be6424c75717ea73b6233777c2f8c4c3c98e48e13607f5ab049c1d8426bf1833

Analysis

max time kernel
122s
max time network
131s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04-12-2024 20:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$APPDATA/seemao/config/map/www.7cv.com.html
Size

2B
MD5

54cafa3a6d69c189cf2df3978fbdd435
SHA1

ab34955f0a30619fc4faa49013902031d85ddc46
SHA256

e12a7e051731cf1dbeefa2142a8e1abb1eb5898e2cbe4aa522120829a5588dc7
SHA512

43e539801d00eb39811341d67327e0e8b7d97677e08c8cd14d501c1276592a80dcc0983306f292c702a7553d34bad9fa768cf9d046059c3a4b2a1a0a892f9410

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "439505530"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1059db1c8a46db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000592991b424530c4790fab6eb5618bddc000000000200000000001066000000010000200000003ac59956292f128fddbd58a6da4f53558a2aa83518ea1e294db124cf93f2fd11000000000e80000000020000200000008e30b605bd2a23ee65c148e7e4f4c23a3523f3ecfa716decf34bd2a326dc201e200000000f30e05bde7da5b161906097a44b71d450b83bdfd5afac307bf481c50c32542540000000a2302c752d0177c3cbcaadaabff9316d4424979b69fb2cfe99fefebefaa55163333b33d0aee8c530eee3381dcff43b3abb41d30a41deee180f263528b0c809f5	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000592991b424530c4790fab6eb5618bddc00000000020000000000106600000001000020000000aba562dc0dd73ce32532dcdf5d23cdab3c4932faa942e497f2ae49d5a47b93f6000000000e800000000200002000000074cd6a207c059f3fa53b6d5d25973a5a4629ee54b42b99d50f1942381e5866ae90000000ec6a197a515e59098d08675d08bb0ed14c6af9475ce6ce7828a0bb5b23bb62be43e79132199ecd8118ee7d52a64d9977468df08b417400f38b69050e25646601434567c3dfa569bf38e882bb92ee545c39b1e1b11009cb431e969b8fbd49a4dfea55857f13b95dc43895dccc8df265c24fd665518b6383b0d5b2f875e07f16081f3552b647d3f9621672ae7d4bc2eb0840000000d0f96523a62b3dc21a710fe3fc453f391cfa699a24d3ad6c4bfb742c0156fbac633788aa504d1b5becfe9f683268efda6d6f8dade33fb2dbe1998a9d9a46be93	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{48654821-B27D-11EF-B40F-EAF82BEC9AF0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2388	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2388	iexplore.exe
2388	iexplore.exe
2572	IEXPLORE.EXE
2572	IEXPLORE.EXE
2572	IEXPLORE.EXE
2572	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 2572	2388	iexplore.exe	30
PID 2388 wrote to memory of 2572	2388	iexplore.exe	30
PID 2388 wrote to memory of 2572	2388	iexplore.exe	30
PID 2388 wrote to memory of 2572	2388	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\$APPDATA\seemao\config\map\www.7cv.com.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2388 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cd30fcc9eac6089435650bd765aca03e

SHA1
6556ac8419fe212aaa0d7f74b30bc3008e47e530

SHA256
4e95268be2e570ccab419f14653b3641c6ed50cc190519dfe9ac0d22f1f42511

SHA512
0683d547025ab272dd5a63eb88395eb76348346d14f7001970cdaadf0ffb6553eba18a4f6e7e9d10ec43529d2c72dfd86668736f3fd3c3e255431f393bfbc9e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
857be8a9c7d3bde8bc41d52bdc9189c0

SHA1
d11124f453a3de571ea2f0d046b74923dc0f19da

SHA256
2433963a18dc06a6f760ca5debf84364375674b05733320622a89b3fcbe3db8c

SHA512
b1cac221d94064a6ae9e322c04a526391d432a64ee61f0ca437a0046c24f98c9661f7c8ebf89b619da6fa2af413c26a8667922c5ed25ffdbea005ac9d026b43c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
54cbd0d016857ef2fd56e2dc9a604c6e

SHA1
9e8d640b71b593b6705ab9e59b31634dd1cc681b

SHA256
1cba9466c53960d383a8a54daa64aa62a75dfdabe6dd100a5126b4501fbc9661

SHA512
627e7c3541cfe8129b0087a608bbe2f5b57e269d6954109ea86b41600f1174f4df1dcba6c81f90ef914c6fd955c1190b58952af2e79880d30088c64c2520c378

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a52a012f058a6cf8f0280ea78681c254

SHA1
97e44a8b78d47557d0d07eeedf713f6c1015702b

SHA256
f8f2d8cd9f3cad8654de3c646f0bc75c668afa54157e1301d1c05a204557b16b

SHA512
5e637fa586fca218f1cb64da65f80adfadb8e17f549590ca29f55d20b344999e934fea155ea7fbdacff34e0153e6429db3d90b58b92f5c0906cc491b8aeb67fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ac5d66d990a2b122817c77f27c71028

SHA1
82426170b04af965a00227119cfcb550dd7bc521

SHA256
994fb8b25ed106c8ed28c3a1c94cb938baaabbc81b10159afdf8eb859ba745de

SHA512
ed37d42d0b313d291ff1d4111dd8bf3406ac7be9ee36063f72e03c576d964fdc35ff0137eb4d0b2ea6dbe7dce967f894f84f78f10dc0f3e224d5e7ebb0b60b9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a4fb443bdcacb035b13e084ab493a5f

SHA1
7803b7ab1657c042cfaccdb6b8fc05c6a5212141

SHA256
3e4de2baec8944bcc2c07ddc0531d6309d8955ff56faa6098330279022d8f4f4

SHA512
3c8b6d58180d07aed1f310b6cab37a1378f01089733fee406860d1dfe5325e85634d211e42fc6fc57e9db5439ba3e0025d4f3b7d1fd8957126e48081eac049f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
27b4d120c2a47db5d08805f02a240b3c

SHA1
f1dca41fd694ae50ef64bec1878b20bef7044869

SHA256
47b1bf9914836a4e6f1dabeb2f709eadd43acc5cba55acee7447acfce7710146

SHA512
9c4ef477b960c0b88e3f565148f0d3c3d20976893c2afde20aca632995a1ef35a4cf36c53d9b7a2ac2833686af30ff805237b0c746e9012cc25f19f295d0c2a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c1b14bf3eb98461956b2c9788204db2

SHA1
35910767b2d307a6157e3c01d2f6e482b15dad87

SHA256
0366abadcad439cbce3204a65789e9458d048441eba07f4adc3eae62ecdeedf2

SHA512
2c648ffe3bcfcdf9db9c4073674e127a8f0d80c3de18e35dc73325fc45282ce5d9ce6911521b52ee2e6c3db3d43df9eb19e7e8f8a7e645c9cd696febb23ad371

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4551c7baefdd2e8d630f95a842929cf2

SHA1
9289f94d5a696bec1f12d8733c60f0c2355ab9c7

SHA256
0da847daf03fa8d3ffb7ab40fcb5545df2df7063b21facd6380d672701ec44c7

SHA512
6cfef30ebe25ba399efe79f5088e4dcf4bef7da97cfa37dc55c9d9a8416bc2e2fe93982c1b1f692959c4a36ff4c8356d79822df521b9a1f5f0104519eec51c82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa3bc13deb9f2e737d3577bdd2af58c2

SHA1
bd992c5a2cefbdc277865094351ca1aec499f4dd

SHA256
21a0695a9b417b2348fdb7d4a3d484d55e6261677e63795a404ffa2440192f7e

SHA512
d2e13b3e222c884fc18a8d1e5b943ef8a17253726e97482c3604cb83269d864ab8662cc351d7019e78f82cd3d6984dbdf82ca74def941c54d3c516c0973303c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b78487d1499ee51c9c93d2bbd5a62544

SHA1
8fadb3dd8cca0e4f9fe087591f7e3eb9dbfda6b2

SHA256
3bbddffbcc7232bc02c4506ecfdec76592bc17ef00949836f85621b349515443

SHA512
f01f5ab8956d9c7d9bf79b66564ebc413c0cabd7ddd006346e73c4e46d34d669df484ce6c3a9016c5ef44a6b6a1bd88333bd491a701030abdd307d80de67ab18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1130c3a8499b987ce2e1d9051596dcd4

SHA1
59d3c8f9a99930779dac16d5480cf5bf5a00c380

SHA256
bd5005ba074eb4ee639153b116c61117fdd0a88d7afa39acc3018cc14f936f91

SHA512
a82f448d8d6a7c6e5abec3f9a26c7e6ddd02a49a20fdf88aa8bad001572492e26080d6eee7d2576bfbafcf6c401348e11cb233a9b6268f350a45dcda9359d250

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8bcbc86c15728a81507725e690c5bcda

SHA1
55c91e05e25ac37c3a3e07dd5eeac50419f8d04a

SHA256
781091166714889fa365f1a221b81b20187e69536a1acfdae24b1a1bd2d4c03a

SHA512
134dd13265a291fb1ee110848b4cf43b5d1c94359ed2282ed7cffd4de0e41fa17a29a0b858c033fc704f615b222d13e1467338cb7613cbf460cae43863c78eb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83bfad91836b1ef42892f3c7ad4a9dc4

SHA1
ca0eb1eb76982fcd6c969a02e25d42e567f4891f

SHA256
9dfcdb78849cc3a6e401a5bea84177a4699ce486aa77f830b889367fd3bb2d24

SHA512
0261a9624778a5f04fc3aa3b0643741be4ef04ef82b7a8708680255e33a0dfc4338c416a937326fa8320295a14210beeeb31b57704a1bcc5bf6b935d401d6d0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70955cf871abbaa3b0690aaf87c7da5e

SHA1
55ba67e95fcce7b2cf4990fdc4e76638949f787f

SHA256
eee99388051ff7f84bfb56aa4ae42d90d7b0728941abdf3c1d42350958aae90a

SHA512
fe039e3fb5d092dff42e5ee7982e4f8eb599ab019f52f2ef81ce8e914026351f101edc344e027ee0b21bc79b852eb3102727707afc36c792740ae56741bab462

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f36e6ef63dea7d6fc52e389c372cbee1

SHA1
7014bd2dacc33a99045b761c09729c9d9cce4156

SHA256
78cdb8a7164d8f6ed126b605a3cee5452b7998e62989e51f61293100d184e4a2

SHA512
be9f1e2b45e57b7228462385a16aae19291af5de507ef5257ee653ce46aa6a57acf755d67efe05d48ea49692bee144e520d1615204d0dd04bcc8bce47c49829a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC802.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC92F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit