183160e943a1e0b38a07dc0d6fd775a32180bdee16cc5b5df90330276e95bd44

Analysis

max time kernel
594s
max time network
617s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 15:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

lib/ace/ace.html
Size

3KB
MD5

79d5cf1e15800d488db989da5b87fdcf
SHA1

ad8d17c3e438a669ec5c5a0c147bf6437fd35051
SHA256

a99c139fe372b396174d194e0f3577ee339f86954ae7416fa010b2a62787cb3a
SHA512

421f7a5519ba5e03aad5458f6773a38c8ccdd7c9be010fd1e5e80e7d76dc0a72299aefd958f55136debfb5d5786d7f3a68e019ec95cc8729f313e7ee78684685

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b0000000002000000000010660000000100002000000024a0cd53546a21d71a7f3c56772fc36a2b9bb1b56771db8cc58514d30a36db90000000000e80000000020000200000007e6689c239678a0f919227bb9bb82d0908885aa312b2c1d139751b2f36a40cbd20000000c550cca31fc9d6cd5742ef4e2ece88f99a53b688fff23dc19eed75319d950ad3400000007e25d553b73e2d29ae7d3d62cdf7832708fdfd86095b9ec141a830b6aee4bc5c24e45caaae1d2dceac04b4226c79aa80f9dbdb799e2d855cc60d40beecfa2e03	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3DB42041-7056-11EF-943D-F245C6AC432F} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b0000000002000000000010660000000100002000000069662fbe99a6863010c86dc914ca444bce46e172d1c906741eb9e98e12fc069c000000000e80000000020000200000004cdb4ca6efcf32426defa46383da3bb7b5888b307bad8e2bb1ed3134eb5bbae69000000077af862d856b04f7aaf2264a53bbb5cad2df404a8eab14f3bc130cc7ee4b43f687f505550fbe4b1d74ba17b1a5ce18a406d30fb195375251e7b47b958d295a0818c2ea5b6e5ff8bdf2d6ff8b429e9643ba77e02c2a5c980f87c9dd764bacf2469f1a46d7c76d4e41d895691357026b1ab9ec5f2a2010d92e2d269bf8cb5ebb7b11eafe57bc9131656c023f3966fea4cd40000000599bb135bf4e4a9f74871a60fd992812546bc616db35b793e0fede78a30dacbb79c0b55ba086b88e369e74a1ce0974649cfcd8498c7609ff04305b2743d9f684	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432232011"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 306f73126304db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2788	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2788	iexplore.exe
2788	iexplore.exe
2944	IEXPLORE.EXE
2944	IEXPLORE.EXE
2944	IEXPLORE.EXE
2944	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2788 wrote to memory of 2944	2788	iexplore.exe	30
PID 2788 wrote to memory of 2944	2788	iexplore.exe	30
PID 2788 wrote to memory of 2944	2788	iexplore.exe	30
PID 2788 wrote to memory of 2944	2788	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\lib\ace\ace.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2788 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a1a55f8736339011a6e72ecccf0a40f2

SHA1
2cca15ffff6ede1b990afb3af0eda95ed3b94730

SHA256
14a50dd9c6288dfd1711c643676c07989a7366e257af426e15d8dc96861cae7e

SHA512
b8a2c08a161361c46c7574dbeb74a9d7c3f9bbac8db2edf9fc6c81260aa107bec801adccd2c65ea31b42bb34bae17f042542447bca46621c5c29c675de9414e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f6c40706b4b6cb3eb3f6789ad0c1b4ea

SHA1
edd47443cd986827450e6ad7729eb327ef7c556b

SHA256
c9026a23ffec1735eed967adeae492178f13d0689343a3d6481f4902266a4346

SHA512
6f9695b9bf8878d1ea83dce2673929c307c608c7af4ee8aba00d835259c5d38bbe721184fb1a5f6740d407f718a7722355ad8c36abe1d1078cb332a586118842

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a4158a9c88596b0d5b43c786bbf3b4e

SHA1
04824ff28989bf5dc0534dff37a42c58afbe343d

SHA256
eff79f4aa332b35d51ebdb8a08ad0e2f69d19a8a0bf9b73711bfeb11a5d578f0

SHA512
a1d3ad54cd6b61ad4b8a9328fd712fdc96a87801e9948c474449ea9df164ae5f81d652b52b16ea93aada1cc2574685b3ff1995ead2d70d1df877796ceaff29b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84ebadfcd6ea6d3c93518a3831da3143

SHA1
a0400ad16d030c5c231d3593e1c85676583a018f

SHA256
138fe3fa3a0007fe53d156fa518f4510ad90c611107a94d6509bb41d7d2f658f

SHA512
66d95e2479ba47bbf9938b85accf10426b96a22b6eea94b5818b3c77524c1a3e2dbc0492506be6b1a8f748015c4dee4ba066820d8093d45cfb49fa174cf6f4d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68f16060f61cc1bafb732ebc6b9a0444

SHA1
ddfa169acb02bbaa483304deb5bd5a263be14d38

SHA256
8085381d4be8e5b620879880831462ee5a620d21d4f51f1fd6b098c44f091e0f

SHA512
4eb1c36bab0b7e0ee0d5b1afd32c4c48f0e6bdcb2169be44824f6d2f78b7ad9a717f2ed52656f4b999dee805c13d83c0f81e5065a8ddb0b2ae3a14c012e92be3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea7bde2f703c1728276ca87412ba3399

SHA1
8ed4ab5e91d7a7cd90a8a755bb6086e8e1acb69d

SHA256
a5321dcda1622fc3dceea58fddba69d230c8662e77bec19485737526aca8f984

SHA512
f4f10d6a7e5795ad2379dbe854e749046f652a1bee54bf9d4f6566fb75db70b66735183e3345364c49caf6fd038e7dd44a428b62d309161c518e6bf216d6a148

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53b207c7970d2d05339aa295b89813c6

SHA1
3fdbafa028dba1c7021d2230309ef80aa41db076

SHA256
42e0ac150051c3096b3d5af589d6188e52d0f336d28adc53983d1b1073ad3794

SHA512
7e083e73bb009871dd3b10dd9cdc83ec25869467fad1e2c07e9d4f2c0dcfe42f8787421b34ee57b17a34ac91a441f970d60bbdd26fe0f127d9b73d85ce803b03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0b1f53ae5657fccd56825905cc8e4c9

SHA1
88e4517c664393f26261c8b6f2389e74c44c9107

SHA256
f041c7a694a40f67ae67d809cf3537a35266ecc71c8ddb15a630e35be032df05

SHA512
e84d9649c2c7ed54e7267a4bf55725119930c57b0ddc4e8d713b304bbb73ed2459e4d4c85bd0add658cc890912301d4849c8d0bd3e3d2b4afa4f43bc1fd92a5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9b6f0f6665a0916baed75ce3ce8cf8b

SHA1
0f9bf4dac68d79dabbea26c22f03047b25e3469f

SHA256
8aa2b0987c2d4b71aa609e6fc01350970957afc6a6f5fbde078895dcb0fc8fb4

SHA512
7fb5464311d6bd7ff4a3dd512962b441f651226b33987a671e26a40b8a4ccd9c715f7ba3552edbdd1d4966dbf314386914089623cd2f597de23bf340bc03daf4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d26120f35f679df304a57d22ec5cad94

SHA1
bd0f90fd0dc430ed21f8699a72d9f5fd32e56bb8

SHA256
170230e92f17c32d61e29f6af8711d4ab59507ab8afc063de1129ea9bbe9c4d4

SHA512
8d4b3aaaf1dfcc830908c56487df808de9dbda878221986bb442931899d5a62f949eba36935aefaead785522e4ddc0aa6c69552ea753149580c3286773fd2d92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a163d5c5d43b578b15d994f2e824eb28

SHA1
e5af536d11e3594ee56083b34d47f70473c753fc

SHA256
255aa59f5b235497ac310cc9a7297ecf47a056f78a7c9e3231ca39ce8c9f47a5

SHA512
23aab7bcbcd51d5e0d10ac2ed6310ddaf0faf43fd524d4857e5a81146686c74e323aa9783e5da9edfc7659b95bf25f91c61c5ded77c78d48569347255750b1c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee638986a9aaff53f169fb668c971b32

SHA1
e430c1cae53f129a2840aac36fe49040f74b5f88

SHA256
692f22b60b42c3e1e08b9362b815edfc090fc46e8433b0956c1113cef442cc88

SHA512
fb3c506d28260bede45bd196127c9ec3e8fdd08d210062ac71aeedaab9fdb54dc75d08004e2140f8e4bdc3085f292ff299175a18dff076cc058e11b6e96198d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5ad8160439c1379d51899c7a6dbef5f

SHA1
4ec12729fb0d46327fab5f01e2c000453734d645

SHA256
8a56d8a81b9803cfec7b55305765534bd02160e97a0f136178a017b3ceb1cf37

SHA512
d33a18430807b9e856c9fc941389a4be53fac7c87db497d0b002f0faacfadb139c4fe4e15bca5df2837a7da942defd8c24bfd6c2c5c8858fd44ed6b2e5b0d03e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b811b5a68e66f4773945b99aeee3435

SHA1
5fdf76412517299ee1402cf9da6d6b324b946bfb

SHA256
43233391678a5b2507e70f2d4c32fe897d53e1af0b0ae98f974aad93dae0eabd

SHA512
ac1e0f700b52f32a9b3d19b739dad9c711ca6f2c8f1e928d914913fff80b543565a4eb2c13d84cfa46e7ad5b017518b6f833484a7d61b949ad3b1d9d3d355fa5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
356ef86c5d664558311166f7adbf0118

SHA1
ce852b4281ae2797fc0c5b73d456d4a20a2c5afc

SHA256
0823d31dd54f15a461cf627512c9b420921d1fa0cbac319f3edb39b69d3bc50f

SHA512
5f9154950ecc020902c093938567f60cfa9da5e7fb1c0759d082e734a0aab3d8a78759b8b72acc62566e59c32d798f0c85513007f6b42c5eb0ccb9b2cd705b71

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB1F3.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB949.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit