2d4a3bbcdef3167da23a9bcfc3e31652ccce2ac9c4ddefef23360f0115cdf15e

Analysis

max time kernel
119s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 12:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

36e078c5ffa8d7acbd89df7a7b41d171.html
Size

21KB
MD5

36e078c5ffa8d7acbd89df7a7b41d171
SHA1

11d2bca8ec22513daabb470f32cb277b2ca118dd
SHA256

2d4a3bbcdef3167da23a9bcfc3e31652ccce2ac9c4ddefef23360f0115cdf15e
SHA512

293054bb46b801c482fd67e0e26ca073707be2596698b1fce7c0cc01138a3e1adead897f20404afed6216061ecbcf2f381f19c89c3e11c7c8ddc4f4ea984e909
SSDEEP

192:iTM1KAR9GJNz9NxclwLVLVYwkwa713qsjiPpMG5bPfD+wj3G2+vlo9baOr2noWU:lOawLVLVcwa7QAu5bPb+e30m92GooB

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a00000000020000000000106600000001000020000000c349f2df4cf7eb1cbf6b9046381a63d6c625e493582410830f9a9716e3a2fa58000000000e80000000020000200000004cfdf014976171c14581c4fc449fe96337e7287ec5f249ead53fc5994ba2c84a2000000094a76930738199aafe6d4775e7cc34ecf68cb5d8550bbfe40a9d6b397276c54b40000000add25960fb8266965c442ebadfc2412a674b128da86b32f803326879b3a5d82f5f68b9b1403b40c24e4216e209d43957e196eaabdd2b8657483661cfef020176	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a000000000200000000001066000000010000200000008a1532816edf14a745ee81a08dc5fc8a89e4c2fcbeba25b3eba018766e29b6dd000000000e8000000002000020000000ee819ada78ecbe5cbd461a09a0eee811e7811acec149ac52117395a1068ad25890000000a9d9ea890ca9e39d10b86169b27d44e893aa59b68b01f770a8367c12a0489ef7d656f9fdd61991d97b5fc69d44e26b9532458d97c99fd1f673af9969cd57af814a2d7b6468220a97dda0a43e7082878126404546d8d463c72cfdc440cf62ec4255a6879f644ac962119c5604e1a5bc6f2206b4dd9d4ccc13e366c597a673a142cd75f08762be77ab30dd81fb36f05b4440000000f609ee81d4f3ba9115496f2a2ca0c7b424cabd3e246360cebe0b042671a7ae771f8ea172ead99fba6a6f1329674fc6263fa756139f95fe60e74a91da0d0b616b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0B153581-AB2F-11EE-993B-FA7D6BB1EAA3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0f2d8e23b3fda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410554772"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2940	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2940	iexplore.exe
2940	iexplore.exe
1264	IEXPLORE.EXE
1264	IEXPLORE.EXE
1264	IEXPLORE.EXE
1264	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 1264	2940	iexplore.exe	18
PID 2940 wrote to memory of 1264	2940	iexplore.exe	18
PID 2940 wrote to memory of 1264	2940	iexplore.exe	18
PID 2940 wrote to memory of 1264	2940	iexplore.exe	18

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\36e078c5ffa8d7acbd89df7a7b41d171.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2940
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd3d59afa191a2bb91889f039c1775f6

SHA1
c74d2f25929f5628b83110147e9f3f37508ba632

SHA256
8d38a93f30a845274587debd3d229d6ce6f73346b8ff67d540c81c9ecaae61d3

SHA512
e865d3ef567dffd60007c8979445ade2f566290f37f837abe67d60ebd93082b1c58fa84875603b6a5a4cd46de52c9276a3459efb4e17ecd36c490591b02518cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fbc5d9161906f72535564c26e4c2cda1

SHA1
e734b2beee271020b8f294d1baf0cc2ddb8c7772

SHA256
85d63735f7a7dc23a920c5c9e28099bd5bd98d0760c80fb36470e59d4f0d4793

SHA512
88e5811d1c55f48477d2cfc4ce4a83899a084e12fc22a2b903390d4c40562f76c27aaea71f840100e870f8ba03739661a4b93b67c59a1c12754a1f79c586e489

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a636a66552d9501f4d69754fb61d11c

SHA1
ee5d0a5d19c5b9acf37c9dceb13476b7fad88ce6

SHA256
2a0e8292d8dc24e4e847ef8942397669fea474282bf04aaf6964e33728719092

SHA512
c718cfa7b5a67274654d3e69f6be6fae118f458e5e4fd5f36b56c91cffa02bd8ab0d2ff9a26a8240019e0d35b4c3eb740650df4f1c4fbd22299b06adecb90f17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60bff6acc63f14924bb83399611f4240

SHA1
f425b957c6b51296bc8882bf2446ce7e14f8ff3c

SHA256
43d4e1f6e156a166ca98a7e8a31266b290a18a123851093e0fa5bb2520384511

SHA512
c8a6499bb7b1063a1625e12bc293607a2174d0e3280f03b4bd1a866b152389540f9da36f663e1ad913625147a1a28512ae11263881d6ddded193718c1b8041d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9acc41b26278a0ff037d2cdcb4e91572

SHA1
268a12ad70cb791a2f9b9eea439e6feaf710cdbc

SHA256
65449e9434477c021717310e9295efff5cb536d18e59b803bf7f2e2affbdf522

SHA512
4acc41c3376e52a3b79916ef8af337cfd931ba8c9701b0d3f29eeac449e66c8abbd544a2cd63c94e4e94de6931565e822de950b88c8d8cdf2a1dd76ae18d916f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d8b19c21ccf694bd99123ad99bea647

SHA1
a7b21f67cb604c3272fd1cb58bc0fee17722d6ef

SHA256
7470dc43b75aa383303c2d789768eb4e33064b9dec81772898d9cb2cdbe2b98e

SHA512
ee4710d1e1153b9b2bb47a387c60689d242069819baef9cd390ebb425820d752a71f46f6e8c79ab197cb6710d2ce472b5d4fa3fca4a7cd82f33b0a750a33b79c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d1b4e234823b706695972966a0def28c

SHA1
185d3d210b7f38970a4bd05499e0df5e851c9c38

SHA256
9cac83a796177e0489fcd9e1036ccae46139dd4fd91b8070138ede5d6568beb6

SHA512
3ae9210288825f7e7565f3283eeb0b8314a561d83d69ad012dc403111889ce03e975826063304ba8c29619a564664a5c884c6d2ee45b7532e90472b4bdb26711

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d134dea7a760a69014852f7180cb8336

SHA1
2246d228bc897e42f70cb38efca6c65436bac913

SHA256
34468a4cb62ac28963667005e3d6de75570663b335d7aa23e4dd29e74b1d86ea

SHA512
1ec8b02d7c1b06a28240a67e316e892bca11b2e4650b965fdc8d2486c4869a6d141280fe95acfe8aff1463faed9d3a406385e3d7123473444b9e62157035e348

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
825fe1523922b69efce37f473b744204

SHA1
e2ed43d7e5127e96a79628b961c8a4cdb6470763

SHA256
bbdb62bc2a9f44b1113c4009a257b2dc3b327d3abda4d7a70543c2270c8dba49

SHA512
a423da13c4ea6b35272121825e583603d0b24d00ce01a1138b2fd48b4929ca3dc29ce73b48aaa92ad69f2a94dc7b65966fd1d507ab2a6db49c2341af73e41d74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ddd2a4e4f9779d30b3ec9bd2aafaeea4

SHA1
c93c6987f99c960c293649b396c29fe3b3f8abde

SHA256
4f39d3e2d185b8cc6b080d6c0b057fced993bc5a95f6601e4ad991fbec85469a

SHA512
72b3d33c3e99d983a1aed55e01e366b0263c1810ee131b6cc9da2acfda9cedbd83eb0c357c5e970a287ed5c5c8a38202da4bdb8022fce693d07471328c0030bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2035d45552400ea0ed30f13af86891c7

SHA1
a8082fef0f1a7abfc9ac0dd4d1f1067417783a51

SHA256
7b7ae4bf772cf26e88611d66d90c6f156833bbcd151aa68d82a4d4238251c1a5

SHA512
99d0666a7123b2304f06a627234f0fed9c73a5415948a68272439728c9a380288af79f5042554266345dd68bddc898a3a2db04a478ec117ce9aa06913b6a28f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a89d3359d8b8013bde53fdd4235c568

SHA1
a02c0bc45a56f4ede838b822c116246d02919492

SHA256
0a7080a3334df5f0fbe3ff2dad88a065a80a8233fe0eeaaa402b4336fdbbad22

SHA512
4e75cf058cf43acdbb76b0aba308cb167adad6b8e501b4e1106c210bc4d7b310c49eb7d329ed5c002d25199efb2750daea547aed1a8e9550b1ccea7a97cae64a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c467c8e8eb6389667a943e4e1a8de4ba

SHA1
9335092bc592293658c07dfb2f9a3f61a67028d8

SHA256
530daca6086978639f95a4ca6f8f76ff9c9420ff19add66fdc13e0a34d116b47

SHA512
9b1f40e513ea16f4661ca189211eabb6b6f002f319579981696392339f0a4f674d09fc36672ec76a31d8cba86fa636ef301c3b7a00ecbe4c70bcc4d06a18512c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d1287e1cb0d9508a7ef5b7d8756f69a4

SHA1
103b208f84c1afd4f6b2bb03837cb463651abdd4

SHA256
01b5ff8e61c84dca17712c9e07a1ff0f4455567b1db76db9ca019b4fcbee29dc

SHA512
a4790e5f8a6115c7c3f66e2ffd5924115624486f0de0f8d0eccae8beb461d0a737a2547140c8c1dc5fd2e5c855cde9463f7f34792f64f2a5954e1fa8ab90c08e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
802fb4ea963713811d6819191524b65a

SHA1
71863777149d691652cf3ec0276e87f471122481

SHA256
03b32f0e5c102444aea6e8f15ddfeced913492ff958444e3981e7eca87980ed9

SHA512
a52489f6d8297ad1fa9cc5cc270f2684a1ec13e038bfc5e17aa77ba421989002fe24e7e0213a73ca2423af04e883f90931931530ff99e601172c33d04e25bd9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
808b68b073646a28455df268d3476482

SHA1
1184587277992d3d7fdf8f9a5d5df11a144ca8e6

SHA256
24a0d0cad49f41cc3179147bec71b030ddf12b67f6c12a7493d15cb5135c15e2

SHA512
a73d90655175a5b3f20eb7975fb6d1a5c37910462dc0fbff413b08a68b4ef34cf4a9a168ba6efc19079cb9f9fe6f5d12cef309b1c8f44629fd693476175aa2e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
772acf5afb4fe7ef9e4c7c5436174b66

SHA1
bb9dd737849895eccfb6615e110fb0a222bdb4f6

SHA256
d6c1457585d83ff64875eae32a839fa77d1a1ec8bb5f8d31a0a5224524ccace6

SHA512
fa10b7e636483c1b8756cb6123d07deeedf4f2fd8b8e60dbbf66e6e48f37eb86ff7b1fcda395031ff45f939734ca43c569b9f7ef6a84e96f4bf64e410ebc2e76

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4A79.tmp

Filesize
7KB

MD5
1e552a9da00409a74e57cbfd2f875095

SHA1
6c8759f68703504a2b666f2c72b1afccd40418d2

SHA256
874a13e0127a2e489a1332ba0ca403368c7e1328a905e80f9587cb1c046253bd

SHA512
c2375b7b9a5dccaf3728ff3fa06b48dfd8fa8efa9a09b160946b8485176688f69a8f910eb2637a8bd227b9b0c35f7536843d3a55a08e7c7b82a9f41d75748c6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4EF1.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit