e793dcbd8b62259eb3ebeb9402b49f15f274a4d6a71b02a1893a6f58c4423cb0

Analysis

max time kernel
147s
max time network
147s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 03:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3fc9ffbacf3313b7c2d8747cb7edebc0.html
Size

26KB
MD5

3fc9ffbacf3313b7c2d8747cb7edebc0
SHA1

44a0f9413e7834643479384c377dfbd984d368b8
SHA256

e793dcbd8b62259eb3ebeb9402b49f15f274a4d6a71b02a1893a6f58c4423cb0
SHA512

0a084adc3bf8027ac40e8ced74426b82d2b7cf3d3146de3fbe7ddace0e037132cfc3746f485223ba1999278ddc6c712e1d06b33e6247ecfaee6c6685b775be7a
SSDEEP

384:4+QfPFd9QZBC7mOdMJyBKfpC5IgSnbmFe7Ac676JikJvAgo0izAYPd:Zcd9QZBC7mOdMJ/pC5I9nC4/IP0iz7Pd

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 900ec5e0be3eda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{09F59C81-AAB2-11EE-AD90-6A1079A24C90} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000ccd6692c804428899aad90377ad534f791f04f856a04b8482f51dc54e7596acd000000000e80000000020000200000006d8c4315b1da6eb99a3ea5d04c96bccb540d2e69455753b7230346152362830420000000181523783233e8bc375541fd0da57baccced6b3ff28eef0a1cd1897891241b0840000000b491b68e68bff07ff15bc3ae25887f971379418944d8db861e7ee2422da088599cc4e0769efe8022d6eaef5fb0b4d507acf1dcbd27e33b98cfee3fcce0de297b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000ec391f2940c7c7da0c2c5120c8dacedfdc016ed6e2b862076c46ffaec64cd126000000000e8000000002000020000000ddb6d3eb9b23f516bb07acbbb3d497a9b310568f829b9b6e673a3553865a6b6190000000bb6255271aef6f11b0a56300edade426f4839f1aca9b26578fbaf99034a2ad9c3cb78e23056eea2a36887ccb750121202b21204ed03918f6f5fcd866cc9a853d1703ba3b165006dfdd39b4f8286ddecfe36c90ed296bd2590fec0efdae57e583ae8f5816537e1eaeae3048556e92d6e0a93785c7b0959c31bc6a101e772d91dc4d0482c02fd1c8af5f4815653146a3e840000000b163ef2c9d938992c3c0f9dbc819e719cc14011eaf37b246ced51b59bc23e3f64a57859bc64711f3a402e6e97660a4af0ff247636cd33e56ef0413f58b4367ef	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410501095"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2280	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2280	iexplore.exe
2280	iexplore.exe
3048	IEXPLORE.EXE
3048	IEXPLORE.EXE
3048	IEXPLORE.EXE
3048	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 3048	2280	iexplore.exe	28
PID 2280 wrote to memory of 3048	2280	iexplore.exe	28
PID 2280 wrote to memory of 3048	2280	iexplore.exe	28
PID 2280 wrote to memory of 3048	2280	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3fc9ffbacf3313b7c2d8747cb7edebc0.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2280 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c4a22b5c2b7231fb081b85c06179e73

SHA1
37ca6dd457dd33eb7c1595bd6543f39199db1422

SHA256
f3169eba8317aa70697e64a8310966fb809d4919e788223ff834467335b2cdfa

SHA512
8469b2a9f3643fc4f12a10d4dc48b85792b1bb85251ae9167da251ea19b5ba1aa7813b469c3fe13f2dc80cc2c44bfcc9f4c4a632a156bb08b2d03bd21018b55a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
158fb5801cfc4cea8b5c2dc9213ef37b

SHA1
9a03ebc1394e6bb85a0db4351fb70dd782cf454c

SHA256
7a28cf560c1ea9d45b4a0ec5df2ab8a3b83cc3f784fb1cdfede8a1ee544b5ad9

SHA512
85c8268b7091051e4f258e2b5d73fc902907514593d862dfee51db4c8dfab21d2be3363a6167271d9bc30e3c6affecea45d18aa4c9085bbf5bccad5cb76eba69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
250396143a43432135cac1dd39df8534

SHA1
1545028ac9ec33adda6a41ca10ee1d847e517e7a

SHA256
1162254dc463172b5d41a50e2dae7e6409742d3ac0c65ce9515197ad9ed2df19

SHA512
148a360d30c4847f42cc07aed849459bd90359e4f855d35441709c4427138bfb15f296bca9da1db4f072961340be88dc301d4f12ce6b89daa9c62fdd436476b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
296e71bc9c7798625c989a3146229dee

SHA1
3dd033a9b7ddee1cba7d4f64dc9dda9ebff3f439

SHA256
a80262833b943230c63bb64123231b840a0f2e61dddff101bd56ba994b2be609

SHA512
1d02bf61f1c88985e40cea6d910380777d36c8b0a41b1fdbc348d0e92598bc0ad9daa39b144360577e4fa28731e34f80bcb356b28f829f7f04f34c0a5d7e99b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f20ea8a551166f373b4ec1a823e2ae3e

SHA1
00c5efc8f316bbfae586246797b95afb2f887a57

SHA256
00935317908fdb43d0e0b7c08a9e8885a8ffb55a9b8bb0bbd91d801cede73449

SHA512
63480c8c91cfe09285e9c86c07d006bc666922e63c9c9c43d0d26416a4cf4efbebdac4d2c5f486bfdaa515d28c2c09538cedf32b6516b51f0d23009523c62485

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df9a513017a1906922447da727d0496b

SHA1
9cf203d875ab2a1b3b2e508e1796d4cebeaf9645

SHA256
a0eef492135300da923fbc1194c70f7d40fd9a5712b4135b398cfb5a278fc79d

SHA512
7224fc5dfc167ec45a0d7b94b5597fd29965d33ccb3d9d32886ed4b68357481367fb578934f8945b2f806226086a6749851b467e686c5c150af35115cb4ff819

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
77058e44e204fb21ebf47898c9858141

SHA1
603ff6533ed5f4f6eb33b47837ee348aa4a4f860

SHA256
091f8deb58433a426ffdc77b1e7384bc36de60e1c71f8a4dc36cc30533b155bc

SHA512
70f51585af2d1455e4fdeb4b3796fc9a3f8565f33e1a9d5558f9bddf2ac71a68b3ba4d638776096c9343efba4ccac6fbaf401f9fa72892588d11340b9f8d2ff7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bddd412520b13a5f8f29cff642a36808

SHA1
d48b1c7632bb3968c732051e8c81b6c9fa84d7ca

SHA256
2a3167b5624c26f6aa9f1f836c75598dfd03f22e205a09be2c16c9a346b20d22

SHA512
2a25e14184aae64d6bc293d293979fc36d901b257274c5baa8dd5b3c37f4a8c3b16def6aedd28c9fce6d722d98b2ce3dcb7de61e09fa2354af657acd2619b6c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
28b6192700fd5443ce58b04626d252ce

SHA1
9cb8a818eb55b9f68b3191d59995e2b2fa2f44ef

SHA256
9e0937cad017118b4cec44dde1f7ce0488c2e9144cad8e8c4e94ff7ff0c2c385

SHA512
b1b810db13cd9bd95709971f5b24affac509816f454e1e30a1958b88cfb1bcc72d4174c48b566defaa90c09a3c0e1a2bca9ad601da67eafd722fb9dfc2be06e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
269c4543011f0043065760a82c6be554

SHA1
07e2437bab6a783a3034ed1bf26517a2a68e77bc

SHA256
aa57dc0baf00065a1f5b297db20ddb7069bcfd69e08c927e129da7a038a09173

SHA512
ac7b991638aae02f340d91bd895d54b20c5f7e83c17ebe26df8bb99b254b57e4253c59525f7896c945121223bf468d58714d265491904f64ed1c169a486ad40d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
47df33351329b29e21b2ab7d0b693bcc

SHA1
46f1086c2cfa28e55c762bd0eecf2f3be297e773

SHA256
e58e445e66c25cb0a2af05ec01714be265ca83e1f46d8c4aaf04ec2179e15bf5

SHA512
92ec7852e38097993e25ca759ab0b741bed77021bfeb14f6f4f2a7349ee5deeb8405aaeedb3de06192d0ffdaa36549cc7d98a491c1e054cec86e8b1ef2260800

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
23cc00f24b7e1606857feb69479fea3a

SHA1
92a0c1e7cb8528d321ae1a833cd360cd94b803ef

SHA256
5e7de3ae5be320d821620dce7d98c70007428ec62a6edcf88f9bc00129cc6862

SHA512
0fe09b23f22600c55145bf884a57b9700d45f8ac87c5f98debede4f3a35879f1bdc6345ec097c3e7b2c26568e2b1ab43c2d631c7569f35a913969a4bd599a3c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bad373db2a3328bbba89a227745cc706

SHA1
2b0f206fcfcc6543ce36fb93851b9bd7d52cfa50

SHA256
7be602820c84d756103aa835670f3a1a7842ae2c5414ed17d7136b7f5e0514a3

SHA512
2eb219ec927779aa8ab5ad5c58421fae456de4587f5f8bd7d3cc16ef2dd8ac2445e75f1f9972fbed625f7812f708240b6961c0b767f78391c5829aef10c283aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b0611dbf956230392af8104b5a313e49

SHA1
2f36a2acb48f8a99e376769767edee639e5bca70

SHA256
1c05f5f07350db52735a8dd238d6505db410a4123b6fcf227a67a85324b1e166

SHA512
5632347d5a4b6ce7280269c9184c27dcc31f04523d4458ce7c2881889d6392f4c7792b5963df96067cd702a63ee71be6c1bac7b5eb3157a2c1c6a9e0b61c3e29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8919f9c1d1aea0608da7435cb5f3e8c2

SHA1
7976dffa276ec3e9c301f2033b6923b6d6fe8920

SHA256
40ad8248f2217480eb7f53d66395621f108d79ad57178b0f951286026dd0c129

SHA512
4e2300361b8d2abaf0d1d00bb7bbc8cca25dae28ca48a991ef39709c028b5c378d481d8d8dca3c9bb7d3cdeaa3e47262a0378052466b71c566be8824530d2a03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f32a3a78d780c34d539111005bd8181e

SHA1
e9af9ea508d555c8265fba73c05b55bd9fd65584

SHA256
63fa7320b8a65cfa12e8b1a785025a87e10160fbb52a0167052869088644c402

SHA512
cf1f15092972d970b817abce12e7ae50023e0f8455069078d5819f7f73153d2b39246f8a0240c01527b2edeca0e16b1de3cf83049e35d8ff95343bfe8ef72eef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56481dbd07950abb71ab1e75a902923b

SHA1
3f05e6169118d2c2c696c0b571e425cf382249b6

SHA256
c6d1a70fa06d04bc0bcf4dae946f0134539bd5f9fbec52f2eec5a8718303c227

SHA512
d713810c95d79a0de2c1778ecb716c57bde05f32b45d4fce54a0b6043818571592c21b6816b92e837729155ab942a5e6cd130caa9307bca0a1e77382b7c6f705

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabAF74.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAFA6.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit