c1c841f7ae265fa8f6dd73b3daea133766f035e9a064afe268732c3e08bca321

Analysis

max time kernel
139s
max time network
143s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12-08-2024 05:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LICENSES.chromium.html
Size

9.8MB
MD5

b620990ddbd932d6475152e5a833860e
SHA1

70de0b3d7ffa77900f685c1788b32997a61ec386
SHA256

921452a09f92f10da4cfef0521acd6ee6c689c630661ed35189e793de2c99fc5
SHA512

ba84b5e6281dd64d5da41d0db35942b6c0b1ee6b47d24dedd5006be40b2d22d90f58dc653e17893347900fb1bfcd37b0f2fff5b532175ccacc3b63d98fe42ac7
SSDEEP

24576:K+QQM6Ms6x5d1n+wRhXe1BmfEl6k6T6W6b6f6V6GeGj/3BIpx:LUcBeGdY

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0ef6b3e79ecda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f03551000000000200000000001066000000010000200000002494da6c43f15ca94f39f6516a9fd9234e4109af6fd26a9ccb071f11049b7a9f000000000e80000000020000200000009b9c7f6cf384c182bfdae642eb0bcccc29e3f8dc0214a0dd1aeb5d7e2c0657c2200000009827dfdbc06771476a2c094bf187264df26394eb6e3a77f3eabe22bc465e3a9a4000000060f5e752e97d90d718f4b2459885225aaf6127559c8bc9fcd1d16a3f0ad19e0653fdef253eb1242de2886db42ad33329bb84d2af5cb75bdae43cd6dac4e2c614	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429602684"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{694CFC61-586C-11EF-B44F-526249468C57} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f0355100000000020000000000106600000001000020000000a5c41ccde073744076151c4a31f04330c46601c499671ad92f9d24f2ce87e65f000000000e80000000020000200000005edc5911b9c3e99ddbe62cc464c87577f0d7d73765402c4761ffec43e311a5189000000078ecc8633219b27be9d2f5e7ce4dab6c4524d5fa30f487aebb14a6862317c376fe1f0c4b8eaa6ec4975cab5a4885062cbcc0001fc7010dbc63468e0d6a6c7ff414a34f060e0e3496df5ec54659ad1e82e88fefb2d2bb9033b55b7e09e0009fc3ed50fa7a8b42d56b7add8f3ff25b4a742851e24fab9595c974c34f0abefdfbc460577167ff71d2decc5242d4eeed302640000000f6aad0da492dece952fc56670ed76f1b18d97a4717e66c918b811a5f2fddf67321f8e9dacac923e150a84e640fe3b5586fd6094432174e772803d21dc5b824cf	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2300	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2300	iexplore.exe
2300	iexplore.exe
2908	IEXPLORE.EXE
2908	IEXPLORE.EXE
2908	IEXPLORE.EXE
2908	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 2908	2300	iexplore.exe	30
PID 2300 wrote to memory of 2908	2300	iexplore.exe	30
PID 2300 wrote to memory of 2908	2300	iexplore.exe	30
PID 2300 wrote to memory of 2908	2300	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2300 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c7c834e74542fef151fc62f04364062

SHA1
da63ccbaae3142020f9fd2159755687aaa25f208

SHA256
65e8b0c5405b14426bdc9d4aa2ba4259d412226b65718f65d46b5bb63962f17a

SHA512
47f0d1c0a59cbf9ed090ed10f2556d9294f25c76e7251d58cdbbc27083c0b033e7dfd63c08e61c7d8d48eec235f14a144a5e5081d0b6e9c1efa4ab595915bf27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9018dedd27885c830560ba9ef6cae6f9

SHA1
e5f5501741938a81194723d55aab9ceed1011e8e

SHA256
a77127322964c8ab9aae1bd12ddf63995b430470a67567e47abed63f338a3f31

SHA512
6ff071ef3a7ea079575741535f610eeb438c5231ad6903a4f86a01ff7bf21eda0bdfa5702ed25ca33e8cb5b431430d4cd18d5b6aa37d1413f57257f4b229155e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
575cddbbbf975f9d6efea62eeb5a6cc0

SHA1
b829136a10f83ba6bd5e3084251b9dff5d2e2dc8

SHA256
d6bb8e3ef3649229b09db852c2d5fe5efdabf2cd7c00b9d1100a4425c46f7363

SHA512
f75023371c0a75069bc76177f6d7928b3d75991689f39e55644b0b1c9f14ddb1b43b4c39b16784545ed562f45866251e74e30846c365983a4f50e814b1300ec6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
894601f6ff7841d50e294512327fb163

SHA1
de2f740f58444df5cf473428bb3be5d6892a25c9

SHA256
2249cc49af77f13bc9aef73cb8c650dbdcbadcfc36f27f48d54121ef13ec3977

SHA512
1f417e9ab860f79bb648d5fd2b1fdccb3e43adb67f35a90f8902da584f2feb5ac20b981983f0074ea04eba2ee47de9bdc49c03f533cd18f5d81617b5be3bf799

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d6c0235994736d85712c1f16665df906

SHA1
847fca9e9993843ddde77fe255620445bceef9dc

SHA256
148d9ee6d637687c382fa05619f7ec3437bf4343422cbe478092271b0d2ae8c2

SHA512
54084b67fafd5032ba6fb8209b9ce9d577e74fa5016f9814fb42408cbb5371694906335b2205008a10e500749ff4369d5ee470723409864ba43bbae1552f32f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6df9324b8633a42f6f006a27633b6210

SHA1
636d7979db7bae49162ae398f34e3d3fd7785ffd

SHA256
5cff13c904d59af446ea4fcb7ef5ea5073bbc11c7449d10a8afb628d49baacde

SHA512
948709e6503353cd5292d927b77a466c487984ae427fd591b9a3d09e9e5cae8253ddce1e3af06a05f1e602b70de1e488721b4fdb92047c01043743ff9cbda4df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
901e99a135057210b45bea4df100b4b8

SHA1
304a751dc7cdda5ef82f318d0b233c15d1e7ade0

SHA256
c7f675de4c5aafb5f1aca78b7441d7cef4d5c2325fb0edb8864ac9c8ce23d117

SHA512
eb2ac1d806669be2252a9e08df76c55590681fb59600b0ed596f8cebb7e363589c5ddd1ac0f843612ce66b51ede959f36e8e802d709c3ded32a73d5f579d4d60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8da75a29493573af108e92a1181c6587

SHA1
7627bc9e6c6a67c61ba8a0548451bbf73d3f7ff7

SHA256
b99482777d02763078508765e73bcd93f0cb947d586f1d9bcde3ea9d7abf2dd2

SHA512
cf2acc2f6c7c3a73521ae9265cc8db71f96af5e84d57760810d23be8315a9d124ae847d0fa0846e8d5f1e6f0071675be92239693434f557842ab320a4dd8c416

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bab72a1ab6ebdb78db471c400a276a01

SHA1
4d896989fe2952c35c292e0c3eecbe35712d467a

SHA256
6082e17b20c67ed8f575795d07de794f5c6acdbef06f52edacd693ef36950511

SHA512
d4fda37ab89896c2dbdcf66c4387497f3379d27c629e4cf25de1c0a33a59fe8e28219e91c31e320153fbc6dc07156468de91ace2ed2defb044fb746c4dd31c12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53586eab82735248a8b885b5b10b399e

SHA1
0b771b7a535f6fef91cdc9bcb847c6f2b33850c9

SHA256
f382b13f00cf09125ee8e9c0eac6f5c0cb7e6762f119cc5df8b03b4b3f217955

SHA512
0c237e07ddf7b517dfb58f2e8fd96e3c0a488a98e6aaaa107ed3eae765a4a9e72fd30fa53f5e96492dcb38a692c36f94b4127cd07b1717a689ebb4e7871aaaa8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b70ffcf80a60e3f253284391c8896e0

SHA1
6b52617e7db44dc658cc46d00f26573e03512e56

SHA256
2a95a8df50e2f976e61a19814f0c42863145d77fc72e2345a351e08ea1c8e56a

SHA512
4e381a8ffb212a40eea503d7f98f92e94c45cffc163773d55ce2abd0465f718773a95522b2f6189876e339224c9c7eeb5aaeb2cc404ba3eb643b0c102e118f0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
181f142a59a2c2d7c6fc0d116dad0ac9

SHA1
b129a6b7ad3ec7da4c2ff4e6bf581f5043ee321e

SHA256
3efe298b5767587a466acddbaadff1622a43b1a5321bebccfa5bfb94e94c63c2

SHA512
ea38f94a3a1f6e975bd3211d71eda5e17f754a78034f62e87d7bc82ca5205a88547c2a985916db3fc1ba991998f54b91c76b8fd242b41a305528ea71e4fca4b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5fcc15e4020ee9d954be5e849cf17e77

SHA1
1a8eabe4a467ff1b035e032d3f963b2f7818ab66

SHA256
3c1c0fe7f7b97b9bce88ba10f6d04b512440ad5add0b8d09a47c8e7bb14b963e

SHA512
0206db6d48c82e130bc22946f48472b781652d8b0069f5b2d9a8e529570dba2bb896d4796c1a7eed4ad8a0169abe8484bad37368a6c2bdac8c36e368e1ea107e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC1BC.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC26B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit