17e7c53050f7ea111b2f4d71b553625679eb185e574c3ef92b690927e5258e0b

Analysis

max time kernel
136s
max time network
141s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
31/08/2023, 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

10.7.html
Size

753B
MD5

a2f3bb08616f8187918d0206b6d75402
SHA1

8d910394f1dec3755953f190dbcc3d245f413833
SHA256

48ceec3d8a2faf2052a8483472425f98d7ddfed0181eeb165e9a6b944863c9ef
SHA512

89004575f1d9f1d3db1da2923c5dfb79b12c5c5a9fd97ac22441a87395db9d1df868329ac5365a4e45743aa44b53213f54e6d93cc1540dee5eaac06ed1cf5df9

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000dfff1b3a562844db5bcdd926cd82794000000000200000000001066000000010000200000004c093e11b76b857e1959d47f948e0eb4d6a051ff2ad9703422117b35a493aa5b000000000e800000000200002000000021f9d56834fdc6001336b53b58f0968f1831c203b8dc5005e3b7d310e4716abb200000001df90899527a41666109213c1114132c22ab45cf1eaf20dedb5182abd5e87ec740000000fdc460be2b14aa59805a180a79f35bcdddae1e833bd1b915ef6ed51de68854b67b2f3a2a9a109c50cabc330849f02ea6b57a6bd8816fb6ade5261a05ae0fcb3a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000dfff1b3a562844db5bcdd926cd8279400000000020000000000106600000001000020000000bc9162b3795ce6f5701d3798f15d81a02d26c87c44c2a48d61c90f103fc43f00000000000e8000000002000020000000a770c6e2c33ad8e7c5bc4d047af697539def352009f650515fab2c43e20bea9a90000000d7bbbb877c5d1f77c3f6b249d2051582307ac058ea93e617f3795a36c7db94af61b59bb6e94081c8a0914e1f48e77d7a9480ac1f2dab6836c24388acd1e7ecd9ae816b6da081c8bc69ee424a3e3193deef7ca8118c698acc62c0ecb8e0de7d974af35f96cdb73594140ca325992214ccfd1aa9cf854d256a3e271f9b37cdfbaec221a0648ff8480b3fbb2f852a733ad940000000b653f62da0338ed220c2d75a626e7e2e77663d93b6001c5990b69607bbb809542396c37e0450fa229ded0a7f0c0e3b40440687d8de9d4cb83c29f032e30453ce	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0ffd0a056dcd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "399681097"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CBD20031-4849-11EE-825C-CAEF3BAE7C46} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2124	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2124	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2124	iexplore.exe
2124	iexplore.exe
2068	IEXPLORE.EXE
2068	IEXPLORE.EXE
2068	IEXPLORE.EXE
2068	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2068	2124	iexplore.exe	30
PID 2124 wrote to memory of 2068	2124	iexplore.exe	30
PID 2124 wrote to memory of 2068	2124	iexplore.exe	30
PID 2124 wrote to memory of 2068	2124	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\10.7.html
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2124 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d6285fde858b8c5d61bea266f5bf84e

SHA1
d10ab6b6217c2290013c9a853d233c7440eafa06

SHA256
ec10ef180a4516e26a649821881389b1269a1fe06166efc8a2ba1ca3019f4ac4

SHA512
68bbbe225003398dd9957be8272113b58020917d61b44469c4ace1e4a6579ff0c9f3f62c1d8a3bb025bf35a38d0c26a7dd3b72f5ef70788b42c3f07e726465cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fa840aeb28f357f9f98ce3b1d105bb8d

SHA1
412348d78478e86d265b422dd3ff3b6ff9246e90

SHA256
b3eb64e697e91ee43e238147a3317bde26d7db896ef4952bd7f130b3cae5c72b

SHA512
725cab274fe33f8ba14c2e8f447e2354816630c423f142f18a8b8e50567409fa87840c1ca84ba59d119c16a64bb0c3380d54e5aaa8be63df59a62eb71c507453

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d75f3e42dfaa5e37ef92ef3bf941623

SHA1
5f236c86649a4a46dffabd57a44f950a671718cb

SHA256
1989791f95b293a3da2cdcb120171c2d2b9921158ffead1e9f2e280705289dbb

SHA512
079e32500f41a74b8f968fd10825cd473549acaa925bbd5e197d6f7b15d7cd312a8cb49e479a99cb4bbd2742d440729c4061fd62e53b0bc83d1d716861ed5c19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a2b2d85aac63777da83a42052280ddd

SHA1
646131373b70e8862d982d1438ab6a55cabb7ce8

SHA256
abd16afde18d8fd51bbc2173ba37751e76879c1047792abeacff4516265ce9a9

SHA512
b12bc992edf99f62ed489c10a5f99dc46d2ca99a1e9705d8dd1bd8bd8bbbeba88bb75aaf9c021fc643836e194accf81c40ddc4eb9cd9f4a01b4e0a146be69980

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3316d649ec5248041ba3eb56a14572db

SHA1
02c585bf0672d59165f1828daa6957af58918a3f

SHA256
ab6588735921347d9ccd101dfdc51da1377f8650bbdfd5a9936f993d1bc567d7

SHA512
87611c3e5f55c835c1e9f4b5d1d1ad1b698a162129f5ac43b982329e62ca22dc0d2f005e4ba3dd70e0104693b791748bb635185b2220a4795e83b5014226ad8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
173be07dc38ce17056c4fe17ddf1432c

SHA1
13587b0429167311d267eab9c344c53c7fa3833f

SHA256
544ba56c7ebe3e5892d16c6a6b8ae2d1646e02941858c5f39ce9c945bfcff7d7

SHA512
7f5c5122a6f4b8230b1e55bda95a2b408cab729f504e50e021297128ccca63a2f2682fdd478939800f19ed5412540186a4f64d668f91234cd4642cfa5d6d0d44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
97164c42452fca2c9523219268829605

SHA1
a978be054f9caad18a1b0ad52781d29c9bd8edc7

SHA256
749488c24b84e7010f7d9e0007d04275fbed62afa5705199f1f19695cc48ec48

SHA512
8541f5afc4e455e2f569f4f8f91bbc72f7cdc2e061de6ed4a5efeba664e9410d0ad66794d52407a92e3053ede4830dd094ea5bdea2a31fc442ae524666e22b94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d445454be2e2f09ac7b5667aba9f441

SHA1
40ebdaf751d0c19509d930b76de0fca0343bc1f7

SHA256
c4a04dc140f78f15510a3866c63367194f0cbefd091dac3bd1263c0a34eeed0e

SHA512
f45489b1fe2b42d566b6927ceed7fe0bdbcca4a0b5bcf422896f7cbb2b67e83d985d7b98407f67fd6a0fbd09f743ce03beb71dc82cda032fd91a6bcf76deba79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e951aaa4480acb57245c32e910b3524e

SHA1
f82b2a6896217026f2e7f8d83e71b43fc8cf9c27

SHA256
f778e7e002c28638eaf85d40e21bcee15c286e4e0eddc8617f4f21f6cd76f6d3

SHA512
f87ece499af0d13643a101aa1f57d047daf71951d75a9b74e8d1dbdc54f69da44be89ff7c070d7773420e2541b86e6ffdd8ea790cfa8a4b273b8fa08568e1c08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
821bc432d37ef9fdb96d01326bc6832f

SHA1
0f1dc38615c4248cc38fadbcca7b9a4f53964056

SHA256
86515844933c5dc113f7d0a63b70643ecf674d7cfb4c0ccf05c75a70e5a1bb9a

SHA512
bab5f1e8366948d8a467fa4b2702dd971a7e0a2157eb1e1d2a65278d985bab69bcc1503ec25c178db47cdee664c1be634c773984ec1294ff641ab335d4d2efe0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9da0a9a063aa57b2e4eec48236c0cba

SHA1
2e37ee970b334a6a0535d685aa2d421f1b83d359

SHA256
fa94ef59add99587ad0e2ac6c67813fbc9d1b6d96d804db54188c999de6e6cbe

SHA512
dea62389ddd97e9be1d26940ed8ce23b5ded8c7658879b0b669b23c1d960e368d336c10483111f39c6f2da0b762b520c164787856f1e0f667b42486282dfb20c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a8f602b4a50819f323dd82d61e48e22

SHA1
0b7fadfa6602975d86bc0ed85cf35785172e6566

SHA256
d16e6d02ceff9c293b1b8c4ebffc40780ce9fdb889079cdf356327693f06f11a

SHA512
47c7908ac1320bdf46dcf6084bda590a2191c3c0c61df2b8b21739f85ae6209d949f819629086000047a992613b6a9118c14a3166f1fc86738e5fb62bed84e62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ee619081ce60858130ce12b0e50447e

SHA1
cec060a7996860e30e14d343ab7f4470863be31f

SHA256
cbfd98583822fe9f50bbef785c5b66000049fbcdfe744f627a7aac1f6b480958

SHA512
806ec01a10ca44e6c4e1d71f8bb2f32b4716f8c91eaefccb76200c992ca18b2236819236e35fd9cbfbd4163fcd267e92ba44833897c8d3ce82086a11a9a8f043

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c36aff1050e0de2889e1bade23d7e68c

SHA1
4a544d4c26e2a1ca8405b187c711a74ce160c323

SHA256
ee4cd3645f2253c5937b8e264c316063c9f2475f03aac2430abbbb8d7aea0410

SHA512
7e7de5c97c6f8b34fd0e5ec979092db76a41c44843fe58344981dfda5bfacaa26d570553b0301e413459ae89fcf8d157403a98f88e54627e48c941da9e3c8c3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33294b6ac04b4a54e2261887f234186f

SHA1
01a35167f86fc82b106b0818bbb8d87b0beb0c1c

SHA256
bc0f86f145f33b771cf9509adf505b6b06da234e0966ed1ffa8e956a4fbc2c95

SHA512
94807276ed289de91a9a3a75ee2e276fc89300f418ff4ad5f01a435d2da71e3d6ef530600e35ffa9d3745b2abf199c86631502d99fdf088fc8f1548a69a1f97a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d9309bc0b6b65dc784f9dbec1e9f09f

SHA1
8c876749e443402ba7d212bda9ea437a32e6a788

SHA256
71491b36ce82fca4cafb71cf53f2156bb65fbcff32245cf881852d476c8da607

SHA512
7c7c175068b296c145a914c8d2a1185975c3198b503f84c2d6b548bbfe9e6f1e97e6ef80f95d09df3f32eb1adda4f04dc63802da33f37d79156f400bcdff6142

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1AB4.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1BF4.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit