f07a901c1cbd3bec80c478a78035e867a6ec34df098fa0223894cb785e6422ef

Analysis

max time kernel
134s
max time network
129s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
11/08/2024, 23:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

content/aboutTabs.htm
Size

143B
MD5

30b063c23ccd0e573f7956a49e6ad2da
SHA1

b43ddff041bd7e3fdec541b0b3004ecd661db8d0
SHA256

dde0330a494598aee2dec1ed467b0ce99400b860a9eec03e59a963090736cf9a
SHA512

5af5794bc10afd6692ef9eccfb860248fbf656361fd6cbbe399e497bf0f8c9e9e603eb0dc3781344a53ae84578e1618e60a9a1096cc3a0b149e2e4c82c8c43c4

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0c80b8146ecda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429580890"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{ACA920C1-5839-11EF-ADD5-E21FB89EE600} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf710000000002000000000010660000000100002000000072b432de7a9addb59f8ae53f2a103e3777c46222f894dd4d8aab9a8340cd4357000000000e80000000020000200000008081df934f34d160f09f10cdd87bf8b4b691882292e2d927b1582820f9bc442f90000000316c7376ae054499834cdf944d30c852d2f934ce318d6a30496db24ed76b443fded59f48d9860102ddbda107d753bdd7793567ecad1169fcf350665755d9b2728f22a087f34291f88d72f7d52237a6c3fcc91ca38dfce5ee898f5078d0f82c94ca4fdb0aaa80fb67f55cf4308dcafba7f372cc2449663491808295d646beebab1e30f685ffc4fd947e413bd0d27cd87c40000000e87296265934dbc6a138333e71056229e1e34563f420ac7c1b76296f10cf2e11be982ebcf2fa965ff7f00262ebc1deaf791c219354dc8a13b5e8d9290b6af141	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf71000000000200000000001066000000010000200000003bb21176d5954eba9e6e0adcbb3c67b7d947f5bf5a982afcd78afed71b3b8f06000000000e800000000200002000000058c5f46f804d7c92442a49488b9d2447e23aff7f20232fd9840f6c5ffd73dff120000000d92b0a118a1c013ca82ae8dba0b65f7f15490a1c28bbcf1959aab25d145670fa40000000ecc27cecf9e4d41c7d4e87ae95e99e4f44b98cf8f2e3ebf255c9f6ea90fd882baf4437e5937715fcfef84a042337534f355333af6943afe1ea6fe40703e5dbef	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2604	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2604	iexplore.exe
2604	iexplore.exe
2820	IEXPLORE.EXE
2820	IEXPLORE.EXE
2820	IEXPLORE.EXE
2820	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2604 wrote to memory of 2820	2604	iexplore.exe	30
PID 2604 wrote to memory of 2820	2604	iexplore.exe	30
PID 2604 wrote to memory of 2820	2604	iexplore.exe	30
PID 2604 wrote to memory of 2820	2604	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\content\aboutTabs.htm
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2604
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4351151637c6b0dcb74dba7cc098e90d

SHA1
37c61990a3ac818f67d04355a3c6959f61b418ba

SHA256
377224a357671ebb315db2b53d3ab54bf4f15e77b36d64ecb83af7ed9f0b9332

SHA512
6b9f111de76e523fbbc26ee9e43e18dc766ffa758897a50940a9571ea6a94a587a777d05940345ca27b0227bbd3a123a029acf2e2d47781a951513632568865e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8f8c22bf724436a3baf8928c1d607cc1

SHA1
bb3755b61b6ef89f5d57b959e7c82e60d2c6e39c

SHA256
f08d06fabf9195c052a44ed8951a782cc63b693fdcd83fc86717e76546708fef

SHA512
aa17c57fb28dd43045785ebe641a5415b44f85044152f5c2856d3b6c7788f204f5e62c847c47a3e48a0a468d8c350f8a7bbccac4dfe1a3024cc5da7a5977a24f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f45d30cb8f9b393e01f70f35dc07a3d1

SHA1
d5013876c112cb08e09900e7249c76a7563f61b0

SHA256
ce51593ad933042129a536b4147068ccd3c0578dca9b15224a2c3c1e172fc6e2

SHA512
406073588cbb418746052ec284f30accfa8c733f537641ab1385e160014ba8105480a6649d71eb4b7a17d36ed8e04ca6503bd32349c63a0515922ce708ed83ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56044334d8e635bf7651afcc636765c2

SHA1
abcfa22a0247d7dfb75afdd2b8dc87cda0d1483c

SHA256
90e64b8cc651977454586942c64d1460fd91048f96d1326e3e9f085d01708a45

SHA512
972e6209bcd28310beaabd51d17db3f124abd3f75603a1f6386b22c3944bb67a33fdc7807016952ce921da4883f7cfea68bcc9750da6cef37a998e3c2d42d361

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af1a72d13cb9d90a46d1e841067dc40f

SHA1
85d665826f73fb8e1d9682d5d65670f56dee4d9d

SHA256
aee358656b7490fab774b4de500f1684a144ab3ddf970c1c78b129fd156b5a68

SHA512
81929b4aa603feda06d7b214aa7354746bf2354909bbb5c5b8d1cc962d8d19d5554c4f736ba9c706014297189149f00b0f8a164d9951fe8cf0bd8fdb8ce92391

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc07672ff59d0fe406d71ef0f6869b9a

SHA1
fb7039d829d3efa4f4a75b032a3309c65dca9810

SHA256
f82a33901f9801cd670eeaa26ece0ae638d50f5af400c91cd4204d130ca3ba7e

SHA512
08c0581c820b18732fb1c1e69b2073f96f0002b77276a56c5ea292febcbb3c56fae9fcd952e629490b74b5af812c0f0f1309b7a6581700ea5caad6e48b37285b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c52fd9f629f739fcdbf289767c07c64

SHA1
160311b3918fc83cde1430d168767b42347215e1

SHA256
e0d7e1db2bd1267ed6cc533804e47ed6f4381eb404f383d119b03f68a674f979

SHA512
b10383273a7fd2140933a5cf5f67e0845d4187b83cb7f6b97e405d05f2ef75d5686716485e2afabe2f02b819e3208707b7c121c274380ecc0cc1b69b78bc80e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2056bc1e42ac18ef4e1a3cfd2fb030b0

SHA1
275852e2d7af193a5f7650cd78070f78b64473b3

SHA256
ae83cd722658da6bf1caa0fd5d58acbf31eae4d04d4df45bbb5299306f52a077

SHA512
1e013c0b7938266aecad1e14b030f9e857393c94bf3d17ed8b9903918d0445ca58199ebad9fc4a14cc5cd18cec88e39a4ab809eedfc3aec2677cfb4eae0db808

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8cab0078a069a5b95ba1aaa32a2b848a

SHA1
57b0f0eaf53b6c49a36d316d55bb2a82ffaf1aef

SHA256
9785f41d0820dd1328d865ca52aac707bd9696559c455326fc3541f8a4fd48f3

SHA512
72f2ff38127575b67c1181f3490bf67c3a5842a0ce0095e33f8979e0d3262f71ad60160deb45e343834fc893e54def69a959cd9c7885adf48ace7a83ef0a21f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
07a4f9db29e2bf5cc3927c893b97073d

SHA1
f43c55eb4be7aa2ae8f4fcb8e39aefdd51d815f7

SHA256
16a090da0d5487421966d9bd9238dd31b82537280a20a5f61580953ad84c3f14

SHA512
636b0534eef3d0edbca2f4c5d41092b71d8132cbde942a7ab9209691fa3073790532ce73c03d14b0e1590b48de499e3ca3219f2fb7a01ffb2b4c5858bc8fa47b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea68f3aba000cebdd695f41dd430393b

SHA1
c9cffc4fc5a803cfa277921a5eefc5a9349b8760

SHA256
53d18a4ee63ae07b002360172997daa2a13a2ff605a0b4dcabf45751e8db6e49

SHA512
0b977b03ec38d0fdc525edaf6cd5c8b5682391ad2d9dde7303e695d8533570d33268544c2f15d24e0158c48106f1a9834ec314a35349ed026f664da6a910614b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa9b4c24efb1835f63bc6cbe5dced336

SHA1
a04c2babccf84122b071616f5b7133c50a5279e3

SHA256
19e44dc256c0845180674082ed0825539517a8a8d62feb8fe58942d732eab453

SHA512
9be1e7cd70e5bcd3cdc6f5e71658f89456dc45d939c9d4a236fc049605594500e2528cfbcbd03de9d441c1e93edcec1e492c8d1ed06c411bf4edf931e75c1863

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6bb9b2681b0b208cd26a3bae37a1393c

SHA1
1965cf896a8c407816c24e613f54ed11e2d67f08

SHA256
3271205824c861cd7a634c2e61ce320e235c5e45f5c7fe2d2eef2e5ed01f03ea

SHA512
c91cced471f2917ae2b371559625fa6fe0cb07e2eaaf4b73e2824a5108c522887cbb661e9962b57c6a620f8aa211f65aaccd9d4f050ceeae8d25a3112ea71943

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
642ed1ebc5ecb7bf4d58a4c253505357

SHA1
061269c4fbc78b50ffcfcd840a4e51dc956d97a2

SHA256
cb02c08970204f7c2514e96b44d0670f3d4aa5f34b5372f85d8581283953a6b3

SHA512
a430a2a9159dbebed4c7d4043c13e7890798ac86917c777f5c74b5ee84d3fc9721177ac85a1feaa2e8005107fa84533ee3baa084ce53473f76128b352c68cdbc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0882e2bc809513ba76de52b9394f1601

SHA1
e6a2a3c47d53541f33196cbd1a0de514ed5c4347

SHA256
1d7f0ce96d54c474853a749a0242735bc39f75b698a7e5edc13dfbc8b4cdfa33

SHA512
b110495c2230fa8a82d8bb1f107b9a28f0396f9e586fac32086db6a0ae26738fa7b421b1769161ab2cac356f92a4bdf6a33f3563963aa5e63a076ad5dab0259b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8aab2fd0d959745b95ffd86b65e9de64

SHA1
11ee0862ea0425e718ceb0641df820e4bccb14b8

SHA256
34881b6170577d5a6936f8e71c4937e6f1a8ea4df3f85cae2ba03f4450c33f33

SHA512
ead31498e9cd50c522a25666a136c94820ccad63665bd9e0e901ca241f2bd3a3031b5345266e66617deeddfa3bd5203cd4529b865e5a3c22cee7ef7d9c15e6e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab429D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar435D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit