a8e4e6d2540e3f30564258ee12585da168cc64c36046f2c5a2ae62429315da5bdf787f1be6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000e1898805304d02e64636cd1b258000c19e92b4e3ec278ed8086385a2a836fca3000000000e8000000002000020000000596f2013467239400e67cf1d7b90f5d415cc9ce295194f1ec73ade46334873ae90000000bbb3aa7852003d12bbc95a7217dcf612a59f628ffa6ce672413794305b7339b74c0ab6d81d8f370d8122762249189b34044b7aed7e0f6d52b5064cc88d54033743a9bc68101108ba326c5b6c3ff92a95caafde46369619ec8ca031306e508ae356f5163824e36ddc0825682298ac43cba4340c0a3889d53c360d90e3622c2562bc9761613cc556e8cf100612008392d740000000144d3f5bdc39877d72feb64aa9f972675411921dd84b67240d031c771e52f15231cf0969a18c6bad7c0574d53ffb74a80cc4b6b45e73388fc767ef38aea6247d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40102fa4b5e5da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "428858966"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1976 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1976 iexplore.exe
1976 iexplore.exe
2300 IEXPLORE.EXE
2300 IEXPLORE.EXE
2300 IEXPLORE.EXE
2300 IEXPLORE.EXE

pid	process
1976	iexplore.exe

pid	process
1976	iexplore.exe
1976	iexplore.exe
2300	IEXPLORE.EXE
2300	IEXPLORE.EXE
2300	IEXPLORE.EXE
2300	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1976 wrote to memory of 2300	1976	iexplore.exe	IEXPLORE.EXE
PID 1976 wrote to memory of 2300	1976	iexplore.exe	IEXPLORE.EXE
PID 1976 wrote to memory of 2300	1976	iexplore.exe	IEXPLORE.EXE
PID 1976 wrote to memory of 2300	1976	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1976

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1976 CREDAT:275457 /prefetch:2
2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
800749bcd0f5cf0fd5dbc78a8fdc9737

SHA1
0b17d7255c9b7fa34a95876e348fcfc82174073e

SHA256
94195e5f97e9c2c01477c9f1dfa8ae4dcfe005805d8088637c201014d100e0fb

SHA512
951b3ee8ba69e1552ea4afdcb00e324462b6429d927a62eb45ccb2aa469b6d59c87a4c151c399433990203e6ab5db5d2de7df1ffe3c106c2825eaf3b52a5dca2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
132b880224dd9102ec39018648f25f2b

SHA1
f04a367ba888e628c8865b0dea1a42a8de431fb1

SHA256
0418c8b9cbfd18dc7c5eeb76791d357bb59dcf9f3bdacc637d5b873cd4cd0494

SHA512
708aee45059b1bd66018c4ae024e098a75c08f6118ba101f444cda95d2790e3dc7f056da16e8863c77bc9a257e42fd4e852186db6bbc30fd72998c89725ac231

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b00195e979f3c9f151734ef01c31376

SHA1
1836ada50cdc6db6cecfd3df2144720d94c3d6d0

SHA256
9bf1148b64896b2eab52ebab0a05a9404f9788295b203cb24d662d9efb8ef617

SHA512
2e73d2e6e994e2e9fe454c069943f3963e8696bbea2abc3e1072599369d2dfda615666cf0c0caa2ece452dabe7922b235d8924f7009d2b65c63ddfcec480ac1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
905cb313b9eedc86c378d938a944da9c

SHA1
39a4d90a203285900d7423013df1c1c7ede37378

SHA256
c7052b722b8dbd4544be742cf3991f50a52c96d5d66a5980e2488394aec163f6

SHA512
1d355ec65e83468dd7a39efe23b4ac32d7553e032d6eb7967311ee23b28f1b7db82897e8269a76b20db72a09bb2508097aa69178ac7bc44cfcd3c43e8b7c535f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4967dd4982fc742c7862c3d034c05092

SHA1
fdcedc1846485da2d3b34898effa66d6429656a9

SHA256
e831ef429d5eb16f5d17b0d57bafcc846240679d2127326539298de68ebcfa71

SHA512
59dbbd73f301f71e65a930650fe3f513b4e07ce50d58277d359432169ae2c73d82f4aa82f2fe2bf272fb90b3e85d8c61f2501f5c531dee2a4adcfa7f87bf16ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5eb8f5a826f0a655baea6491867082dd

SHA1
8fef454c78b2cbd6add88deb1d2a30955ef21d39

SHA256
2e4139c06c55512d233dfe5bab8836c326d64bf2ff44a37a26ea44ce35a5c92b

SHA512
6a5df78f32015001962da7b79aeb91c3f92839cede60f980ec42371249ae5aabc87776fe64fb72e233372296442a3397d93df0cfeee8e0e51573423146abdf50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
464d65c7f5e68398afc65d2c7b9522f0

SHA1
bfca790ee37de906d19229964ba008b14f7e6048

SHA256
fd1ca06192e729a85752c5a67b638785680842d154eb900fa16705a34263fa8c

SHA512
743e7bbfd104b96e7fb9da6f803a582e408f0c81ce0a78bc8c42bd3499704506862aedfe504e4d3426669b77ca1514da9f7b95839696c8009f1c3d571c7c658c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15b45452289e43ca00fee6784b4a8cfb

SHA1
1058a2fc394c27c50063df178fab063354ca2333

SHA256
413dc34961531c65e999159b68c43d163ff7537742c2ef936172a51cc50234be

SHA512
ab4d5321ba292e17ccb49d0c35263fbfef2fa1c0262c2a3e7d0c3bdd5938311ebdf7a3f7a8d9ab7f8a8e9344a6315b16d989b8e8d53e43ab9f0dea047481ad7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
639717095e43fd9d023881e0c4b3f542

SHA1
d98223c1768939ce8ae25cb9e40665e8a6ac5343

SHA256
e63246ae82e91ec428db929896af29a61382fc104ebcdfd13da5905856a8f648

SHA512
d741e31c55a26522e36e9dc902b8c8ce263604dc2843ce9152ddb304c2865a6296c013a06889690ccd27b72e532fd79255a8ffc3d4093abcd9bd66febdec90ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72345359fffb0fd2f3c50bdf47585dd5

SHA1
807f775ae4d5fb288d9a2873a95dde0f4f5f2fe3

SHA256
0223dd4be454048eb962bcbde2168f7f44f3ffe2e6efe86878a41e26e25d065c

SHA512
ffe9aa8f336b09c2534f40d4f6555194a30ea6c76cf8953aaba406e1fdfec898022567cf6a7e8c0a9c32c8b2597597dcbdf25e31800f3f965e897f202442001e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1859389849bd5000baf1b1f923fbe82b

SHA1
1ff17abfce167641fe76dbe7e020fbe4bf60c87f

SHA256
4e25e0a1c4f5bb6753bcca9a621c5ae49e08b21988a2cee156c21f8874ed6c6f

SHA512
ffcbdd9bb2b65e2e96322e130f12a46d43b5699be49fb046387cbe0a9b39b5645db42c12df4bb4ec7677843850fba6cfe038620a2a9bee74b49a4535a11ea70e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a52d1d82dd1f880def865ba07301aa0

SHA1
4c4923ecc8e3b08c984d8fef7b7d78a4b35f7c08

SHA256
8c44eabd0ca20e72aa2e4253c24561fa32a1af17573d8331a856a0a3e7480c8a

SHA512
8fc0d14ff33e0f5d357cba34b066c11aff4a89a5132f0636665ddb0c6f3e122b7df400ca0930e6a28ac12af81225cb7b9986198146160f1181da3937d2ea0a07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
37e83ba531a0ba4f89e840b3d988c67c

SHA1
8ed0efbe863fa053835a08b144c552ff9bce90cb

SHA256
6e58c4092a89e3c0c36c98d011b92815f44a937780344c71ce150efeb14cf338

SHA512
a618b356c83834daab6638a1c91fdfc558e3581246d5cde0cbdc82fde956115a1510b04ddbcddda501b9acaa9a45284055d5c322ecadb6511885a517b87b633a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a33c546e7b15e42f90477a3e45fc4f5

SHA1
dd952d79011a346af283b3a448a8cdd87bde1df4

SHA256
d2258d4c74a2932441dac024f50226bd65d54c3ee1ebffe18bd1594ab1c61467

SHA512
d1fc7e8259daf5c5ff863a7f01fb40bf466915e3a02ee381419d4a64aca5b27510aa305d1659f380f2a1c9dcc3cf21563b51a44be761206afe1f44ce9d883850

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c5609d03d83048fcfe54c6fa6b9e86d

SHA1
e21e46f12e06a38954afbbc49f35f9c355539eba

SHA256
af32429082ffae74cbeaaf7882f91248b043e333c15c8d33bd3bb3fdc98bde4c

SHA512
8227d3791a482fd5b258032efc639c6a09ae57e774866126b90bf711b65886523e10d09606069e70e77b86191b4af3714b637f6ae384e6661ff70044cfab3c88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab31E.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3CE.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit