0d2772979a7d0f896b2b0959399e5b2dc3ab8c35fad51999385886ef683e97a6

Analysis

max time kernel
1s
max time network
138s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05-01-2024 23:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44b2d930eeb5b77d9137446a2c433669.html
Size

90KB
MD5

44b2d930eeb5b77d9137446a2c433669
SHA1

1fb3f089879cf8a522911b5cf9d96275f8943cd8
SHA256

0d2772979a7d0f896b2b0959399e5b2dc3ab8c35fad51999385886ef683e97a6
SHA512

67352c1ae86de20c1541478895d82e7fa379ae6230aeba118feabcc53f5e56a3477704280ee82464f80f3911d4c8acba9bf6598af7e04ec42bfca2f9828971bb
SSDEEP

1536:3wvo9q7KycrU2q5IxPI+hDhW9c6dJGPmAtYSLquq4qJq2qHqcqtqaqLqBq5P9bxh:334WycrJqixgmoclPmA/qRncNrNyNiz7

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B7F13A91-AC21-11EE-B2BF-5E688C03EF37} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2932	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2932	iexplore.exe
2932	iexplore.exe
2972	IEXPLORE.EXE
2972	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2972	2932	iexplore.exe	28
PID 2932 wrote to memory of 2972	2932	iexplore.exe	28
PID 2932 wrote to memory of 2972	2932	iexplore.exe	28
PID 2932 wrote to memory of 2972	2932	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\44b2d930eeb5b77d9137446a2c433669.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2932 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
60fe01df86be2e5331b0cdbe86165686

SHA1
2a79f9713c3f192862ff80508062e64e8e0b29bd

SHA256
c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8

SHA512
ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8408FE5CA4467EE4DA84A76EF238FE3

Filesize
1KB

MD5
e829e65d7c4307d6fbc13c179e037a36

SHA1
a053375bfe84e8b748782c7cee15827a6af5a405

SHA256
67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd

SHA512
96c5793b2b57d8df5891c94015720960e0da4c2cf8ce1fc5707a0b46e5db8ce3761fb5fdb430f619d1579f13e80fbdd973ef6a024129ed039aa193273158fcad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0380baae6814027f1843af62db344aeb

SHA1
c972785200ed6ed8d85840d24045285e4ddbf6e6

SHA256
22e123033833fb2a5afb385ef2129e40b0303e43ef60cc006e472ffaced3b4c7

SHA512
9f8849ed55256c0915921f0f23555afcc7763290f2e25a91c056b0ea31fb518f3d2e7beca9c6241d0cd0142b1582be8d1135f6286702a1803637a50bbbff740b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4cdf36e5079ab1278952008159abfffc

SHA1
bcecbefecc0c8139e75e2b32dc8192ad7c2f7b1c

SHA256
46b128d66dedf587413974186ae768b6054e57a8501673d645b60a9fe879e2bf

SHA512
4dcd71c939b4614636ab0d8a630e60f24336030d714d6d113ee16446b37e33b5a7cb667d5e9c0883f02286e7b8639166ca7547bb27d79ddbe2504562ec1f32e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
668c017c28751fd7f69a449f974b5194

SHA1
e664d1e736b23aa094587ef183a13bdccd6b2077

SHA256
1510ac663a3fe971544148f2497cd2a7bb8a83e758336117b875f5bb6117c806

SHA512
55c3aafb24d7b5e9bab4637372de7ed74dad0c56f23816f45bca917738b97b1218f0207a52ee72c607d020df35f6f5c7045fb0f25b381cb7140b923cc672c2c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e2a48fc16bbacc394a8862c65db6f1b

SHA1
42a9de68dcdfbf1387655537142c67a95fe79fb0

SHA256
330d1b6a99699aa9175fbeb00eecc1cc2969fdd79c1ef79c732aa0b3fcc3d242

SHA512
dce41f050c3aeee09ad4c7366ae3da70bce733e56b8a5cf17c70cabd04025926ab37dae3f213dfa24dce2056fb60fecd69610ae04629470e3fe1ac136bbb9426

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf43ada466ee516e10973984f58f2be6

SHA1
9c61c25af4c95023e71b663053ded0d4c3215744

SHA256
3a87c4247a002f0bc42a45e15e3a22693b470e0a60d2bf3dfe7362946cb03397

SHA512
072cee2c2f0c3f18668f47c182774249eac5c0e387246aea96ece13c82abef4c77299aaad7a5d89fe3d3e686f37209c79b5515e5f77fe741c73921e1513a23db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
40269fafa2a91c747796b60902089e4d

SHA1
23a5b4a4842272e3a72ff2aca3fac13b5bbc2945

SHA256
b7929c280f1ec1f3e5af69f0a04d209d6aceb4bc8d3f6e796178fd7b7cc497b2

SHA512
1c1c28feebcfbd4824cd7dbb37904324a84dd980723a995565f940472cadf0d44623a7ae60d4f24ed03b9a221deaf5b39c3a0be1e699d0d12bf80815d73bd729

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a689110eaff0b90cefa6e1a12a88faf1

SHA1
444fd90a3c5b5fc7759ae9f977134d7226285f50

SHA256
d383d3b57b01f3460f06424b3a8bda90ad12701c9cf7e7bc05fbb2e6b2c74ccc

SHA512
9f9aed41f53e2945e5e50db4b96605ffe9ff31070dca184f5c66fa5dae0e00ba90a9b1fd82b8dc20db51493a70e4e2bce38b7652178fe78d71b80b2090e81c78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
08bd89dc0adceb79fb0d3f02761613bc

SHA1
6e4d6a02431ea8e3bfcc47fd817e7ac8bcf739ec

SHA256
5793a945dbf395187f12dc78e246296f4967a5db1753abab0094d8e87147710b

SHA512
b2c7b2cbde35177b694c3f4c5e9565542e31a7169a273316b5c48f4ca5a6fc14843ecd573a0bbdbfbed28e43323ce715c436e7b925554969984d73705e5f7f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ead82a902f0e6553f2638f52982f40b

SHA1
2be1934a399e5d2f2a935b06a501c691556ef3ed

SHA256
094461b12b41d850b8bf6fb6735e2c6d5af29616cfe27316e4bb1770dbec6a5c

SHA512
5f43ad0c9270ab6b08370670774777bea9af5cc66fe589b6c28c622e269850a3283e5956d4df877689d2b21bfbffab6ee6f6d89f73235713b2e569d267021bd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
65c53c3b761261ca12038b7b1b6a085d

SHA1
7dcf7e838273ddf09647c81343bfaa96e2bb5a73

SHA256
d2e608b1e8bd9883db2dfd4a3c91659048f4bde7345ac525376732cddc7b3cc4

SHA512
319f2755f5d9187d817e32d089abe9ad29ab1075986545134ed54b5da2bfc6e39140ac90082c0616d04f107e8ddaf26009a895259a253769aac0fd0648d251d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1772c1158f90e9aafacc222760e6ce4

SHA1
a6c2cdb4af985ea15a0f36b143c1c19483e9790f

SHA256
2faec896420e5f8816131aad2e29c92bffa46a2a8adc9571e6e4095fa22d3ffc

SHA512
8eb0b3caa744d364e181e46d69f977e1b290da9962f4d0089247206ce603ca49cf537b456fe7b9fcdda1cf9b8d947258436809c4c791403c6c62d48e74dab81a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
02173dd4eb9b3ef9c8ca2439bbe87e9d

SHA1
390f0673d227aea58cd625f7fba8ff6cc08054f0

SHA256
c5b6531c3bf98e26017302b0fa96aeb7820b42f10893fcfe98eaf2e8b0c46354

SHA512
347ec8420c0446fa90be30870207d16330cd71f9c21836f0a326d932d12b576f03021683c8bb75aa3128d950ac32616a36630722d80c93f5df99b979ce9122c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54ef6359ea98a76a67de6fb404d17342

SHA1
edd2021252e2f6f3efdbc04f6d48dfdd1b0e5eea

SHA256
38c663d9321cf0c003cf20272f688688575a1acd9d6b64249f0063841871b0ac

SHA512
5ea1b7ae119ca4a617eed19631c32376da3ee2b8ddfe204f30c2ee6af5bd622c7a9159dd9ca7dedffcd49afdd385de2ba766bd15551a0e06d83f8fb3e3a92c90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d239f87079fefc0953ece6e4303bb74c

SHA1
72aa1c7e898ac15c96025710fe4147ac4daaa201

SHA256
6ebfb395762bbeefa5c116852f9ea1db2da1c70ce442e3dc1623f1736a9f53ad

SHA512
4f81d557882518bd3251a5e647ec8bf30971d55149899cd5fa78bf7d92237ccaf70e8ebd4b25a2ebe6f42dd23dd46ed92236ff41dc4e178292c8f128e0827a57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5ac4bcef66cf215c5ecee0757a293e4

SHA1
f2fd03ab5609a7f31557f382d177fcb078df0087

SHA256
e65973f2636d14bb6e888859339c98dce6f456207251df51dddad02c05073597

SHA512
c151d7e905736012d5d63a3ebee6e6b4d97275fff5ff3e155059f40140bc622dda8a84ffa26b0ca044260cd950e86406c1cfecbcaa0f08d143eb5236b2f18e51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8408FE5CA4467EE4DA84A76EF238FE3

Filesize
192B

MD5
2b6acf37f77079875ea24f03be0e79d5

SHA1
806e2ee14002a98fa2f18421329586ccf6780643

SHA256
798a05617b3cd4799e6d78aa7a73313cc9d640c64b7b9b2ba2a556f83dd78b9c

SHA512
0b4781caf5fba76852106b8458aa3eec8e26a89efdc15e3315ff09182f261a83fc858d2e9168bc8993f3ad73d7a1dbac532ba7ea6e5f9cb4b6abbb752fb2a93c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4R90HQQX\px[1].js

Filesize
346B

MD5
f84f931c0dd37448e03f0dabf4e4ca9f

SHA1
9c2c50edcf576453ccc07bf65668bd23c76e8663

SHA256
5c1d5fd46a88611c31ecbb8ffc1142a7e74ec7fb7d72bd3891131c880ef3f584

SHA512
afc3089d932fb030e932bf6414ac05681771051dd51d164f09635ca09cbd8525a52879524b6aa24e972e7766ddf529484cc1ec416de8b61255435a89ba781f8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4106.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar45CC.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit