33668692ad696856f95471e2b2834d75ff6ab285fe1a5d9098d340362e127454

Analysis

max time kernel
0s
max time network
128s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 03:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WinThruster/HomePage.url
Size

65B
MD5

456529ff5b26d7914403289956523ee5
SHA1

ce17c42ba1c3aa90eacde992f33ac1654b3f7583
SHA256

74c7175c6d1ba8416f2784f0b33f8bc115bd01cd9cd8c170254f83798cc986e6
SHA512

9004567377137b2123dec4f6b18fee72fbf06d5566e41b0e8eb344b13b6d6e23c633c54598d26687bb4a19aabc30b877e69d53f35fab36ee4fb78b48b77d0387

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

rundll32.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	rundll32.exe

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8702E8E1-3757-11EF-931A-4205ACB4EED4} = "0"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

iexplore.exe

pid process

2208 iexplore.exe
2208 iexplore.exe

pid	process
2208	iexplore.exe
2208	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2208 wrote to memory of 2292	2208	iexplore.exe	IEXPLORE.EXE
PID 2208 wrote to memory of 2292	2208	iexplore.exe	IEXPLORE.EXE
PID 2208 wrote to memory of 2292	2208	iexplore.exe	IEXPLORE.EXE
PID 2208 wrote to memory of 2292	2208	iexplore.exe	IEXPLORE.EXE

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\WinThruster\HomePage.url
1⤵
- Checks whether UAC is enabled
PID:1600

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2208

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:2
2⤵
PID:2292

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
d09d0b8a77bcdf44b18979a1cf778faf

SHA1
50147760429361395e071a434b77d27e6a5e1887

SHA256
daf03573a56f7a8481eaaa4d60355751d0fe0e66d059afa3fcf3ada00203c7c9

SHA512
7fa96e056cfbe2d5a3e1c19d1489a51e26d073b059579df167f56bb045fabab76c251ad965c0f28bc24b3c6df90f38ab73c62cbf6742a7a2b61be5e7b2cfc9ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
151aaa2819aff755ec5b907ff450dc6c

SHA1
145d57e70b06c3b14a41d706f1cecda983a372c9

SHA256
4d3706570e2c2df3b7a830ed863fac19352dc6b7a78f986c5714c7a3717822d1

SHA512
f503ff9cad7ae6bc343e8bf262c7d14d5baf8020da42aa2f52cac09d5a6aff145651a3a908fb08341174656754fd9d4d99271611079b06c491eeba5f9fa960d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
89d1c1b12c07d2da63943c89da83cffe

SHA1
df5ae7790d95dfbec1df93188353ef0b9ba824b5

SHA256
e771afc59007fc7ea10435b090e9ea2e8ea077fe490ba785fd9ddaac43c1b210

SHA512
4b81f5a5920cee1a22321c02e0aeb97081fdb3a503b42d6b9378008b365c497169a6a211e20c79bb34b9135330337b38139d2a322a48db72428178652548b984

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
735a78a53ac930d32bc5755740683127

SHA1
9cdb064a168a5164f6e797111df6db1803a6ccb6

SHA256
dfde07c34bee915bb0d9e133a140009ecd3c9732955af0c35b21c63967ee73d1

SHA512
01e291269faa59a6519666689e330bb99cc32d0be6327b92d1792db8674551c478243166733d8daf704462ec8389611f2b1a08d8d1aefd6b955752870bc2b3b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
ca8a79bc1ac3b2cda175a3297861c171

SHA1
4e1242182a366dadb683c16f173dd0f5cb21d556

SHA256
2be0d37010345355fc9172a3a8b57273a9e845dfcf2407b736cd442b9cb6ea26

SHA512
e3b62ae4a6b3554668885d0790687c1911745c18eb254be96f644029961a4f01096bdde03221519316332740d2a9c5506e6f0d061c675a7032f22b623f48ee91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
3f08134fa11b3fa4da2cb0493305799e

SHA1
90588c71a857b6cc67433ed7c43744e0dca1869a

SHA256
462aaeb98adcdbcf028f55a33daec4c0c8aad11731de4143bcf87b20155f4433

SHA512
5e3715e61e072e391517691b9ebe409c5878dfffae94db07a8f0b14ec38f57e0aebdbeca782d19b13a3ece6f61653436769c84d96be4e1a7b646c80cbf2f5067

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
d18aafe01cb03296264a252e8fdaef9d

SHA1
3f89d65230e83ceb027f6d6d86292ae2beea4d31

SHA256
316676849d52c20b95f30f1518716f6c3d88fdca24701bca365555ef4ceefe94

SHA512
0a3ba96c249bfae3fa1b41ee4c6b4dba3ab074afebd3dbc51789d07e238f4926108fdd8b661c09ec8fc3389031e0fa853555713f2460d321a0c728ee51c1b699

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
33ef8848edbbcf72eba07c80149e37b1

SHA1
3f25261b1686d5e9070376f8a105ba24e2d92e3a

SHA256
d123a2cd80db8e70b6987b41633aa8db0f7b895b84e762df8d4e8896c2ecb2cd

SHA512
300dbad159175ae4c41261b7d0ebe6c12f822143880281d677c42cae78ad9ebace3a717dc7d637a51bd8c6040a692343a0a849fd005cbc499a752ad2f11f283b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
198d645d678a7eb4c93da1f175bf8b24

SHA1
8e61f6a53790b2fc98989d88aa681293f5b82bee

SHA256
70feccfa255fb766781fecc2a922cd41a2b7ba2c6362b6229c884d1fbb871ac7

SHA512
0a94dc20ab5df72e483d1dfe47bc9184e1aa0561d6cdb14afdf84e3713b005e1e2b66828c632113ceba6f52c37d3619b712d859c70ed1c80284498251e083627

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
46fc030476be4f92a13838358703e63b

SHA1
50fcfbcda8ed822350942daea0477119503a44fe

SHA256
5bfdb3acdb6304234609a87356c6e462c1c115d24bf8df6be929f4c84c288854

SHA512
d5830cf59864e2770ded7c6b9870e6bafdbda5d723eb9694b98e4910f6f40317a35b2f66d2d3f6a35e149ef0fba0addbe16330f09fb669b4942646f0cc451a93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
17e9c3bc843057dd38f897d5e1694766

SHA1
d2b9c2ccf0adc32b94e4a249972ea8cf040a5c6a

SHA256
17aba2336a6f77479ef5273abd68f63fc6895d0ebabc2e5c75af82c3c80cdf85

SHA512
67cf5d5f01b45a7a0a64e3334b1377ccc1ac0734e04cd1296cec63ba969c4581bfeb616c344b6f8b18419238ffd1e055d417e630991bd9ea58d92dfd8e5a6b4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
3e5476525609e7ce4b830435a39e1620

SHA1
71b20da2fa3f34f5a5c3539eb5ae3f767d7de7f3

SHA256
f2bf5416da5764ef2728a5f3571628c90cdea6343f072717921d732879aeeaf5

SHA512
7a4db48cf224755a546059655d720aef057824507ae4811a436ac3d8b615d6317b6afc70fce43985c502745430a42ee855d1978e8d6d40df1d6be9d02aa7511e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
675295c7d629a85ce979f234cd46e36e

SHA1
dbee7240ce8ee48f3258a79b8de518e182ad60ff

SHA256
bfab5473a406d27c5284403adf8dd7c378a197ec5eebe877dc3359f236e99d31

SHA512
6e84786519a86cba57b6a536f60040167447fb07c4724186dd9da026511ba5cf3be20b244442ac6492424cbd117791d39779f8cd90051524559937774427c2c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
e0a565552b3aa783be97fca3df7cca76

SHA1
659b7a353918ac8e55c8345b850efd5048860602

SHA256
df4484e255ead62b3cfd35b249434a97667077425b3a21fc7c6a8fc811282428

SHA512
a081b0d810b84b0dc738de01effe31cbedce08a7510f53480b2cf6ed69af9712211f946f58f3cd161e2e93d0bbb7881610132e4d4ee9fcbb07c186c679f57e08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
a20ab87ffa505e5edcf363b4361925b4

SHA1
1de0250aab955ca38825c6fcd95dc514f4533e36

SHA256
1b84ef45613be0e9b8fae4c5463773028b37b5e0b0a43b03f9735cf107d7da7a

SHA512
e9dbac16760ecd5f8436636e54b6d3595eeaea87b5a5382c84f5dd074e0c6e6ddf0871377fb8a1433c106d3746b5b5bf86e3f19223d581b55564be623f9a3409

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
4ae8df8db905cd7cb6519d393b4d1b51

SHA1
7a5fea063838d6737513047ef6de285327eefbfb

SHA256
a80e7df66748b30f00434f1e685f8cc30f6190386b526dcd9ce1aa1e71528966

SHA512
e8088108cfacf74d0aa42839d151e9961f9ca0520860cfa6b6f55fb7842e08247dcfd0275facdcf641abbd9549abe90a0a72bb8a097fa12753a60bcc88959d70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
0ba644fa8f43b70045e98ae92c09c558

SHA1
fd701e60a0c31dcbe7e2cdc7d59bd96700dc30cc

SHA256
2866470e3f406e2108516edf09e1ab5e3920b55243b776cad2fd73247c258e43

SHA512
545e6a4e47843125cfbbbf28c45a07095c97f7c8fc78458cf54f9f84deb2d1b886c4a24bc37b9673d11f1fcd3e36c4462b034348a3eba28054d9b1d7b1db25a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
b9bcffa2a865dfb9eecb3120883a4e02

SHA1
c5401d41079bd3d7f81f171239231d9d3d6a4a02

SHA256
9b6237ce8e62812bc50bf9a2c1f0170bfad44eae9c5ae70ffc8c5564f72d75c0

SHA512
bb0b98fdc417abb7871d4d57fd0e49a64f48e168b7baf2edbf3a4c388bbad5f37e8c2ff9da7d717f313ed624fd88ad206c58ae9809cc4c2c3a603c67ece814cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
a892006f247a233f3789fc738573855b

SHA1
63b52e851c4bbcb6449b840d2e4b798a95809591

SHA256
b2b7eff8fa1f8ef0c93de0592138469aba019bb0be13143e6c0af08685461912

SHA512
9c6d539bba2c91b26fa9c269c0f4695b8aa870f1ed45309e6027cc35a6e66a2e920539c0000bfe6533166ecc8d555819db4b6ba4d4495e1e6af16ede2b6b8484

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3803.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3873.tmp
Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3888.tmp
Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/1600-0-0x0000000000350000-0x0000000000360000-memory.dmp

Filesize
64KB

Download