8eccb9c18c17919fec912313da392cf079dfc063d87b81a60a797147e4760115

Analysis

max time kernel
145s
max time network
147s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03/01/2024, 23:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f441cde32d49ce8fc86e81cacbfb9cd.html
Size

3.5MB
MD5

3f441cde32d49ce8fc86e81cacbfb9cd
SHA1

d10db0a07e28d51ac1d7ac723e1efd044fe318bc
SHA256

8eccb9c18c17919fec912313da392cf079dfc063d87b81a60a797147e4760115
SHA512

9c9156d16f20c3ff0d748c551d1ec8ce7a8036fc4d80feffd073fbd700c507ce20c122335161d9d9aefcfdbe50f3a60dc858e1b4b6bc5ff36f36557ef98c7e5a
SSDEEP

12288:jLZhBVKHfVfitmg11tmg1P16bf7axluxOT6NSa:jvpjte4tT64a

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4075dd129a3eda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410485240"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a00000000020000000000106600000001000020000000a0f4151ea4fb81c85e6bd983939925ccb7cd1732a972e0ed8ea7b0e350fb7652000000000e80000000020000200000003637f4aa419040aec3d847a2951630267f0dc54162cfaf8e7f9e862fdda907222000000066b77a29b1ff56a14e3593e2b01a226c74d9b7a08af01156ca60daf765512be94000000036a83d6c655fa87d353479d9ea52bbdc189107ddd131354e993020d96044f5d83c58e0265b30a9fbbc40c969e7ec6a140dcb113b4536f3c608f82c232036cb34	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{263A4E11-AA8D-11EE-A586-F2B23B8A8DD7} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a00000000020000000000106600000001000020000000f21130d185e49623059b59e603bebaf239becdeab3d3f5a065f10adee6f8ee75000000000e8000000002000020000000f468538bc014b22f52699018d46d802bc8021dbcfc6f95dfc7b986a90e8d4d64900000004bfa6cada79b2abfa163692ab10124b1ae8405da4e176f341a0a111c1338c4af4932cdb33bb4f1626f75c6753c82bc78552a8d6d3bb662c2572ddafab9dd7b657df21559959d31c3441f3049df98430fe86933bda1c52f74350c165ccb85bfe5da05cbd97c01ca8110539d7183c85b1e177d6363e3a4c3066fe0302d1f628f29d867c27a471b8afec6cdb8b4f569b64740000000c0fe77110e57467e90c135631ce2e142ec020d7b5a33faa714639d4b6508c0d7c8f5fa26ccca76ca58b7aef93d1ed2b96086ed9903190297bb31e8287288b11a	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2284	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2284	iexplore.exe
2284	iexplore.exe
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE
2080	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 2080	2284	iexplore.exe	16
PID 2284 wrote to memory of 2080	2284	iexplore.exe	16
PID 2284 wrote to memory of 2080	2284	iexplore.exe	16
PID 2284 wrote to memory of 2080	2284	iexplore.exe	16

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2284 CREDAT:275457 /prefetch:2
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2080

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3f441cde32d49ce8fc86e81cacbfb9cd.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a2f7897e03abb2cbe7796e5f148db001

SHA1
5e504dd7327523d3e1d0f62aaf4ec328d142edb0

SHA256
657a3d5aca3c4580432403a9a890c6e382dee12689e18636b1d99b35e6f29bf1

SHA512
67d797d6eb90b578073ae0363b171a300a0656d1fd63b06df0dbb33b68c59463b4dcb69947c50ed745e776e588998c6cee979556107210a6bc7b593c97a673d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b6e182dd19e025ff5e1ac223868f013

SHA1
014b67db1cd59745a658b2c788d0b163b0b6166f

SHA256
e67e352409c291dc52d655d5d518bda3db11528238bb3e03599425397c23e754

SHA512
5d4ca35eeb1c790775613da5734fc5032e219e19184d0b50cfa0daa6acbaa22d0f147ea5473aeb9b67138697e934bef1e5efff33fac34fa704898b6910950a22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce75a48cc9505c9c999843cb70ca5919

SHA1
b63b84885a8d6c5a09d8dc08487613f34f327549

SHA256
2207d01a64030f09f29d8c572406eb49e30a9137bb0fd37230adbacbe6b8943c

SHA512
024633f1d072db985f2d3d856ad579cb1a37717b98704ebded19f674123638a4f58e8b03c72a7f638a91bc05d6329cc236ef019681cdfd2e25fde317ed3de674

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4472102639c89c1ad9bfc9530d1cbef8

SHA1
de60b71616fa1b7c44fb22cb236b28236d6398b8

SHA256
905a58cf6e50e8814509c49aa43f4b724e95bbddb12b3ba813b17b0c191a9859

SHA512
53493a54605a90359c96ef65a3e1746b894c24e9f59c793a2e535284d43e3b636b84d9bb1699995c24c12ecb564203302ab618c06602dfef47e8eb86b2727006

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
44634b9b6f131e80f6ebdfd137e167b7

SHA1
6ae66056d3a38be5faf5634f9ed780d07dc04e4e

SHA256
b39f36fa6e5ac1e834c20335f10d86f4c1b00b674dd9fb1b2127a7ece6e3bc74

SHA512
8db5e046467bc57210f440bb56940df53cfe3369f46bca2f79e8efcd92b5280e88aa4a7d718a6afb4dc158e20953da55fe4892a4cacd4738a00b5c4649462704

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b173c815e179b74184da459c3ddf2293

SHA1
4ec5c4c6d34c9b1739427fc98fb5c22d2ab07f19

SHA256
bce8f27fc33a49fd16c093fcee379cd692a5dee81a692047f42085e4a6453eb8

SHA512
bd8162d554137a47268af7670a0dfb08dd9b8617ab40c6dd029d5e0df22277df0099e5cbd54b2a1549ee8c4fe4bbb5290b6d89f3baa4751a5754f5abcb325365

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e45e0374f4db856f4db0cb7e896b6331

SHA1
3a8e34ff93c477a9e5efc3b0dfa8b658c95bdb33

SHA256
fb2079e945d26d25390fe03898dce1c0611c66986b878275fe9fb9e5a82bb69f

SHA512
a1bad95975be0e275d9f54023a9959cdd5f72616501e4634b25b654e80e128856d28948801f360c92e796a3a510b5df95a7ccbc8382dbdb8375b3442297160a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef130b986533ad0cd413e1b79f88cfb6

SHA1
3fc240d29b215c0c0e9ab5312abe3d9aef95827c

SHA256
3b995d6323063e115076a1f994f1fc98eeef58889787771d4b547904cabcb936

SHA512
188424cb707fb77cf73f33d085f1b12134708b5b1c2cebed649bb69b7f7d1b6fb8a94ab652fa2d58fcc82b7c119d19f1c818dc37b51722a007ec3c9aef115441

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f6a8c90162e8c4b7d2126808485586f5

SHA1
6e5ccba92a139d9a76a5d333f451ff07a05dcc12

SHA256
f6f474411666fe1edcf882f288da126774b56c0e4e5a8148d002561b8f610731

SHA512
396f02d2e4bf7746dcb40d70ea9d16c532620b44485a43115affa7f65988a356dd6e6f0c7a9f0326f4310a138b657433c7bfef7bafec8231ec055de7413f3e3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d44ad9d11f68a7c1ff2c1053ffd5fdd7

SHA1
183699b4c338fc17a2a4f88faee5aad41f3559e5

SHA256
225f035ddd28a0688b85ca94bb252bdbafafa830a769b51b8ecb44f755134509

SHA512
e1d57f1f025d5d93793ff31d466392b50aff56ed57ad9a742002d175e5cd33bc3d513ab3410eca912da63843be33eed5a7ea429d5ee4b6bd8500a10449fb780c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad9225c3092d4a8dd43d2e72dbe02180

SHA1
27a059b7c10b89c548dd129d435f407fe5d5f160

SHA256
f9e77a5a4038a8a9e0d982bb770773191305700c90c35fe38a7d696df05a3c1a

SHA512
56071023a0074bd0234cb2dda577600c58c70e6546aaa257c99cd374dc8b58ebcdf74935810a7c3db80adac5662574aef517f8849bc8ea966d783cb302ef36b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ff8823cee83bc623d295004b36069e7

SHA1
905b3237298bbc84e1e64f900bf5080149d6b3dc

SHA256
49654c4fe23327a8a6d1a926338dd05bd84107f0c753d9a67a965eafb42b526e

SHA512
928349f89cb37d1d206594876e19e0573209dc3981aa1e4cb160b6d99f425af8f59f6fd6abb50ce85e98361f168d9118a6d0ccaff52f02f41d8491258625dc3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
654458ea9777645c62e2452c3106569b

SHA1
7bf12fa5db0ba33eda14d146146bb031018161d8

SHA256
181334beffc3bc2ec43eeb7e5fef32c729c02fcf742c9a6ae6674fe5a94965c9

SHA512
a7de6537801012cbdc4051886bf1aeb81b2580a7e760ffe5e4dd460a190365017d398d6910625db8fa6e746fcece4905045ab6ca3a69bef65c36ca918a6e1342

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3F2LH07\jquery-3.1.1.min[1].js

Filesize
84KB

MD5
e071abda8fe61194711cfc2ab99fe104

SHA1
f647a6d37dc4ca055ced3cf64bbc1f490070acba

SHA256
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

SHA512
53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVBRC7A9\beacon.min[1].js

Filesize
19KB

MD5
dd1d068fdb5fe90b6c05a5b3940e088c

SHA1
0d96f9df8772633a9df4c81cf323a4ef8998ba59

SHA256
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

SHA512
7aea051a8c2195a2ea5ec3d6438f2a4a4052085b370cf4728b056edc58d1f7a70c3f1f85afe82959184869f707c2ac02a964b8d9166122e74ebc423e0a47fa30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\jquery.min[1].js

Filesize
83KB

MD5
2f6b11a7e914718e0290410e85366fe9

SHA1
69bb69e25ca7d5ef0935317584e6153f3fd9a88c

SHA256
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

SHA512
0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2AAB.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2B79.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit