Analysis
-
max time kernel
181s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
28-01-2025 02:28
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://gifthub.click
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
http://gifthub.click
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
http://gifthub.click
Resource
win10ltsc2021-20250113-en
Behavioral task
behavioral4
Sample
http://gifthub.click
Resource
win11-20241007-en
General
-
Target
http://gifthub.click
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8F073E61-DD1F-11EF-A701-7E918DD97D05} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a32a3983aeeba14db6463a57d92262bc000000000200000000001066000000010000200000007d6466977ae0c513cea7ff9d85008714c1f40d4d0761c5c3e632c8ddb7514523000000000e80000000020000200000005dbdaf48c0d30a221c3d5fdc9a2d003cb432d60d3e3f82e470a0af37d2c2cfce90000000936809b32117a07d11fe84150526aaa7fb96b42f746168bd49dde9a0eb5f553e449556506f398f985c66b24495ad34f6bac6e27536e315fc01b45bebefd715b3a99405975048e16499a8855d491ab16068151d8e155157294c13079f14b9ac8a626f0ca85d83b121fc9473c1f986c3f664bb653dc6e15427e464a9e9f198a7c2ee5085adb839b536eb27c5dcd3c6cf074000000026363b40dafde3d4e2b132722be9b1f554623476dee85fdfa9b55a3dc4319932a1bafe54e62a953a8588d686b3d8e45a4d05b4a30b88e2b5d863f4b5917f94cf iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a32a3983aeeba14db6463a57d92262bc00000000020000000000106600000001000020000000181be184a6a82e5e0dbe7d106f1077bc7d72838c7dc43aaaa077d2fd86b8bc7c000000000e8000000002000020000000add13832a8d73106726e6c956e75219d992612fbfd2eb0a1bb4be794f60f9183200000005f0605bcc7d097e16e473f9d08bd210b2bbab86c84af1500c88779d11f0b255c400000006daa8ecb0735a872b5e0394c51600839c44353c49f881584c25e8d3e3a57acd0a0c4d3e355343a966553ac099db975b53077f00d72437e4c27dc260d565e20da iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0274a652c71db01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "444193175" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2448 iexplore.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 2448 iexplore.exe 2448 iexplore.exe 2768 IEXPLORE.EXE 2768 IEXPLORE.EXE 2768 IEXPLORE.EXE 2768 IEXPLORE.EXE 2768 IEXPLORE.EXE 2768 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2336 wrote to memory of 2448 2336 explorer.exe 29 PID 2336 wrote to memory of 2448 2336 explorer.exe 29 PID 2336 wrote to memory of 2448 2336 explorer.exe 29 PID 2448 wrote to memory of 2768 2448 iexplore.exe 30 PID 2448 wrote to memory of 2768 2448 iexplore.exe 30 PID 2448 wrote to memory of 2768 2448 iexplore.exe 30 PID 2448 wrote to memory of 2768 2448 iexplore.exe 30
Processes
-
C:\Windows\explorer.exeexplorer http://gifthub.click1⤵PID:2900
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Suspicious use of WriteProcessMemory
PID:2336 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://gifthub.click/2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2448 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2448 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2768
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD588be3f6cf100ace345577a974c0fdaef
SHA15e95ab5b7d059e2caa80a5a860c87dfbc007facb
SHA256153d2532d4bbd8dadb1309f1da3005e10d22a81d0ce529f47527d5a16c80ed66
SHA5125a22f3b7ba3c2360c80bc1c2096c8581921f558d62d512492c7cb32a11e8393ae320e4f451f7ba0e78117d24da5585bbc3ea44f2b583a5f6951dc46fab380523
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57188ace73a4968d6d10822571acf3b13
SHA18d2b6634f9e9f19548dad86bd205ebd1bdfcae22
SHA256bbccfb9cab3a57edec79751bea956947912afa1fa3c927230bc8a8c7feeec601
SHA5128359c44b29da9bb703761f6e999ac48fb06aaf1254263e280cc627dc4dfcac08064c0999f2d4d6c5e86ac33fbb0edf2611e128c71e766801b95138ed458bd715
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54be66ea4935c841695363c96015a72ec
SHA1a8fd7cc759777e5d50d8fd2f631f01f0b51ce0f1
SHA256d08571c173887a8c5ce144cdcadac8190413c1a2e121a52093deb80c1645da7a
SHA512eea4e2c900fac26188daec3b04825e864311ba9a580a4bd64bfa8a92eff0095d8bb1502c01e0e5f72e6f13d4eba14dc3b190ddeb1a43b658ee871c2f672793e1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59f50b5279cd6e33252e9ff759ae759be
SHA1196d6c02215451142fedc3a9e67f4f148398ab38
SHA256d84868c21c02d7fb48ab6edd23a32c1773b8c78183ce57c1ff0c164175199009
SHA512a222e8794fd52f8b4e1d755c39e989987203c8cd9667a5a26c68fdc4752c41783742c9a194888c98317f8d8ac001e9300464e034a7cefdf80eaeff01006d7223
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b1cb0ec489688586849618b4087089be
SHA1b9b68218a6c145613453b744635f269bfe2d6b24
SHA256aa224655d5c7d795e222d08b0f0a6f355e4b64912ac4a8ccdcdfc4c115380c0c
SHA51290fb8f81928d301bcc9f3151869226708c9082b9cad2c0f06c393b0129ded638c29f558caffbe83961e8bf916c8aca2fe9dd0dc7143d83d808671b44a6418270
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD555aa7abfc47a6767f145447a69c438b8
SHA1d98ca357d90de6436f898063bee14d277c6afeec
SHA256a4c7a01da3c55695abe88b6cffd5dc079c176dd24e715bcc7a459e1ce012373a
SHA512edced2f3e371cf38a6d3b2240047ca50df40c12413555c70c70d03b1ebd5c645ca2a8d6248b7350d6bfec2c4fc473d83d7cccddbc67e3f637753e3719d31345f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5825f8eac657af4258adb552ef32bc721
SHA166a0e0d47cf3f86f8faaefc27230a7d87d6dd78a
SHA256a9480989234d3316906824d3f9293dd0efad5f20ce74e201c460012b608e2282
SHA512d3f95dd21419ba5a443e4da210509869a0c2f8a1718f4fad20813715cc63096b37a842d5bd7ebb9463cf8a1ecf467f1f5628ffd5ae7a72951255988cfac9aa71
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57187b7d585a9c08714042c46e90159b9
SHA13a34bdced217a8ef85cdd632799cc2936901900b
SHA256e411fd5f6e2311f40a190de9eeafc8415ab63b6e06eadaddb194b94d813ac8b1
SHA51225ea7eea245d77d0863130f00220afcd7b6500cd2e711da43b9a46a3b15ec44823c0a6f5812ac0be78bb19bc1067c48743741a7f124fd17cf33d8989210fe438
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57f9dfc9ff54186625fb6b9f0543ca5f2
SHA198afb8a90f58d5d7ddc562ba5ade16cb4ba6fa9b
SHA2560a13f3c56c32d9635af0198802848e62bbd8ebfdb53ce21f3872be627289d479
SHA512ae10e47a5cf65f8fe7c9e150d266694a7a78494e4ffcbdb7eee849e9da0e7bd48665c500e91c6a478eec52082b39e7bce09a792f25a65114aac3563c13a33895
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d128b5fa274b3d56c9b0032543a0b34c
SHA1efaa0a018df8e435084fb18106d79a99ca615bc4
SHA2562931c0ab2abdf69e794f073b7f884a417d225dfc7eafacbc013a4c8082db0e0e
SHA5128b107f4125524b661ad52f47324dbe09fdba8c1797dfbdba3d777c5db6382606b6b05b5e1335ddad21317751f8c2c573677457fcc1e357abc2510ef03705ff24
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ddd576c61c2bbb055c2132b6e5e2fbb0
SHA1c80652a30729e9791b7951aa128baa70b3fc259e
SHA256f4aba5d2f5961a6e9566c82f82c4849fc10ae697c0de6934ef431106c6fc8c85
SHA5125e2bfbfc0bf41d6558c1f641342797e56f5b0f2f3dafcc50c52eefbaee8a06f2ba31a7cebbd2f378aa51440978ca8b6b3b9a46844cf3f1f152de4b1102ed382a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55c8ce5c78b17061ed2efb1c13dc8a904
SHA1c84b9c4764a92228bfa4b70b5ec4768f93d5a8bb
SHA256001504a762da99e9aa1a0b089ddcd214e148708ee575f93371a6ac401d3c6100
SHA512e530d79f39044b54ea680a162ac1a779e6687b20ef805990de460a567e5c1edc77d765dd51ce7658fe7a67246fc2a8b824b6e1013194daf232d82d30c97a3404
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57dc63567efaf6773321f54a59b350d99
SHA12f5a5b0972d18a69cc721da1c2f25e3bc53731ba
SHA2568bbf22435c398a6fd46bcd7380d29c114cf6d1909d6cca8542e7c8f88693af9b
SHA51238f35b6ae4d01fa8fd9e4daf9f4c3e98c429b3a947e2c03e89a0fd28a5303cda063b28d48913b7af36c19d72f70fbc78e50ccd02cd769456782bbddb3cc26411
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53ff9260eeedd9ae305ccd17ae58131ce
SHA1a19821e47ffd66d5e2749035ae7f4d2f1b553c0b
SHA256d877346767b175b53368c12cb4a216c5ef45a5b16996230973ced262218cd4e4
SHA512b200b522223eaf1f3439adfd2e10a2fa6bb841e81647ec768f84420b55d7591fa43ae9f4d4a1e9a4f1f9f2e5b704fbcdfb82a2d20d1b93603d448906704994e9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5733ae92329bb28e6fc9ddf92edc7c27d
SHA1b28a7dcfb747e09f187466cd08110f19837f92eb
SHA256739623531d7507cb960f14bd2850b71a406953e5b4c2179edc10767c5ef99097
SHA512321ad96ea17bb65c61aa90b8457e6b8ead45a24947a260f24eb3ae3ab141038052aa068baad4ac568f96d7e0fb6a21e8e6dfffc471abb5048606ca9d2be69b45
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b