d60530634338b99acf6e7f9b01e46aa42e30b330b256f809e5fa002154d34f58

Analysis

max time kernel
132s
max time network
189s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
07/11/2023, 14:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Bv9ARM.ch05.html
Size

6KB
MD5

f379b7e353d9965206e438777979f4c7
SHA1

8602270dbd81b8ef2b7c989c80d4f15ddefa1537
SHA256

deae4a2ddfa0a85cf722e26bdb65444ac0352ae7710ad8cc1369900eb6bfd646
SHA512

68027dc50ccdc8e02ddc76ee711c4d6a22f58a3982570b313e7b865127341e31b04c4dde982ff9296ae6473d40bcb2be6296c7bce198a332650da950eb4b21f4
SSDEEP

192:yyvOHn4cNSpnfiESkKZHlyK6Qar08+jg4gY0:yyvOHvYkY4H8Qi4C

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b060a4b65f12da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "405622356"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DEE05D41-7E52-11EE-A9B4-D2A520924608} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002e1e81ecbc95de49994f369c3e71718400000000020000000000106600000001000020000000241c09f2f759c65ec01e20034d3c223b1b3fa6d3796abfd09425e4f963519d78000000000e8000000002000020000000aa75c4b495644c930b71a04fee276b0a7aef0734c8cf56f03e2f8978a125b4f8200000000178c2d1ae130a72a2138e0a60905c8d76aaf7d5011ffbaaf397574e7db45f9d40000000c885206b89579f6947fda132048ee5b8f72478914e99bbf4893c6705a0621a6d3036efc6c805f317e2c13ff58ca70f599cbd577909f552584c8eab8b64021fb2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1861898231-3446828954-4278112889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002e1e81ecbc95de49994f369c3e71718400000000020000000000106600000001000020000000dd5b53e07549e14098c6e867fe070c2303e5aba2f9f28bcba81b5d0f178cd561000000000e800000000200002000000028282146198b190e7a39b28b42bcb0cd48906c9069b580324c736b1ca9928c1c90000000c95276f935938ceefe54d492370c968fa922e5d87949de98ea918aab1c30e96917238012763499dd86bbe7e850b66f9b03bf7aba2004240139c0c90d6fb6f1c20b9403db8a5c09078b2ed7c830646c89caaaea7c03a6dcdb24ddaca259f4701a9eab90a81a61e4d76587aa294c2c1e73256fc8991e73df280a395c5615234ca1bccd30d4d483944597f8019b454067d14000000013196303d62c0e8d6196c566f07d04fe6acf5abd7aba1b06531e4d80e3c5cf9e621b2cb35ae6db04ba0ef3888a7f70e754b9121f27dfbfdc46b905ccf08d0989	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2616	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2616	iexplore.exe
2616	iexplore.exe
2708	IEXPLORE.EXE
2708	IEXPLORE.EXE
2708	IEXPLORE.EXE
2708	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2616 wrote to memory of 2708	2616	iexplore.exe	29
PID 2616 wrote to memory of 2708	2616	iexplore.exe	29
PID 2616 wrote to memory of 2708	2616	iexplore.exe	29
PID 2616 wrote to memory of 2708	2616	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Bv9ARM.ch05.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2616
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2616 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3773cc65c55690f798825e362cec73f8

SHA1
cd3e976aed71c0f3c53ab9df6766297446328ab5

SHA256
f4e0900cafcaad086c17049b543b304c9cb8a9f266f0b3180928325d7433a8d8

SHA512
53906f901ed2e29f4519a33e78d1023487b53bbd666792351d5dbaa994a091ddc76eabcc75a6354f25e2c0400db347f25b031af84de1ab858fdd1ce82f7371fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d32afd363448be1b34167d4a66cc281

SHA1
d153a5cca21f2afff065e94bf3775800ec58a710

SHA256
37b0aa286604af89e6aff8d86a043b0e9f1ed260830862ad54960ada2eb7f1eb

SHA512
7e8faa78c2bb48d414899d277e5a72b62e7330364c9f1bbf09b0f0e0701d47282d29a220d76876c6a1ce1296d40551e4cde9755e76872cf225a5c392aac975c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
57c7c683d8fa13fa95e6f8459e32a1bc

SHA1
75b557dce2b978c3ea036ef8d4192f3ddd0a955c

SHA256
53e96327b4a7dc3ce3f1e7177a61e9e0bc1e912f5b4ed21c1a2ed28477793197

SHA512
45ec5757c98cf396197e476f15448cbc157aeaffcba56e6d9a6e236daa0d89f722faac4028dcc7227b81dd3ba8a6c7d5a8614d15b7e39a2df4897b2840413ee4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b7b9b4a7e5f3032af33ee69eced85f9f

SHA1
b51d28964022f397d42439dcefb90080045c4b77

SHA256
c9ae9a7555e6f62bd121c085cb8b2c37d573612dedb9404916e82642fb84db44

SHA512
228cfa1e8d89a816437326f473faa4815096bcadff8738aa21f79ce5699244601fdf2bd1c96ab044a52a562e23d9da6e05ff935524381806300a47866cb2bce4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5984951aaaf0d0c9557384cf01b1603

SHA1
401697cf462bf40bfebaaebb0d391e4bac62678a

SHA256
8b014b1e02f002e0965882157706e9b49d90eddc2d25f80fc1319a1c93739755

SHA512
ac27b23369cef513820ce87dece101d4c189000baa9b3e95f92f10683ea4d1705a37dfa46ee44ca2f9c5f1a6831b21a81c53bcee6ea560e57b4b95dbebf9036f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7b48240dea1937adce08c615e7670973

SHA1
99c3bdfbc8fc10e3be15a0c4eba51e4fe2ed9581

SHA256
2ad6aca8c8fdf1eb6a216e9dfc511487dd031df8601e90afae9aeeca7b5c6cde

SHA512
6434269e2cc5628821537ef4ecd38f66ccb064b36087325c0ba497efa4a7b3f3d5c1462e595d55a9fc5c8f4dd3fbddb91bba185f14a2442f401782d3d7ef5440

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3fdb51a11ed284a079f4954e69822bb3

SHA1
4a933bdcb9d7f6602aca883faed7afe1d4166a51

SHA256
b5b5ab00afadd5216fc4e6d9312c2a87eeee0a65b35e1fdf8dd3c2927f4c9785

SHA512
0bda3923460822aaff741b945c861743b8a265d8330ca141ba5a889d436b5de8b39be0c72a43cbcd81514ed2b8cf266d008d42c8b5d0ea2e6c605c6a02434cd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a4b85ff6d649ef4e7e2995465d3d4f9

SHA1
0283a907976cd4584955250f5209077e87f97a7c

SHA256
a1abb538c817a8e0092610f1019980a4832cf6f15ad34c90382acdd92fd4358f

SHA512
4c16f6ac2fd82fbd0298fb297a4bbf9bb29bc9e0c2e2a14fee0eaddc815162a9ec7b9a307da6b23a4d41a017574d703745d03c5a4411211a908c3648413a96b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45d38c851a86cbfd3f838c1abb0b391e

SHA1
54dbef119767885d9b455f8d53da7a7ce6163e21

SHA256
e92bc5ce813ce86cbd784cc8844b22d578ae1404dd1169008c932b79b2367e8a

SHA512
e79ebf9ce9e9512732adb6d5f5294abc91183b52f0155ea6f554ef18e39ffa225474eb5be420604e92e8ca3e52a4dd67ee3314cdfdaaffe2296ad42b963eeef7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a0e45aa3f473bf6a367a14be8ccc0c36

SHA1
e32cb4bc19e3a2e37eec8ea41d1c3cb05e43fdc8

SHA256
aeee9d900863a80f53d368c27f02b1f5bf6924f1ec10c429ffb0eb6e2bb33ae9

SHA512
e0bc7b96628e23a98578c235497530cd1a0c93e58eef3a8762167f5ef5dcdb3b64fb1dcb6d7d5ad881a2bcbcb0aa02bcbcca972ed28f9ae31e19d11b5a5956bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24b3b6b9beb67a1cde3786042c8fc2b4

SHA1
a657d9342fcd4a769b266a488c4bbe635ecd026d

SHA256
998ec02c2d9bdbb2470f23a6344c015c6b0095acd01f3f49ffa68ba9f1bc02d4

SHA512
84afb6f9fef780bd7d1e437cc4994f03f0d439090d9084021c9acdd3de053cce8ecac213c40f182d9abdb5822bf9cf586b890785501580bba61969825d7af6b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
25a70d9cc309cf1feac3fb5cc28fc005

SHA1
2c956774238ba8fd0c2dbcb5835420c9f00a88e3

SHA256
cb38f7b46fb008f000cc6204c1fe04b831873a59b06bda237790adc476cca382

SHA512
6c62d095fb8515b7a78db396c774b9946bb0385f8006f45f6066c705b66bc4649b4318772a918406cbdb8d891ba0901282b914158e04ebb2d2ac12fc9303d535

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a54fcf9e69a6b688b4ef9eb5e5d430c0

SHA1
49c1a7a78b7b1a2d1fdd60281528bdddbfe75c07

SHA256
8573293d5dc7ac976ca0a376430bfb64e743a250677b1f93b9c3317dabb6cca9

SHA512
8cb28cb763f99f9d6592e9721038f30eaf08af91dfb1737bc99dbe59006a2900ba0eddc6267e717d406aed30b63a16629602e2bed1c065fbace2ae82881cc538

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a55b1cb8036692e8c3c3dba4ea259357

SHA1
109db05da94a68a3ab013856324e8a7966621485

SHA256
bb952c450d3304a6a8e9076d28ffd46efe4a4328b6c458de0274ff751af71143

SHA512
56bf0a22ee66d7a7e051139e485729520250909e81948f4bb7665b4c37737bdded5c983e1de8e8d8c0ddaf5360185cb042456361b1d85c5562c7c75fd4e8e95e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab1eb42a2848146644597f69ead343c2

SHA1
9482bf634abaccdb6da11b6ecbe08fb19e84bd61

SHA256
295ec3a0c535e10ebd6d45414cac9fda8d27c404f434f69378b6a2c84ba81be0

SHA512
5cd8258da5a64de5964c72ed1d8b4e98ed7726ad483f8f1de6276a1b75beb68e5d1e9c2136643bd569676f0f10e3a9f6eab8b31c4d16223877c835f4c28a4074

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
683b13e3d66df130465c84bec94ca9dc

SHA1
b4e8c4eb64dfd1c9a85cde3d1dfe75a60644a628

SHA256
613336ddebef75277fbcde243c07fd0e20a939cd9c3194a605dfd686a01a7ece

SHA512
882856cefc8dc1315eae144a6de2ba703a1d9917cd29610e3c7877591c6c7e2473c169faede2b64810b40f4220ed953cd814db05ee0b9789d00609c6ca7951dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d00d4931c1de477be06a629a7f200f0c

SHA1
5c5943cbf34977152073685531ed8857d297983f

SHA256
b32cdbd864f08ca4fa317c90781879a7325408b9112d9c8ecbe9fa43680ae090

SHA512
3475625af8c987bc1f8f7b57cd124f3707a95ae178bd4e91dcb3dd2ee87c474206328fa83ead074aa40214c9cb257e628b7e5c7c058815cc2fb013fed8461329

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4DB5.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5325.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit