2df15cb099d5bb81090d93faa7103271ce4c9edccd59ffbfbf07dc1c3c365c86

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06/08/2024, 12:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

470f4e4a471559b6b47d846f6e33dd24.svg
Size

1KB
MD5

470f4e4a471559b6b47d846f6e33dd24
SHA1

520d4acca4ce6188a514218f2e9762990519bb7e
SHA256

43cbd87f03ae6dc9b845ae56906781eac11b3a937ec4ca4eda428e414524beea
SHA512

07087c2bfcdc2c954bd57a6e7b8ae58e59ce3b8870b41cd5e57f799afd2e923ed44aa34be8a9c6fa182b87f372c627ad03a521ec0973ff3a63597137307ea897

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429109736"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AF7AE511-53F0-11EF-ABF5-46A49AEEEEC8} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70710a84fde7da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c00000000020000000000106600000001000020000000bbc3268fedc1fc5aefefdf76f57e0153575498edccdabbae3351c840315f7b58000000000e8000000002000020000000454e65af00267503e4eaa01cf4bce454087ef7775494586f719fa8756ff369fe2000000012d89803be8b8a62c70a215d7b2a23b00948d772ebd4ad7a3975550533e89b9c400000002f1324564c53bcec8cd796a84f31dc79e9ed998d66c0089cfab33b96eebcb9a45cc2dcc8af44b946764006ac8f6f6da1ade6f50a50a97996541781479cc40bdf	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c00000000020000000000106600000001000020000000e8f601d056764bf8be5154610a1a787ba4e7457302c59a6e16b80247dc20a17a000000000e800000000200002000000003e77194cd604ae00e29008ed16433999294b6bc94c74f1026d5a70a0fb1e74890000000cde378ba96b6b84d87e654dc3e341fd922c6f43e3f1565025b8cc87cf16f41880253b52302e485ca99bd78688eece9b88cb65c4ace986e29133b99cdbbfa68a0ef79fc79049445ef43a678a3a6d8985d91a7a80cf3c7f431a32fdbb1d3b8513a87d5f83eed659540864b12c7750603c72aab66280c1b74cf02ffb1e8e947c4a2e8287b970badc0632d00e99b397e524c4000000072268aff4a1ea5555a1e1d0f411aa94c2e43c303c56cf4493522785053060fb311c43e5870bbefd7ab3ac62898a647f3862cfd020b408c4c7942437d2872a8ec	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2744	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2744	iexplore.exe
2744	iexplore.exe
2616	IEXPLORE.EXE
2616	IEXPLORE.EXE
2616	IEXPLORE.EXE
2616	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2744 wrote to memory of 2616	2744	iexplore.exe	30
PID 2744 wrote to memory of 2616	2744	iexplore.exe	30
PID 2744 wrote to memory of 2616	2744	iexplore.exe	30
PID 2744 wrote to memory of 2616	2744	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\470f4e4a471559b6b47d846f6e33dd24.svg
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2744
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2744 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
0ac272bc5676aa5b02cdeb27fd87345a

SHA1
4a863f1659433193c635db49709e97be74e3bf1e

SHA256
b6d30cf760b825a2009a85d2cfa5a8c1994b34b109c2210b658a22f49570c72c

SHA512
e98dfc9286d25baf8214dfcd4f2c5fc80daec13f9f5d48074e8630f09a85fb74bf3ded8f7d03d2133f798b9d66e059d4ce86e9bcda49eaca982d38ee66f7cdea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
3d13b3da252f0ee787115e512ac897b8

SHA1
f562a396b54626dc8be4028fe9f7a4d4e44115c3

SHA256
8b9d2a45b92354497c8dc50286d970df15d33dc3b5e083431e7134d7480161d5

SHA512
db0eaf8f9b79d384ba1bea8c0f24b2b930a84d416cc2920edf3a6a277286d5cb8a8deeada22dddacc3525727965052b5b37a0e6b55ec576a772707a00372b323

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
acba2e79b27dd88fbb51f5c6e4373df3

SHA1
ee1645d49d2dfa4473cf1f645a22c2ba653094b9

SHA256
e6ecc893e730035102dbe2b1386b7520db36a9823fca275649177584e1f1e780

SHA512
debcca02c7b8b71f858fc072a309cd2c21718c9fefe115cd9c5e63aeb03c0e2e76c4be06776d38672d2234271361f513aa8b54e7c2fba0d6a45275244d6710ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b8b0696b626f699212721ee1567722ab

SHA1
780f8ef79afa6b7630dc293ce5d5e5251c83f6c7

SHA256
f8b237e7e7fe4648f591ae1112223307ca658220fdd5aa161c0f2011e141c6b3

SHA512
d9515fd5abe3327fa992fd41b08c1213ab5fb3e81f5545f961b31ca575a6ed627fe01979fcfa19e19acb07341e762ccd23386e5a3728f27ef08af1720f72d75d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
01aff1d922df51ac03388741cd2fb880

SHA1
2c660c8602fa3a5d08f7106ae6d26d5d413a6a52

SHA256
e285f06782b17237eb68f89694cdcef89b06c06cbc6e63be6747f185521f4812

SHA512
8894723b8f76514ba75ddc12a8485c4734fedefe2c68b5927bbd067b658f186304892e135afe32bb1535834d87adeff9a502fe018c6d6f7ce89f27e187f208a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
09dc58811d5d5d969a7337088a7458d2

SHA1
8d8163ba5917c7ea7f37b7abf8cf74724bdf72b2

SHA256
17a646fccaa3c6cd4d1f5ed57bc3558c921040d87bc871dc9e07a6c76655e6e6

SHA512
d434e0874982ee2bfe3d0a13c1df8a674278db4ce5f30ee062b3abd0a8d00429734fc1a78f170dd472ac2792d64e36737fbefab1108186e6126388289b880628

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
00d8ca6110e31c5232c2713d84dce47f

SHA1
4df80d344957ba7f5c9e6970eb086a5653c3276d

SHA256
99605da3a32d5909fdd3ef15945e4a360c5c118323d5ce445f7138de0115494b

SHA512
d7f9cdb2fe8f6c93a9bf4333dd7a45bd56b3af326e16f9621d59c31994d4fc107da1b075c929582a1f91d78c4deec2bd306eb34839227169cc77f096acdf1756

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
bf99e893b79a3c54d6fc0b07dbd34ca2

SHA1
1a0cd55d9eb46695ce3b5ea06fcc20fe075bf455

SHA256
1e1c464fa797464565b13214e30b9941c67deacd29b0b263463debc42e2bc82b

SHA512
b35b80d76d776a4e66425a169c25df4fe4d2344b018700ac38b430f70ff6e160a07561f7e149d2d1a0fb7a50807fc798acc5117c948acdbca0eb7db068119d14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
16210ce9b09894086097beeec8c583d3

SHA1
93e8a56162730c6c28af2821604f3e2f1c460ccd

SHA256
9339125a5e8db86279c5bdb523ee1553896454250e71e143dd7e46ec14624ced

SHA512
e082818d1e69ad98f0b4f786001673a211c114bf23fd5ef49668f7ca70922429685158de7cc44e25dd07684c1816d6e6d5e3051e17cb79f561c40ed56573ed39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
4940696317e4938715114a0863a23a46

SHA1
a4cdf24e35e0a5e2cadb2bbee77c6ca2597512a3

SHA256
2b8308fb3bf3503d2df7c3588ae10f7945b26087779d2c611bd2c2b42755fd30

SHA512
6710522a7e25f19aa164f88ab49c00ef725ca5cf9f556812c3519c233a00097f7e810e7c450151605382992b83cad62962b21de69cfcddf3f431a3f30d4fb15f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c5838c41d2b49912c4ecbf677dc9578c

SHA1
f2433f1457293b239f1a7bce1d6ae9872478eeb6

SHA256
e3015bb584c39b427e9f788b59a4ddad33258e28b25622896dd94c142a49e5b9

SHA512
a6550345bb778a1f4819f323f2d968b9b50b29f6bf6df1cf64062bd82b0857e519560de6b6e999418d9b10425f051154e76fb80bdc65c8431674e85abc650756

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
417952807e4915955b2d945a2c5fd5c9

SHA1
cf94c726aa560022d6dd0413a11dd9fa206aa0a8

SHA256
36997a7e3a689028bfed1048357142737d86b1a8faa0b910fe056ad6ae1926e4

SHA512
af532e7078145f6818f14214a92e8823717797974c1e95451c783c017bd44bc675ac745bf4f60a193e92859382d3a6984d27acb8935cd0eede5d06966841a632

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
1dc3b129b8bd272cec38207e67807ff9

SHA1
8f6cdc1617bfebe0ccf0cf530a77c8f3122595ea

SHA256
1dd43a9ce6084c7f580a4aa146c6a075b57342a9288c682ce44d793eb365761d

SHA512
4b65a3fd4998572e742126f528d6caa1a9ad04e8c214a7705f567921269df4616f453204b341e5e7d9b0205614d8f8c86f2763868c5ce57fdd2c6fb285ade463

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
23fcba34e00f96f0cc83a082cfb38f98

SHA1
faa13bc4f7239e20fcfe2f91facb49437439ad0a

SHA256
c0ab4b5f5363ae6c13453f2344d7db15ce9dab67fe187378dceef0423729bfd2

SHA512
5cb4bb244f6a3402d32969ef7822cedd306b1457e0ff7d8a0c8a71e2ef50580c50361eca61b660ddbdc314a340654cccd4c6a5aa62a1d9e02af41df3de6676d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8A39.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8BE1.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit