2fa5a5e28cf8526028d17376f114058dcc8c47bf7618695a515662001b5c5c08

Analysis

max time kernel
139s
max time network
208s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 11:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vpaid_html_template.html
Size

16KB
MD5

e276e92e96646fdac5a1988074f33954
SHA1

1a7aa338deba5f148ea18666ec1ec4fbf5ea148e
SHA256

4b8fd03cf268f9cd2f7432e13e8a7862760f7a6ed10bbf96dcc8232d2d382b42
SHA512

8425f53afde718047c310fc74a8d3924ce47f61f33fbb99d52147364244b9252b87ce1ebaac80db9d27151d0969537737c042e0f615e354bf2edaac6b13ce065
SSDEEP

192:mrLYJFkVvGFQshArPtP842+Lw1wOEeR6kad8bWXSrJEBOn8TsjNC4ck8aanlDTt2:8U42Fn9qW4+EQNuSXIlodoG

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002bccc567d90a0b479b49b1b2d43318c300000000020000000000106600000001000020000000b262c74405b807fdaddb6631b7274c1c7bb9072a125e83f2d862304cede69025000000000e80000000020000200000009966be91596950b6548833d9f97d8f258612cd78dabf5228e501c7f76c8025f220000000e2aa95c4531ae898a62a1ff8df5112ace3e713ed8de1ea346e10cc251c7bcbc240000000ad46aa0afdc77063034d5cf94e5917a0cc7f825277e4145685625d2a832a8cc4a8a6ac19ebaf1e554874e08100d90ed4baeeb2ed35c73ff85fbc6adcfd0a39b7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002bccc567d90a0b479b49b1b2d43318c30000000002000000000010660000000100002000000021a3e99bee6ab12bdc58af86e29d00e55648b6e6066d9ea13c8d74a11b505f33000000000e80000000020000200000001e890c8b77758632d11a2b85e770419fbcd8e8c16f3d9066bf37a40c0dd39f8790000000035bc529e6c6f957859530e73c72f8df6e48ec8708ad46bdc81ba4a244acb98771d9f988926c3e63ab0965749b911d06c0e865d1d7602ec5599c25b0e269f3505d3876d480e00d9486dca3e6ff3bf76ba2692dedbdb2eaa0798c67e7b23c1c429122ff2447c9d9d58e2b2f19e2a743da32ba4ca41b8d6b5110ad34288e55a2c853296ef55cb635f3a045c83f29f05840400000009aca60058ccfd56cd00a601b60a9e0ba914080a2d280f68d9b792dd872fa558335e1a60faf016597613a15b99936b4f172232b523db0ac273aa9ce11191a114c	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{767A39A1-6864-11EE-957E-D2B3C10F014B} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80ebce5871fcd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "403210993"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2704	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2704	iexplore.exe
2704	iexplore.exe
2156	IEXPLORE.EXE
2156	IEXPLORE.EXE
2156	IEXPLORE.EXE
2156	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2704 wrote to memory of 2156	2704	iexplore.exe	29
PID 2704 wrote to memory of 2156	2704	iexplore.exe	29
PID 2704 wrote to memory of 2156	2704	iexplore.exe	29
PID 2704 wrote to memory of 2156	2704	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\vpaid_html_template.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2704
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2704 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7088a92027043b9b1d4a66f2ca8b3d79

SHA1
c386172f4d307ae0f44191ba2c84684dc6bb0b11

SHA256
1593bbd5f8925fe2453d2ced8e8ecbe6d445b7c72e10d70d42e4819a4e2627ab

SHA512
d611b5d5ac4d49959cea3bf28d779dd7ab9617f5a084d80d059d63680cd4b5de13633c7da105abb4731c096947c542801af264bb6d8cf51cf0f4bebe723a2d17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
91f0eabfed26652011b2508a49b93ecd

SHA1
5e3c4111ce36ee3e27253b26783bd2d4ea076635

SHA256
40dff5eb563afd2f2f66577722a0018aa2b02575964dc8413dfa7f43431c5d8e

SHA512
94e6dc3195daa530b425b2bdc63dfd2a7481a0d6258858a52041a075d017949bd87790a2b41c0bd6d48707a9a23534cc911461ea8777dd4ff6ec5b1520ae0427

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e686202f7a89270cb8b454095559cc1

SHA1
5daee672d19b636a1a9fc909f5b4f8fe07ef23d4

SHA256
faa89404db50c55bbb306c186f6aee107e9192221219641e7ddc5832d07695a6

SHA512
2d234627c8450d0071b627bf4d2a635be84c8d691361a989bc152f250b863506fec2dbba4ea63e7cd6d21cd4617700f1f68240e72af5934c517f1fcb7b637456

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae9766462790a49edfa741d64ad4d5ee

SHA1
1aaa5e0bf2fed1c2e726f9e8667993a277c4637e

SHA256
f4583c8de81d06c84f69122455c0a925775c284b144f57376e3e54c7310aaa91

SHA512
b28be3f842452ac0eb1fd3ad3885227f13946bfcdfc5f77664d3a89e03319bc466f14838bb08254930a56c377caff6519262999195d4f238774c0b81a7014542

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1556827a8a844332f2f316dec2857b04

SHA1
84d05a774631943457d2419305d984b8de872ef7

SHA256
435efdbdd0a041446bd33ad87e5c6ecced6faa4aa5c382f229d9c7909664335c

SHA512
17981bfee12d8be154bf3ef3bf9f162f06a50acb5c2f7a86420deb040670be818c694f4effb07dc25a7bfbc644cf206b99cbf12cd352dcc9df25a06895c44846

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29a75a2c8184c7fd936d022cd233f755

SHA1
78532f9ff78c8bbe1e9f9cca43f67fcdbf8657b4

SHA256
9721305ba2bac49a263369fca794647bf37f29a873d9801d28812560851cc716

SHA512
f13147947e50c5fe52d2723c1e3e3a0aad7354c21b02650d98474e2d3b434d6895a1a5b5a19fbf4a4e456c20b006e1b282943fbc063c5881a7b5a6c8ad3b0123

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a46ffe4446283c99517372ee83cb64db

SHA1
c17be8cbb9c12a85ea53a44dcd4a09e1eb4826d4

SHA256
ca4468794e5088158267180fa52b6fcbffc9e02e11d55fd758c5d08a16dfa416

SHA512
30fa6838296e5ccdb6fb305274665bec319be6329607f2db9019c0dc744482e1487449fe2f3876fc0f0ad07436f35f264fee03fdac4e3f1e1e407685538f0b4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db733f082ec5fdc4347165ca5b71f242

SHA1
cb3def89ac805790e71c630cdb52703ae99b1d02

SHA256
b0382f49237402f345a8efad1cef6b63decc6f46c4526f55966b456a7f6ef4f0

SHA512
8d65d5b95a6787cc656841ebd11de03475f9d6a71e7d5d98a502e531ccde3d3bd39a30a52bc7a9a8ca51947e37900598d16a1da4858855bcd0aa34846d3c9436

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
384eb39631c277f39725790a77bbc4ac

SHA1
073a369371a72a6ced3c04ca1a8e75334bcf91cc

SHA256
490bf62b38e4fae3d0acd9f6f9bdce65134778e0b32602381ae1e87d93aa5a8a

SHA512
89a42606fdd2464e54cf39948d534b2012e7ad12a1440a22b3f10e8fb6c45493a5fa43752324166aed0a1e7eccf868942fab4f3f2208302e29285d393834afea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
79aa51333386c6da05887bff4bc31f05

SHA1
c834a2ec6bafa81f1ab8050dbbeb1314d43aa778

SHA256
f09b043658fe125a771a60b9e3946fd101bc1a652e1cd3d1103ec04c03291282

SHA512
60511c0fce450279472199b58a1e05ce446b5135fa6f62593b040797c6d015e9d5bc10c3c02f84e30f92c428966e1a03a2570fa31834f7f1f3abd966e3141ce5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae56f24d96869adfc0cf99b8d6e8cf34

SHA1
6217a0975595351eede9b2236cf61a510b272b71

SHA256
0e7224713f144b335d54bd5213652efa607fa76a422d2ddf6a23be05f4eaf9d2

SHA512
5e866cda34519803036bc9de19c8e09f52b6e06bf7bb990903c757af5ae360ffc56f29fd8126d1abbcbbb56d8e6d9613ba90a535300ace39f5d74c3934066c36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8b86c5b54b491b148779ccf8fb2a786

SHA1
4988d4488570326ceef7ab7bd1c63bc23aa383d8

SHA256
6cc2bf771e439fe80884c76adec25c946fd3f9d677fb64f353140870205a17c0

SHA512
72f629325bb7b1603ae9b87fd1176c218b37ce45ee0680c57f8225f6fa478dd36f65b68ecb720d90b692e1479ced38af7355435b60bb6b3b9137ea79ec140e9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
960e46162c62274e25b60382737ec036

SHA1
28740e218918dbe20b133bb93cdc52944750148f

SHA256
d3c7b477f1c3d4995eb1d14452dcb0d31a5b996c241119d0fdf4f1fce432cb99

SHA512
14705d629d598da83bdd4dfc513bedf52e746ec7705b03f9ee21bf9c1f47da38fc1138400696186c5328915722b5f3756302f573b6e5450dcd7cc70367478f88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c7fa9575e5715bfef76cb583c868ac7

SHA1
054a2e885e0b97469ec54ae937150fc2cb4a882f

SHA256
65eea8bddfc9f17e8c08281041c1e310ec557fe7b854b2e4481c3fc73cc25eeb

SHA512
412a22faa5b0356a65ee006d238e65d047cab523a93e674e0b25fe7a9f2df074bbf7e306ad34b1d4b22ec407e8c2ef16159e600035f9530153ae4b6a3c757116

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d8fc160d67c4ae46de0a063c7f7dbfdd

SHA1
0d30df8f31fb4257fa534629a5541226e93b3932

SHA256
ab502ca070e0f93cc166124f780eb456376ffb14c70067b0058230c1f5fff52e

SHA512
45abef06102c17958d82d14173a73615620fd10a4ebf11f81e349a9b132ab716e48a815cf1b1b413f5030e4d717c40ce3d13e3a25e209687252c675ed923ac20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d2b3b5e4bb5127c52565330b61c8aed

SHA1
e830fadfef511283f23f83e31db103db177098dd

SHA256
0c5d1f42e93f493eb4618d8e9956932838bfa144227ad5448bc11ab4af4f398a

SHA512
804ea03c40f986c2a0c0dbc9c4882a37e991090437264112158964f8e5b749e7d2f2579ef9e069cfd93867a308669d7ffad0b79d0a7201a57391d912b6fab5da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
26f6481f1e3f13dbabffd8b5ed86cf9f

SHA1
1811b122b13e18e750d062b117d9e10c00b28ce7

SHA256
0299169634c5ea3165bca325025133084ee04b4f3040a8159ae26081b0198fdc

SHA512
253f80aae6ae5768778028eeb62adf9788a2622fd1314f5994dd99803b7322feb12c888fbb203a45f8dc45c9779eea4341d01de9c86425d1f150eeddb7cafccd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6B42.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar158A.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit