06f33847e0a0c729f7ffd3e2a281d8cd7cacb3be703beeb36dc85f1624ec6d2f

Analysis

max time kernel
357s
max time network
369s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11/10/2024, 20:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

LICENSES.chromium.html
Size

9.0MB
MD5

f90bec233251fd8b0cec0a2aa45be071
SHA1

9af25a284eb14f1a8d5e67fd91d7f963d7a9c3d6
SHA256

1479be3660c7ebfa60813d7ce9c5f017d25946ef762b3f1cc571180b25151e48
SHA512

23dec29517ff7ab9999462211844d369f5f7e582037914d1be98af3bf43c41417a27c32314507d19d37d87d9acc4c8da085948794cfe32689dba7a2e0a393b04
SSDEEP

24576:G8QQf6Ox6j1newR6Xe1Vmf66k6T6W6r656+eGj7dOp+:fGoeGd

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008e0532b825a6224f9b539ad7cbb914a5000000000200000000001066000000010000200000007a30bca7e23dd443f433457e12398275db5ce1daccf18c7a2fc27b1a164f33ff000000000e8000000002000020000000aba385a3527225d9ea6c087941eca232856a072afb1e36fec77ae982e4eaed56900000003df3362731f7d205568f479f6cbea880fe46837287e691ce470ac1d58f6e69ef499cc5662351cf3571ec704d0883519638fe786ec6f7b70599e39fbdd6277852018a99873c075a440109f968786b07ceb054e899ae448f366fd188a243514b7d2513ac9f8089f89f6db786a7c7b60f20bef5d68dc4af9e16841932b505174767cf5ad3ec61c8c63518f2b4852c5245a040000000e289ec4f30e1816db9ec11f972a4dc335c2d2f088b91a8f5bc4253cf58506c3495c4bcfd8b8141fe73259575e4675eb85d203cc810cb786574372921aa48e516	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434841563"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008e0532b825a6224f9b539ad7cbb914a50000000002000000000010660000000100002000000093ec7a9d2d3f62c2490a46460ce585511a52be0a8d59a75f78c2710efa263c47000000000e80000000020000200000001b92ff3dcd542abd856911bcdb8bc2bd8e4d3e6c8b10d28be50e062b085602ae20000000e1ef08da9e9c3398da2c9d25ba467117816d9bc54824eedbc254732624c8ab0040000000fa6bedaa37aacd72eec9a108980b3fe2187b0a6ecd39026464c12baefc7ff843962bb116a46649681ba63db2fe39b3fc9ca11e1409b4e58b28315053f15aa1dd	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{217DEB81-8812-11EF-B33F-CE9644F3BBBD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a02a68f61e1cdb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2156	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2156	iexplore.exe
2156	iexplore.exe
2324	IEXPLORE.EXE
2324	IEXPLORE.EXE
2324	IEXPLORE.EXE
2324	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 2324	2156	iexplore.exe	31
PID 2156 wrote to memory of 2324	2156	iexplore.exe	31
PID 2156 wrote to memory of 2324	2156	iexplore.exe	31
PID 2156 wrote to memory of 2324	2156	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b530487d7730454a631fa370676eb937

SHA1
8b8d7ab18b6b33d30673955a02f33e873e0ea74e

SHA256
70d7f7285927b201964f3509b50724f4e2d620470b9218498c87cf64764145c8

SHA512
1b7d2c24eeedd8da9e165253297d805dd6f962edb0c4496d568f69a9b34cb0d14545b0bdfe231063c94806ec9c33808bac3cd5d79946ea557d762fe630bf7b7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8dbd0b63f8635f38e3b468b818f88304

SHA1
9452ad12a1622bbcb380641d74436f08ce730081

SHA256
46a583e8612492128f03a7480df57fa95d880dd7b562d904b5b5484373636671

SHA512
5264835aae90e2241696c12551df67c343655e5804a6c78c09f56e4769953dd86df425aa1a5dcdb720376eb06ec7ee69512bbd4b32ce74bfb8546ca5f26f9847

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0ec09762a61eb495172aa85de7187089

SHA1
7d25e1e53f92e87bc57e0607f377fd173a48d8a3

SHA256
7923be211a666af84a54cf1ff9695a064620471fc9a92e3bc789022ca6e05e96

SHA512
040c47257dc7f3e17a8dac8f290bb14061fd7e8ce888ce34854f00d9513c9bff15f503b6904eb52a6632bd2df3565f745be20fe69a21c93c8a7afd67e135e943

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57ef1921bc811ed487c7bb1e8f2c6459

SHA1
e9d80454c3b9a523b412a6bf1782d019ba03f6b4

SHA256
499440fed26808dfa8fda1a29efc711dcdb800b37fde0034e18b554376acac25

SHA512
3c2dfd10cb6cbed1e3303118e3d61453b49115e8a6d8c0fba0077b24d200c180c5abe8a592ba92dae274f91d7b1c108f755ce97da281a456c8aa42cfd4df0201

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1f6cc7f9a89bf904957e3657429e3a5

SHA1
1b247751e26e6dc57916a957a704bb4ffd5fb963

SHA256
4ed00cc986123cf939ef7b4a860184587313c655dd32673fb4ef04368a6acf18

SHA512
f32ee7cf68f4c9f9faf430a3f89928e8dbfa79a66cb93c6043308fe19d6d0ac4c53031e40434ea67e8e665458a0b3aa1230bb8221da0fd340c2148a4b7ac688d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ffe2c4d716233c43b80f966c8ef54719

SHA1
8f469c868879756eb802932a7a9dba46e9cebbe3

SHA256
4ef8452935c18f86dcd622f9a9ac3612339219401dd9df0475e729f99bc1cc67

SHA512
fdfa7af86d3b55886273ec3f53d861a5164b529acd937eaeabe20f7818c3e36899a374fd53ce3f118369d84dfc5753f5d614d768a5cb55ccecfb305fdd987ff5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ea696de849f2d96c7f7655fbd1907b4

SHA1
07292cc50a0769c766ec2162b381c3b8b2ed03c4

SHA256
76abd3506d4807ee9445b2b4427004ffb23e66ff676b7266f97cbed5d012f9d2

SHA512
94313ff44dcffb6c24a068f15eda43a8d031ebf61bab33ccd5eed901865025323fbbd802a9332c9a192f84539483f783cdfb2bdc8fb2a1e812b2080f78f34aea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5fc10f5c64fb8a675d22e3d5cb0e382b

SHA1
c8e00e2cf4e9c38898abc950a263699fb4a04e28

SHA256
11b33cc5354df743314c4d33e68cd7642771b286d2471d1831cc5463e8977652

SHA512
da7754249863104d84ab09ef886c60f0b0c4adc74191009a75105ca01781ce60f454ae4b185f789897e8a10f4c8127da9ac93f0a7ea683163cf6a2c71ff0aca0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
54e7996eb156193798c5d52895243f55

SHA1
ac5266d1b2926b1eaa9e07b358a145c101a15fc2

SHA256
f40584b4e70c4a8dc183633b12878f1beb8dab39eb12db90b3a3ebc350276112

SHA512
c3ef029e9ad323683486742267bd6b54474133410f75fe11fa4434b4acd4d3fe6c928aed99794c3a0256f79c8acc7c0197ba809c0dfbc12f2e7065da4c9ac57d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f786b4dca011fb9eb7621bf2fba3f83a

SHA1
e7da23f204c6cfe108d8a5b17a48139b5f28da76

SHA256
4086e58dfbe70206278780e18012619fd723e8a4300b2f722f01fe9a220a91c7

SHA512
3ad9b8b1dcd99c1fe7fae3a777f6fc147d6978b02051e55fdcaf2313e2bdcb4f19f2deb04d3e7351bef863188b08491690b25e807ce1ed4f39fcc7f8f6506150

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ea04652c8bb3cb46acc6fd34516669f

SHA1
600ba3d0d02b7d2d988f62ec3c4d7853f8730621

SHA256
05915a5100e6eaec1d1cd18de901a1955389e7adf2ea9fd54353d8c827517e1c

SHA512
5aeb49c40ba868c53993cf27f5bb0cc85c33ebf55a9907f17fef256712f22a56470849cc16a0765a5d1e37928c54e09976315ee43b3e046a5688e1865044027b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5eae582a8e1d262402fa762664d110bc

SHA1
b5c0b9fd4f83ba06c2c61effd04bce6d4f3b0234

SHA256
d359211c05ee6cef5c3066cc0f247d14d26c70538303d587149b388a103bb757

SHA512
38b51dd6af369e29227b11796ef9ef4b7b0415b53aa28d907f79387149244fda2995e21bf6d2f3156fdea471db3ab2718158a876bb59c97aca0f6f731c02ae96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb825a87d1c381990a8df8315dca4849

SHA1
850391c51cfc3b71292289c5f7c9d8969a4b2d3a

SHA256
1bdb4e1e1d1d9f98528caf98c9f95e06ffc26c4b38934974ba09652abac83c9c

SHA512
82b707744ebdfd5c2033e2ca67383978505234b432243d1d6015a4802b659be80b1c32cc47454236ba77793fea3aaaab90435d5857bf8537d239046021624b7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d750c35f946a445778fb460e0c065f0f

SHA1
adc674187bd1b63e08aaae899cc3babe1f1d8b48

SHA256
2b14e5f741f5d8176f58339b6867f29fc10b4181cf61e866b86c330a2988365a

SHA512
5ef98210bce47310212e071c8563744dad13bd8dc8fbdda183b1d4be91ac641a16a8a1abca7184ec15c59e6094aa209b5e72d6791aa0f6fb1b0c58264175a0cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab259C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar264C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit