7d509913a3d07881ee762b496138ef59681d6ff9a2540b73385d8a686b120a5a

Analysis

max time kernel
119s
max time network
142s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
20-08-2024 12:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LICENSES.chromium.html
Size

4.5MB
MD5

d4a79b5d46f0931b9eb7125fd40baff0
SHA1

3a38fb263dde2251b9fe157b5fddec7acb07c53e
SHA256

03f1d245e6a2facca9edbdaad108169e0765dd9101875bc2d123797994b9e80f
SHA512

17cf94805f11d499ff12d8e42cb262ceecbeb265f56338e0837d291f6a7ed7f8135a025dbe99fdb2e2bb299f2267bed9365976ea51269aafd4c3220cffef9339
SSDEEP

24576:thgBBmnLiLArZ62BrcrnKHq/kUkBAwi9QxruE:rYBmLAehN6KK+xV

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

IEXPLORE.EXE

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d9909000000000200000000001066000000010000200000002184f6956e53e92e1caefeaaaa3da188e03111ca69f82bf655f3671c67251ced000000000e80000000020000200000009a97feb6779acd6da2a58f836ad3065edaba839c7b9fd7fd464e9ba199eced63900000009c3807e728713ea93380b22310c4b5959115f2f53879a7bf8f146bfa4cf372c1ed1f29882a0b2cc04a3346b4e737a349878742880ebdf2b7d05b4c086c531eb5ec46e0ad3a63e5901ea956c9ab4187db4ca36aa504633cb79d4b92328e7a9fcb46d0798bcf449170b975b8f2b74c6cb122785edcc3a14f43005b70384ca9c349d9a8bc9125290f2e9e462bbb6f59910540000000f946f342d039a6c033ddd878c3a7d42519c4d74c850f580d97e3da8d1bff9d6133b6c373bf483e56bc1a30199fe42901e9ad53a18e15da602c49de22c658cae6	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430318140"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d9909000000000200000000001066000000010000200000006c986cbd0675c49e72ccf4a0e47dddf7bce50845bf2170f1e15cf8ee5df1d3e5000000000e8000000002000020000000461e4c9b3889c022409509f36045d40345551574e3f8e9f77967f0966b6b370720000000f616168a1580ce42eac11a2f8ccf161ca00dbda8719285ec5bd97a557b3091d3400000008e69eaa13c9967a0b8acf795005b150827a18143861117c45520e68c9e5d22865fdb09e5f109478e5c1fc256d9a3634edc434304f7b03aadffde605fee7bb764	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{34548B31-5EEE-11EF-82B5-E297BF49BD91} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 702c1209fbf2da01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1544 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1544 iexplore.exe
1544 iexplore.exe
2800 IEXPLORE.EXE
2800 IEXPLORE.EXE
2800 IEXPLORE.EXE
2800 IEXPLORE.EXE

pid	process
1544	iexplore.exe

pid	process
1544	iexplore.exe
1544	iexplore.exe
2800	IEXPLORE.EXE
2800	IEXPLORE.EXE
2800	IEXPLORE.EXE
2800	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1544 wrote to memory of 2800	1544	iexplore.exe	IEXPLORE.EXE
PID 1544 wrote to memory of 2800	1544	iexplore.exe	IEXPLORE.EXE
PID 1544 wrote to memory of 2800	1544	iexplore.exe	IEXPLORE.EXE
PID 1544 wrote to memory of 2800	1544	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1544

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1544 CREDAT:275457 /prefetch:2
2⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c2792302d0478123ce17892805980190

SHA1
f7968739498b242fc34e92e9d1c99833fcee465e

SHA256
80a90331b65be5567f88d57593b8a6cee318a935a2d289c8281870f8c2481252

SHA512
bc774620f5815ee8e07ed5d19cd1a8e8fb659f258392342fcda9b0df3ece6442a994dac3a3c43ced4240ed5e55314e5f24513533a0277c467be2507970d709ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c595470c5cc5ab605078a4624cdc4362

SHA1
c7fbb595fc57756f6e5e2e950f10f6cb00eb6076

SHA256
fb2cfcc4b4fd866d390dd8be88b1f2110b92ac01fdf56798b8cab61e592049f8

SHA512
0b1fcfd74595a76c019520944cdd1c4f3d15b34ec8c29546255e8483fc1e4d28a9ec8b27502fc44f514c5f5ae16901de267b7467c359d692757fc99928034353

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9efc045c40123f4df1ac22262521b67c

SHA1
e354cce9ad1d04b2e7ae16e17ce8455c06befbde

SHA256
97aab1bd41d248a53e4b26bca2b60e98ef4b89677f95b7eb4d23172fdea75cc1

SHA512
ec29f63a3890c339f16eb15700d5d444c024a263de7a68457ab24226a8d1d9a3b144236bdcded05d3192667536052a4c760a479f6e07c469a0713761cca6b982

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d8875893f1cf0a46c9b520da2ca41a75

SHA1
43f3bd0ac5457b1a5c36fc3d197977209a831220

SHA256
1b5cb7fee69bf49e0582569d3732166f04b3e9bbdc900426e2820329dbad6d4f

SHA512
f0ee5afad084a4ad8350f99965aabcc2cd361f6e528ddc0567da6e2ec291d1c4b96e2bc7d7cc29ed935b80d5e48ea67c9fe986f8d874ae69cb575caf8b5b961f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9e04d2f784ec3532e9c8d1715185681

SHA1
6acec53ac3962a1e80ce93dde6ee91771fa99963

SHA256
5dd59c00b554360e5725b6e9e69eb7d036122eb75df9b4163945b642a1983121

SHA512
9ee81705a5eece1df4e358613fb67334772912a494d8c78f4fab6db5164a0641902d069abd2d824840d2292f021e333361e6369a2e05f42497af31e802111a86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6a2563c263c9f4200387bbcd38439ce

SHA1
382ae6c77d9883b59ba5c22ec4d0df0702f4011e

SHA256
c4637f6901eac09a3d0dfbfe2aed79b3a0cf00200675aaffe00b6ce867e05bd6

SHA512
005d4426ebf883e272271dd957de805e52143813c3589cfeccf263c511691ac5421c1eae44e961624256869d9d8fb2e8fb51a993ed99932a5361e4057400f294

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d461dc353476f17824ffd76418fa405

SHA1
3cbe1d1fa21698532870e0a871ee75b421a9428a

SHA256
31b7421d15b3b17443bda4764014ebe8023b9eda5160aac708672e7ce7980795

SHA512
431e0d583d6e426d6885ebd8e360f53c4fefb9aa48ac5e341207d29bc2580d75db9f58db52fd83dd7fbe46d645b298b7f60c725aa0d6c631c4fd27506f03870b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55dc52de765009b9a4c9e646a694df2d

SHA1
d9fb8c15d8947dd03d34e4178d6caff793ac58cb

SHA256
d7203a21f6d9f3dc26e167072aa776b21f9c0ae2a860ceb0d7bd04f958d4d5ff

SHA512
e1225688ef43751befe3908398c0749694dec601271f616e8094e110326b426c52f9a7f138829c40b0c2ec8ba559a8365efc16ef5c1c32ee3d54ae7813abbc08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b42616f4301e740bc881de09931957dc

SHA1
518da9553298cbb7cfa0fbc1bf45ac11a3ce5df0

SHA256
716da3031e9e7d69b635e38fb1171e58fd1b6e0ba00b6e44be54fd23d8594042

SHA512
ba24745d801392d6eca5a7559f9838bb2dbc5dac680b99e5a6e4a2cff1e238406b75a18a96f1a3ceaecf22e10713ac6af56a58298aeed36eaa55af5539a1a200

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a58e09f76b683a29164dadb8bc6bca0

SHA1
57fa242e62a285d2bd07fca503cbc96420452324

SHA256
bb64499d745c8175781bec8da6d6e911005e614788fd779d91f56d448e086616

SHA512
54d1aade77f03b3897d7a22da007ba595b19efb787af345cf20da4e3f1224714e6bb83016596d298432575203e95a8311d19a3d9d19f140192418a69c532d95a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
335eb9a2339df7d6eb14613ff85fbc9d

SHA1
70cfac64ee3dcd2ae7fa0820136b22fba9d0d459

SHA256
61ef9581906d01aac081ec13b75bb4a02c280e19afdf7a0cd57e9d31b5e40061

SHA512
f0498711daae641fbb19913f09bfecc77857872736dab35526046b1328f69dab768b08231bf5318877217d32e3729773602945cf6104a299df5d5a5fed2f05e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c300201338a28d3e794d20a4cc5e9ef

SHA1
da7430e8d2ac23f428c5acb43a0b76b8d85106e4

SHA256
a1be2043c8dc0bd43d09dfcf2a43c5576733f0e886d20926ab4acdcc0395327d

SHA512
dd6a749fc11bedcef82cd88ff96d50360b5f8bed8deea97b7eb4946b85ea283cd5c0c4ce3e774487d382f155b902a163727dc766705a40b580cb455e5c58fce8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df974d81e55ef6d984ad55ec785f4f03

SHA1
d0a6ea1baf8d59b0ee22cfc335e8700a6bca594f

SHA256
d1658d0d0019f717cb65b361211e089beeb27ab3ad9262fa5f243e037939590f

SHA512
f6bb649ce68ee6f293db9f45bf1e97896d421bc81599992c8426f2bcade69e07cd9aed91c64b9dcc0be250fe0bcfd4b62034e5b08829f0d53be45a1b18fcdbc4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc693b18748895acd300f538fa2edd99

SHA1
6a929f006d8ec80206513a4873e89e1f2efeb8fd

SHA256
aa102f94ce546c7bdfd6ea9bf59e8d9b5dafc9b8e13e849489340ceab4e450c3

SHA512
555fdec8e8d6a80201cdcfd0e0b614a420928be0794eadd395b2e9ef0acd6dbdcea734948e83adaea4f26706a291177189f0ab0e0dfdfdbe996bfcbff26b3404

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b4680991360b71b8e000e7f46652045

SHA1
5ac1d5fc0d369920cd111c09be385089a52aea5c

SHA256
3845519b8d31bd289e31f5fd2a27f5b09d66513efd60c57d04614821d02f002b

SHA512
0919d6bf1ef35a9d655fd0b4375978b03b9e42886264fe551425f1a283f7b7a03c435b97d270cc2b3c2bd966c6f737de2ae0bce8939e629fd6a1c93d339a6890

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
65ae4c7097297ec8a60409596c1ab98f

SHA1
797dd1cea282e6a6edf65ac7aeead0ca19b5a7c3

SHA256
2bde15561b6bf241dbbb62ae3fd2320e1fccff88082a5e2ad7ed7594f3620477

SHA512
9bdb51b656f6bc1ab94e2b0ec6667372cc8e7942b2c290e5b8ff729e621504bf049afb1b830b98a48c99a10498b07e603079983bc8a37362ad5712eda9dab619

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab144E.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar14CE.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit