3fd4b42665dfa6aae1550b729d06d302a0be988f1799990e2dd8dbe2a3911179

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 16:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f19f74f060901b0166fd377fce6587a7.html
Size

625KB
MD5

f19f74f060901b0166fd377fce6587a7
SHA1

341cc10743b0b1693c2639c0b67fcbe69b8f7ed9
SHA256

3fd4b42665dfa6aae1550b729d06d302a0be988f1799990e2dd8dbe2a3911179
SHA512

d4242ab0ce4cbdf809bf72802f2b572b8d64938be41b57d1ed8f92e2d553f3910074c61108aeceaa56d9bffa7fc7a180ca28350eb04f2bc5d5530dc78de7bb9b
SSDEEP

12288:IqYPsfdObbKdKIAnospUGr49rug48zX1rT3S+h1aha1AgV5XQa7y2:IA6bKdKFnoPGk9KgPXRLahQ5Tu2

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c000000000200000000001066000000010000200000008e42ac1be7afe3c5b6e7446f93c62fad00bd742504e1cb512e704ec5f5adb983000000000e80000000020000200000003c3ab8ec0be88bfe03db5c32fd1b5668eaf780249c622ac68421383c09620d1390000000443c0f6b5054fa4bb2448d5105a6490d0a062202eda4fee44809d90322f3ed8a21fe0c72151d742bad033b793afd09d034d187cea984cae1ddacb9d050bba5c6d8747f62709298f50173a9f9b94814eb3abbfa114cdfa61ac92ca26d092f29b423a96abc82c78b9e4fe602f1c1a60042776154f4830feab0a2606fb2b899991f29eca9469399714bf59e8e2e769bdcc6400000008d5b00a9a6aea5a93c3f0acd3d5a3921c25bc26bc38f6d064e234e8f83994c90c71a9a65afffcdce474b6e1ccb33690eb1f4a1264aa5b6952e483202043a74cb	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E2DA11B1-A117-11EE-AB16-D6882E0F4692} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c00000000020000000000106600000001000020000000c1673fc5738d92ae5728587372fc1587fda1be839d033a336ff3255595ba792b000000000e800000000200002000000056e3d4fec696f31238c74fdd526727c7c322e5784e10e0d2d720392654805a8c20000000a7e701911f6319227bf24f4cd269c0e8f8e4664d35a599f6c1a2f72411ebf067400000005933dc0e4e8e09bb2ece644244327b728056c734d19fd6c040b1124740b0fed7df76aaea45a77f7e690be2d5eb26d5eea4fd2ce9698c8f3486194bd2047bfd55	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409445318"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 507dc7b72435da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2092	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2092	iexplore.exe
2092	iexplore.exe
2072	IEXPLORE.EXE
2072	IEXPLORE.EXE
2072	IEXPLORE.EXE
2072	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 2072	2092	iexplore.exe	24
PID 2092 wrote to memory of 2072	2092	iexplore.exe	24
PID 2092 wrote to memory of 2072	2092	iexplore.exe	24
PID 2092 wrote to memory of 2072	2092	iexplore.exe	24

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f19f74f060901b0166fd377fce6587a7.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2092 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1afcd48edd97ef978879897d7bdf36af

SHA1
6edbdf0f3dd2934bc96e97a2d22fc3af1b87f536

SHA256
909bc9a328188bd6e925983d07c801f3f3c0a6cf591aa132e95266b240221375

SHA512
a1d9120495b858c29d34b47690812f2e028470d1fd39ad010a6935c324819ec8b33f61128353f1a85c4b1274612d3ea1bf2db1a2492fec72886154cc7ef1fc13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
210dad433956b9b3e35cd025afe0acf4

SHA1
a7f3323785439747b8b0dc198980e7d682fce72e

SHA256
3ee59cf023d204566ca669802d5c24c52b096d9d200d39cfccd55909e54625fe

SHA512
0e19a725aa50fb4afe7bd0677e7afdacbb0a27c4c0108a044698ee3edf226b0fcf5a0e477431c7697d3042d8dca3f0a9a15fcdbb5e59f2e5549d9afb821d6291

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fbebc361b7a5d9e434ee1bf13898c48c

SHA1
9a43fb09e0bea7b384e46ff0bfce0ace07111bd2

SHA256
e3850e3445beb35fea14a58eac36eb89c6d2088ee7abf8c2003ea13f5fcb59a0

SHA512
b2890a6539fe015c4d2e5a20b512e48a118969d997ebba3c511b6c54f5bd9b8a5f087487eb715eb9f9abb4e0f406bb12520e2054f53f477e51669cee7ecf9c26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9649f59ed538bf331cc014a266df062f

SHA1
7b9e80220cc7a21bb79dafa1b0b7f58f54afc7a0

SHA256
37869ecb38c6a780bea4a58eb5c457346abe03819643ec0a9765d118ab6e36fe

SHA512
9c92209f7c497bbc167e73d1cd8bb0a11eddb8d21fe2ffb4b3a94bf02a8210b5b730590399a69184d8fc4d52b3085be965bc2d1ee096affd9b6d457a62f5fd4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
08822ff3b6c4484a1e671ea514204b1c

SHA1
78b5dcb386ef0f5b5d117624f5418776f3feef47

SHA256
8604df51ebb7b5f57d8e092e77b61672e8237130168c75622e8a3ee2da71f3a7

SHA512
8ff823d9ed00d80784a37f037039b00f23525613c4e3a69c0a3ec4d86ad4d0a771f9501fe87383dbd6c79d8643181f798327b21f7ca8cf4e4186e939f2606672

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c4f31ba86b4589399e01e6b80db11bc

SHA1
193c9e3772bd70993ac0559ce813c2f39c196214

SHA256
0cd3dc85b70e6fed64d80ff84c354b2aa7c20569ebb217d9821b6bbe8e4c4bd0

SHA512
0fe291cd4428e7feebfc417c3f22e49dd85a71c82cc0ed2c819844914912528c9e3ca3a71dcf703ff16ca78bb5bb43c7df22cde6f1cc275f4b978684eaee60dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df74c1b3960db0620b249c41d89d0844

SHA1
d95682d52f1f2a84740384fe4d4b8a38a2e56ffd

SHA256
09612befbafd3921a2d53293c9019e53ddd78520b01d6bb11c04a01bb460c883

SHA512
9ee34439a5a8f15af524d0dcf64e2c71c6ca30a15385a7fa9f56b34ca7df76e5100e4007e6588d32b3fe76c1d7bfd923fec95d8047bbd3e66918fc567f5e5ebd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c339f006aeab45c5edb3843450898c08

SHA1
c3e861c88b872bd162869870b196372533050752

SHA256
6dcabb9b8a61d293e11591e626fe4b1eefb1939185d981318a6f8c0ac31834e7

SHA512
01a645fafde9f42cf5651541e2bbfc60e1703853757cd8fbf04a7845125412f5c985720e8d2f0599f064c580f755ebb68adf4c72e98a7d2a9eb8bc2d4091226d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
829913a39def55f43dda385cff312274

SHA1
3920c59ed7846cfc1799af39cfa61b811b82c323

SHA256
49be971dae11281b0aa42ed2184cedeefe474efdd330db4d1866fd6d90a8d78f

SHA512
ea02926e80f2a109c3d08fa3a2ed5de7c9948c566b3e378e327537634217cfaec258cddd974004b59a2004c1ba447ff768463d4eda3fedd35517ae39440368a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d8fce2fc969ae7094e3dec3cb84c9bd1

SHA1
43ae368c8fc4257107ec5d31c3ad42b89b0e6dc7

SHA256
1388a4d4bd4b3aea46ca988aa05d92559011365c666f9e7a6c53639e06698575

SHA512
2cb0c807dfb99067928489b826d987af51b27fff0f1bed8d38e3ed377528037671aaf7e3be441e9ff958afdcaf66812c7c5313ad153278660cadd8de0cf46079

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98c1660a3ee5b573ad3a30bfb8827c7f

SHA1
2f5589f3fc5caf3eec34a22f5367ae0659779ed4

SHA256
9a34465dd6bae7a021e4be5c5a2336556f35cec6058e6ce618fcec6167a254c8

SHA512
b1a8e95094f1d00c004b487404cf081cc85440da305cc8519d72351e38680dfd77f6043a86476d53350ecf72735207b5395db9c4f801f67801469392e42107f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e4a389723524c616a75f69e2f6b1e992

SHA1
f413673aba01bef0796e54d7d4d2963efc023e03

SHA256
bcfde562dac6fb97c3828d5ea341be34f9f3817f6a623be97fb281e7f68f1a8b

SHA512
67bb1bcac2dbe4e547b1bd56f7336723cfd03feac00250375be459af03f4a711cca38946f68d92a6d96c1d897ce919b953ab5490f0c7a49f566a4920a181b7ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
21b54da1221139a6e09b38c4251357eb

SHA1
c4eeda7e15eda7fc9bb8192ef14f66717cf4d73b

SHA256
74829ec313810a08bcf61cf4216e287e9a865e1c0f94e1a3f72b01354349079a

SHA512
e8beb1e730744e78b632269c86f3cde64745934bbb8ef3b800277a132bdab3c26dd6928dccfc7549910b530ef2a5b4b35b6c70fb7d91814be49a1cae6baa870c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e0b1a4ab21e5979f59a9b203d9b0f8d0

SHA1
b33730245a44078b233ec769617144df1b00b1a0

SHA256
12953351d558bca6591398a2aec7a996adff3949c12d290a5a67acd9450c6171

SHA512
993ef5325153a5254133421cc68a1733ac15ebb3da119618bd553801ad9e7f4109f6684e20974b99ee7cf613984e2e971789f5f66551235e5548f11f1272605d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d054e3b2620c60ea1a3dab9433083d1e

SHA1
88204296200eec783af99170d969adb1993b1eb5

SHA256
78814d1b3d79e1d3ed12c918ceaf7deed3682c785c29fd3a9548e676fbaec640

SHA512
9364cde5b060ab2f3d944a3776b56187b6d5712cf1fa9aa5d2518c03369a530ce395621cc055ba5c771303cb4144b81dc2285a2cc13545270089133b03027d7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab69FA.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9360.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit