hxxps://infourok[.]ru/user/salnikova-mariya-fyodorovna

Resubmissions

12-06-2024 18:06

240612-wpq28svalb 4

12-06-2024 18:03

240612-wm15esyakr 4

Analysis

max time kernel
15s
max time network
17s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
12-06-2024 18:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://infourok.ru/user/salnikova-mariya-fyodorovna

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0DFB9F71-28E6-11EF-8857-46361BFF2467} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2884 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2884 iexplore.exe
2884 iexplore.exe
2964 IEXPLORE.EXE
2964 IEXPLORE.EXE
2964 IEXPLORE.EXE
2964 IEXPLORE.EXE

pid	process
2884	iexplore.exe

pid	process
2884	iexplore.exe
2884	iexplore.exe
2964	IEXPLORE.EXE
2964	IEXPLORE.EXE
2964	IEXPLORE.EXE
2964	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2884 wrote to memory of 2964	2884	iexplore.exe	IEXPLORE.EXE
PID 2884 wrote to memory of 2964	2884	iexplore.exe	IEXPLORE.EXE
PID 2884 wrote to memory of 2964	2884	iexplore.exe	IEXPLORE.EXE
PID 2884 wrote to memory of 2964	2884	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://infourok.ru/user/salnikova-mariya-fyodorovna
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2884

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2964

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
252B

MD5
d3f89436e186abda3c79def4b976026b

SHA1
d1e3f6243d95ac5f0cc91a0e8f287529f0d0859d

SHA256
a1c82d9b35fd17aedb1ddad2ff57bd4ab45c6ab0bef67d5ee14d9c39882da281

SHA512
7833259d92e2e1b13d554e4f96cea59f0b48ea360b75f23a34b4621a5cb8b68cf41859b32612ff0e23a42314fc363a945e679b7ad14e996ae1ee529e3ba272d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
f83aef1659de827bc0092eba7d44ca85

SHA1
e5cf181fb2f4a7465702444df788593046e2e5b6

SHA256
5820bef4234b83ffa3c6eedf3e4259be3d05da6e8795e4ed63e29089cba73f11

SHA512
dabee8ecc9025d76fbcc1309a411c2465c0c9261d38ba01e0c7cb32c641fd926a6e6a94a4865af4ad43f04ebc613f4688793c3a61db8dbf09bc01fe593ffd070

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
7f92afe73d63fe2343bf6a121f1efdd0

SHA1
c492999b13e6da32ef19245282330c07f2220b77

SHA256
f38510455fda317781d0b3ddace39c01ad77cb57c16e8466124089965f83e304

SHA512
ff22eaa73382e7950f4869d4dbfdd4cdc4c7e7fd6a11388fe7129ad9caa8c3f99986dd143a569f57ee981d66b1f2c52af8ef0c0730226b43bc5d7ef898475f79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
2c60140dc86f05f33e3e0f46abe2ef8c

SHA1
2160f1a78df1c4d13a914e064c7b9044df621ce6

SHA256
76c62686bf656d25d1044f9a05ee650421ab14bd232203697cd853da59d9b23c

SHA512
c5a1365b83d326ffc199d8d18347188f51e2bee53a9926e4661bfb581bde5115ecb2561827762c6f26f26db557a02f0c3bf7c56247f15ac29e31184944624519

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
c72994d72058c8f0d6686d3106a85d85

SHA1
9b27efbe4c108681f17a2740e501d0d3ff7ba4c4

SHA256
a8b2e63d4de829429ce3471cdcc7700e6cb7881bfb83705ac7723363de30381e

SHA512
9dde6367bccc0ba22d734a45f70254db6f17c0700bd81add8a6a1e4a557522166f89faec7de7cc5114361d5036956b1275666cb45aa699a09675819b5f8c8a03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
64ca0707e14bde15ed760990e4d6c4b9

SHA1
299203bf39bf49d49653c44d9d26db91d8d7afdb

SHA256
14ad6a9caecd575c75f27f86a3c9b12f7b98da1dca3636fdbfcdd022abd32477

SHA512
400605457bc2783cec1dcd3fa77508cc089924b27e6aec667227f2e0bf2ac71ef2627b325295de0dc72840bcab4da4b952964cfbc7c02c06cb4709f009f02c7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
1bf42967c59149d2991923749d2014a6

SHA1
e28bd81e5e0486f719f8a0ab2b541b0ef0f6c586

SHA256
fa3e4fc8f6e83505ac933546543ea728d8e058a1af50343015dfea49683099b8

SHA512
16b3b5559d6168c073b0f2bb1974ebbfafacceb26b9623fd932554a32430b76f899c8177009adbe67dee3284875cfce5e78afa1d0fdf69acda502d9ec26a2fae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
539fc34c0ade11c96ae68c8766825df8

SHA1
3c83b631d489e2286ec4006315fbbe12dc7bb313

SHA256
da8fbd6a4a579232db5fd8d5a328ebd8c7e042ddd5ffc27b14c70ad12f531f35

SHA512
ef89bcff3ab8363f7eea174fa64a4ab6cf2c71ea3af213104e0872c364616c4902184f88cdcf9bd64d0e0d1e890ac4a1e07781e13654e5ea863d4700205018ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
244058c7a7f6ec86ecd214b08c8dac11

SHA1
ab9df36e8a5cb8b6f52747dddba21eddad6411e3

SHA256
cbc3a5218c346a622c0aef407b8cb32b29c7e3eb871256f06349704a9dc0b267

SHA512
c0848f12d06c4b15e2d874a9514081c649f431fc410c6e580f1e68e7931b466500119c828cc43999b696a610777f5a22ec1e6cdd4fe62cc7b0385cc65615f975

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
e764b5a9379190ff4a68d0d1c2fb406d

SHA1
a844b436c499d334d8a71049960dd2053a2e83bd

SHA256
b52e2b400be6faf19f051952fff6fdc949b90ea8de6c29dbff52457abd9404b6

SHA512
95d2fbc3c1b7fc9960300abe7580a103561b980cf1883c73005231e4f9dbf6e0d5577583f536f1a5f1480d4d27533d93c36e83feabf32b61891d8126ab850494

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
030339e349324ee3155d5abec767698e

SHA1
e832292fda14b11acb070a2240df2001a95942ac

SHA256
cb2aa64d69a997921393aea5b3d9890fb49fa39f73e369db5f39099a970625da

SHA512
4f813e9da607ae5b6684b3bfcee5da91f0477268d2e1792e058096851ba8c073060dd8c9306d8fe4210b91455470af8470ab13afebc8682912127c61d5f54dc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
15186f6d1c3a5d0ad8093e07e1639c46

SHA1
92d9532c6a6ce1a457dbbb4b352bbb6b62f9a45d

SHA256
e04ab47bfa1923f144fde21ee21417a25e4552370c55cb31a07d45ff6440975b

SHA512
cecd2406392afc2672094c563c3fe5f02535fb57d082c0d0d405b835798274c1b163cd2e54e82ea85a2144d1898f78429a327840928a67d01c2152a5104a71cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
90f9c0e9abd59e8499e6725a18691322

SHA1
1e3b65de17429466874cbbe6e1f384d6f5592383

SHA256
fdcc3ec26fefa36d41803e1b1824948d1de7a781310181339e338bd63526d866

SHA512
773a791dcf32bc971cb3d81e459112ceeb000c3ab09e5fe84322e2ea39fef0039c3fda0dfb644a9ce490ebcd8515328f0a3e8a2d96b27bce0d38edfdd34f5ecd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
ae6aac0fc887754b05e71f158862f6f6

SHA1
8a5cfd06d367da1fe683a269a91a716299bd3b8d

SHA256
401058e017bde88f938a0626d73f922999694a6e57e8804a9dc3b8214b08f093

SHA512
b59e35d5c10b668ebeff59619b75b954f4ef8657f4fc1f19bb0c06e9d45ca61807f27c7afae307935149785daf653b8931633d25f86cf734bb9b45ba5d98a25c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
1974b40ac96d90973f1882d8100ff525

SHA1
1105891f1be6759a908cc711269c7a57bbb16318

SHA256
77b4ae65d68ac20199b43cecbf6061c1e65f99cffee1c76599a0e2896a72fbf3

SHA512
08e3e20f92e3f7aa232718fac6f3f555b5f866a92fb4769f50f2c04b44c9d62b9843fc38263dc88e64646b1f2c4c16ff56535ccc3f9253cd8d33f3f7186796f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
a18193ebf3d0b18db2d8c2733c7ce84d

SHA1
c10097ec420ca47685d42cd212e7a549387ff2e2

SHA256
67deeec9689d3eb4d6a20705241fa27da933cb3182438e2106500172dab416e7

SHA512
aa1218184e20e13432ebe5f74678a64c97022fd2c42c80641c8782ade54ef7c46c6c393951806b9543c5305aeb0ee4fea42ee0ce2a56bf36c01bc641bd13066b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
b639790391a872ae63fbfdab9549debd

SHA1
48381bcb28cd41bc75895b0f8182633cb5062fa4

SHA256
72d0af31d1ffbb9197c26df5152a421fe1c41e97ce9c56db41ebec3cd91f0d81

SHA512
c5f46bde2d4f4c5b92fcb4b85471408c02d43d2a2ae97ebbcca7d5a89a8a531c8ea770f28c9d7887a31193bd71fa858f6f4aed75db792b05a3b7e5045778b5a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
242B

MD5
f69bcc71f061f66d23ef7d2624d91463

SHA1
4a83e61d65914940fdfecfd2a8c25667a9c0f50e

SHA256
6c635a08f75ccccf615827be150367ca78e4e917fa9ea2dc837fad885a143221

SHA512
2c16d7581b15ed3979b7903adf7986c05f180292d1ced31389961a301d986ea133880e9852dee98c8a7e61f45cb8469dd0eaee681c5175a3389b7127fc2024a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF63.tmp
Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit