e9a0a2d8c40370547dbde0e4e80e0134be9e61d5d5a2c6079940b2e6ff6d090e

Analysis

max time kernel
118s
max time network
173s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
07-11-2023 13:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bv9ARM.ch06.html
Size

582KB
MD5

c80feda00b59c7ffb567d737e11023b3
SHA1

c29e4afcb8ec9b4d302f476f35f593fedaef9f86
SHA256

af4816debdd648ca68ea07232108cfc48c218020a762c48796b73521e71ef877
SHA512

590973349c2d7ea5042a9da712a33d186835f5041a6a04ecabca9c20b08c3d3655961f9992f167f35d0bf7f6161dc68178c101b2cb052d389d70e3b7f72228ee
SSDEEP

3072:n05ISJ+nbPnxL96NoB8iYocMTVbyqKOYkw5l3omGa3woVwr5IUd8VGCF/5RPZh6K:n05R2/x0NqVs3nGadVGC5RPO/y

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000efee191c820df7499e31472656722fd500000000020000000000106600000001000020000000e481713114edd3684303338678f9b0ecefa21814053a2f05f317461e10e3a968000000000e80000000020000200000006cef2127a133cf15bbf7a72b2077a597fc779d3359afe4712e1cd65d824f9d2d900000004defb518ceb6ee85a7bbfb46f78b0c3740f80e45e7c6f3fdd0f129bdbbe4772d86e095706b78db06355738708dc64a9d4c4a1b75090bf2723e6e0a832fecb4e4d734ba14a74d3d717af0c89ad805f0c2ade5558bc8c0a41d2c912d50855317a59fc2e21ac526295318881a517cd32500b68e63ed57fe5884e29494e59ec80641fb56526f1e81881f927a73135a74ec5f400000001593f39ff97d7bff8687df78ec63583d46ce27fbd2a35963a793322f4d1725be7f375a60f60439a8398598ef247bfc134aeba851198cded0c78d0d0a95de2046	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 106a12968611da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "405529093"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000efee191c820df7499e31472656722fd500000000020000000000106600000001000020000000395df22b71e13fe3c5205c4bb9fc8a68524f11c7228fd4753fc40701e8dfc31c000000000e80000000020000200000008d370504891027ed6ad10e511d812de3c0f6087e4b2ba9e7ba01947644dd1de920000000db14bfdd0bb888659e40d7d85e47566ad33b5e51f93cc41e92b8f111c8e761c9400000009553c7323c2bf5dda24a70d5298bdf240b107ce0c39c4c518ed94a61ea1ccb21fd48abc31df4ebba3a95adb96d3f46119f1050e5f74da382e114a36a6de76c83	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B2F5FB61-7D79-11EE-96D2-D6971570E9FA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2840	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2840	iexplore.exe
2840	iexplore.exe
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 2832	2840	iexplore.exe	28
PID 2840 wrote to memory of 2832	2840	iexplore.exe	28
PID 2840 wrote to memory of 2832	2840	iexplore.exe	28
PID 2840 wrote to memory of 2832	2840	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Bv9ARM.ch06.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2840 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df07007c5a8e14f107bf90c13509aac4

SHA1
dad2df4f04c302d2083a99583c82ff4e5baea0c9

SHA256
c8807a1ddcd5825a1b10a6df775ac5aaf3b1c23dfd335fc4d70680d6dc56f5aa

SHA512
680ee239e78adc4dde2606dcf1ed6346b8a0ac131ab8857732b4920ecfe6079b8806cb0236474ee362f39d6680b0ce1217381b57a06fc0a01eced5eba53ebc3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c42bfc7cc75e399e7e25c55ff344352

SHA1
1772e034eb1fc36d1d4033b4675485118f09788f

SHA256
c0935285e28d983dc3fdfc93f377130f82c55bd192f4513dfede1787a050dd8a

SHA512
a248347492cf2f53f7ab64f71f74b5293c47648a032c33354709bed1a9a99d59606ea3c6aae129913a306d83b89049aef33cd9803220d9b8440426c78f06cea5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d45dbb0e814cffc26d7de2c8acd17778

SHA1
30ec9258bfa11c9479133911e261570755c8fa65

SHA256
e7158df4036c33ecc0e8de2c3e3de2a30a69be25bbd0e1add281f827d199b60c

SHA512
5e3df64dbf1f08973fa9ab13ffbf6b0cd9c66fd2151a4d740c86ab871a3255e74b14fd3a014dcfc277cf0129bb57cf5a72462c3f602befe518d25d1140fcedde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b5634b99bf6408f882e62d6190d000c3

SHA1
daa6f37947e3c8ab532977935f7e0ae5df64f926

SHA256
14256096f439a569dbe15c7e88440e213e6cbafb5f1d61a89191dbd6820bfeed

SHA512
0a8f98c5ce7f8f73cd92b2c1c7545e0f7815ca0559d3c5232058e2fd6ddb40dff5d7e6a6d4cff5d954df999e2a792ae42ccbf6385920c9a1b93420fb9b086a70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34766de81003169cbb390d61955f2d06

SHA1
ffeb10e3a60942bfdd28d6799f5584ad654d2a0a

SHA256
7d2bdf7122ecdeda62706091482af30a89d2cf7822b7ff5e4afca02ff7faaa25

SHA512
db10bf932752771d54238972f9dfd5428c16b8c16a66a96eef81b1eb4ba7c792b74f17da7a47f4d6bf180b173850dd06eed79297cef763fcb1621baed1969888

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6df7d0ce77ac183490f90f5e0a56bca1

SHA1
4d410c41630e52ab960a9b028bda9431ef7d1a72

SHA256
e465f550f495e2d006cb67cee96552b22ab676188a6df10253f0434d204b0443

SHA512
6fb8510a447ee4dc063cf74fc2fd01200bd74f103a8244bc851cde7cd4be4fff63c74a4c86f81baf6111c31b92e58c6bb79662b043498b90bb44f06790e3cd82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
895bec2f136d4b652da60386fa020dce

SHA1
bdffc1ab5cc5feaa4caa3497bbb143978c238f1f

SHA256
e4ed754efb76af839a2da689664611eaf744cfdd8fabad493154f64c6f4c9f19

SHA512
e93f9606c11864994852f3fa3b297bda06740b962e0694777cb967ada0c9bb2375142a5589e7760443596f141eb98cf660613c4885b9dd49c4c005159bab4574

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bacd006948051de1ba7e1f747e287263

SHA1
dc93240b65fe1a47eccd57ef7b39ba164bb47dc4

SHA256
459c135f442479de512807c23221d39928973d41a3ade92fc143ac0974daec01

SHA512
ae9ecf216a99545a49cb3456c2ee639bb1e3bd6081399b71a18176c20317a0b44b912ac4d5549c2c7208c4e58c886f2d9854dc24e881b463d18012bf9c2c0945

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
645ebc5a98a874857e1192987d11c2cb

SHA1
a366e9ef44bbc2d8c5dcdb712dec0c78edc96662

SHA256
3d370f01567185c3da2fc9c3bf189a3ad05dd9acba0ffa79081a1a49b5008fbd

SHA512
4d1b0db6b210ac786655fb11b600076c5cfc61f654a182c47223aaf260cfdd04b6f069484e111889c59fba055169aa226880272160f39f13c64b7baa3bae2925

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
217ff16522d0aec88351ad9ff9a80241

SHA1
40d3d31391ae0521ce1cd6f6ddecee215555c461

SHA256
c2f52f719edc129c4c4df08ea0e81f39aee947381d8ba9b477fd5445402f25c5

SHA512
81270c8d312d14177aee73c851d64e622cf3ac85d820758eccecb2a0cf12747dec9a8b0eef17b65ffbc0c27b1a637e7576509d9b3fe4046aca350c1f6ec57913

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8510f50714eaa3e4817d87b344ac7e1e

SHA1
d49bd58a543e0687436bd509ae676ec01354bdad

SHA256
1bff23b25285d842ab9202192183de5674e10e16b7d3b1df23b8f1b3d836f7c4

SHA512
46027527568f3b6323a8d937dd2acb2742c29abdca02a10071806d5e67220bc83069ab0ad64702e5936a2cfc043fbb8a6873a2f302068c7452bc3651a9464680

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58e33218de997d4751f512730382edf6

SHA1
46283af55dc924f54306cf44cc8edd9177d21d21

SHA256
177385821ed919a7831d25b3e8d64d22214ceccd8e9e7297396c2caaf2dd6963

SHA512
7e8b89ca131036ff7bf1b5b24ce928ba1f49f1f25439bbba810d07c467e7f2ebeeca187fbb9cffda04efab4c9183891c743d41c87c273142f2993368e33b2cbc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fec433517147d27d9ac50e83b873b4ce

SHA1
6e941fbb0b8958d08bd3b37144bb1e80ff8c1a51

SHA256
e7f7136fd0f7850e8a251d44e25501169396ff949a90462abe32f0c2a0211753

SHA512
c76730ed04becabc553483e37776f8f1694c37bb9a773a538509a9a2d85cb3f712b07f440abec6f884a09f80b5454ccda4b477c77dbf3a3c91b25658874869d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81b36731b7f6e6170f268ed0fd644843

SHA1
1b94b77e355219e151c2bd8ab84cb22bd9bb9e1f

SHA256
92e896eebe33d41a041f83baf3344c0df3789221a10c2b91f467882db65925e4

SHA512
2ee29f262a0a30da29c6c442e99e62436b66af410421a7bf6555a67cdf391eae6bb526cf654fe54ee2089be6f5f32368b58ab9626dfa91730d0cccddf95d6f4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
11843f11b8b8a41687d5a0acfb96ebcc

SHA1
a91a6883055b8aef8716970da84814ebd38522cc

SHA256
e3d4ed2bfa61794f73ebd32e88775cc3e4b2d1f4ece3cb7d10216edf679f7371

SHA512
0d7550e05dd3c5db7ea56661c5d5c8bb826f47d34720eb2e5fa85ed00ab179fd0443e8077dbc729242b883a4aeea7118cbc589c399c6c273f029dea435fc7967

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1896ac92ad17a5bbd6e047016c05f4f

SHA1
3203659a527e3b74ee80cd51485e2aff316d86dd

SHA256
52bd2ff61312cd4ec4cda4d4b437b891be430ba46fc2ed842ebc8c1442728f33

SHA512
54a9a9ad2e2f0135c792c60ee284c7642250c1820798066fd375f279abddafffaa1ceb5756066d2de7a55318d460fb72257300ba1553ef65c2d54e76e56ca5ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8472c2a06e9e1bd163d7de8d7793cdec

SHA1
09f645dda1af46c6235b277c02c1eafc2a1ee0b5

SHA256
89432aab75617cb5ed06a0b4790b4a9c160f427afd451b91b4be9985fa5320f3

SHA512
1221d45c387b864276774c8aa3803aa3bbbd10cd3da5ebd50fc3924ced31dab2452f0a32779fa184552ad850b80d4fe241d97414c43dc5b418fd0557c672733c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2BA3.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar463A.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit