dbad7903c8b53ca373720b6cd67693fb5233eeda26dc5b07c3f04b2dbb7649dd

Analysis

max time kernel
143s
max time network
144s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 08:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

432ce70eeebadb53be8c51f8f63e57e9.html
Size

57KB
MD5

432ce70eeebadb53be8c51f8f63e57e9
SHA1

c5f70ab37d19a3438d8d6a4b7f6cf61eb01ff90b
SHA256

dbad7903c8b53ca373720b6cd67693fb5233eeda26dc5b07c3f04b2dbb7649dd
SHA512

412722ca60e72f8151af103d020f5dc637b4d7e112bf37b5afa8bd940a137e3db61e54809f2b6c5560bc09d53ead7fb157aeb327489c717e8f2671e63c6c2488
SSDEEP

1536:gQZBCCOdl0IxCXFCyfJfVfIfOfnfwfsftfVf5fofkf0f+fnfvfVfrfefkfnflftm:gk2T0IxkhNwGPIU1NxAMsGv3NT2s/dlm

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CDEE5DE1-ABA0-11EE-851B-E6629DF8543F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a000000000200000000001066000000010000200000008f4f65d6eea9772fc0e54234d708b1617a8aabba232de32e48dadf242084233b000000000e8000000002000020000000f7acb8cb91be410f7cbbea790a34de7c3321bfb7aace19109f1c71d642409e542000000007301714ad2519a0785517e510604a8177daa7fa4f47a6f9f978b5c0d827f54f40000000a8c7ccde986af34b205c746ee351a8415c2962cf9c3d6aa6e36ed871ac4f00f2dd56b385bd3cf3533a924bd2e4c74b3fce06dc391a258b4f3b4eac864be6bf41	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410603647"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 909992bbad3fda01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a00000000020000000000106600000001000020000000c5c6fbb0f1c7a04b61e9862f0647f63b1640ba2eaa33d6b74e51948d76ea1768000000000e8000000002000020000000fcffa00c2fcd82e37c900be9218ff003ae6569f158dc02c7ce5526d9726611d190000000dca7d56122d9ef13af202d9c1b287644191af5392001ddf8a5cc4b6de1f842248df966dd6196495d95e834f40c54e4036a2cf2df757cd4f80fe986fc048e947042c34305b4be35452a5dd9a314848cbe333172871ecc2053555330187d73a80758e9ea1efceefbedbc693c1d40d88246c5c30683bf0390fd5b592a595ebe64f3b5d6212bb7f2287182236836f8e0a35040000000dd43d34c24f710a31f0504678944fb376df04db2c43d19aaf81b3cd54c877b03072715ca6955408788f3999578c6609788c3a2e2cd6e571d4e3dd201ee8b4a23	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2108	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2108	iexplore.exe
2108	iexplore.exe
3044	IEXPLORE.EXE
3044	IEXPLORE.EXE
3044	IEXPLORE.EXE
3044	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 3044	2108	iexplore.exe	15
PID 2108 wrote to memory of 3044	2108	iexplore.exe	15
PID 2108 wrote to memory of 3044	2108	iexplore.exe	15
PID 2108 wrote to memory of 3044	2108	iexplore.exe	15

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\432ce70eeebadb53be8c51f8f63e57e9.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2108 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
986939cf7859857009809b40b7f69ce5

SHA1
321aca660eccf12f85a230649e3be1bb6dee8510

SHA256
c9a5e54562a4c8faf1ba454b088d8b71ccc6f07c4dcfa94c1d47825bed93b39c

SHA512
4ef8f8f8251a302b63f2cc1b6f963d948a7fd300d790ada4b6fb109f20d9fb208344916e2c129894b3b947d6e123ee0f92f1104d28a2afda5d804893250ee3be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c6bc62d62fc560002aebef95db1a23b7

SHA1
ab2dce4d36846c7ca177760603072f2f270a7d0e

SHA256
11f993bdc88345dd96dc3a853af4f1d30131c7193dd4621fe34c5b09d3c91d99

SHA512
538203119b9065b7886b1d468b858293e61ff11a1422e62a431a2c42030764a90383bf6eabb60881f775f8f5294f554594913673707a602531276d6731f0c4d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f7b5090d21c41cecc13ac4158beb9ea2

SHA1
7030831240a2a66d63904c9fa94d4754eca42cf8

SHA256
ef7bee412b242735fa9c8c3f3db5c576a90090a1bb2f897937f17b08b525f521

SHA512
47c581b0b3b082c9a646e88afd53bcf39faeab340641e8289a189a594870727491ca17c141ff72184d5ddb9acee1c0099806b28352dbb7284dc736cfee950271

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6bb82d4bac5f415bf7886d299940319c

SHA1
93a3103dd71562d25f9e2f910b32859057f2bcbf

SHA256
c2cc52260902777d1450da146bd319a84aa6208a6c909e3c5f8002708c98e256

SHA512
f492477670af2530ae32fb6197bf53cb0c5897b9dbc573fb30a9f35c18147ed62cd2b3dbee515a4eb75a2027e06b073b5bf3c9aa787633d4670b4aceed952b1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b9df66dcde5627c1e1a3cf0368afe1c1

SHA1
9bcca076d29e2d8a0a63e73c63f307f51cb20b65

SHA256
ef3fd6d0f6d7a3566461dee5be1e26bf86d51a21aa8872a436c9916d6d18b234

SHA512
d1b930a1dd3acad2c01709c924867419accf2224e83ce66b27076ca4d43b37a577942b7d95e98c0effda9eed95bafd9a0857f4a6c05fcd763560944056938942

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9bcb6d20e2c985cf4ed5a86fc930fce0

SHA1
780cafdf60ff1eff5a55e75870c8f6ab6018988c

SHA256
b4f7407d60c76c2c829ac6170eafb01231208a8879fa664093a96f02e465516a

SHA512
69477f5c39d78a95578e993ec947d3cb8482e7ad68ea2ffec014c040f395d1ee96e294216374325e8c60c4979c464ac3b4ffcdb77d54de9100f87d0e7ce1f942

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
764d61ddbe6145af5309fcfffe4537af

SHA1
5cf700c771ace2515180d138b13d9f539d0c941a

SHA256
5d73d65d37f3aaaf0109051aa28c73acea843e5d932229f77744153a29f683b5

SHA512
a7f4d34ccaeeb3f4bd9c92dc5debe498c2891dc0fe2a21cb38ac58ffff350dea79211af29d34e71126b50cbe34fe981c51d9f632b99c248cf1a347a6a5eb7fe0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cfe9df9362778059903c5d8991352c5a

SHA1
04ba81e7429cf7786df2eb642406b4494bfd2f5e

SHA256
dc66686c96f62203077c79098b64f199887d18375b71e49462e9dd06420115ae

SHA512
b2e919b3b442cdb4cf84eacd74f0bcbf0674b6fc11aebd9c697e779883ee49f344a78547de31ecdfa4bf23827e262d964af828d91024c824025657bb9711c9eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14f19f62afbc6724c3cd1b2338c2177b

SHA1
ce7c18c7c36ba56e956d11229fbf4ab6a66a7c77

SHA256
4210c8734fed40037fec1389f8515c39239b3fb3f823211017fae5e4e5d74b0b

SHA512
1e345847324a6fb084e500e7c249fbed32475579ef20f8b19a09abfe2c7700e9d9075fbd257d43bdf6e2a0b28daff999f8be9d37ccabb89863f2fe4de0bb5d81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9bf0b1a1d7ad36909056b49a09c89ee2

SHA1
e4848eda7a326570e4d0edd795bb545d76288b50

SHA256
89f450335a3e11752887cabdf27d61ac1155a9c4b9060c5eb3507322420827cc

SHA512
e02beb8bb06be3ca468de0f7778d70ab70b18264cac66c736d1167004c9289dc5c46240c70212e73a25bade2c9d740a8236e5763fc8f0b46d08d13b2349e70e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29cc3d17204ca14272652af77a375ab2

SHA1
bcde334b1563b5aef7018fef4a2dab9281e3e1b2

SHA256
580f90bd7aa99039cf3e91630f23eec498a066b37367d9d36b7a4feb6fac56bc

SHA512
d338ef440fcd3ba95a2105dbe6c7ddf85b43881752ce4fe6b9c9b5ed27641850c93fb8ca8c3ce5aeff023d2baf36e6f9f003c4602df92ba47c6fc721c4a400b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ee64c340bc54e79dea70de0a5217fba

SHA1
69a78d3c50c031a447d563013a27f193f414821a

SHA256
4dfd38157df3417c38b140fa7c1e27583f046d9dc2e48e35a457a995cdbde243

SHA512
52049a256508f3b0d0aa0dbf76f1087ad67f7b63f5f6fea48f603fd575e410c81c161bd92ffae53b0bffb6c3417ff98fe521861c0cc4681a3d37f535032ba394

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c0a3b60eead4f191c9e14aba001d013

SHA1
0601d31fd9c525db41c25f4ea1268a8a3d21f68b

SHA256
f977ccbbde3700a6325bda81492117a946173146f22b89351ee5652a6cf0b61e

SHA512
e2b3fda0078c89f18b1524b9a3851af8602f483692df670e0cf619050e0fd2c68e706dc22864af75fb2328722a092c75bdaafc3d53aefcd9db8a1354f690bd36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
85339e61aa53c310a99dad322873cee3

SHA1
91aec7368fe93c2959ab5db8ae62cdf7156688ac

SHA256
3a016d3bbc7cc1f8a197ae257155658c5f554ae0de846781e4ff9d57ee657cd9

SHA512
379ececa7cde3862a926920cbca1d4487551c151c453b16d9f170e853dcfe959d9a9c0a66447f38c36982ea9cb7d0586df4dd1f9df341c42708855f5faa2f555

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
82866e7626ed7feae720f477b5c7ee19

SHA1
ee09609736ead4e7a9c01270bec57c8b83ba2b74

SHA256
ab906c5ed7df0b0b5522f88242c160950025d8eaf7d4850263f0e856bb3848ea

SHA512
5db79d260cf6907e2d0a37b6a5264315d0f01e4d486797bbfd79b7aecb836330ed6faddffecd060a48469eb74671ff33f18ca2567030c30b36ff8e9e5a5339a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e66a157afbec1534df5a076c42a777d4

SHA1
73861701be3f5add1a25bea92b7486a486e485d8

SHA256
670c853250120c388055a885f51e5bfcfdf8e042ee0d5ac79eb91317dda7c51f

SHA512
cab83aba07b9310a7ac248418a20560f87a0838db5b4e968fda524d968652e77f716cbe52037c06158f3066b7d99edeba0d67488eb1f10a1ba30bbb752781c30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
97bdc75e4588c29299851450a682a4fe

SHA1
c43d13d92a97795fc18868fdd00b73cd6575fc98

SHA256
4f838d6e530fef35156f3a84c98c4c932addabe499df226887999ed54bb1e64a

SHA512
566b082574cfd283f0fa46dbf05cfa7b757596f14ab1f2806b6e13fecb58195a6e20e932e4bb90c53af8ed601566785e3b721c5f99665f3f8f2e9f175aee55fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab318E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar31A0.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit