0afab4b26c198530fcaba9dfa5ee813ea3afc3427cb7cef62e3fb624538bf894

Analysis

max time kernel
122s
max time network
136s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-11-2024 02:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LICENSES.chromium.html
Size

7.9MB
MD5

8303b3a19888f41062a614cd95b2e2d2
SHA1

a112ee5559c27b01e3114cf10050531cab3d98a6
SHA256

9c088caac76cf5be69e0397d76fe9397017585cffdba327692ff1b3a6c00d68f
SHA512

281b2ecc99502a050ee69e31256dec135e8cb877d1a6ba9f1c975fcfb11c062980ee6061d2368b62f91e392953ae6235dd726a9d98e6efc1302f7ed713099179
SSDEEP

24576:dbTq6T06T5kJWSIRWnBIl70mfT76y6E65606F/HXpErpem:t4scj

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f542000000000200000000001066000000010000200000009d601298309597be7a018f8e757fbc8baa70aebeb78c474455e5a4a946736d39000000000e80000000020000200000003e61be711c6246927915baebc56782d4dac2e97d134200723b83757c577c600620000000a745fc4f51b3d83892154a807de69388a4039d792a18f91d4f2574123a5a287e40000000671248d558f626ec05e20acd671690b4c72945306dc0cc3429167102ba58069f3f9b8a5db477eae1b4086ab68dce9b59542ebd3cb3a939319a09305169adb140	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f54200000000020000000000106600000001000020000000844f588a35732d58e0703ac54f5b1b3fdb38da9a0cbc934140446a1843e54352000000000e80000000020000200000008b97f64f5229553f84aaa1b0b095828cd93b8d3e60f2a14c36d29e8865ab259f90000000e5e1ea342283f1bad5d9abf7600f9f927728b406476a0b8d1f29883a13b1fb1b533d3740009be208ca79bad58c78662d1b3dcff2ce209c073214d4796ca9559c4accde830ea74a55a3efaaca6d0441c9044bd0b03831d6ca5f494e595be1ef1eb4fe17c06ffe99fd39924644efe3025cf188260a87c635bc0ee363c26ab35dd3475bbe3c16bceb9a4af62bac424293e140000000d120cffd87864fd7660e757b88130297620945f7a4b6ba77e2fea78a6756bb5303a3fbcf1018e4ea5b69f9ac9e3a4b0c681ee253ad25ed771f47b8fa44f8ed1f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7095dadc3936db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{07A83961-A22D-11EF-BDD1-5A85C185DB3E} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437711843"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2028	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2028	iexplore.exe
2028	iexplore.exe
2504	IEXPLORE.EXE
2504	IEXPLORE.EXE
2504	IEXPLORE.EXE
2504	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2504	2028	iexplore.exe	31
PID 2028 wrote to memory of 2504	2028	iexplore.exe	31
PID 2028 wrote to memory of 2504	2028	iexplore.exe	31
PID 2028 wrote to memory of 2504	2028	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2028 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
372c9170d3548f4b058567df9cf86dbc

SHA1
c63a16d5316c121f47aea6a5a1916250944f4f25

SHA256
7215a83de2951efe37b6e477b093b7bdb845eb2a6ce874a132b120234d94474c

SHA512
790828b53ece76f221a24a9454f1af8d7c8f5636873eab2860f13e3a51896f5cc6968e0a183b61bb7f95eaac913d37d31e6b139d51dc1ecfc635388fafe2cbf7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71cfa0a9c208d9c6210a8962bdf80e21

SHA1
c69078796263bbc4f59f6ce364f34ceada166207

SHA256
86b8a8f7afb2a0e513710a170a8a43fc58695f85370d45eaf2d57e777df8e253

SHA512
5f5ae9505b4a5c50c96d152623683ae4eedae272db259cd3014a78127bc74398f12a1d331226b1d76233a2d1f4d6215367173fbd74822b883383518dfb59b5c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b63593390d805930dbcac29f5262b9b

SHA1
5699feeacbfb278d7de31ccefa8369da1c1daace

SHA256
9113c814490523ebf0e2f3d078f6f5bd8f28af37aec12704134d336d9d6cee5b

SHA512
dd7884d852d4f4c9216293eb698a3fa546d1ede685e25f8c366066d78d73fe027b1f3f454e3fd50a6e1d6c5235debaac21fe0cab0fdbfde57740c2edad09bf41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6031d8e1104b770ed48e411f12692869

SHA1
2472c290169694157358ff8bdf623eb9e6d31ef8

SHA256
2aa9fbf2593443abbec0e397b4812d01ace6338374d6d1da697baf1ca97a1f2b

SHA512
154c9b8fc71dd048ccf1a333d7777d64b1cb201dc1de73de82454f889a900f302ab19c2e409fad6e37955468a8c95c4eabf5849c331711f6ee3c824c18effbc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b26a841744b63d853787d2392b7e402b

SHA1
b08561479db4096ddb427d3ca46d51e3c767dc40

SHA256
e04f23e096e55cd372a663d3ad836e1a55232b7aeec809325900da4bc688fff5

SHA512
ddd4a70239d627d7494a80642b46c4fa28a70c6166a3ee00bf8964d69457e8900cc13ffb92f6586c389f952a68c5af1a86b27d30bb9f456563c0b32448425310

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e3d3a47fdf8318262239f5e076f2a6db

SHA1
a8561d46d7691e2c886589b61f36d506e3eb0e43

SHA256
562012b16182da01f20355b39e22db5dd346fd3dc47e886fc2b964cee598a62d

SHA512
cd75c3854e67533e7d10c54af806d2d0361074d7a9c7fd5f341150c478dc6d398e9a6fb4e6e718b8314bc7afb5848564ec53408c61289dd324c78d277e11c988

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e383d156d3f546935823d79aac425f6

SHA1
d13b51c9c7c5c6c584877385b1403fad9bb83bbf

SHA256
7ec826d4345bf580c62c3011e97a79b44494e349c9fd3e3e191eb81d269a25e1

SHA512
58b879b1add9c5a9e4e642fe5945b48f3a1796f64bc87eab307c1dfb2fbcd02bbe68e4931c351dcac0c8ce4bfea71067d31932371659fb531e565c68a70f01e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c9a59ba6ba6e902d6433d91e47a8468

SHA1
6aab6a9f239a87f563306e85eeccfade26a599b3

SHA256
a8708c4ed258dbe16bf7d01f2f30535eef3ba24033e7011f88d738b9c57866af

SHA512
9635268ae7fea48833ae1e40548450f98d3fc2a179bafd1ca9cf0cf4dcf80b64ebc8ffa34fd7717c47be3b53cce92b88b2145c9f263b45c019e6d22e1195f8db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c9553d2e50bb375a8c46e427d6fcbcd

SHA1
926e220a01b9904612bee7a243dbe5743cbe8593

SHA256
4bbb3b4ec89ebc45cd8f3fe0f28c81f086816842e0fc2037a55dd17061bcfa24

SHA512
af28e3e1dec675305f5421f6ec70c6c48373993a36b060a40f10085074abc8c18a31e87c20115f8770c02093cb89aace266e64cb86a0df78498381be6024248f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b5229c5bd7f69ddfb3300f9a4945dac

SHA1
e62254c23ca5b82813cadc63dc49807276a7fa24

SHA256
af514834cbc432fce1ce95f6d902ad69cf7bc455d77cc5f1b625693c28894e4a

SHA512
264084906f2b7a18e208761ab28145368e4d9bc97604a304899a9d052a67f5c605085c98e1c04f9e9135e2e3ebd6ca221106115bb5dc4abc9591993e8d366e72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c17f7f6f9cfaeade53102b6dd6c4a3e7

SHA1
0dbbb48bd0cd213c8ee5b051128db6482c344913

SHA256
ec1c5e483a14b4abb882b8a8f98d4aab2535e9ae07890e7dfe5c70a4db9cecbe

SHA512
58e0f2fffe83fa64a95759e96ef122586106a4ce3bc5e989c4237c99d0a714d87ffe09338baf5df15db0ffc612da589f27d13ee747df99ad82883189fc562e2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4b71f26bccff9dbb869c7654582ed7c

SHA1
79c5bce27ca30e8069713aecf1062573f96441d3

SHA256
8ed237f794bf4176060d6a9debbab0b4d954c2300c939c74e4e60eaccc9432cc

SHA512
4ccba1b3aeb19070a05b82df347c2a6fad72d5eecee6acc3f9d502a81e66d30d0743deb76e81d960e9215e6b5784b79a28421fc7fbd9bc535823c0f3bbc69801

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
121b11f7bf09de58274542fbc2b5c41a

SHA1
12d8c18d3876dbf8be816a28951965ac80f3f30d

SHA256
75054c1b592b3466fa78355e6f866d56b77cb933ed5c0a8ac5ff81da98daeabd

SHA512
b01108286de797ed047adeced01a5538ea58c06f7dd17ff21b81dd31a5c5bdff04e036e3a72a581011c549f594ceed13716c94483209526bae3b6f7ae58a0de3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef1472225f65f052b50a9e6ece3787ae

SHA1
27568fb787c6772f1c5782ccea8e4d8bc30087ef

SHA256
395ffcb6766194a5a525d297195ef47aa8fd96529d1d5f4a152fc78bb9444408

SHA512
6f07a1201bb2d92bb93d4d44e667d95da1765aace3f646d7cb4045e734021dc04ae0af5cf90ff6e666b380d616c622493d1cca2c06d3b4e2894d79631f023497

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33b640e2bea1a20b4aedbf994bcca714

SHA1
cb6d16f2563bb996c6fcdeed944d7eaddab56063

SHA256
949ea1f030dd9881794a13de130a064be22d6ddf2efbc2d7034679d2b709352d

SHA512
94a178ce7725372333ebf9f06d566d95e1bad6e0009d1dd52dc38283bc1c1881382a571931af8dc59ef71f43a870098c312d2c436560c1861eece47103335e4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
703b02f92226cfed8dabad1182bfd826

SHA1
a6c459bd2bbb233b6d3f6a08dd72e1a91c15a38e

SHA256
b29e2649c9fbb985871e58aaeefcf47a079a77cad8fb4922ff2a409dfd2216e8

SHA512
eb2d4622c9c589e192994ab3c0439acb8f6e37d10523382cc5a761961ea42e03c227c4c493b53a8c26976cea1d66c9c11f8c1301e4c74008603d74122e6b8dbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2B37.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3F57.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit