bf138e5e69ddd7a2958078d6f663fea26b5e5230331f3b0223676f6e0216a77c

Analysis

max time kernel
149s
max time network
155s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 23:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

209a411eb2deb40523f422af3a5e5bd3.html
Size

1KB
MD5

209a411eb2deb40523f422af3a5e5bd3
SHA1

36119ea2998a92d3d3d7dba71002083ff464fb6e
SHA256

bf138e5e69ddd7a2958078d6f663fea26b5e5230331f3b0223676f6e0216a77c
SHA512

1f7024c136dc19a80d93d83430e5c7bcd0107ff348a78071de410672f2352c9fefceeb4a5cfc506b795b5cc9da4eccb52943975374507f48f2fa1e3327db9de4

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{32BBB5B1-A8A9-11EE-ACBB-46FAA8558A22} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000c4872a72a8d721868b2b855af0f55b7c87b1d86aa00a752262aa81444e543d43000000000e800000000200002000000020a5fc37a9b2803b4d20cc78e0b4cc2313399dc7a42038637eb04212df1d7d6820000000abc237a857b1fdf39106b3b8fc55d124e4142d0943b2ce9ac9387e45605300ae40000000a200ce8586245b1dc31e95e5033ab7b39fcbf9add339e943913bfb8dab8cad6b02066592a9d5b51166640b0df6826cf8f1d543f976033b01d6ff69fce0829cb1	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000e00da2d4bbf960d4e400719c1717ee38416a2daf4e9144da137fd77b0acf5bcd000000000e8000000002000020000000752e1b4e28a28d69602fc708b1ef37eb05926979eeb6323ae8cb53c1ee6956ed900000003fc02970939f511433b95a08432acf2b0176346a4e12d816bc9e0f715e15501a1d0539a245a19e328f11f98b64f04da9108499d1378ec790e93f1e54f167fa93b788d5638f7e96f847dfc7704b8679ae091150508ce449737de46c4d766136bd17e7d15fc815ca607122c75f20c94a5097d584264ce83f471b9ce9675ef953c71568b784650cb2a500aa17396f96641e400000000eff0d41aecba345e8aaa892548826674c4a97a618fbe7297f5cf2ac243e7483b8717e292fec0e07196d02d617efa871e27d3f355de197f2af6c7b3ba19df853	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410277385"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30c3630cb63cda01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2056	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2056	iexplore.exe
2056	iexplore.exe
2092	IEXPLORE.EXE
2092	IEXPLORE.EXE
2092	IEXPLORE.EXE
2092	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 2092	2056	iexplore.exe	28
PID 2056 wrote to memory of 2092	2056	iexplore.exe	28
PID 2056 wrote to memory of 2092	2056	iexplore.exe	28
PID 2056 wrote to memory of 2092	2056	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\209a411eb2deb40523f422af3a5e5bd3.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2056 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd1cecbadf7b392f943a9a52c222c463

SHA1
0f97db79dbbe36ad4fc403c43180a912cb709616

SHA256
ba9a92cd1ec2925b59adb8a77ca235e094b49e9cd10f0d5b11ffe70f11b624f1

SHA512
7d53ddea749f7aa9c90634eb540ebb5f880b7cbf9094b3c079943dcdb1b9c245df9e2ef453c319137913df18f586057e08323022836ec69b505f05b8d50bed10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b218c39c6e90ca6b74a5048bdb6afe0

SHA1
5c59dba283e46354274b57bf9be481ac6b6df242

SHA256
3a61d425b9f51e230138cb3bd64d5340547364cca3135e819b70edf1bc8e1b60

SHA512
06a4baaca061b24e79412a18f0fb425e64d8bb76cb8536b24f3fb6bf4fe81a3936963f7d6028fd5ecf5bab8bc86c3cc82a575c0ed71be55c577066bb0cd60315

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56212c9109c6971bbb20e198e62e5a0d

SHA1
e3ac99eaff6cd5d93d9bcc70993e3ed387bdf35c

SHA256
7a3a1c0d0e4c8257f15416399b3224d439a2d4091829796e40018b8afb243db7

SHA512
282690516c037b2f3d658bf10e75ba4a35a768685ee688a3c5b01fdd35ae6c50f7448296d7ca420ae3d8a8176ab085b77a34feb5e68f2714de14f3ffdf4e8cf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d98b350ac72ca24f858c4d470c5a7884

SHA1
9caf55fd3f512ada22875298d728ad4e861a51dc

SHA256
4df4f44aea6271757132e9c6073536f3d646eaed09ec2601d6f0ae56d95a5f82

SHA512
356f21ec068381356c44154859e09c25801b44390b38771fffe58180a4f9178b6d09599f23c1cfe20f00fc0b2052d7f21c87a738e67531a32af7e4c08694a627

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
36e3e08deb12cd84139872050ce19158

SHA1
9baeea53867638ccb6abf1e951abe48df2c568da

SHA256
e3b74b54507c32bf14ed3dc210b7fc8d4edbe0c86b8e50ae321200cb15c3ce20

SHA512
d073f3747265dcbe61f7a15d506693ca4efae1ec97d4fd71590b3becec2083b6d1c7bc4804f1db277076fa39b4d8a9378fd5373059dab16ca3d2c10fecad867d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31341dc393fffb35b54c7a7de3f573ae

SHA1
a0385407fb8d0c1b74a8bbdebbf40ec3fda61e14

SHA256
ce55119811f8d79aa9a9f0a4687087b1cdb9d9d74cc0644dac24bfde71a8dace

SHA512
1738bc09a013d49b045b29909f6bf324662c809a2788d40ead5e11dbdd7126178cf0e79b507db0d3b9882185a59e7f0bf4dae19c3fe68cb20625de35dcf2af72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2afbd12da235df91234a57bbb119c8f

SHA1
4260950ba756adb12007d25bdf0f3471eec11153

SHA256
60a297db90c73511315af0fe45edabebe5f87a48a34a4b0a515b239fd7e0f076

SHA512
cdf0895528b4c9c820205cf4874816e409a6225af0261aaa334b4deb05bd77dc85f20f02f4e9971beceeb6ade12c853bf37f743be091516123c9f88b270f0949

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4e472a362b8d7cc7ecb83bacd527303

SHA1
cac8c62223555c75bddf347c89cbc8d7e37d6594

SHA256
2ec0bf72ccd127cf513f1a284a60d8a9705fc1598495fecf0c3d168c41db945d

SHA512
e56a9e100d4cfd7fa754f15b7ecd321d9b2308f8d2fd47d80cd370390ee177e4f5dc82b14149de94c3467f92d2f16d78a61b41d5f68ab3dabde5b3ef0dd8c4d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
48420e03d92d0edc8db912d4a1ec1ad0

SHA1
dbc33ddd5b431590f53eedc99210acd58be06f3d

SHA256
313ed9b05631c9e9fea1d8bc8d44106daa76e47b7a75d1952f62284884f58fa5

SHA512
e91978c20c10cc82763fae65eaadbad3e5d21d4617feca61c18ed1877f76a3ebe8e2e7812b1bc70ad221061cf68e9ce28a7852b1dff8411bc849c7d9fc8cdfe2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24f826449423ab610ef8ca5f2e0e9e2e

SHA1
b875852d78b8bb3c27bf77889c5a76c49bd8e6f7

SHA256
158c12f793a80e99b1dcddc04431e059be4bec4cc8ac20212d735d612698b8c7

SHA512
c60988f7c2c3cbf6fd1ceaa5ca9493122b539d67dcf4d63a4f49d7c5f415f1dee5343b96395cab9c7ddac1e06e8c35c6b6a354fcb5409dfdee1142daf1191c5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56e90f4ef557777c1c2d3516078afb3a

SHA1
7fed13ffd08713922a8acfcc093c81ec178bab1b

SHA256
1c79eccfa4065a6970332e29ecfa1ec42b463d509f389d62e2a4593bdda52985

SHA512
e79b6b7717beeb2e71d7e720afc16dd93830e847bdce6e1a2b59060f5c6c816b55c5c92202851dfb2f480335640a87a5ded642abb49b0613f7dcca0d0e45cf91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aecc7fde0346bb6f60aef2f5d5c15414

SHA1
b41d7393993386e10e5013901326a3c95ed0e6db

SHA256
9073593fa4dbd5ceb861f49af7f44ecd4276fa166becc5f2264a933f49c735e5

SHA512
c119f3179c4f2042521025006372cc335d9599de870a5071026d7acef2e22fc3218770c0aba76c6422a098e90bd48b03c88e79c4bcca7a689eeded3355bb6615

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52780e4312f014ddc47a489638663b53

SHA1
3450b2153607a6b8197f7d0382a617cf577bb265

SHA256
99f233721f3e2a04f8418ec74b6244c7c7ba4403b25f8938c02299c2fa8fe081

SHA512
c72cfcdf600ff8b48db6a7cadae492850c413b18ac0b81206a870e62b89551b1734c0c238f4ccbb3cd3190970350c0703c96652acbc585b3bf1fdcb0cdac6b86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c40fe045a9f9ebe868e2ebe153e9dc8

SHA1
58a691ce3b7baeee9b1fc99c70360a3a07e642de

SHA256
a89811655afcb50bca2236334cd7358a85b607e5143273d6f14609af1e5966ab

SHA512
38f9592a3092bbf2bd1fe5a4c5b370a540550d900b1279bcdcb8851760e4c66432f579466dfb0b19695854018034ebc579b38c10c3848aafe81ec65524c6cdbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed8eeb32d94d2932c273d67f09251678

SHA1
0deda445877ecf9112b1b438de21485912c1a6f3

SHA256
df564e5d682f1352efeefa0c38c24c477384e51d94f877829076f7afdc70f143

SHA512
0b6af1bfb398fe8dca1ca79fd08827819802af9efc624761dce0bcba2c34c85aed16ee534935a53de4819e9a6d93cda261c763371e0ef05cee0cd8deab796d68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5aeb9d56897b2cb16f28bf72d9e65ceb

SHA1
6be77bfb5a5e503dd756611afd5fcf257158da11

SHA256
6965e9905bcbaf4575812bb2438d2267abd4ac0fc4bb69340e89df256b5bdde9

SHA512
0016e3078646c4131af7943ad4de8d5993034f5cce7eb21885ffd186cda6a59f2a26ec4629124cfb6006195b559612c1471f833f358f390c0c2ac9719f28b1cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
724d770c2ea68957c7268fb80978512c

SHA1
d6e0e76744ef32665146210735b13d545d46f475

SHA256
237b20c5624f46b2b33fc662b4f5e43b160a7e13a35bd2561bf1617c72b21fdd

SHA512
1952319120ba012f070816d0e7174270f0e6771280694c99fb8f689cf7a4de8f83477476d45d44adc975813db460f11938793ffcfee60b634ff2cd677b65204e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCA44.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCAD4.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit