e3b71286a3978ca258295684aa413d7c1079c453be2a6ed599f3e6f3e771c131

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17-12-2024 12:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GitHub - Endermanch_MalwareDatabase_ One of a few malware collections on the GitHub..html
Size

276KB
MD5

f8b8e2697094cb3731143a6aeb71ae48
SHA1

e7310c28659ee749cc12728caa439bc83b332c53
SHA256

e3b71286a3978ca258295684aa413d7c1079c453be2a6ed599f3e6f3e771c131
SHA512

b1e7ccb8477af52c1bc71287189f26cf292772fd725dc752bfe007dbcf5288e20b843c5f2e1ec1d42b16dbdc64afed590b7fa6e0f4b75e3c4b7d7eb0aa9d840a
SSDEEP

6144:fJcmaoTOL/saqkC2CFAmWqHImlsHt3xei9K6JotCFgx3uh6Gmq+nq9icXQOptziO:hcmaoTOL/saqkC2CFAmWqHImlsHt3xeQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002c6e375b2159eb49952bba3f5c2425050000000002000000000010660000000100002000000046f21dac9c138f949239f2771cdd7b2c8dde970fe904a11f3c40dbeb1ceb9502000000000e8000000002000020000000952ca554c28f83a43cb9f824518b507cc5b8b9c718f0d6bdf03974d8ab0c0f14900000006d9ed3786c384e3565a6fe1801d22413feffe82247adc656b2f421756a56d63c1a467416c36174c722c3d3afa3936c71cce815dad71dcb4df580b920164e49e8e0d221f2591a377a2f53c76344b84bec8804c5c178604a8bd2269159711fab1de498c099667e4089bedc0a8f154eb6919ad07118d04358c050567b449765dcd7e190e6930e23200e3fccab803413167a400000008f6da16e112f78d6777c0fe7dbcd0431a6cee910d09d18de68e03d48ea1061735b338875aec5234a53b5d949f2bb21c7bb33c38bfed2f3ad01973b055d2aa0d1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002c6e375b2159eb49952bba3f5c24250500000000020000000000106600000001000020000000dec55a5a526f82eda63a1e501cab0285f134e0c57c07ffdfead1315f55343128000000000e80000000020000200000007144401cf8db0e6b30f4f602fb7db89f01be4bdba6cd8d292c39842ac9e0c6fc2000000029ae41b996cd4e6ab352dcfa571e3f2508129fe723ad1661662e4ff8b13b078540000000e653d48a8494d1c24250db5b033fcc058e21c13c950acd35c2d98876e489cd95215d1b494838a293db40f279c2590fb17f1e95a2dfe6bbb42d274b88e3d93923	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4C8BD4A1-BC73-11EF-AE95-527E38F5B48B} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 908b10218050db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440600754"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2620	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2620	iexplore.exe
2620	iexplore.exe
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2620 wrote to memory of 2836	2620	iexplore.exe	30
PID 2620 wrote to memory of 2836	2620	iexplore.exe	30
PID 2620 wrote to memory of 2836	2620	iexplore.exe	30
PID 2620 wrote to memory of 2836	2620	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\GitHub - Endermanch_MalwareDatabase_ One of a few malware collections on the GitHub..html"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2620
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2620 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b62b502600d835106d8611864252db7b

SHA1
3d93c411fd34b6640873ed157b1b9d57f21170e1

SHA256
941d5d416abc23737f850950a946fd155a4c54a5772df03501777d57a82cf6f2

SHA512
a92448786a28e2ba0c1ed7318675975364c772381f3f1b8cf2dd6d33fe96a6781c17e950698b771d5929a8b891075ba44ce2dcb58098ec5d21c1d7db492f2544

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
40cd7191edbd199ea95ff72968a197cb

SHA1
3ac74a4200c54c4e85e6ed4610b54d8a8da6622b

SHA256
73b9e9ec7069c07d8877c74bf7dcea47d97521d9690914e5fb3dd5502492d6f9

SHA512
9b02093017a6bfe494ee43e6f466f66ee78d8cf705a67ac0f5deb0eebc457da4356074c92742d612d598558edd368ecc81d47dc1ecd666aade263a26b99fc836

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c334abf1495dfd06aa78d7878776135

SHA1
21ac0a730efe83124922f9a1683a08203921902e

SHA256
11dd2f482713f661441280ff26911b564c477fab249f4d4cc230e0e662c674e4

SHA512
aab95518d19adb31f50c7c61c29dd9c74d6c513af83a123fb0e3c70bd4a5ae5b121dd938cbb8f6999770b1d1c23278f796391e091463fb0fcdf4b7ad1b6f1833

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5afa76cf8343ff389abac231ec1e05b2

SHA1
8e057be46a4bc1b5dcedc5f5bcfa57d086198dcd

SHA256
8eb5f837119de18a6df7473c34bd3965f69ab3fe99f8cc744e03c2ae72da54fd

SHA512
3a32568cedd03183e5d57ba65bf46e00df09c90bdf6953adf433794bcaa910181c92589dda935a825bcdabc6e481f4c7b8cb5aa76d41f16466d4adb9db9e9658

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e04596610c65b8d2f4294b9af7e5fe89

SHA1
e2d080305990dc47d693d6ba2d019bb33980c4b6

SHA256
676101b0826e91966b395fd9a1df74dd5f497c4237b3ceda1864812f7905fd54

SHA512
9431b8071e809a7bbb159ebbcf4ea17d909fc2897d2ad795b92b81f8563e66acab1bef1d4a47f3cd2ebe59f2cd5018ad15e26b7fde1d3e1b4ef409d38206508f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c7a63f54a0699893c6105a7e7ba45dee

SHA1
666c855463d8956d4f401f6755dc91328a3cb74a

SHA256
5583df3d4095b769ad3aa32070882a6e5ed4b41b72fb81fd91ebb5806dc2e4cd

SHA512
2714595f2ed2ee6c486d4cb9515df54f293596c8c4cee0e4301e8c3fb4b3fd941c0c448c9097feaa644892f7256f4660201cf6bab1a3717f8896955d30bc44c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f7ba086c1423bef04fbe149773c8c341

SHA1
ce0a4d61491dd8677a5e198d937df4707c0fe16a

SHA256
df1fb8dd75f137c482f8d5bdbf30e726c4098d6514eb400bad3c11bf51004eaa

SHA512
cff4dcee4d9d36b1c813bc52f2429de5c438519cc1437928315ae52de467aaa97663ab4ec49e1afb5127c24e9519b3158bf07767c783f06eedd80e0d67941531

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d6857c9f2170943b6cf927f9212cfb90

SHA1
7e512578805158aa950a35baea0c7d873ed5be6e

SHA256
20192aa25138d13dfe0db3376abd92aee0ac4401b031143f4b2661c4bc492535

SHA512
c5b47b36790cd3069c5fea737717ae0eb5577ff26f15d407f71cbdb20b4231aaf110dd20462052863fbcf45bfc5cc75b483e36866e5662d54de15e78bd8039cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0a155356f6c8098c3a8fed76b36004b

SHA1
fbd985b1f4e8b5f12bb9ff48d51a76c3879105b6

SHA256
8acbcf4d7017a2ac95e6811fe6526bfc22bd3cbfb3cefde0a1aa34e8fc4a2a8c

SHA512
fcbdd9551cd967a9ab71885014aa45b1453b74a646e3c3a7f802a2beb901ee9c57ac600b3a5e664c263870aec18f401c1a6195187b54d01545ec0062b90491dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a4caf6147ac2dcb6f2c97c1f1c4b6fe

SHA1
c3bf8d983d3a96bdaec12986cb75437d92de1603

SHA256
1f294215954403589d3921d665488de17f85cd1e80329207563cde68657cb345

SHA512
aa1481601245d8afda32a19ffe185c390e69539b25b3318bca24cedbd9dfee91190e978b3e9eb0ebc021ac79ca4b7d7e379d1657c0b8b181af0d87ef32644470

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b3cec23575e217b25043d786181f75dc

SHA1
6327b9bcfa303a3b3dfcf1162471b3e5b15b886e

SHA256
60d65ba6d14948d8a9246e53a9690215a4853cf0fbeedc674d398f3ea3494873

SHA512
a898af04486596d179ad76e92fcca409c3bc9a721fb7fa972592bc003c0cdaed7a5a4b7b113b3bcaca7dd473ccc1e81a8b263c40f627ca07c9e8443f151251e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0cee953e333c40804d5c3f46048b7da7

SHA1
97deb986e5e1bbef177b0c11611a1584e4797372

SHA256
c4e139d32fca28f550bd49105b3a7feb23bbc5edd02f0d897da0f4e4889b8b1f

SHA512
8ff537a29af696aefcd619bbd3e6ed687f20b717bb198b180cefd9f2e20f014d3aab927b45d477139b5110101715f24ccee256a3aebd9ce09df375d4d1ec3894

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f09ca71954f0349ceece19cb7246d80

SHA1
03e33059a92f1166ee0c26b6e38e295f84b09be1

SHA256
2c39a2db4d6ac982fb7f8918b69a0f723905bb79490ff3b270752f24df2fd4f3

SHA512
6585ad9cb9c5b2f26311ff1abf6e2fc0b15a8d735aba49d9ff12d75f551aa45c711208e48f5c7cf0cb666f7a3a97ce16231b8b7d137f7fa2db79a4479101f432

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ac97439ae6d9dff45d98da80ccb0f88

SHA1
3316f368cee1ecba4d218b827fed3756b7dfad60

SHA256
2f6ecc16286ceec30db97c79f2c8bb9cdf1c39894f130d665adac8b99e2c92c8

SHA512
84e0ff002182b8764d48139814bf46205789fb5d1fe42a41980c661d8e1b5a2e552a0a7dd1707c3d6b17c3bd6bb01e5f7702c97566fa283a28e4a01f26d60021

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab64AE.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar651F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit