44e9212e31c62bbf090a66cb8cf29c8d5dcad29e11f7f0ab8f2d1c7dbc3eb1ec

Analysis

max time kernel
124s
max time network
207s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 11:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CopyData/css/i.htm
Size

3KB
MD5

466be2cac541c0bbc1daf94976e79688
SHA1

e0570dc71a3b5f0b141af743f583e55f9ce070ed
SHA256

3ba3549c22e63b21771f17c52db6f0c2043ce48184801acebb085c410d305eaf
SHA512

de753f8edb338623184f566f16d0395fc04c6eee7e8a1359c703ec9593bdc1b165077fbd2b6e1a23d531a91d5a90937d793e002501b09c644e62a3677864025e

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa00000000020000000000106600000001000020000000d031275a12164bb75137f1c433cd236e4a756e6c3a9b2889dc3dc3ec477af3bf000000000e8000000002000020000000987285984220200ae509e885f8f864fdb64ae9bb198afd1af71d5116bbe3be5a20000000210057d9e76b2893da1851732a23b8f527dfc13fe9b4885d44bb5d1b3aa2cc0940000000108d4717ee4c7fc3632281b092a51a1a5122ef4ed47ddec4f4a67ac011397b29467c8ca693425a1139a91a2c138c700f0c2ee8cc4facea3b766a3722d9250dd7	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002213d23592f6d648a137f9bf65c22cfa000000000200000000001066000000010000200000007df7ef64168221083845f1b96883e5279949418f7892ad5a64fba0e94a86a0dd000000000e8000000002000020000000a21971c49d76aad19ee88afd685d192c2c152f7687697f88e9ccf38b7afff7a79000000026f256c61a18058ef79ccaaba04528fb874b497ffc79095a27527e57765d034e8e477636a9a81dc8ecffeed3287619f72a2a00a42e3f747992d00926e1aac2bd9a8a5ae775e5c9e5198b78d17eb6e19602f3ab89910339ab5bb678cca85f7dd2d63ec2c6eb438f12540fabb076e67863ff6ef61396fd54284788827745df8eafea6e9847e04432177a2f37f73a3fd4864000000043a105c92c8ab846a937ec4087b03bf025b394932c06324c5da16f41cc0fdbba11162b9283280ea355c6eb845f613bd8550370dde6d4acd70780079c8f3429bb	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5FE75CF1-AA03-11EE-A508-CEEF1DCBEAFA} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410426076"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a053473b103eda01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2936	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2936	iexplore.exe
2936	iexplore.exe
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE
2032	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 2032	2936	iexplore.exe	30
PID 2936 wrote to memory of 2032	2936	iexplore.exe	30
PID 2936 wrote to memory of 2032	2936	iexplore.exe	30
PID 2936 wrote to memory of 2032	2936	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\CopyData\css\i.htm
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2936 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c26288f7bf09b2b8efbee439c0c2a62

SHA1
d42280ddaca5b2400269070822742fbc4c5404b8

SHA256
8a46a6e32bb56c475cee447bbce4b3555d72c662b64046f88b069a560acd4b45

SHA512
593371fca4529ad259f4f330f0c7df7e951b18af457abf250b94ed2edaf21e35cff7ef5484f8d32952edf985f0b1db73f52654b5695d9de5d4ce44904240b01a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
018c9c46c7ba6736663da8908de37163

SHA1
141c39e95ed9e36dd4a2bcfa1cbe19002f944d57

SHA256
e75cbf96f2b9eae18ced1ce19e168348b0115951f94c9dbc0d748e2540a63360

SHA512
1dee70b647594f3393b14041674d0ee916b6d5b55ca7a6dea87a22a82b875c4853f6d972d3ab79b6c0ea334ed25956fbe812a6cece7440a7c1c97ae2e5e94cc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f9bf08d03f378278a042628db0fd29b7

SHA1
46e5651cf6d413aef18f3af4e4cdafd860b180f8

SHA256
b12e8eda915fed0555485e66e676c69a1888101e282bd3ad208cead961d90edd

SHA512
f7e7542200330e1cfed59594e2533fd00c7fa4607d6434be8ff9518831c161f2e796de769527a89562f56d3f08050ca17a4d29f32cd270ee77a0b4c11d4ed854

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
80ea701f4bb2a097010968166f5580ea

SHA1
5f2228570df4f51b3648c0c0863127ae51b8de47

SHA256
aa126693a5b8d3d699ae7492a28fcc0cdac4700ce4346805ec7d613f3ff8d3ba

SHA512
0cd8912d981020dec487aac2f7203091867eed6f68a6d20f8cc91dc5b0885c577c7e883ab438359aec72b43b93a574d8cf0aa7cf5c1e5a832c0e691d9add0b82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b0c2b138604cae9fa16c637dd6d6e1f

SHA1
e7a05ba5dba6f37fd5dea8b228317294b0cb161e

SHA256
1d69aef518b64f15da04dc40e68450a6dea9fe00ee1a665dd0a4ca5ac98c88d2

SHA512
9c0ab2129ee43520e80c9289d0607168f1839d053f071c6a1792632ab71d02129d425e458c44a57bd270c934a58b0206dbf9df8bb00b85b786814ce484f057d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d494504fd36eb8bff54fbe92f15b588a

SHA1
bb2fa2fdf13c36e1710c4da2186f1afc2b092ce6

SHA256
84e5872a5582a31cd686406efb6fb5c9452804833a330fe5ce9ae75de8365ff2

SHA512
1aaaf07f16b2ae4c48e473f186d6f4f0c6fcdbe5cb8e02872ecff8951f05469d954ccec42a6e3f6f094ca709833c67c17d43fe21315d713f230e850eeb4ff71d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7b532dfbbfe66d0a9f9f9e0ebc54b97

SHA1
99712aa7fcaf0b63e81df77c66955f67ef6595de

SHA256
a7b5b6e996de2606b1ad78e80ac9d1065b9f429d322c2eb458d6dd118e17c61c

SHA512
bc6d89a30c2c44dbbd5b5c9fc984f20557994bf5e5e59f035a37efc1a4bf8184cb01f9a647d22caf9e21ec02737edc17f28e5cacb8d54620821661bff6d82f10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2144decda0501abc73bfad5af2221163

SHA1
d27908fb9433346032a59be4d860fb523c322436

SHA256
73547717bc2a75a17e197293101e4574bafd522c475bfb3112baaf16d8f18922

SHA512
5f2334600865f1f6c634d6ae08fc76d97d071dc4e9c0781664d130e40d801588b90192fb62d7f689f7b7853da2e1350ecb566f1ea90858d15d2d1d7bd8b1e51d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dbc98065993fd138dd7ecf6c9b57fc56

SHA1
2c2ba15045df2c9244b892ee12acdc0fc12279ce

SHA256
42343fcb85ae2c2dcfe7603ea3002b01e0c543c3ea30616d845f52df4f4c1e74

SHA512
c65c0b344d908e58235cf65b7145cec540fdd51b049e511d85486de836b92e7992c66e60ecdd185bead36dc4a643e13b04b0c21b62c897f629201bb759ebf947

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d2ef1c49785d8c1db2e75cc208e20225

SHA1
977700a2ddec434e4385d207836d3488424a0345

SHA256
3fb04ff2a7f10ac3e5577a8a431373d10f332bce5320e344d44176f3aa43d139

SHA512
fdb5297e914b6461a60de93c90c8dcc948dbfd7fb1b8e7ccbc452f7fe1c0e3ba8e9e755c2dba3115b20f7e6b20517e3581bea1cc49a9933ed72bcd1a96518600

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
991ecfe3c84fc2cb7cb8c64437e8be50

SHA1
b759d888d6a36aa47bad262dff395da7b44623c6

SHA256
b3fbb002f9540de4eff2f4b03bafc6382f874423cc024b0b4b3271553cc51b2b

SHA512
bb10d5c3113a4eb5984167a51423d771d4be455f268d3cf17ffd65eb634f3e418fc19287c47bec6877a32594876207e7ed2e590c8225994c6618e00433a56647

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c64e0b1b13ca51871216fed2925b22c7

SHA1
85ab5c09cb693345bccff27fc895a335df739997

SHA256
84524c67f88d9b8cb6c5c525345a06d7c0a83f7493d53af8ce26c14593551866

SHA512
e965e4281222abed831bd603e7998404a758678d6bee0aad5aef3334d9f8bc2f66ebc62499e09e8e7219566c0f726987379fd76d7acaa7229f3a80e53fb83cc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
25661200f732c5196e6eff6bb58d6384

SHA1
fc4e7c5c9fecb2b86047b870e694fa4c342fbe65

SHA256
7e38dbf5108a5cae730a7b8f84b785b839df306b7a704eea5cbccf9804bc66d3

SHA512
0ecc75b5890e915160a92b646997f75952d8359a9aef3a3415aa193c94e94c514be193314b34f9340bfefd1e63e660961db77f85181f9d1bfbbc98d5b6aaf162

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b219e5f166687aec1a25707491df952b

SHA1
298d37d82ff23fa64edd499a6ba5ca213f3a1634

SHA256
2d5ef63186a2a4befd1ae4cca58785925892a446136c6737268e5d1a8fc6f157

SHA512
aabf6eeb4c066a0774cd3fa18247a183a0ded09a8b391dc977f15898d6aa477d18fa1bb6fbf774425508f3f0eb4ad0bed2c9bbe5259f788c8cafa2528664f457

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a0fd138c54076441d9f8b83d925ffa3

SHA1
7fab9898bc69d463fe554a0b31f7eae1a181e1a6

SHA256
e7261bcdf78c4cfa046732533a4cbb8ac15fce31f7fc368309d34258d5bc5222

SHA512
d0d5312081ac9bcc5118bdc6e1581080d5bb497d7344d769ea598fed1519eeb6804ac6596076b9a721289380af3096ccd804a628b2fa7d9024dadf63be03913d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5B6E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5B6F.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit