6c0a4d9ab2e39a3035a2248d5f181661225810e02ebb9e5f99ecf36b84b351e5

Analysis

max time kernel
139s
max time network
137s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
24-11-2023 04:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

index.html
Size

59B
MD5

3a9298cc111e2c0fd9da1a56d6c90a10
SHA1

f5dc5bee7e9e3fb7beaf68cad50cc27e2b653f46
SHA256

ca1e5ac2e93a72004ca62638028cd14595431a90a74a5da15b546339e68d880c
SHA512

169adc09abfd6c4e2bc0d9890439ec7a557fcf8368e9d799c3e7adb6776d9bf5fd81eba38aadf326904c2ede39b6a0ed72f54c7df260e8eda8d4c5b2b68f0ebd

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "406961494"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d79072038c960342ab421b8facb933e900000000020000000000106600000001000020000000f13907f02abf4f707ae923707c6524a5e994ce7bfdcd05264e39ef622bf2f9ba000000000e80000000020000200000005ac5918b00eea75033738745392077c4dc68a4f3acc12f1797feb1381fc5f3d020000000784ecef4bca63293bf1d1399d923b0a721f034050aff5ef20feec1abdbd66eb840000000f8b1e1151e40ec0d20f7e7eed9b4d52810452e401adbfdf51ae4b4974766d0f86f38e3b3971b42a08affa840f4c9d694137a23dd16b10e97671f9d6873a1e694	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CA46BAC1-8A80-11EE-88B7-CEC5418D0A92} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d79072038c960342ab421b8facb933e90000000002000000000010660000000100002000000099c5d861e12e54591346affe07800cb2804a9ebce48d6b52a92dbcebefafc7b8000000000e80000000020000200000001a9472ff85fd3f07fb9882f65822b539f87440be083b11b2a24928d15eb504ae900000004bad6809dd965e9cb82fc2cc89b21daec15dac0fdcba1c7c2cd16d847fd7c20cd9e27ae377b32d2c1e9b811e12ddc3bb163fe969db6cc0129e19eed861e41047db30c0ca782a8d6170d75c7c9f836c19d378d29d5ec56b7860cb4811c57c33e9f41101fda67624318da9e48023dcb4274f70912bbe2af9484b5b4bd47c4aee3d924ba2adfc354957651e2e9e1953a0e7400000006fa3869e9755da446a3e61cbe0fdd777123a74f5675c380d5338c4cf0f5a14834ffaea994b299b0ed4b8e054049f27ecaf66c0c7803e1ffe82112c8209b3cabe	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f08958a08d1eda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3618187007-3650799920-3290345941-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

iexplore.exe

pid process

2028 iexplore.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2028 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2028 iexplore.exe
2028 iexplore.exe
2292 IEXPLORE.EXE
2292 IEXPLORE.EXE
2292 IEXPLORE.EXE
2292 IEXPLORE.EXE

pid	process
2028	iexplore.exe

pid	process
2028	iexplore.exe

pid	process
2028	iexplore.exe
2028	iexplore.exe
2292	IEXPLORE.EXE
2292	IEXPLORE.EXE
2292	IEXPLORE.EXE
2292	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2028 wrote to memory of 2292	2028	iexplore.exe	IEXPLORE.EXE
PID 2028 wrote to memory of 2292	2028	iexplore.exe	IEXPLORE.EXE
PID 2028 wrote to memory of 2292	2028	iexplore.exe	IEXPLORE.EXE
PID 2028 wrote to memory of 2292	2028	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\index.html
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2028

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2028 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c699734637d37079354a64441438a64

SHA1
7c534abb77f3646f41964adca7c837d7d27eb3d8

SHA256
2fe2105b7e203e00d3e6efdd1d914a94548c55103511e161a182c935ecf0fbd1

SHA512
22dc67484ba1e00916ac40c2f026f63779f7e24e65d8cc2ae1ce71424a6e56455bc34692e270b95c90c7fce4d0549e2cc90158a678321bfb732753402d9424d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6215195ddba4288cf8ed9a45f5e10406

SHA1
ae61c15f29fc0926d720d8be11c36eb69901c53d

SHA256
1f852f95e1da2e7e50583929485fbd927741aa91795cb242ddadf01b968e3ea1

SHA512
6e0e391c008a46f5d27ba00c04f7a9cacdf24ebd240be4a8e455164d9fdffbbcb725fa910bdd400cd3eb28e85c4859eb11ec38d151e54d4a491f03b6570d6c62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e3a806881850758a6d936e22073af95

SHA1
96ed037e069d9e94609e63a4e41b42afa2195003

SHA256
dfd71987a81e525a94f596acece700b06c927edee61ab8f98c942d309960de65

SHA512
cbd4cfc9e882953729d0a9856942ab6304b29ec61b639fda8c98c140cadc2f2f67c03841602aee1168640847a2e831758c10abbfd3faca3af22c726944267cb8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c0e53a370355fb290da87f854fed957b

SHA1
988fed3840877a1f79b7a6c067f3ab19735a627c

SHA256
9d62e754f090e8c074316b483f5c799d285f853b0429fc933c84590a7ea46779

SHA512
55b45077a0805b6f2f064b1e404ad231fdf8863602f799670579453b38b7be311231bd8e027c69e7f31e857f1713b39a9df7cca4d9424043151224c94d637828

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e72f850d202c0ea6be46b5c25165575

SHA1
248dd45435b578590299f3fc7ba0701a99f3df89

SHA256
547e669e97ce4225a16d02c98cda3f0b9ac036ba53bae3bf98c81b473b1b00c7

SHA512
76e38f4e5557f53a9c85a910e717bc1a95c9090fe0b4d8a221a39a26059106f6672f16b5c204b7769267c784892a69dc4a121388a2bd41deb9e599b250dc1d0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
21142192258ff87ea211d34bfe462b0d

SHA1
d168448ec61210c850eec694707f442d9458713d

SHA256
7c92dcd761e2caa83201ea4d82026461f0040637ae9dc74555c229d9c1db7aa9

SHA512
e085a422fc04192f7981f8f5d5b40f39fcb0766fa9cd8db3c6c25853c261c321b870c5d7c9cbd043e56a425e49c74191f3d9a7b58971d04a9779ea085d8f719c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
10da1fa57ac0f2702da29f7ce311e37d

SHA1
f2e114ea39f352c341ef49ace7904c1f21deab49

SHA256
c3eb5bc03190347e08c5049da9bf7cc72fbc1fda2261fad752b5320377ece3f4

SHA512
7285ab2f4e0bf966a943e220c2b8e17bc22a24b7c26de6665c2e5ca19ec9d911b097bdc7216e946cde5674501638a09170ce6765fe4583ad2609c105d2ccc75b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f4c6e5585645dd5afe9db37e14cf5d1

SHA1
f66ddf7332a9a8b43e0366401f4175bb1bf37c8d

SHA256
bf920e5f703ad1eac3beaea2b22d87723cf37d0f7e0974b42a63ede93e6c2997

SHA512
b8a3e13b9c07a7d6270b152a2e376dba97486000abe95a93c0fc035343ea9d0832c3cef0ba8d6c16f9b6f1582cac997a6472e1b34fd7a98c97a571ecaac07d61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
16e6e22e68e57c76bcee880f67bebd28

SHA1
b3e18b2d7acad4262e43dc557755b9448a986b24

SHA256
ae7eb06e5fdd04f4cd60e7de1126abf8dd024501066bbb0b13759de9357ac182

SHA512
4c7f8d132c5d7e072f1884af8f4a88ac3f9dea1123430218a1e4798b4e290f475cfdc40daf2fe5f7b16a946a26c2751bed16ec771b48acb790d56b9d3945af8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab87E6.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar88C5.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit