9f23df054570cf94a0fe1efe0fae1f6e7b2f66fdbd2700bb42c49c5e23214bbb

Analysis

max time kernel
118s
max time network
132s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10-10-2023 22:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

messenger.html
Size

4KB
MD5

cbd21a83eac199abfdf5f81f0e2fb02f
SHA1

a246bb2b57b982bb69608eceff0d6e7029a1a1a9
SHA256

94b04c59110c8e9576b95e5b01886bb9242df726bf6053453b150d8f7954c259
SHA512

0f5da324d1f51794085e31b5c377297766dc1d2e315bddb8d731a6424c56cf236f2b909881b05bea53b3e46bf9136407b6aea5910cd68a1e66f04521a45208f3
SSDEEP

48:tLY/qso1j7aYIMzLF3wY0+wVHNKJfjcS0efCSP9yF7P9BOdABr2eGGCr:mCXIQ/WWjXfC0absOC/

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E563D761-67D6-11EE-8654-7AF708EF84A9} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403150185"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40d268bae3fbd901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea3dc2a7c0fe4d49bd6e8f3e7e71513f000000000200000000001066000000010000200000005b76228e8d179914ea8cd879f76500a27e02cdaec8acb4352b3581a7655ed0da000000000e8000000002000020000000842ded0b1b0368f0d94c208c13223aaf68c128aefbf97e1bfd5a8ec810cf71809000000010eb3adb0cab093d43f350722ef0e96376c1c9855b415672585274eb9deebf69f70d2733f75d0b5cfafe2d3f609093e81ad6a9e275771e9520caf0f24764ea2a1579946e528ea8a7946d03ebe0a18660727d2f4a10da2339f8d5f84604cb0a8d41c6724d32e3251060d4fc4a8b4a97fb25e982ed077fad1095af40ec7026eee0735d560481e627d44a73720b815d662140000000471f23da5e5903644bc1f521a90d135e7856cf55b0d38a03605ffd2b1a2e4908c56f02cf1af2f46e9d810c134f7a6b9348c0180662d54c4f89b3f2e4f15427d4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea3dc2a7c0fe4d49bd6e8f3e7e71513f0000000002000000000010660000000100002000000007cfb76b447c815546555b9c0d1539431b5f6f7b939e67865ca03ecf79d0e179000000000e8000000002000020000000fbd94b096e42aa8fd903cc66b2bff9a78c8c93469758098d247c14f897a27d6c20000000be9e7be0fb9cb0c9e2f97469d93a08ce3b7a82a2348409b2eee53f79e88fc70940000000bf290e5d8a61f78d5576eac0c015b46b955f86012a4944056af5691f0051aa4bfb3018a857cabeb006e0dd0d9627acf5a7dece243792871da703e35a4c79edd8	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2248	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2248	iexplore.exe
2248	iexplore.exe
2620	IEXPLORE.EXE
2620	IEXPLORE.EXE
2620	IEXPLORE.EXE
2620	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2620	2248	iexplore.exe	28
PID 2248 wrote to memory of 2620	2248	iexplore.exe	28
PID 2248 wrote to memory of 2620	2248	iexplore.exe	28
PID 2248 wrote to memory of 2620	2248	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\messenger.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2248 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3dc239b117451407a9f65ac550fa7da

SHA1
941f3e15d5fd1d83e184508d1be7d9f4260efdf5

SHA256
2627ed5a230de542d1979520bb3a40b41226ce0ba73e74d01364771fdb2bbf0d

SHA512
7d0cd7f43ab3c389640637de3669d1d220ba2d667acdba967915e661f600814a58b4414759274321232146e70ae4a55aa60867514b1d5293cc7419b19c7e84cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
00e4612eab640f7b2fd1ec72349b7547

SHA1
eb842c44bb36f61bc2c05f50e2dc7632a424c87b

SHA256
81af29311b6566dcf722b2a28cf9f39b70eaa9c177a015c63c056835e75fb093

SHA512
7c96932bca954cc24c427216feaaaffb835e6427f39fd10b307e1ad3606664ffdb16d0ba6da3e2579b1271143ec272f6d51953b6762a144775ea2367a049ed2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d48d8b46e8e348cda0c7e05ce7699ae

SHA1
1d9064b783e8383d9f90d76046ad4d342c313eea

SHA256
4d6cb1b9b2105ece4ead1df812962debacdefcbc9f667b804ceb72a9c624ea33

SHA512
d6759318f0f1a7a7d4466706ed0ccf0bdb804560ba1f61281c2ba820eae882ec5cc9fb5a2d73edc2d3430c19b916fed5127ce841b1a65df71c1f309809ac65f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd3ad7b5b25bf7f39162a1fa4f4806de

SHA1
ab3c4d2e13c279a156f22c985b549363c22dec06

SHA256
763226ca3ec38c8e68a36feb2f14094167f0c5d287d4e4e4fbb143272aac26d1

SHA512
491a106be66d0a8726cd39f8ba436cc98ce9d0a337f4f5836b3f73739a118ebfd5535e9c937a70ff10e27eb28b944b2eaa55550521ffdc42bbb42e35cdb2e692

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c78d4a242bedc84f9e69fc7288888f9

SHA1
d4b8e80c9be3d3bf033f80fc0fec18f79c03d5bc

SHA256
9e45cdded481e0b84eb05ff718de30898c269fc21b98f09e535f30992027e52a

SHA512
eb350cb6f8e9c90c133286e2e23add1f07aff96fd81695d8db53e476eb16c3e5c2b87fb4ac476eebd6f87df815a896e0862662422e62cb6ca4c78bd7b3b1d5a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af63d824d1034465994a46d42bcf36d9

SHA1
db366e422d1274a3670cd6b7f5fb57e6761ba25e

SHA256
06feeb28dcc5e6bb0fba318d565dfa903083910ad567c3f82ce7992b7ef3ef8a

SHA512
2dd0a196856c9085d1dd22511ccf4dceaec8bc686b59c9e85aac8bd2e766263beedd983fdd7cb317b537d3500f8c84f79bdc4ed16d3c1187b612e368cda2aff9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
260f74c1f0664d595c57b731add12700

SHA1
8e757e94a2f09e62fecedc8fc503b7f0d18a06eb

SHA256
b1c8928c9729edfe6b2c3b0c274d1a2e3aff3b78254055868533fb515deb233f

SHA512
e4dbb05b7b763b71ea06a8737f2c86174ee9af767b2144668cbaa3c4c2778dd6568e6e5bf9dbe6ed5b91ad07c6f92b422a30513c547d0d074b9e9a1e2a1de76b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98ecf1e84b3c8959df2355feacf8768f

SHA1
fffaf6e22cd8319f94ba981f3373ed4ea6e16d59

SHA256
5506617f8fcd300a06ab568698ff3e9e1863561bfe7f1eb3acb9fa7dd8c50055

SHA512
9fba34c2cdeb74c56e069d2fe7f4a8df22c92479bcdfa9c7d1487be05abce19d0d98c0c34b35da6f0bd3c713584ec7871cf0298aab9be36db615f4ccbd1dda4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
942c3f80eed812aeaa7ff2ff6370a736

SHA1
0edd7574b513ad5aabf622dc0e5a392a7e049084

SHA256
4089a74ae28b0638e894b155dfd50efcf576eccb1deac82be129de28c3a25cd7

SHA512
afd1923765eee81b06b9f8f912eb04d4de4e0183f505aac32ae348f623de860fd312dedc04e8cad79c4651d4b12f4b7c14370c38d47efb55a2fd4b56a58d2e22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
42016a6bf5ef26872365369850130c9e

SHA1
319ba5ad84490599ac55a2474b0cefdcd87ce1e7

SHA256
c8a9602f955c7e757fc7b898210060c20fd28b1a568098b7069854cd927947d6

SHA512
feec5248b05afbd387777bef053b83590374f2d4a2a4c5a5ac2b7eff41a92ad50d6e3143351078eb8fc8bd1073dbebc6063d75d2e52cd499421880f9fb844f17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d01bd3c3d7f4373fc0970f7558a7647a

SHA1
6c337511e37bb7fa25398a81519e98f9a4bb4409

SHA256
fecb5f001f4d2ae72f308067fc654d1e4eeb126c4c434a5d17c9524b66f489c8

SHA512
bff825523bffb62e0634c42e6c5b34e505bd5f17302ba965d23b83508318239b0b1eea17a249a0784b5a220bc0342fe12f1828bd1614b5312b45012321614fc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c10f6962304a42d2790e3ad5aa60c3a

SHA1
36bb9f7a9d3a37899e3e7e9efd39673d3ebd840a

SHA256
f602a1a7686a6dcb0f42e8593c974b05c52311bc3a53cce9f0c76d662a0055c8

SHA512
da50f937935273b890728cf436c12e360092334955a4dadf80ebda3d3652a82c23e75c7af07d1103b1cb51c9f8a552978378239c00eb9bd18b1521d4a88567b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca60cabd3df61eb188ca84c989e9e408

SHA1
7cdb71aab6ee02eb209a8e629cf1978b10365205

SHA256
5215e6291ca475cdb48164a69c133438d17d1f8fd8f6a3f118be88f17e7487f6

SHA512
4e5e18ec5e471541d1a6bee6bfe66864bbc0023a98b7bc25ba44fed88b4eeafd97347e1173d6dabaec11eaa92574beb5857b82714a976ee9dffda5967ad581bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8794751457ed66d67a059bf1b925fd87

SHA1
6bb708f4b86a2a517bd0c681f93e8e8025a538ab

SHA256
d545f65fc196baab9ebb9dfb66843309fd9bcdeae4e48c367051f28f654b43d5

SHA512
751894f977ab77314191bf24749e8d62077780243a4cccb0203f0129f725ee6f68bb03ea8685eed9d03ac2880c063cfd2b17eb62bb9288a582dbbf60ac777311

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
111603204c966181cebdfa367972046b

SHA1
f8881751f7b5718eca6b76c391b34df89e8b0d22

SHA256
e0c17ef124a8c30f19babb61f74c5cd20c95b64e2971b6f24d106d6c691d8b3a

SHA512
0a1a7bebedd426f77df63cf57b225649f25094f95cae0bd7d03b9b6d6cebd9b94301aec45ab0bc039adbb31436b9bd25ef83bde072ceaee1b6bed8adbe0bb3e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4266f2bbf0d2340031a685c77d4bd29

SHA1
e3569dc0abd1dbc1723333ca9048b3a586e30914

SHA256
693c970c1ba8dd68b01aacdd89922f7998ec4691b88bb777c89f92f0e98b2d31

SHA512
ab0c4ad5173144337a274de76608da16c8ecd262932eac01bac120ea372ea1f8869a7e06d146a4f5401a3d9f935c11b64476f04aa617fe78c382bc67f18a4652

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5EE3.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5F74.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit