b6ae167bc7a98a16120698f2f11452449118662dd3f1cc88e6ef7286465b45ca

Analysis

max time kernel
133s
max time network
146s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
17-02-2025 11:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Videos/READ_NOTE.html
Size

3KB
MD5

d2294fc6905efe047a0663b7ffcf79d4
SHA1

9bf17f976f73ec0ce4f05dbfdb5d4ebc9fc1f2d0
SHA256

c459e80d8500c3db9810f63f835e5cc1e4f08cb2deda4832846edf1eac31e1dd
SHA512

983e14d90fe1f5c4993724e1d8ae57132ccda5efc62f0d14146e36c8982d0315753c6aa573f97c6f7d29136051e65eb85bbe9a02846b431a06b5e71ec1ac8a28

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7BE2AA51-ED22-11EF-9816-E6BB832D1259} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000055a6d89ee9153b4eb4e421bbf63bcc5200000000020000000000106600000001000020000000ecfa5f67ccfe60acaae56f2c68609cd7ad4f7aa76198dc213a0127923ab21347000000000e8000000002000020000000ec606a772b1cdc211dc210c1ba1dd2f8930db731404c12accced2407bcbcb459200000002a60662bd0039092d3131b4b127e0183479e041fe297e005452fb527c2963e4d40000000e080ee1542f4bd4a7545c9e1fe68458ddaba0f0f7b545c77daba897dc219cf908fc011f32d6480783d94b04f7c37427d4bbf44a789d99d82557f7d632330ee6e	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000055a6d89ee9153b4eb4e421bbf63bcc5200000000020000000000106600000001000020000000156ac3b9407277382dda91765864bae0e8e2d56ce8a7cccad408109d8ec1d30a000000000e8000000002000020000000d3c55a2002a1ea215dfb104d4832bca4e4ee79163ac505e2ea479ab31ff16d4f90000000f080aab839b321b2abb761a281e053b9a09f54388120db07200dbc41d98f24871d5d02747c16f80f51f6c4d03324b83d66ed95ae3cb8535c2b1255a5935b4cd801769bf1b6fa35602fea09cd7c0fa0192295186885479da8ffb1bc4e7c2451c62ab3c94c6c2d67a5a5fca8967aee3b4ffdf45693879c31e68d9777769c271ed5164c206aec5e1444b9de5cde946beab140000000220021b8c8237524df8c5f853ab1bf878f861c31f0be8c2019d805933caddeb0fe8477afb85b23399fcd7f0b2aa14806bc07df2837c27f560c7bc79848e482a9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 208b53502f81db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "445953663"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2896	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2896	iexplore.exe
2896	iexplore.exe
2752	IEXPLORE.EXE
2752	IEXPLORE.EXE
2752	IEXPLORE.EXE
2752	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 2752	2896	iexplore.exe	30
PID 2896 wrote to memory of 2752	2896	iexplore.exe	30
PID 2896 wrote to memory of 2752	2896	iexplore.exe	30
PID 2896 wrote to memory of 2752	2896	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Videos\READ_NOTE.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2896 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
699a6cabd5a4f3c22c10dd9600d2d0e9

SHA1
e232a81e419141e5b41c9910d8677bee6fe18320

SHA256
8c79bf71e5553f6dc750868b4cdef842f68d42a3e4fc0aa2a43f88acd5145ee1

SHA512
4ca5f3279cc2cbf6be66cbfd68e5984318d6ed7baf5b8e06cfa555c54a7a3d867ebbfb90531964932a0ded6fa4b258d526b3a682d29fcba3f8577ceac9878b93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ab5352226eaa0a7fc6e51312f1720bc

SHA1
719e340b78a47d5c4998267ca07751df5a388b69

SHA256
4de15e5095f6c21bd1e81b8e6e105d5410ea772f6b4f4bb1d1fe6f2414d39c4c

SHA512
414896d1754754753c000f9ec772e9ca21ae59133fe8b6b0610f427823fc03d85dd67431e391043d4a8bc4790163a52c3d5bfb3559ca617a69ed83717d676c3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
908f5052dc7f3e2b118afbac421f5160

SHA1
9bdc1eb63d4a63696f02e1eefc354c6e29cd9d08

SHA256
ec0624c9a84d93b58b7ea1bb199409b78cc82778989643550253623942a791b6

SHA512
5cf2df86a81cede4fec9f8d934b2a57f34098e34933be30f044edbc615fce17e8c6e881c2e2df991542e38c5b2cc9ee3dbd82ebbd7600152f9fdc71f8089a174

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b178764b65fa4389b39e581692604be

SHA1
67b21bfc7d4b3ba91b906282dac43334dbd52c19

SHA256
769945c2642836109e7e72ff788d9ee5947eb9cb983065a9307427032b52ce13

SHA512
e61f7c0a50c6c55cd39c3e4badf2672b59c640f50aecccff5be8775bf2a2016e88cfea656b5a653844d55c830127f1bffb3d043d6bc7a469c8474928b9c32446

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c8544395423288286ee6d119bb5ab32

SHA1
9318ff9ca7f8d72fad0dddefb505eb059a5f1f12

SHA256
b2a8b18366677bf8a2e65e20ad0df1f1425ec72453572551be68053a187a222f

SHA512
b13fb5420fe8d052489aa60a8e3ecb6053fc625721127bc855dd1b4722db743b91d5354c8857956794778a7a76e979bfc2e54c376f707ae588d8f0b9a26b3bed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83fc88ea8a371ae5fad29f2b862e8721

SHA1
ae24a4607d168da7c04d8eb8cf70862f0e50a146

SHA256
40c48894e6b7652540f5dac2ddfa91a35f6966e1bf5d9ecd682d6dad52520614

SHA512
9ffb897c70911ca44df81f5364649e2198bb1fcc20e6bcc58df9dc1400412fddb5fb8d39ea7f945cd3c53c805ea9037836b154995cadf5c964b42d1e5323890a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
446e1151a3c216345d5b16ec96934e14

SHA1
842c6686311465770792381ef0468d5ed20b4c5c

SHA256
e3a8024750bc35922b750a0edaa7fa2b4a924fee8d5cb10b265021a5e69d0390

SHA512
4883806f8a04b8a3d582df7269e836a1c60544ddf972c93b87052a0b09447db833d4e375cf4c1b4b69023b8e3da047dedb3367e88ca36f48abe298ba07ef3fdb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b3c344334aaff885931c6b71ed99c781

SHA1
b6d7752d68252a2c8363fc69f553be675b617fac

SHA256
3df4b110476c294c2cf430dd93df3ad5971c7e791f883bf77f2cbe26d8103fcd

SHA512
5210d08435c24cb05c6629169ed1cee89535d52bfa824cfeb1a0e983251327f11babeb159c37e77f08cecd44736c43b3077163561505c8e2634defdd5ac425c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
771ba75f55f9a428e6a61535624e97b8

SHA1
99c4581c6fdd05a05b0a90ddea4be890e2ae6373

SHA256
bec6eb3fe562e64d75961b9be9262c8bcfece0054226fba24aed1491cf95cbbd

SHA512
a3ca24bd04670527d8c595dda8ba2e9c41876030db37aa3d10f7795f493fcec2d59d541e1374be4e2a77fbb684ab10087ec87042dbf536be1f3889e763114a69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a87811270b7ec841daa33650c0afc65

SHA1
e54c1e898c8f72bcd63fbd3b6741a939cec15467

SHA256
b85318f8cb256f05d76af71b73545e371a4d5b90d433fb4f6bdb6c1b2e1f0892

SHA512
1ef810a320eeb9d2895847af82b5db9d7057555379806dc9c54f125dae01b260df39743b85bc0e054c06a772c59834cbab75e4b261aabead61dfdd9e85611933

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
48fb3e4dbddd1c1be4a4e097bd9c8e55

SHA1
bef8bb84ff5b3bcfa6611d0c4ade673cb010120f

SHA256
7ae6f7f7b15ed1509d8960df813c59586b497a93f2ddc34eccc2e87c5d344524

SHA512
9086644ba66154c8f27ec05f527f8d11ab79b068e31608cecbda0fecf3cb86cc107b961de9afd059c365106c52d298d35c6336d6034af1d7c7d82dd02c8dd53a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2734d998571e42ec5ba69246faea6460

SHA1
118bd0472c78c0b62667df9289ada91fb4b44d4d

SHA256
5781183674fc3cebf49702e06a15a03f53935180877c23cd06bbe1a2fa884399

SHA512
08526863f224edf7880b627734cbec24d522731dea3732bac8dda61043ba696ddda340560b7b3a5ba37837ac6b9bc5ba326a911ad1bbbd51f87b0ed8c0eec38b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
953d42f7d2dde95c4f890bea652a5b82

SHA1
5180b242640db3e0c0b2460a8b06f04e42d7f389

SHA256
ce2458cdd96f836ea5c8a52e1b0da922e4a883ec73ae396c03880e4ff0715178

SHA512
5d736850cedbd3990e9967454ca9184dbae2e918a2e075c388804aa3178cbb83823f2faedcff7d9ad05d4980be68a625a97a42855899fcb4ccd63f81be5ba9e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ed8d76cc90f774a6e6a08f63add70f1

SHA1
942ec8449314441860069c382cda6008ebb32bce

SHA256
a6b146061729eccce39fd85b66ceaead4ff0d34870e2831d84d2ea724a25c95f

SHA512
89cf2fe6aa9da564ec14d80a6f52d1dab9e1fc30e59e8bc3c49fe57803e0aa14be046843c393d95645ff335d318c9be8e01d51c4d4ad7387684080f10c75b426

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ede6d7a2bbb90dcafb289d9c3230646b

SHA1
018091507baeb02bc1f9e73a93b3f0e41ddb59eb

SHA256
34f6efe453295d142954684ed94093bfe7fe68866b3e151632ea465998d472e7

SHA512
ead050c3cec9de6002eec397450110ecdc7b20841a16f76311a8beacd5f4426439c1a1dd2c582d0915cb660e7a0e9edf6f67750d3770993747bfdc0a867512ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBFB9.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC02A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit