933fbda1ca7c4a52adbb48d038c8ba5ed5ee411d1096b2222ca383ca6d96a6bc

Analysis

max time kernel
117s
max time network
127s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19-08-2024 01:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

apk/cyberRat/index.html
Size

320B
MD5

444da12821a326256a5e24ba00a172a6
SHA1

ff78e28f267610433a0047e0fc1987528ab3916c
SHA256

500eb7dcad515a6b442d77fd100bf67365bf1ba318c88c006d75bdcc75aac707
SHA512

648f5103894e9e4341ba28ce3f43430d14e0c2cb3e663a006bd29bca20bc940a776cfbcfc82c182de750051f090f5d578071943a84cd1d7afe206c53d4341490

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

IEXPLORE.EXE

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a007eb64daf1da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d990900000000020000000000106600000001000020000000d965893ff7e508d0810318af92ef1fb16d06c7e7e856db2cf4a64b84e9248fdb000000000e8000000002000020000000a97eddc5f6a77097893876c2fe8409fda0b42c4064278aca51cc8ddba6b79e86900000000799e51047818f46948d7e2fda7dd5e51f936b034136ffb5b65740dd3a5a3674a344d5f30b55592ad20386b0ed89c3dbfeffc029c821cb5660fd6b38c1b2118e4a8a9a4a29cec0b0bff45db8c5d88aeecdbc836e834c35bcfc90eefd13e743eec40b3bd999798286dd6bc9a73269bcc51936df6d472d927f8b58c8677002e96b6d5f15d105421a46baf1fe5417435d3240000000ed53b81e6bf3570433eb9903450549a58aef5c5ab7619351fe3b34175f7b4db43e8ba9339ec907c28d26f3ac9d1ea31851f6ff9c02ecc6dd146831d0b4a77f88	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430194161"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{90659531-5DCD-11EF-B5D6-E21FB89EE600} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d99090000000002000000000010660000000100002000000081d868d46c7f84face2a0fd5f7a981d19cefb3e1e0f909f3252188cd79779062000000000e80000000020000200000006ea04ceaf73ee85d0babb79713e46dac5ef11456f10ff1e83c013ab90efcb19720000000163e190985a015409e3feaf94a84aad4d8885d7bfe7b8e909451912fb79ff8d940000000cc6ea08fccacdc6e26269c1e746a504293199cdabfbb01eca56132e251edf245f0f1ed9bda815ad8dbe47f5ce1dbff9606e80e4c81e42103fd0d0a65174bde27	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2708 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2708 iexplore.exe
2708 iexplore.exe
1728 IEXPLORE.EXE
1728 IEXPLORE.EXE
1728 IEXPLORE.EXE
1728 IEXPLORE.EXE

pid	process
2708	iexplore.exe

pid	process
2708	iexplore.exe
2708	iexplore.exe
1728	IEXPLORE.EXE
1728	IEXPLORE.EXE
1728	IEXPLORE.EXE
1728	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2708 wrote to memory of 1728	2708	iexplore.exe	IEXPLORE.EXE
PID 2708 wrote to memory of 1728	2708	iexplore.exe	IEXPLORE.EXE
PID 2708 wrote to memory of 1728	2708	iexplore.exe	IEXPLORE.EXE
PID 2708 wrote to memory of 1728	2708	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\apk\cyberRat\index.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2708

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2708 CREDAT:275457 /prefetch:2
2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e435124836f1b9a663ada21edea26fe

SHA1
6dd1002551216d9fc0c34ad7f080d2389dc4ebc8

SHA256
16ce44a56a4617b1a8c594509e2c1c3e2eacd34ccce363c4bde2b29575b0daea

SHA512
f7655479cf96b5813a42c068ac2bc30e4338a7ca605f4cf391ab13b6722a129b42140d285fa88a5f23138c285453e1e7b338bd5d229da69983d25cc6b55fb9a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
beee196a8583496a325bf703bba082be

SHA1
73c240f17a213657af87cc1e426f9e1db61adced

SHA256
fafa606dde788bf96f7200c895ee42b94c151f4055b82c96a73bac405638661e

SHA512
b2a92f9d19a197e6b754d4b21166e91842e526ef68eab7e388f1e532af011e251b269145353457628a13f16d2ac5c2472bd1001d1a16d46ab9de74fbf6778937

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b027ee316af199f7720995249a668df

SHA1
3d486bf6efac1a5fae921b96d4d20a02edec4fce

SHA256
fefd46d5d7ace4a7922386b97b19ddfffef4b3f8e048ae0419aedb6727b6b15c

SHA512
01887e56c19d4801da26a0eef967f4822b2db3e645be9750fff62d2e633ca1c088efee409d52e21060527d84b6cd4b07971ed7908a1f03170e6ee18e0ec58c75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3dffe2e08e5f48c400db04c6cb2dbf40

SHA1
a6db220fd08b793b69a25864f033ca3eb891265e

SHA256
71bb5968101d04028c1ecfed8f148976d6477c07da8f80b581e57be780cab020

SHA512
19d7dae28a8b71e7f5a5cc94b009682499797589037fbbe8919e51e56138b8b7231c02f27166a0bfbf11add8d64855fe89fef7bfedc935ed8a8a839e27975936

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6cbc4e366da5e57838a57d167aaf1631

SHA1
f15fb5881f096d2793eb7244bb5614514ad5c9e6

SHA256
a13aad722cad4b990988d98faad1fc7227e93e4a399170c48bcb97488f4e4c42

SHA512
0e3f3618ff796e303aa5c1dd4f24af618b0abd55950ee188ae601738f1e662eb94c49f0046bd0045c9e2b96214b5fc35c044a74f95fadfb7bcc29080edffd6cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a1b9edb707cde3cb081cd83503d42db

SHA1
800316b51c08175087e17e2cc8d9ea71314fe05a

SHA256
95e8c68390032fab96bffcfbda00320d4f6e7e693ad235ed9412eeed89716836

SHA512
f96bef67bb088a19911d70e9a4cbe7c63ce872045a72bcbd067ea606023130282dd29b3c0e552449993e29e97510ab14da55bf7f8cb4bd57941a94decaa5876a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5fd24b870b5d42644104c1ea8ea25fc

SHA1
a23df8b56447239240440ee094955aa93d7be29b

SHA256
042aa0969258e2e59767342775246002d04aefbfc398068befb6e69e2bc87edb

SHA512
b6b23abb0b5eed6f26edb75b88b18858fb507882a05513afa7821db54230a8298b6523456c72705db197eb24c49933ec4e4a55cf5c77cb0c459bbabd5d9e717d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75cfd11f716311b57a303f68a3568380

SHA1
977b1c51a6f1344c9c12bb65c7ebbb36fd1a62b2

SHA256
cfd903d4d56265c6f6007cdc800777a757ece53e0d9c145581acd864c4b2dace

SHA512
12068a2a09ba07c7401ad02d0939a9feec3ea3d400c0d4cdc2c493a572f65ff5da13f87876572aec0918b3f0892c7185c10d676ada70fc331adf0b92f00dab3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39b17aa8a4d47c1f2e5f90d739b15e87

SHA1
0910cbb28d86d7988c52b6d96750ae321720e957

SHA256
66cf4f63b18e9928d95803818c52695e5028b5b74648f1dacd0bb03351eb8d2d

SHA512
cfeda9f4a399108534b1b24c7bbb7884f6919914a54f89c9e420aea886cabd1cbfc8909ef03f78aa7d69b2a8527269f3c3e343f3e83b005ffe9523c2ab52899c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e37beb37314602575b4fbc97c5be287c

SHA1
e24cd3cd10b363c01743b8b368b99f4e138554a2

SHA256
f368bdf334a5d549dba6cf6394e723628b89e07c05aaf01ea9dcabc6291f622c

SHA512
3f1f384fce2bc67b2e66cbc759efab7a22e91a9f7b81afebcc932ae74cbc426746280bee89677a319778c0886d6428ec1dd20e45d13999f2f1e3f00c391e94c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
40677f634b753bf3473e63155d33eb9a

SHA1
fada46f8a76e4e4c2ad549797eb32d11fbd7a5bf

SHA256
872f0c4d364e06794b940da77d41dae90b85e72089387009eaf6bed579ba12ce

SHA512
83d7faae7dc9472a18c4c0dfee9507cfdde7268a452a78b59611a91d7c16e5d5df042e3f1ee07b59e80ae0dbd087dc623ef38fa4c3fe26297c0c56e5e07192d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDDA4.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDE25.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit