1b64889a1aec11cdcb7513a7a38981b5241fb4cb2625d075c113c03f6476c09c

Analysis

max time kernel
143s
max time network
147s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05-01-2024 09:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4357b5d93b4ac7a37c2675d0c1af855a.html
Size

903KB
MD5

4357b5d93b4ac7a37c2675d0c1af855a
SHA1

df62be9506776c84bc4acab327befe9ab7fe637c
SHA256

1b64889a1aec11cdcb7513a7a38981b5241fb4cb2625d075c113c03f6476c09c
SHA512

65060a3cdd87aaed4b22418c3388623e263e3dff35a742cddf4ba8207de01211dd278c9570ae8c0cf8abb09b3156d4e853c0edd3181f59d39a114201823d9307
SSDEEP

1536:tsPuhuTqpcWCIZUzoEI8oe8nfU9Fa2xYekSXBKPX2+7E6wQAyAlXrGbBchNUkbjR:tsPuhuTqpSw2UjBkmrC

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8C2BF131-ABAD-11EE-B432-EEC5CD00071E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70ab347aba3fda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000ef926eba63025ba8aa15988691a4c565e0c0350f0f5e713195cbbceb3e03c86f000000000e8000000002000020000000f8f511c8c9cd4415e19c5f8c7cb78396046b6a76229aaa28ea5e2270e9e47dee900000001413d4746f4d8231c88565a6ab0e97842f89dbaf0f8617198017195e66b42304daed82bf38c20d0c39769a0bbb3cf535b6768fd8f650fd2aaa7b2b064028a0923fe8dc1d6f33d23f9645e8bcaf6ba03506aabe07c4a96fbad49446db54c603be09ee5be12bdcf0c54c377aef617dd0e362154076db278cb7a5b2b655b0fbbfbc4ec00cd6a1df6d1905951b856e8d7258400000004a51d9134498886fa8c1747a29b8384a341db0cd40009cd4b8d99aa13992aa121c4fddbe45c58ef6ccfa409c97eac19f65a979dc5dfd6a567d7d63882b2b7263	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d60000000002000000000010660000000100002000000063c595e6956b4d9f65c84fd40b9e6d5115d98823108f46788ed65e24c658b976000000000e80000000020000200000000437fdeee25ca8582c8a267a70cc680f3261b9fb6dc0d6b422f4c28f2c1c72b0200000005f2979d385dd345af1ca3eb2efb097d107cf08d226efc9ce343f7e44fb9f4c654000000014f2bab0b8e225eaa7511712bae920050988a6c27f43949d223e9513cec21681303ee0e9a4d1491b30ef34978ae66f190b2c9e5735ab67b747f6d4e4da880f7d	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410609121"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2508	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2508	iexplore.exe
2508	iexplore.exe
2708	IEXPLORE.EXE
2708	IEXPLORE.EXE
2708	IEXPLORE.EXE
2708	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 2708	2508	iexplore.exe	28
PID 2508 wrote to memory of 2708	2508	iexplore.exe	28
PID 2508 wrote to memory of 2708	2508	iexplore.exe	28
PID 2508 wrote to memory of 2708	2508	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4357b5d93b4ac7a37c2675d0c1af855a.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2508 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
60fe01df86be2e5331b0cdbe86165686

SHA1
2a79f9713c3f192862ff80508062e64e8e0b29bd

SHA256
c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8

SHA512
ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c5635a753bb71b20b7cdd9842fb61e9

SHA1
6a84fb070f2ddc23bbdc524741aa599daec69d29

SHA256
efc3a3dae0627d885579363fed85d9fc8fdbd3bc7a876c2c4a3f54a01026322f

SHA512
7642ad12b567033c5094a8a1dbc6d43d3d44d4eeac2c6bc4f62ad5d82c2b1f041f24bdf319104bdb9330796b85e9c068004f1efe37c98f7a83e1402dbfbd3ff6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d2006f45e83edfac30682f9f9f6691d4

SHA1
08e8a4f8af478f29e8287f3dbeaee7bab94695b5

SHA256
178830631a597587f6cf6e855c16cf7f8691e965cfb27e13de80d6ae8f125f0d

SHA512
13cf70adb847157a9e3a98de5fb10aabfba0b800dcd56d8237dfa2c0475b3bcedc0e3cc56d3f13e7f1f300e80465b49562d3c6139c2514327bc3fa8dd075f05e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6813e1f6784a21d14c4dca41bcaefcc4

SHA1
7c88231767c254fc6f0093e45376ff193030de84

SHA256
a46f69ac8e20102c867235f5f6574c0ae36f4ccca881b384c2c57d47a5123432

SHA512
747be6e582b71e38f2d99c9a2603f94d6f4d5b9dfee8fac00186d2e4bcb82b7fd7e5409c453b2491cfd0bc8648f3cdf8795eb261923b0c49a1b6e489a7dd3ceb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe610f9b7b74b7c7391e2ca6942669a4

SHA1
86cf4dbf7df75b6d191472402294ad05fd0d528b

SHA256
7ba9ab12fbaef9c7358191883753eec0033a9d3814cbba24b4e0415d4e8d622a

SHA512
f3e37525a8d0f54485307b8d2ea0dd981f2b65ec9e9cb06376b9c7152e2df1586e543a62b1996970bc9212e3e5dc0b1af1aba2d303fdaf03ecfb5406b6423340

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c223c46868adb5c42ac941f1dafdaec7

SHA1
1d007bb9d7b45f1504cdd2026c7f740b4ab34dfd

SHA256
7195fd8c10afa93eaf73ccdce51fc694430047da3ab1c02cbd19033825acbd42

SHA512
ec9445afeac15930aa66d2701a26da60f734791bd961227a312fd1e75cf8175d2777207a1c0053b1d3891850ee5ed21f328761eb3f95592c5a142cfccc18b124

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb100ea2fd94cb85be3e2495b98bec28

SHA1
be4faac1ce157fe4472408602296a8ed2b986713

SHA256
87d3edc724214e714cb8714f7377d8ac6361cda20bdf3f101d28e0edeb334b7c

SHA512
8c63dca79a384dfae2adac2432934b68cf3c310589102c8291773e4077d29f99c61b9f0526e07cbd1f044f2235c069038f95a9a345d53cffdf5e3249265fa6eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f75517f1d82929fc263170cccf4a4bfc

SHA1
2c7671cc23f539cb98213ceb094c72e489d65dc9

SHA256
78844aff02bd2df1168242c8bcb4cdb4d23b39c23e9adfe1f8fbffeac5771a7e

SHA512
fb01af2bf1261d5604cf058e859f259c0edfb8612f9e71d064f67f48410eb51787bba8d856a7efd741a44ba661b04a7e95e5ed692c37f10b4ece0765416b3005

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
351941397b179f780a0a8d507e43c2fe

SHA1
1bd9fd3e36a1e987b904a6f99f62bb094a3deae9

SHA256
48d83c973939c9c271566ce5536f28540c5a2246f3f5469ed0629a961b290145

SHA512
2f4ab909db19aff0a80db6bb9965e670554808d6ca69040fab5ec066c11466715e81c7a6594b8eb1609b41d399636417e7a9040c2868ef3c3cf96c54dcf5bf1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e77f77db23cfc241c731b4bb604531e3

SHA1
b46eeff79fe8df623ea658c9d1edae97ba546f2c

SHA256
14b8815e5ca2394d843b0c79c27ce0846531ae2057c0e253bb58c4df20ec70d9

SHA512
6777843586b96a728caed8aaa20efdfab7f246d25bf4890c09c93c21ff8ccfc6ea43a4735461aa60741f500cd3626e038544eab75a2b284c68b1df2dd61ec8b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe55c65975052f150e53c9583f301d2c

SHA1
705bd4eb8c39aca285bc3b19a2d4e86efd8c1662

SHA256
a6e360b0f644b55b18478cd85f299d97c97bf5005cff50c3e01866cf245893f8

SHA512
9b109f2976ad0a424e1d153c6c84db197301418a2f0f5059a13821b319a7e5dc3a5284ee0e42dea70edc0b4fed36d5af8a618988a54f6f48322dd7896a75d7f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bfffeb9ef8271c39c686233c62d25e39

SHA1
81dbe624b604e526dc95f953f65345d52eb599c3

SHA256
3ef2379ca928ce119ec65794eed8b2fe952683cf508fa439d135488725125100

SHA512
f3051a59341a8bd40f8595ae8adbfe9546721b911c9cc1455801b440dbce513121eb0cbda55871d2eacf4251b342c731dc7320a839fb643208a981c73a3dd206

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b9440e9caec537ceea64226eacc0151c

SHA1
ad8f01fe73464fbe5c003d328d23cc96941ecce8

SHA256
2c36bec08880bbe8014f32eea5cf37a9910898a93f95252a82598e69e2d850df

SHA512
e1f8e0281f1bed884aea8c130ff64d99bb6627749184d36a72141805a9368d4a0b996309b5337070ca15db4bc7559679f06b900f600e00bf9f8089e064b170b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56ee8b5c3ec0e4cbda516394acfd4810

SHA1
a6ac6cf16a89fff30869415f05b748b54878ea61

SHA256
d0a0a758f4adbc8370df68799fb6cfd7d616934de68d445b5f5dc3c9121747e3

SHA512
a06d76d7d34d2d3610c0b31bd375b7fe4e721276e1e9110e1b73d61f063fcde60a365befa556a64be46bc21e1997a4c2fa76482e4ba99a3fd4f29c290f4d3d73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eeb84fe2cd05d3f5029642f121500f85

SHA1
173c02a9c34bbf0dc0de1985c82f2cdee532aa8b

SHA256
8eed4d5bc33a5f8dc0741e05264b739910e72c5923f3f40c7a4044d4658bcea7

SHA512
3aef7d31c0d851764bbd111530527a481181c818dac6a6c0a2d6edc88f8426ebc0d4ae21e8cb88c65d7e4a79fc154911c8b12137fefc2a0be5ed7dab3112c4a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab64A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar708.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit