d7361457b9a5090057132219b1212d6fdee117069039df7baf757ba5b5d52d99

Analysis

max time kernel
119s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 10:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.new/doc/html/about.html
Size

3KB
MD5

8b96d1dfcfa19a0e3f3b9f8a885af155
SHA1

97b7d340d1c92a927d7a135ad5ff0866b1d4ce02
SHA256

62643fe848f827296342eb30fc6f5022fa22178d1180f556f99aa073fa22aa02
SHA512

860e7f69c413ff2eaaaff7f1dce49c40d33def4ecd98a77773987c3b621fc59e19436b4341e683ab5317a227f0e384ed8c03305200116e664abc8d2134703dcc

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409502887"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6056bfc3aa35da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000284ebe1d8a8c5f40b2a0deb2b94496fdebd6c74b7441f49ab40dfe4745ccbb0f000000000e80000000020000200000003e93cc5ee6bb2557f316e622859b72d1e5fcb386b4addcad6e6c55a3631776bd90000000fe5b54871979ca9dd7a79130568077bd96167fbf24cae8738e4879ca53f0261dac4cdb9af8fe4f1248adf7a66b1f959d1fb39c675d7e2591ef5aa3301988cbb10260d79ba942d3b3ff2847966b28ffaafd9a2c444f97b90833b50e55bc3166d967231ae42cd2b2de4371f51a0a57126fdbbf3a03a6cd6ba6c7c5096532ece10dedcec8c0991e8e52db1b710fcf291910400000008bf9173ada6d4a4193d39a5fb8bf4f9ee5457480bea0956de4a16d4c19a8f8479e555c49acf3ffe3fc104ad4ce04751bd73041e82db3437b7334e1468f78a207	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb8000000000200000000001066000000010000200000004116d37bf32a678f36883d5aa3d445463754ba5c37c1fcb296e5a6e5a99b3042000000000e8000000002000020000000cf88f3f99d16c1b1bed94af29387fd24522d0b712c3762eaded044c1956d55a520000000debf3a7984080b7d7bf3ee3ebd6bfc14768f45fd18fa388eba3780ba3b32eab640000000e3143ea68e1a3e560f431c3f4f7a9416e3f5cbeb617304bce0d4b5b1b74e296a9a7b8b75d4e8dbcbcbd123d697df13b4fc180e00507ff99c88c0558c98ab2601	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EE22CEA1-A19D-11EE-971F-6E556AB52A45} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2132	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2132	iexplore.exe
2132	iexplore.exe
2660	IEXPLORE.EXE
2660	IEXPLORE.EXE
2660	IEXPLORE.EXE
2660	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2660	2132	iexplore.exe	28
PID 2132 wrote to memory of 2660	2132	iexplore.exe	28
PID 2132 wrote to memory of 2660	2132	iexplore.exe	28
PID 2132 wrote to memory of 2660	2132	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\.new\doc\html\about.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2132 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
855f9375626bf660dae1ad05c72366f3

SHA1
fbc8b34fea69b684d844a3f4a2b2863f9f16e315

SHA256
f928371d519d3d5cc00e980276f4312e9861696f12ee66a4bc1c2e9cd3ef2f5a

SHA512
730c030c99e25bb4ab99500b03ac92610b9e0882f040add484616a72ecd41411a2fd090b43ecf372db8bd86304e4a07ffc827d70fc78dc01d78e25998da1612a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e84c0057835e873c22146200b5998ef

SHA1
d413607398a563b6321f80292ddb038469b5db1a

SHA256
4beeb84ed66129b175a0411595523180b23c3ad81c0d995fde3fb644d16ca839

SHA512
ffbe9750d2fe7bc26cbd302ae52de7d315309104d31e2891cf3355c68b7941e68d6862437dcbcb95803648b7b256cd115454c2158a5ccdce6aa30f694888564d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d22897ef45699034301673df44ca6842

SHA1
173c8262aeaaf0b7e82d1746baf3903ed9c70bfe

SHA256
707225c829a146dfbe191d49222a2940271a5eea32fc51955f3554c666d4e430

SHA512
faedf0ae80b0c9e9cdd881c9630f04438890c0b5e454dd9c4b196fa4f7bd015c596073a09e8c6bb5f6fd40f21e5da45c173f0124ef988d3e7bdeab980ac6211a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f93f8fe7bc535ac54d263d95cd185216

SHA1
4e836008258c5d9c4906e4623753d072e45576f2

SHA256
5148c47ffa437c68fa40e2eb70c9ce91d6c1ac7046790aaaf2758f022b5d479e

SHA512
96ac7a824f33b3c3ec9f6c35463a4e942f8ad87602e0e745a4d79b1977ce49544702bfbc10020c87e944225eabcd5914659168db0d54f8829d54bc7150eae79b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
105d83c82dad49a4ecdac79d9b4935a0

SHA1
d04a86f1e0ff303d9f2acf9144fa58dcc5629fc2

SHA256
64aa7655f6ea9dcade322351aa989c8a4f0ff48a8f7d157fc8ce59ed010f9146

SHA512
c7c9f6b0ea0962b2f27a4e8d27fd92ef0999b399349dfe87621b3cf24c9f503e627492791cee53c7e93cfc276ef2916cb070777bd8f8b8b7194fc3e8a60e5955

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd28b88ecde7703d3b20045e21ada834

SHA1
1790e179c55c35f6f962aacc04b14153535f8e04

SHA256
062b1df96bf3a3c004121a85ed59da3f3de4d799ffc524b3b74e1143fefcffc8

SHA512
3ccafafe284cb47e6409ea71f7a4bfbe4143cb8f01dcfeb124d51e0aa7908e770359db4f3d3ad1b9b8a8e1ff4a150e5c146197f4371cca5bb96b5aedb421ad44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3be31a9616ebc59d7d039a30692f329d

SHA1
3a14bca8f1c31d0f9de4fdaa4204f61cce157855

SHA256
43c790acfcbab99de8ee7376243c4280c3c0bc753560380fcf57be3bdd025038

SHA512
d93aa16b082e4656e34dd7ca86de2d8740846ea694a1e8c2ca239ceb00ee121db0cd7c60e25dc9500f2d9b16159af40376bea8f7884ee537a0487094892e9c7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
769d54548a64a097e043a6c71a2bf427

SHA1
24e9b79f7af23c2a8a499f6d4b7c27e1c4e42325

SHA256
4822be3f4524256c335c75df371e28b2d643506c7bbd19f8dd216e4d5b2647cc

SHA512
6b0e68a0a7a66aac74cce1611d35c6b8db0957e88984880ba0cf972f63caf52346012c4eab7a7416919fa791394c1596a3d7ec4824d0876f751ffee6b731548a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a471882b3b8441b7d894853408e6853

SHA1
c577877085bc3cf90a0614bd9dac92ef88084ff6

SHA256
c12a9b79b92c1bfeda1cb8ac6ff0d68df7d5f7d4ac6212235f1450732343719f

SHA512
327cb0bf0e9cca87c507064efff8ce25b8bc9b476146488a6e3ee53b72bc92b609d1efdf6326442739b794beb1217330e3cb9631a12034123c21ebea2e16e10f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d5e59256915f4d9eedd062664890fe7

SHA1
50183abbf917ced693a8e3b5a1b135737620704b

SHA256
4ff74784f16d5902ceb5b4808334f72075b1c3dc3caeefa756d56f7dfbe4b1c4

SHA512
dd09a987a8baca27060152399056744a1420585684951796a1ecc5336963005d618dd5c642480ea0d157412b4a37f62a8129a1913c2478c09b3ef51fa17031e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4eb89ee446c9a28a17c3aa13437339e5

SHA1
95d97864e9b21a719bd2a70aeebfa83425c94dbe

SHA256
8d3376e5e86bd49d584e874ce9256e2e6013ae6fa1f717f32b2477f63ddb87b6

SHA512
7723a4233ad415c4327a6e4261a3425917c79e2cae4c997f65af95f6c60666f4ccfe8100ecd4c8773f01d138e4a49b433d151d5358f4ac15dab3f9147c49e296

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
001eaa0d443831ab11a3197ba430e9dc

SHA1
9a7d2951cc46e900348e85d0a21ac5dd2bb73d2c

SHA256
d12593e7cc9f155ead6a3907f698ecacb753a72552a29e11fd1ec77dc207818e

SHA512
2e63f06baf88804ec5c6cdf61b39929491d396fc790f97ff634bf7faa033a9808f4f2abad9f991ce2dcddc2d65fe9a37da65ab534655e7076c0ca76b603b0346

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
efe2204cd96e62254689594e19b08d53

SHA1
beb49eabdf1dfd3308f73c67b2b18da4468d211c

SHA256
b6b2ba534ebae4f902937c0cfd9b91e8074565f5fb8b107075e4fba1fc089606

SHA512
23ac65d9b31c66577b2415a4a16d81af6195bb0d761637b0d324577445d1cb51513e409e980a8f6db86fc619ac7e4106ce7b8a788e9380156931a3d7e0286402

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
64b0a371d1c5ed56a769a8bce9b54a46

SHA1
891f09393e141a87bfaf931eff550fed6a019665

SHA256
1243ec5605a799db4297ada7e8e2d0caf87c6921403be5111001e90066b0e25b

SHA512
ab46846b82d44e0d2da80c1ba0714774efac1f591073b649a77ebcdcfefe4a7b95a16aef629b00c35db0582c7899b2359f1a93da7c47b892167df7869748a1c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac771e4e77a01ec9c2433ac6d13fa483

SHA1
e237686ae56d69d9b6ed728ccb1c664e35e7d6d5

SHA256
8363d6512c5bf4096e978a6c32afd3b47df0b8bcea3856e11e97b9b347e1be94

SHA512
afbc6c31c7c614b44939374e3929863120d15b37a3d6155652f564e3d4ee66de0f178f631a403579cde5b7c0bc151e358f9832b94b93a1527b2af9f36551f13a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
73a2f67f28ffa17fde9e7a1a2eea26ff

SHA1
ab8cda0319fb9d62dc4fafec67f143c43877a855

SHA256
c1b99b66610a3ee676a27bcdd4be5d97da317889feafa996cfe5c5a6482fdd28

SHA512
7e9e644fa0fa638b8116db9e4dadaed37f4c75edcba778b497ef3a183fe08997c1fca1bf24f05d3e2ca40a002f6a215dabbdc803cdb12c6d79dbcac809209ada

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8E1F.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8E61.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit