c5269984d71797e2294c232022ea6984d17145f90e86a96082fa0ae253e6868a

Analysis

max time kernel
120s
max time network
152s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/12/2023, 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b107ee02dd08a2c315ebeb6622196fde.html
Size

977B
MD5

b107ee02dd08a2c315ebeb6622196fde
SHA1

44f4aaa25f15f0ae854274420df7c1791da18768
SHA256

c5269984d71797e2294c232022ea6984d17145f90e86a96082fa0ae253e6868a
SHA512

64c16438800021c82868d0b692d9e469897b42a7b5220b3ce73ea988ed4776269c4d6ff1ab588372cb7ab184398d99adef6cfa2acda04b9005a6eb0917261cf3

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd76917334189000000000200000000001066000000010000200000006c99910428f094935f194ca2851e9221adeb91dd51b90c7cf997e7ffe1171b6c000000000e8000000002000020000000b45563c33f744b56733137c659626141a8fb460089541509adfcd0dab86b0004200000004b7f147f69bfcc7b6a9b7df8cd4d37eb3f1f9770ff49e9d423c52751d3727d0340000000d6d588b5fba7c59781f27ad7a06a94007bf34830eef12d8f8ef9bb85c9f5b3fde6b3f7b7539e27beadd0ea221061835a9bd575e820cb1910114ce571a7174398	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{24C4A4B1-9F6E-11EE-8183-5E688C03EF37} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409262462"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd76917334189000000000200000000001066000000010000200000007f2aa263b30a3cefbbfb829d2e85b76506c1c97318ed80c63c847393a4e1b01c000000000e8000000002000020000000f93ffa84934afdaf83f0d7411f5391e279dcb0c2a41424e294ffdda5427d8a5c90000000604d2bb3d909cad1a5c22132584fc7b903d0a365b768cfe1f5cf3f9a2df1abe77c57774d51e46394e75239768074db4eb220bb209a01ec0b20d9f2b9d415a76e35717d99a3affd85663430d4e8c43ae77114fbfed4248c7aa9185de49f2d705708350f8a9b6d7276b7c4e947b6c7c9b8bd3757bf83abac1191013b3fc776548222ca3e492abd65fb336a2de3aa243be84000000041f00568cb15bf05b9c962f6a580306ae5a77d04b4bceaf8107ec9061e9ae8e79bb02505ffeda0a4ab1240772967daa1f5ffebe639382f76bb0a5cb9886421ef	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 504bbdf97a33da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2000	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2000	iexplore.exe
2000	iexplore.exe
2356	IEXPLORE.EXE
2356	IEXPLORE.EXE
2356	IEXPLORE.EXE
2356	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 2356	2000	iexplore.exe	28
PID 2000 wrote to memory of 2356	2000	iexplore.exe	28
PID 2000 wrote to memory of 2356	2000	iexplore.exe	28
PID 2000 wrote to memory of 2356	2000	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b107ee02dd08a2c315ebeb6622196fde.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2000 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e898e3d33530a7dcd2a87bd19328344

SHA1
940295103caab52d37dd7fe369158a506197a6f7

SHA256
a8905fa8436ce6dfaf8ae887c5c249d32d4bf4bf1fb72a374eceb120ca6a7078

SHA512
49f4ff9fe20f4f75ee02bf0bf1ac4f44b8caf31e1dad6b8702aeef62f177231811594a2964f267b6c5649769f3e5bbce834ba57f7babdfec5f3ceae2f67f46fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bfa4127d8f05a771792257e6d8bdf305

SHA1
e946e45c3c52b459e55892882fb0dd4629083cf3

SHA256
8e3680fb5b7d7edd5ffcf5e49fd53e79424ca4a40f67914316e315630e08c661

SHA512
76fef1395079ddc8e693ba512866b2b7767f2e6b0a3acaebd119148642812f19e3e778e53927b470252fe6646bb5a141778def9612f456d600e91c874b0e9191

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab70241b341af1129e3ce14a88e51982

SHA1
2dfdaec244a5880af28e8648282d57a5eebfa99f

SHA256
6ec52d387c3565c533adfe8a99876ed6325011ba5f5fbb8fa900f003f21ba656

SHA512
109362eba05badc5ab50451806eac60701521d83c9c1bbeca8882e8239396832b51ca701e8d2fda357e7f366df73d87ed6a0c3008beb64d2629d20baeeec6434

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d0bb611e5cc6991ae1ed9c5f62495f7

SHA1
f786a1f6d9def0ac8a522220d7c76019093f5551

SHA256
c6db397b51af9d08cecd4b23a942f77ef46fafe96a9e4fb5b3352450056c4d01

SHA512
c907a16cbaa9c042599b6d4f85b942cb29a0328bce2f56287dea983888ca4d3a31997ba8a7ecf38b785306c647480cc1cd4fbd81a0fc2f3e02784ea46667bd6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ba71e30c5d304bef966ed2c4a47b36e

SHA1
29fd5ec3cc2674c644207e3cccc0b0a014cc24f8

SHA256
a0be0ccb8881510603d4fd22d21f12cbca9a830eb0d122d89da0f306d15e7c67

SHA512
3f4576d6048d0aa5fc7f15ccf8333fe65ed44571102bc1188b4f8e45bac7960e8de326cd2ca2ad6b9c85fab395b977757480a8b12987e3d7c3c13db578c57d87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e7379c8f63465c498db6347fdd27c0c

SHA1
46ed8157b60bc9c2ad580b3ceb1242a44715e4d5

SHA256
e8e153e6e898bc60ccf3795d23e5a7c4ac9c0339e32f32ea0eeb32eb36ed6a67

SHA512
43e683dca18caebbc10ca2a50d5012f8d2aa37bd390d308c29b9b1a655e7eadce2c9da86d317d04ef6a0456db8968a91ad3c01591ef52adb537cd805a9693a6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e88777d728d49b48265a04047a9eb584

SHA1
1695da1d3609bdce55bcbda10dcb718fc5ba89b6

SHA256
998c227d8601c9774887e4d029a71f97d2ce73ce6ead3a64cae0b67f91d976a2

SHA512
125240ef62486fba376b0f94cf52e3b0dd631938d137a718be3bd06e01696c8d3c6406c4eedc6588112173c550f97bef0c00724ef6ae5cb2712d072373016b70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
07fa1158aa8657634e3498e69eae6490

SHA1
b2a208e1a94a31f3cd66c275a55a59a78bec2779

SHA256
04683637f6409ae06a99862d74242336adf52bc81e06bf43e458bbab9598fcb6

SHA512
74b6077eb170f2c0d252818b7ecf1d16ed1ea05cc45bfc4e12088a83c727a8a37e1e0cc663825ccb690a7589fdf8ee14897127aeef23e5a54aec2dce2823ece4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dec74ca69bd4a2aa582120c7a03db410

SHA1
de1c12c57307a0d37d5248af28c7c6ca34e6a291

SHA256
d66e20ac3e320fc03c5768a74f0d3226d71dd659f0042f87fc3dfbac4e7a0641

SHA512
62d60aa2012be7f19ff49cebd99ac6c8cce3ac5008275e68d9013d7fd4c3bf74de5cfe390e81e8e13c9f4b1f64d497981e3dfc917e070fbda31c2e315a02bf95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
276fec48a6849448c4bda2b2ce4f825d

SHA1
f496b5bc83c1f8dbac5594ea75a6ab490ec8833b

SHA256
54c04ce0e5547c7cc0f664f8b613f81732be5fa11fe0c2bbb098ca215601db0b

SHA512
5e3b34533b1221d03b99220e1fe1eb9a03dc7d10e87e35a65035528c9bfe5e40289eae6b53c8ae0aae346ace738d0766a22a3baff76702e38df6a4a7be8e6300

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1e9b5c9ec4af079825d3e43923ced53

SHA1
b7308a759375bd624397b1f55001b81c27dd0cdd

SHA256
594497544a8e27ac580473e19f8918fcc674399a86965b055de3400114c6f747

SHA512
a03be610a0363b81fa96485239f1e03a4e2d7be2952aade5ed27d376c7674f96b8fbfcd790610af851ee33d32813e335f1ad739a4c8f81d4d416395949c8a8c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
922d40bd909d624e38e824145a23e0be

SHA1
6262b6768009ecd9114f4d56a4172b53591aeaad

SHA256
4a5e0cb66adda68d65b6896a3f128664ab982f169f2bd598702a46ae39a776a6

SHA512
084bd019043506ac4de0be69023cacf4aa027d07a35d09f4a5e0025043a4ffcf7a4b71f48dd0eaea33db2db9f9c9761cdf481478f6da86e50ff74aaa9ddaabc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
44df333f1c1ffc4dbf5af28d3c26d7e9

SHA1
f2f1769dc0b005887576bbfbfdb830616e8c84de

SHA256
a52ec603f95b1f1486db4d13d2b249a93e58c637c66c9d8a71b6aec7b6acef1d

SHA512
584b22c8ce0b2a15a7adc8f11f10178caf5af921888a216e3219102dd760c06de5c8e6d6bd7f94cde96e382d874b46fddd82ba1b21c111fe4476b55d41edf5da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad28b224585e5a42d271bff2acab897e

SHA1
f48ebd2523481e02b4801981dbe47861d81e10a4

SHA256
f0a5ded1dde8de717afe72095fb3e6f7c9cdd53ed8e860032e8bfcc30c89318c

SHA512
97547a9f1cb5bb0ae038ee889df16abb981239e9d161e644195edffc11716e5eb6795a70c7127c49c916655790a935084e1716d81affbe0eecf2308d1ccf6813

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7089eab6b32461acc43b76e954f4d2ef

SHA1
50b58ae1443bec118945376fad9c0292750673e7

SHA256
e5ac5895b99f8866099e0592dce54e441f42db2b0e05a445c46f6a1b41833706

SHA512
48714ecb35791fef66de54da959791039f04c8259a5aeb1d220c632c59a2d15d81484a9330b7aa1a38574d253ebee1e44674c193d294d999acb89bbf34e371fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
872f0bea92ea0d060de1d148daa96451

SHA1
c89c84b218f1110cc11445a313594e738f339266

SHA256
957f3ebca5cc4f8fb5cec2cb578d61b4dece3573170ced82e56c0c300624a620

SHA512
929d578d455ce03678d6adef03c8c49be3da3dfb0b7a0bf4def675dec9f52cceec3e54b963205c39e6def8462baa1073a3543cddda422c485f2a63e581d4629f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d502fa86d9086bcc31698e77cb9e9ae

SHA1
a0ca0874061298228dc1395f1536bfbe54d5e5ca

SHA256
4770a0615370add21db2d2c8c359793fe4864b664e1e152656bcf655e354dbd3

SHA512
17db2e66a947d2434fbe448a5311c9638a405028df2a26fcf4a2c1e52fd6474dcdd396f4c969e37a8e8a1597736d27d40229f327091862d7394b7da4fcdcc1b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9E16.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9EA6.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit