84bbe4d6527226bc4f8853b652bd86d946b9437a73f7aa706955670ec3eac981

Analysis

max time kernel
140s
max time network
153s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/10/2024, 17:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Impact-Value-Chain.exe
Size

5.1MB
MD5

7a285fb0efa2a3ac62859be0a4770760
SHA1

a356c3181120b32abcf0818d7edcc87aa2934df6
SHA256

8d0e939f6b1b877da09d27745bdc41cbe8fa2ef18199ae5f74352a48d66b15c6
SHA512

02f4aa6b8532211b2b3e3239d619e65ad131f5e1078eea87a1c83a5aa07b0aa53c6724255432f50d7b3f05dc637f16158b68a8a605f252c4545c7a6a998139fb
SSDEEP

98304:4KxQR2q8cKtAd9LGi7gLjmhTqTpwOixdp+mgulfa2FMIRavYBJS:4ZR29JtMUisLjcTYmxdp+mgulfa2FMIc

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Impact-Value-Chain.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf60000000002000000000010660000000100002000000044ef1ebcc014d1b293a5ded0c2edec73c7d590b1c4a85d6a214a33937862ba74000000000e8000000002000020000000aecfb810f4e60355ce88a9c60a726536596bc78840658dbcc3c97131f891900920000000912aa5e95f97d10e6c3bf1df714603801989c6af170e19465ac400fbd040913740000000cb56026682c5b7ef1f4b1fe15b53d637830cbdc24e608e211109d9d1b8cf1df5d4cefbce428c8da8e51bbe3218f2a018c6f44a515b23e24040ab2314ba41b246	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60e863b4ee14db01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf60000000002000000000010660000000100002000000024829381046297ea8ef27291b783aeeaf4c472779a70a68ddd8d60942f37c126000000000e80000000020000200000006fb1770376b7bf127fae4f486a44f5171aa5d1562b56d88c9938ec6cb52d8910900000009a2f88095195de35547ef430a1e6a51eb344f4447837b8282215ee1de6a7368498ba26a7021394ed034c6de033ae1e4fd6448001bb90fb35084895c72a8bfe0312a5c23f734ccb03c0e9ea5c687f700396ef6de91f25127c427e98d28a92ec99c4163a0ca24b69ce70a2f980a1b182fcc979c5fee78bf5c368d51235a24d43db1cc08a07d6a2da83b876e4a4cf6184e1400000001ec2cc1c1a272f7b6f7fbbc29f8eedf9afd9dd2f088c5daba3d34d2273e90cb71b7e34b5bd8a5f947c5e1296dddb1941583c13a6e543f2b2397c6b9bbeb65906	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434051173"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DE38CCA1-80E1-11EF-BBB7-C6DA928D33CD} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\TypeLib\Version = "1.2"	Impact-Value-Chain.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TabDlg.SSTab\CLSID\ = "{BDC217C5-ED16-11CD-956C-0000C04E4C0A}"	Impact-Value-Chain.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}\ProgID\ = "RICHTEXT.RichtextCtrl.1"	Impact-Value-Chain.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{ED117630-4090-11CF-8981-00AA00688B10}\TypeLib\ = "{3B7C8863-D78F-101B-B9B5-04021C009402}"	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog.1	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}	Impact-Value-Chain.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AFC634B0-4B8B-11CF-8989-00AA00688B10}	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\TypeLib	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BDC217C8-ED16-11CD-956C-0000C04E4C0A}	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3B7C8863-D78F-101B-B9B5-04021C009402}\1.2	Impact-Value-Chain.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3B7C8863-D78F-101B-B9B5-04021C009402}\1.2\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\RICHTX32.OCX"	Impact-Value-Chain.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog.1\ = "Microsoft Common Dialog Control, version 6.0 (SP6)"	Impact-Value-Chain.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\TypeLib\ = "{F9043C88-F6F2-101A-A3C9-08002B2F49FB}"	Impact-Value-Chain.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BDC217C7-ED16-11CD-956C-0000C04E4C0A}\TypeLib\Version = "1.1"	Impact-Value-Chain.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RICHTEXT.RichtextCtrl.1\CLSID\ = "{3B7C8860-D78F-101B-B9B5-04021C009402}"	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3B7C8862-D78F-101B-B9B5-04021C009402}\TypeLib	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\MiscStatus\1	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2A4FCCB0-DFF1-11CF-8E74-00A0C90F26F8}	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\TypeLib	Impact-Value-Chain.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\TypeLib\ = "{F9043C88-F6F2-101A-A3C9-08002B2F49FB}"	Impact-Value-Chain.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TabDlg.SSTab\CurVer\ = "TabDlg.SSTab.1"	Impact-Value-Chain.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib\ = "{BDC217C8-ED16-11CD-956C-0000C04E4C0A}"	Impact-Value-Chain.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\COMDLG32.OCX"	Impact-Value-Chain.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\COMDLG32.OCX"	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\ProxyStubClsid32	Impact-Value-Chain.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib\Version = "1.2"	Impact-Value-Chain.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{ED117630-4090-11CF-8981-00AA00688B10}\ = "IOLEObject"	Impact-Value-Chain.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{859321D0-3FD1-11CF-8981-00AA00688B10}\ = "IOLEObjects"	Impact-Value-Chain.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B617B991-A767-4F05-99BA-AC6FCABB102E}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\RICHTX32.OCX"	Impact-Value-Chain.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\MiscStatus\1\ = "132499"	Impact-Value-Chain.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\ = "ICommonDialog"	Impact-Value-Chain.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2A4FCCB0-DFF1-11CF-8E74-00A0C90F26F8}\ = "ISSTabCtl"	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RICHTEXT.RichtextCtrl	Impact-Value-Chain.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RICHTEXT.RichtextCtrl\ = "Microsoft Rich Textbox Control 6.0 (SP6)"	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\ToolboxBitmap32	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}	Impact-Value-Chain.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDC217C7-ED16-11CD-956C-0000C04E4C0A}\TypeLib\ = "{BDC217C8-ED16-11CD-956C-0000C04E4C0A}"	Impact-Value-Chain.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3B7C8863-D78F-101B-B9B5-04021C009402}\1.2\HELPDIR\	Impact-Value-Chain.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ED117630-4090-11CF-8981-00AA00688B10}\ = "IOLEObject"	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog\CurVer	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AFC634B0-4B8B-11CF-8989-00AA00688B10}	Impact-Value-Chain.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	Impact-Value-Chain.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}	Impact-Value-Chain.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\RICHTX32.OCX"	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{859321D0-3FD1-11CF-8981-00AA00688B10}\ProxyStubClsid32	Impact-Value-Chain.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDC217C7-ED16-11CD-956C-0000C04E4C0A}\ProxyStubClsid32	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\HELPDIR	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3B7C8863-D78F-101B-B9B5-04021C009402}\1.2\0	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3B7C8863-D78F-101B-B9B5-04021C009402}\1.2\HELPDIR	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{859321D0-3FD1-11CF-8981-00AA00688B10}	Impact-Value-Chain.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{859321D0-3FD1-11CF-8981-00AA00688B10}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	Impact-Value-Chain.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog.1\CLSID\ = "{F9043C85-F6F2-101A-A3C9-08002B2F49FB}"	Impact-Value-Chain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\MiscStatus\1	Impact-Value-Chain.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2A4FCCB0-DFF1-11CF-8E74-00A0C90F26F8}\TypeLib\ = "{BDC217C8-ED16-11CD-956C-0000C04E4C0A}"	Impact-Value-Chain.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2080	iexplore.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2336	Impact-Value-Chain.exe
2336	Impact-Value-Chain.exe
2080	iexplore.exe
2080	iexplore.exe
2264	IEXPLORE.EXE
2264	IEXPLORE.EXE
2264	IEXPLORE.EXE
2264	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2264	2080	iexplore.exe	32
PID 2080 wrote to memory of 2264	2080	iexplore.exe	32
PID 2080 wrote to memory of 2264	2080	iexplore.exe	32
PID 2080 wrote to memory of 2264	2080	iexplore.exe	32
PID 2080 wrote to memory of 2264	2080	iexplore.exe	32
PID 2080 wrote to memory of 2264	2080	iexplore.exe	32
PID 2080 wrote to memory of 2264	2080	iexplore.exe	32

C:\Users\Admin\AppData\Local\Temp\Impact-Value-Chain.exe
"C:\Users\Admin\AppData\Local\Temp\Impact-Value-Chain.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2336

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2080 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
27ecd66051c5f9dd41811186e799a615

SHA1
24a601a1fc4c318443db4754bd737eaed64aa80d

SHA256
8f921739c791d71162035a2e0159b5f2555b72004b0fc9a4c8b9163a6f1d2937

SHA512
78d7ef5b49274c7039700f2b0353283b2bb7b699d239686079cd77d99f473986593576004bbf63fd8417928e50868cd43b7c5bf6d87f596e85c90387358aa859

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78019aabdb6cdef2a283b2a47a4b1c4d

SHA1
a228a13b750059f2079432b09ab1e881b4a3772d

SHA256
9c9529846d69f728c34c7b8a25acba4e2ea6239f95833d0de4433b6899bfbb7e

SHA512
916373c228969745eaddc1dc775a9ddb568fd9dd943cfd6a01d51f2bdda450fa97e52e47aaf8ca736246d2905b48f6e1afe40f74177c9d61a4c2d2b49d3f86ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4ee1ce2db0e69d7730c4a94abbcf783

SHA1
7659915dd2f89ce58039ab8be3d99a2ebfdffbc0

SHA256
3804a3b9f3225f40f21e0b01d516e76a71997789637a24715e16dedc1fd7f32b

SHA512
adfb7292900d437a364bd8d60084eca0efd582c2e06ed0fc7df4c2a524a38064e4720d3513ad7e6273185e265b8e4a7da66aceed7be022181b523ecc632ad03d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
021719c6bd110714cdcbd9c842fc6e5b

SHA1
b949fb06ecebc7a934c13c1ad9e0dc7c77f6a96f

SHA256
ccbcd7833982a5110510312e8deb6e7aa4d9828a8457d09a97659f37e29af0f4

SHA512
088fc6ac0afa426bdabf48653da48cc0d502921841b8c38aa4753d78230737ccf2e81e1cc75c03916652504da2dded7e59a1031927f18835cecc91679eaf0480

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
635dddb04b96218b3f9759fe25d3fb11

SHA1
b7e2a4ee4f0606d5a1bbf3d85bfb581b1300c12e

SHA256
f4e591263cec0821587a39df571ebbc9fc0861629c89f25b59bb4813cbc502ee

SHA512
0df714e98bbddc17e943687d2bef64b65fe0215a440730214506f247a56b9fc4e58857ef3968ba56d711fbcbc4d74c43807a8c81d0c783e1afcd525a0416b12d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ca213917d61ffa69e3dd4bfd881107d

SHA1
e70d95df772f74e25ff2915b2595ca0331bb6e83

SHA256
782262f845aa8717d93930ad6de948e76453d2f1fedd306bd2fb38a313e03605

SHA512
15e7df64e72707537a72034a0d2c7bf6f2248659ae0748cf2b560e1508d9d115f89ce858e769894277e65a3c4c25239c30298fbfc81a884a7c53e2ad37ab992c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
23a34a29388f26d977736bba3ee5bc2b

SHA1
5546142f0d6c7e468979f9ae4c5e1c7f0c0f11f9

SHA256
6a2a0394ea58ee5c83ecf0f6adbf35af81300818c688aaef5da44e02aa5a1495

SHA512
f865f399f05894760bf056cfbfa0492180ec82376bdf5162716e4a0adb15cb5076d972c328cd1473b8784b3871c8cd43fb5adcb54f813bbab59a7c73f28bccf5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f37d9c47e20b4a3ad54148ffdf35cc4c

SHA1
81046e9fc40dd935b16a3018ee673a9d7eb671f2

SHA256
cbdb65cea238297a0e3a38f3497be6deba92b51a2cad81a66c1c1a2cafb71735

SHA512
d4827ea508a5306bdc4a8822fb7bfa474a17a06b71bc6b3850e4708b047a20353dcf65e120f4eda29156b68f15062c3145318092d2f9d905d0fbd189e9c43edf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a4656e1494bbf2680d9413eccaab152

SHA1
26905e3235a05f120d2bf81391b0e80bc5370ecc

SHA256
c1f1998c41b3f304fabd58946dfcbc50c64f904677b8876b5d3abedd687691ac

SHA512
5b5f5641266ecde3af3fd2be385fe124beab71f134a50dfc87fefb8fb5d05601a4d5248a780aee772ad86d9ab70fd1a8bdb813adb97a4ac6f9fd4cda994e8a50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b98581963e739d9afe2e8d0a1546f00d

SHA1
b39babdcbb234ddfeb6ca6a8e8862ed3cc818631

SHA256
d491b919b4c820438a39b25da7fad828f612df8507f247777d6089c894f37365

SHA512
faf3c30a446376ca606b8b1d952b5769c1eb02b0f1f16d176af1c4a496af5eec88c5231d56070e1aadaf07763143d84a453f719aef7da493ad84257c1dfbe500

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9c5bdc6a85a80bac8cdcced3ea83bea

SHA1
ff1485c8737485352d9e5811b6c1a6afcbf501b5

SHA256
93e992524ffa3da23e4bf77b9b5340b11a01eaf3e3fc8ab51cf0a852ebcfb1cb

SHA512
9d601492593c41295170b5003fe183f701b1c1ae80e704dfdc44040e7cf163ed295d3227af518a51107af1c677b43558ac7c33657fda56dd7335d2cce07b664b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f616acf4d45e7f5965042d1cd76a1e8

SHA1
55474e031f41806b51cacc845f2c16d5b8817581

SHA256
6e77a34ff7210d6de3254a64bd3dceabcdb758c4412eeea0110f56e60a633c4a

SHA512
147ab036ccabe66538c833cea3f2d92385b81a0f317ab4012ea32086dacd55c851c37f0d242a92276b6e12b20bee49a3e38aa94222a6963d79c05ff4a3fdb4cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e826b702a26a8b2db00c5ecb29ebadd1

SHA1
1fd3d97f275991b87a4c3ab0701860d18b4c7c89

SHA256
bb7acbe15d68f7debbd30db2b2a39031faa915433f9a1a4a0edc0aca62210e08

SHA512
68b3dad2c1d690e36dda731950bb7f8448cb88aeb76e0e4b887e2423683d0531e3a42380e7070954f73d3e8e8d42bd568cb6163c5f668219db4c3817316f710e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dde8e3300b15d3c3a79c7c7ef16dbf85

SHA1
e78d457b8751d4f1cf8557ce5482f14c6532b28f

SHA256
8fbadf55bc2021fcf099f4cabff1ba1b8f5664c411199cd4df07fc16e365d1a3

SHA512
b0b518118a48a3b89d799b63808b11d67c07e1e6651f4f6d601a9123941c2cf8b3e603bbb2ea57e9b9fb92660d415cc6b2a41839350236306788ea8217081fe3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec1449d661d0c8cbcbe88a6e62d3c76e

SHA1
482300dc823e7f553c179906aba1b1b406b2745d

SHA256
c586445d2d994bc76bd6184c9d1975810abb4dc0cc8ecff36d83f58453cd5886

SHA512
c2ebcef42abdd8f0ff95eaa959a669c648105257c87b1199f6b940a31a01cd0261a22ef996bb5b107161ed4fcd501aff07a3af6bd00804fbe799e849cad9c32c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d104f4b96ae2391c348fa7715b4ee400

SHA1
dcd25bc305d04621e02c4a2da7db8437d6b77865

SHA256
e70c2dadb6d7e1f3d9efe9e12c0894e02a8d3ddb8c0657cc6242f9d74fd6dd18

SHA512
0cc6c9f105a9d9b2b9e80db465b91ea009eaef305470ca22f74eabc9a39685116dac9d2b3d939b9d2949b37e5090b56020a3f3387adfcc3316ddfe2ef19b0418

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c101da17e8809efdf8fa970fe8772998

SHA1
644a252231f04206c1eb9e4959337190d67845b3

SHA256
5d679154a8a09f7c1df4a82f602711aeae0e794e172a0054a362be1f883edc7c

SHA512
3802449fc0947956d08a6331102d25ca0bad93e96c34664efa1be2c8c2fb224a62eb3477164c1a181f37d211e9ebd43ec3a2d7ed8253b153ce6862c07d7bd045

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c7d641f0bade12c7e949d12044495937

SHA1
0e3e36d888a68e62681a80d7f918e3748e09e9b7

SHA256
c8d38b11bdc11b3b4d4caeebfd2a3b1fdf99957db5a4b9f9ce2c2a6d7d53ee74

SHA512
46b1941dca0e7ed37f890c2abdeb3207e7cf3fc526bf348ff9b946586cc336bc7b4ed374441e8fd156e6734c47cc1a2a7ace1b90f7d5b8b8e52290d8775a793f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab24B1.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2523.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2336-3-0x0000000003D30000-0x0000000003D32000-memory.dmp

Filesize
8KB

Download