2bec7e53104e1493d7103e623d2acb6ca942e65b9f98ae019c27e0684fb46bfe

Analysis

max time kernel
74s
max time network
151s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 19:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

41c48c3806c278749538be5cf2d1d625.html
Size

2KB
MD5

41c48c3806c278749538be5cf2d1d625
SHA1

739a75838ad5940aa513a538e611d0897c1efec9
SHA256

2bec7e53104e1493d7103e623d2acb6ca942e65b9f98ae019c27e0684fb46bfe
SHA512

1694e0a110074791d7e7b9716a54cffb977237ddfadfb41a5d9c67737e287ba5b5cd6dab3526fafbee970b86c8cbc71affcc9a37668fce43fa11c67fce5efb94

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 32 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6031E1B1-AB3B-11EE-A031-F6BE0C79E4FA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00045e35483fda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d300000000002000000000010660000000100002000000053c93b31218bf943fb05a16a35c9eb756cb8c492debba4a78b6e7f34f9e9b8a1000000000e8000000002000020000000b7d2f86e3415627697a66f2369569450ceb607e0bcf00ce3db985bd817b58e68900000009d5bba9596c4e1d98251f7306a656fa72faf6af32084aa3990702eb168f022ab482e5726d20be26179407fa01373b36e2ba7a65293ba6f6e7301d71382e5f9796bb1dc81aafc3707ab8c7746c5fd17961ff96a43872222b3bc23746fc53167e9f7c57bf977ca622ba1ba16344a667f039ec1ddc4b8a57025c081b8bea19453b7fd8318f066d5e7a80bda14824728ec5140000000a5ec549b5484854a7a6c835edf9dfb16f124b47d0411efe372c8c3a80e1e8392b21d9058e02f2bfb9fdd13506712e5eb1ab4d111b3fbd8b70a03ce9c66a557a7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d3000000000020000000000106600000001000020000000c8e34bccdfbf7959aa416d803f0b97c68de0d679e353fdd606ff51d03daf326f000000000e80000000020000200000007386247b117377f2604ce0cb980a1d60728a341ebe8fc9d254a1ebfc2c31477420000000729f2b15f292fb0d703c603d188af0066fdf68e1c79b362f8310862496cf326740000000221886e0ba0dfcd6f45fcde0801c0d9aa1cfd21e92352f05f3bed44de68eff8bcf9f56df425711fa8d54abda1525781bf3862b9a00f8b437f8c9fad490e6c7ab	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2680	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2680	iexplore.exe
2680	iexplore.exe
2380	IEXPLORE.EXE
2380	IEXPLORE.EXE
2380	IEXPLORE.EXE
2380	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2680 wrote to memory of 2380	2680	iexplore.exe	28
PID 2680 wrote to memory of 2380	2680	iexplore.exe	28
PID 2680 wrote to memory of 2380	2680	iexplore.exe	28
PID 2680 wrote to memory of 2380	2680	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\41c48c3806c278749538be5cf2d1d625.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2680
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2680 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e88d9f645e9a896a4f0bd49945f2705

SHA1
25a58b2e3aa1289f3d885ba4c3d6f732bf8a35bc

SHA256
21b9bccce8fea8a2924977287138746949b938754250ed8af50b654e95eb8ad7

SHA512
7268f0e03a3b5afe1b001976d656770a9a2e959b1b36cca4283cb4d57cef1841a5c9ce0ffbaaaf4c552e644cd5d72ae51c2971d7bea702863751a40c9b8fbe1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7735618e0086b94fe7227c2d9a825c6a

SHA1
72e509ac15ea8662bb423ac8e76dd9e073d67d72

SHA256
fa073621cd8acafe6ad5fded7fcd99537094580b977d282a6808af74036354bc

SHA512
148d359204ae8d0ba7de6a45cd6fa7607fc8ed5876ba3c2bcc1919efe0c4afc170659ea054254c64c1196caabdde91814b8b972bb427f66e9087abcfb6ab3087

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6edf20196dd115b7cb6ef88fcda6353c

SHA1
f4765a4d3b9db31145d69e05a07d2d7e6db90fe4

SHA256
57493c5a646c1f3efff447c082f086696d1ce3365d00b8fb907ae04b2d8450ad

SHA512
7496d2fd85c6810c394e770b83748531a9ca3af5ee15fb20ceaa9908bc33da9e8f0b34d53ba57a9f38d56f1c455ba3c386577298aa21fcdd551ebadbf32a29e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a6b00042eb338563dfbcecc0f0f4577e

SHA1
d53494509b640df8f88b940b44222f361f13e9b9

SHA256
f57f0ae613becec1bfcc4a8350de10727b567aa229e6a06743517e6e395a855b

SHA512
fac37bd0006d06eba6346f4bfa6a4af9be2aaf6417b8bf70831ab3b8d775992e038600adf131df3d1a99bf4d010aea6cadc103de2ae55461fdccf4881be24648

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
239b377d106ad807936201f8cd378fd1

SHA1
7a6104346f93300ced27337255166805dc4b8065

SHA256
5995e93b2750892f95ee5a4ea152c48c31f79ae901a1a6600fa1bb9309fd500e

SHA512
b51aa57eff97ce5aa979d520d4cb785b4465ed4aaf29f61a3f6d1699d2d7a58602196734568a3dcd92315050225466d1ec249427a76a1ce8cb091549c3f009c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a75f2000680c399d98bf700caaffb5a9

SHA1
e43aa0821fa89fd830c5386fc916a08b16cf06de

SHA256
12eec5623d32102854dbc65d0fbd229508ee7cc0255b5af2e4b4490a02cf73f7

SHA512
64d23f6a850ff9ef9bed79a65fa8449bae9460b3a679fd89b22ce17162bdb914f4df695328578c74c239fe4747374118c41add310584d6fc9185409fd35e259f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
83bc61c82ffe25e3a570109a86d01dbb

SHA1
bcbd1026df0f0a48a719a2f61a4445b9a3a617d8

SHA256
777986cadb2cecc8b1dc942358c8c8a4a9cc6999238650de8eafc88c166a9548

SHA512
aa07dd66ea1bd1329ca64b871abe51a3451b860b1e105f841d83fb7e70367e25b14945e78b03189476e17ec9c077cf084087bc329f42b586325ee7577e9b7557

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be0bfb73700fc808ced886a3985248cd

SHA1
612bc151cd7120aca27d5fbe1788770da6f73a29

SHA256
a3e9aafd31655c7799342ff8d70b3bd47b56ac748816f7f3f4ec7c1040b8bfb0

SHA512
af7e62747de71fd534cccc1d43ffadece99644f3480989a79ba5fa31a7535fa8cb44c28ef878276cf70985ccf9a5947a8de8e81b4798bc16ca4a8bd53dd56cc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
566f4c4be38194383c019946ac26e596

SHA1
92d23a457aa2f2ff3a79e965650165b779f83ac7

SHA256
a97c421d59670f9b17d55298afabc63831586a405b490a77a5d2fcff82284532

SHA512
0ee54bc5221f4c656b7c8c0dde9a12636e46c892e58dba425a2dc5807aa089a78c2f651a968ab614891ae4e78d7805bd29a82cb6fd0edc1e92302ef94eabe1ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d45c32eaedf074ae7c70a1e735dd4c0

SHA1
a304d36f21e94c100cc57c2d79175c820a9cdaa9

SHA256
6f350135d50fad966931d21aaf17a282193c73a594b142732815ddabd1807c07

SHA512
a41774e7e594dea05b94948b933091ff90fa1300f7ec081572c1efcc0a96fd6e4cefbf04ce7e6f60a346c3d0ad3506cd6b0c913ed6dff4eb47a18c766c1b414d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c72b85a39d48e4eae5cd3c918d4213c

SHA1
fb7d46097b0a57ece59a79d26fa4d284a9782be3

SHA256
b13710fed73c6f12d70a892dcd391644faeef6f8bc5516779d309c07c9f85445

SHA512
e108914f54615813c260b1d61897ce045f739171b18403a4f749af0b12e28c99d440a457485498746cee6862c7231ff2d0978c913fa5d4365960d963a744c36d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e25953387169fb39b52d09dddd1c79bd

SHA1
c83dad9e58bcd0feab71c840651971f1755177ec

SHA256
67c30852cb2cbc97660fd38dafadcf424a9e4afdec6cd8767c9d8f386a767baf

SHA512
4434d7a5cfecf7772da5f93123c8fb9875c2339b44c2a7ecab3d347510cd28eb2b40a363f0a3451848afe2288056e038a54c0a7ad8f801976b31cb67695ff055

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7b9738b7fb190cfbc9cbac81bc8cba4

SHA1
072d382edecd86c64793ee5ac8beecd6b28762e2

SHA256
75f851f824bec84727086a9744838b5f0260cf43a89f426cce0905e3e537fce8

SHA512
64f0f55a754328e0af80dbda2b43e17e215c202ea98378582087ef188a3e824cb3ffed2c2af112e3ca2e355376923307eee28d61dc430b00928a98cb4326054a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d61472a8a654ef78d4a202f7aa936fc

SHA1
8f93d4d2b6ed196d2de62cdd9b54361e9f7552b3

SHA256
d7b018afd547c3bd5420a607cc2a76d846b20adc7fc96502fd262526dfc25d53

SHA512
0f348593a527b0f01197afc4c00ee0815b9d70b2ec79a0ff9c3bb76da08b28880b8253defcb9dae39cb656462547ac1347dabe6723851cba9e9927096b3998d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da12ad483d0c23d1c68cb66ceeece4d0

SHA1
51c799de1ffb05af06d596bc6e9a5d1110010bec

SHA256
d71d7831364f78c1f6e7332867d0bab59a0d8de851c5bf9e3cb022c7ac0aa4fe

SHA512
3a7c4a161c2324aa98c7350eb3bfc88cf1f78f5263c4d00b4e6f0aa5f57910a1412def6b5b7a0b411601ea71f1e4aa365053022ea379dbb09a4a730ba3e6b9ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
caedcc5d9b327e32c139bcc15b1b5396

SHA1
b7dd662d21ebb2192f92ec1839a8f9784acbe03a

SHA256
c1443d8b5647fe8d720e277e69b17c50d5aa515b233c0c9c78b881542d80b88c

SHA512
bddd8073b5b97896479aaa864558b746c4649e2893d63a7ec8bebd3927d3196bfdce9be61df4e1d47c77221ea47bfff4d9f4e12688b20cbd8587bd01f41a2c4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff1f3f84d64f7e9e8bf6330e70ed7a9b

SHA1
7116b28250933bbdfdc025104069894806c3b93b

SHA256
d3ef7856983075881232a213949873106779928961f9e6726f54a6d94b590111

SHA512
67cbd31c4e834f6c7a240e864a51183deda8798e04f7c5f1bb9f20e1a4124810121b69372004cb9ab462d63822d3f743b7925cc33bccee1f4002293d7fa5a575

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab846F.tmp

Filesize
28KB

MD5
eb7cc861b6ba15f10508efe52a30f7a9

SHA1
ace17dc3fe22e57e513a8959418f7c01ad11c480

SHA256
92df40e01b4fed0954088859b7c05b970a358af77393e5f2e598a15070682d19

SHA512
32bb38757dd1d96f2e5a973ddb66d7d9ada1fe3651aee06def0c9df9a8e04601fb2e2259a79dede5bad96f205abf81623aebee7e0c87d0712c2b7a4cae99b4f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8491.tmp

Filesize
45KB

MD5
cae17bc9c5d74e0e1142b20a7889efdb

SHA1
cfea5f7d29a7dad0a1a25daf18a0cd4cb79cac86

SHA256
4d74c7d252b593f92d04a5538ff5688a4ec720ab664ac723512fbcfa3f5ab691

SHA512
42ba66aa767f8a15ce38f9e72990fe41e4fb2d7266e4334be0bcb7db7ac7eb38e7f3b424bb4fc5583197257e9fefc11ab19285f0881a054f338463fefb483dfd

Download Submit