0b41f69e6564b9c89b1b344744c5b06eb4adc0e584028909286d2b936e1afed5

Analysis

max time kernel
122s
max time network
131s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
21/11/2023, 03:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cw617n-forging-brass.html
Size

583B
MD5

51618ac2b7cf5c4937213e965c00f20a
SHA1

7e704e57162ed18743bef9f95e2dea558954751b
SHA256

0b41f69e6564b9c89b1b344744c5b06eb4adc0e584028909286d2b936e1afed5
SHA512

d07af4309bf8156644d604676eec62cf78128dae1cd1808e865e02bf7302b3dea5b1eda42eecd6e8687c84b85a6a52c07bd45b120b8fe5940d8d80586a2d0fb0

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000efee191c820df7499e31472656722fd50000000002000000000010660000000100002000000080ca468be1714a77f6ab1a4a3c6d0c610847ac074b24344589da2705b10aee04000000000e800000000200002000000021cc93e5180597e44b1f71f563ccc02d069c24a5afa16dbf2b747036ebdf8a5f900000007d95854cb9a944d16442085bbdc8f6f86819194ab95bc7ae282d954287588fed307c918955df93d5c443c2c74a946353f6df770aad904abab59ef908b33d1999891f6e2e1f64c6c2350922f6da41cb77df6283bca7f56f7927e529e9b78d10918f731ddca32670f547ce28f74d7dae5101938128d673f0bd6e3742565a526d4c5e9d3e604dda162a178399304f43f64a400000005cdc08de9b9a2c786a1bd15210aa471a61574d379270705e71138246b45038aa7f2b151f9bc437995a25e1fc95a3f221b0d29f9cdf93c35e1a06d8088bf00376	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000efee191c820df7499e31472656722fd50000000002000000000010660000000100002000000026e447c844d3b83573863d8a8d9904ad3bd2407e7a29d5e2467a35f13face59a000000000e80000000020000200000007f21730f294e9651dd3a00f8979ab91cad623b62dec8082619213187fe0adf9420000000d1a8a6af9eb3c040d55cd9c4f269ac8008e047600facbf8a2fae82ee8718e08a4000000001469a6ffb1fbe82e5a1ce83d37d217b7f044d139b4cd1b2f1b8f12bd681435d61a001c8a2dd96fefa77b0d27a610a9ef818e05298fa3a410a4c97801bcde90b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FAE48981-881B-11EE-9F1F-46EFE16C03F2} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70089ccf281cda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "406698293"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1412	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1412	iexplore.exe
1412	iexplore.exe
2140	IEXPLORE.EXE
2140	IEXPLORE.EXE
2140	IEXPLORE.EXE
2140	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1412 wrote to memory of 2140	1412	iexplore.exe	28
PID 1412 wrote to memory of 2140	1412	iexplore.exe	28
PID 1412 wrote to memory of 2140	1412	iexplore.exe	28
PID 1412 wrote to memory of 2140	1412	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\cw617n-forging-brass.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1412
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1412 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b7ea76527e6be30840ee4ff84b83946

SHA1
95cb8939823f156a07cd655182858b7fb9bd977c

SHA256
5dc0a49a6df5c232e4107baf6dc9baa6c745f798afd41c41fa627216960392d0

SHA512
a0442cf0ede46500f60f2cb4363e75450f4c3eefbe02e54eb4d6033b706b5d44245c14f648df5f25bf2f79f5fce1c3db05b3103e8a171503e70d8d19f8a17618

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0af59f6ddcf03b6c8569e690ef62d49

SHA1
af1cef7c7fccf14482b18e6ff3ad363c3ef52950

SHA256
95f8019ed0ab858f37b2ee1505bebe8305a2a84a01cf67e6aadd385d2dd9a8ad

SHA512
7ef43ce6fcd9366fc3dd8de651e0424fd6b23a8ed7762d0545defadd4221a096f355d72979ab7b0bb9224811770495598061a5d878bb81d0a33137194d847d6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e47179b762693faa687fefa7b1a8c9c

SHA1
ccb0850ea8d8c479ef3ec746ca3d916f585ec116

SHA256
5ef92c8dfa815af1d1a591625f4fb84b14fb1f54f6cebc5f6e767e4375f59468

SHA512
1a68051344372165ceaccd653a6b30d99fe78389417995d9f145f24347bac9b9e9ebdd6bced329bb991ee4b33da2b1960de97bafeda11c251b816430608da7c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3fe0018b5e1b35ff6d5852072d04a826

SHA1
e29b7fbebdb48905919b6ed8a5ffb27bc3f7fe3d

SHA256
70c4b6a89bd12a6eb66efe3be37fcfd3a51dcdffbb9fe059b70f3aa6847409bd

SHA512
46f16d12f9a19fc08e8cc836cbed484e686298ba1260a050c5b6b11158c69fc6339f06ab273288347e90d07c5eff1498b755480ecd08c0deb325cb0eb57b6caf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9696f4e05dc61d9825840741359bcf44

SHA1
c2c864f96deab9cc50b6da4ff26362da139fcfe9

SHA256
5a1a5eeabc05ea5e42a990611fa48c860da12c7ccdfaa1f52821443fc3772eef

SHA512
a88089c183615dda80449f814674c5a62904e21bfe8d27d30d4dc6a856eae1e79362744b65f49daf89922190586c9986b97b0f31efb8a62bea4f9f5969df6dc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
297200bd5dd32dc0df07d750f2a40387

SHA1
c16a3d09a088afcd0c5b5d4b3b869afb0dc24067

SHA256
a56bae23cfed25436dd9cbb08f1ec077edc67841dccafbe53ca02cac3f165343

SHA512
cb0f3e41cca6f94771812efeaa3c8e02663f0fd13281a5967505d98420820e92983140ac9766ebdc412787832b771257456f8b101577916842a53ed41a74fab8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e83ec1ea6c3c1c57c04c59cda3636bf

SHA1
91dfb44b6166819a05d130d71258c6193e0dcec5

SHA256
8f679f002fc73ae9619a22ce18f9334f1f3ce5c91c909159183f777b182b6494

SHA512
75a3bb6360dcf2238bf857b6e6e75bac661ad7d023f9aa26b9b4e398d042db4bf416f1e4b82daf77ed5a402261d44383bdd11bf5916ecc8d1b2182e29a7adc61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
de34babe805375dab5ee898e66bde20c

SHA1
6e37ccea7c5e3522e04858a590aa548b9cb3d1b2

SHA256
76702dad27bfd571e6ceca9eb2b95d9489587870260920f11103184511067e9a

SHA512
bb4882e56a92fb4ed297a3dd4b11ad763877957c3b1555d4844ca1f9ad157d93e2ef7fce531e1242d288bab41d1b1c4f57b2dc73205f7597c191139102f51a4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f90fefa20909e059eb2f517ca40b77d

SHA1
17bc1c82e820f82aec39c25b0f8b4b73bcf3c773

SHA256
7c8f491ecfaebc767a6a9323f58d2df04f68f06da4680062854c0eae0cd0e913

SHA512
714b09b1e182701f790919b09e98b5c49a1a36725bc0b43bfb1361c0237aad98221765478bf96303651cbd658c626cc980d413a689a09ded8b434ffee56e5dd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2e2ae5bc9d9593ff4cf03ce27980d27

SHA1
6bcc6fbe4663b28ce243729569f651bd3100bf58

SHA256
fd56873e0ca659dea2158276db5cf318ecf46c1a983d07f85c18beceb93795ca

SHA512
0f11dc5f4d4967467befeb5afc886afec377f04a566c9716510d920b1a57e72ca71f472ec375fead1d71a09557d4f3fa9420d944cce2bd660df58dc9d23729da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
74825efdbafd867270cb3905759addf8

SHA1
567a3b9f7ef3c716fe7e05d4f3038f9c564e3050

SHA256
3ac9df29ffbdb5a851537dabfc024dae83354b2ccd7b5331860c83af261062ff

SHA512
e720676ef2ccedec8b32b3791c2f29f80cedb650a262a86893a4d26adcdc79a461835b2c6ae0a7f3ac42796090ad0535f54bfd05219f031daf2cd4ab87c7d7eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
49559d9db09c993862497fc0df2dda5c

SHA1
5624f36e79f5d16f96f6aaaf4a90c8a84f1c20f1

SHA256
08bf56cf6e27c464f53ef1f5d6df5910dc2c872a664f314a696c75c9a1ab599d

SHA512
ec20b1ec38815d795df7aca61c0f0f5c0783cef0318de7f04eab30552635201549c555496090b14c5988480628bc566764ddabb314c93921270e3c5f98f2e755

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b9bb4f71d493ca5d307d51e6babdd44

SHA1
b67deceb165b0e623e86b8b964fb6f64f8fd89af

SHA256
dd5447aa33137f1399c731fe2afe9c83052dda13515ccf2660705b4b15f97f54

SHA512
81caf7b512a0554c184cdbd84dcbdd347d03155ca4780bc28dee0b2308dcda1df1a664f4ef27bd3a0074a1971bec6a2848d39b739110ab25b71999c6d0903cd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a255028b3ee010b5826c4288108879d

SHA1
89ff3cd7be41289f1aabea8bdb17b13820bc89f9

SHA256
37f56c5be7d5b5d881879d316ca7a17275b98b2b8de99f1644573c6a2f0fb5b3

SHA512
39e5cb9f22a1ecbde0301a0678200caabbc18d55840c987596578419b0b7bd7c68b2a4466e0c854e598158de27c0c8c97eef7102f3bddb0466272caaf5dd8107

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a717f6cc08676632660b71a465191a7

SHA1
96eca779ca93b46457acde852cebccd9089d0b5d

SHA256
218232d3b8a07b499a7c202879105bf2b7945d6f9066201319f149f925c3ebf6

SHA512
3d008c919f484f03bf0f3db863d7b99e85c055d191e220f95205ce1fd7ec0f185c21dc65bc07562d169d277a71390beadc5ad51cfe755395aeb86cbe3045d3c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e11181dbb260b9648faeb542893907e7

SHA1
9a3f14e0914f27e66bece4f253fb852d003f3722

SHA256
b71f5a6f4d123af69571509e764980722de54830b2e0cbe98797cb18cfa9c9b6

SHA512
2a1a18524323855f5bb35b932b5ff67a0d3a78dadb58ec9d1b2506b9e3c225415b783b7869e989791bc339fe4b1a8104ad9a05698199061abaf9e8660c90fb25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc00fc124fb262d7445f75073b51f605

SHA1
8ddc22ac607a890c49d6c50feee5c8624ab587b8

SHA256
ee53a595795715bb2e71ca546a9d3cddfc15cba44d55a00138a7ce00934fa5bd

SHA512
cb1606e82456804aa555eba47213733d5487aa3c5f1d779cd0cf2e04a4e8f4995939146de01e630d6c547c8b6446fb0bff7d0bd3ef65f2298756eb1a07bda1bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab51CB.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar525A.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit