1fd25f1c9e78b8b78b6f0816f7e64302ee37279e40d73bd4b303c4a18b7458bd

Analysis

max time kernel
145s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 21:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

49d67df6c4c6d5efec222b6c10d52d89.html
Size

842B
MD5

49d67df6c4c6d5efec222b6c10d52d89
SHA1

5e3f5ab87d48be3351dfe8b52cfebe8931e06ccc
SHA256

1fd25f1c9e78b8b78b6f0816f7e64302ee37279e40d73bd4b303c4a18b7458bd
SHA512

0a291955a503eb5312f1ee925088c426d0f87d029f8d0e17fbfc0d2376973f44f11b6b5771b0a52591affb7c7a196bc4a0e4299ea79dded0cb425f014dc1eff8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3ABB4A91-ADA5-11EE-AD90-6A1079A24C90} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000bfb33d8888a6fe4a1cc80105b2860531ae8309b343d4559081a4b58315440cd7000000000e8000000002000020000000e0614158136bc3483e84474b5171562a16ef3c641fcb8c7df1e4fb57df6162be20000000631fff3db4d3fca83ce38b47fcb490a3827a2e67264b56dd110acd3bb21f99e9400000001e66c8c29d41744f5654df95305e6adae15f5625c1b1c9f423ea745d750c9a56fb32d371e6762c9119e85154ac50a0983918215f0e41de8da9820a5b6378ce01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0838a01b241da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000d412b4afe1eae6d0d711a0a2947bd3e62b7d55c5b24ff4cc4739ac20aae2a543000000000e80000000020000200000007258f58d909d97f9ccc28999094fec51e045270447d69813460c140b22f5267a900000001f30530590fc6940953e65c3282894f97ef1d89f1c36942a82c5cb8ab231c356877ff43fc0e71c9fba9ff4809d81e0eace3d85702b0c0c598a34157959ee0cca3a526794a2615299fbb37e152338cf14b2fd6281fec38a26f5dc523325942b6915c5700a3669ee0bf2a9e0c9cc4f0f2e27127bde4e68cacee3825701511afd39c328864da450b59982b9ae2146b47f82400000000022740f9c0ee42b956ceb20afd026ef927e9a80c41bee4b9dc2f10dc1f6c3e379b436a9ce250ab6c397a5c08e0af30a3309e1d2e41e965ae748d7f7e186168c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410825444"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2288	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2288	iexplore.exe
2288	iexplore.exe
1428	IEXPLORE.EXE
1428	IEXPLORE.EXE
1428	IEXPLORE.EXE
1428	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 1428	2288	iexplore.exe	28
PID 2288 wrote to memory of 1428	2288	iexplore.exe	28
PID 2288 wrote to memory of 1428	2288	iexplore.exe	28
PID 2288 wrote to memory of 1428	2288	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\49d67df6c4c6d5efec222b6c10d52d89.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2288 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45dc0d48172b9b78c6a4ec3c48cda511

SHA1
ac6813e83b9525a50161e32a4591a9c1b2b6ea5a

SHA256
78d70a40ede1adcb4b1c11e6e8cde84df7a2598019094d612931f08478490353

SHA512
ce8a7d22ad7c0e2be8f338dff81c0e104a87add7050efad5935c00f29f8f696571712ed09a33c36eaf5e7bcc911fb138534b64d9fe22ba9e1155d8f4902546e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
681880f4314990c0ccc06abb0b347f2a

SHA1
96c3cfa41a3308213964602c9726e9c3817bc6fd

SHA256
836f8b9d9cec9cc3c47a929762ecd742f16d0f2b62f4633b7c237dce456bfd3f

SHA512
f73b1dd73a927354e5067a0235bf8ad13cc7795ebc8b6d521bd2780139b5b5b1749e09059e7ca752a5d9245d6238902d60cee28451c64c5fe61ae0374e40d8df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ccb9fb82eb10907bbbc5405ce252db45

SHA1
b24dafb153dc2e78b2c9c24999f32ea8c9150091

SHA256
dc5fce776d57f867cc75da26b15057e14f2735d1d15f4bbe75a85022e7fe827d

SHA512
81810ae3604edc4ce19813886af4bb10d66222608372b8c73222d2d4f4b9ef9461ffff1d878760c4b8f5f068e0a461691c80e27ed0fe663b030926cb919ce6d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5731ae566e7191537955f019be6bc51

SHA1
c6f19439466b802a3148f93c91522bd898864cac

SHA256
2595c23ee066798e477810a870b762b918052029e19606529ef699451747a4ff

SHA512
aa710b8ffbdc7d42dd2743c456778390c5f91ece394f74c5f736b1c0f5fcd1d810879bbb9dfc98e6dcf2fb790dfb19c521179dede72e1b03b147cb8f7ad7de44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a797b974aab2a382371627fdc43502b0

SHA1
0992d6414897ea4150f2640df39e160584a4d860

SHA256
a57a42e8bb954ce8d2336ac369748c4dc2ce7811eed7f064753b8293f98be455

SHA512
049c5126fea21f543a1a4a7e672f5dd921ee9896b6d413ff5c41656e767f51a07fee506b61bfcaf3e64e71499edc97eba94b4045d1db65705e667717ca1eb569

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e867e079247015ba4894e8f23b72696a

SHA1
a98b56359281401d753f805b77d54004ea26a482

SHA256
78e4eecff0bf5649a0a4bc00fccc09b64770fff1d39e6ba885102efcad94cb47

SHA512
265b47c712a12ee23f054c4a2a1bdf49ba17633b0e15979a3bde4ecd1651426b500252b30d85e96dd922a3ff20db8c19c20988133b3bc919fe6dd4690e85c34a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5033114ed3f427a8f4a937661c868b6

SHA1
aeeeace5b123bbb60d54bd632b3881f885837e94

SHA256
3da30390a509cedd0ff0b0bfc0b29062b9bc10626ed0ed9433c30e575edc9e3b

SHA512
c68514eeeb3c2b816bebe3a20f7c819b032aee8ac3c20aa0dd5ce8c04010f074e4b8ff8a4dc1ae974ccad4a828b0bc25606ce55afdc28cdc2b270028bc394950

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e381c4128e86af92bc650e8f5cc53ebe

SHA1
8016f7d6f49a70a3e44db8b7c577408c3aed2174

SHA256
3e04a9f6c6559096aa60593415252f355b28160d96d32b3b691eb2ab4f20a3de

SHA512
e420a52fd88314d99631687aa6e3a9a910f7f4fcf7f25c50a95f02ceb4480e74360db8cad1f624b82f430b63d4ac98f039b7d5b6510a3311f3eed820202f9018

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
48c8d6fb84bb44ddbc1ac85325daf5e9

SHA1
b54f2f63df5e02474db77298af4e7fbf4a091ff0

SHA256
ecdc7d4c785918b266b01a745c304c5408638e5f8e5d93f63e74b64761650629

SHA512
45fcb7a711652b583c4540cf4dff0ae99c23ecbc27d815bb06cc85f44c3a1ea03a281f00f2ec655b559e7a96fa56ede06757bcfa325cec6c00aaa65c5cea2b80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae7dd830484acf8ce22d30889961c596

SHA1
29a0017caf4f95bd39d5dac0505c7896012c1c4c

SHA256
d13ffe76224581a65b20217e79a5ca55c02635d031f33a2835765f091839891e

SHA512
619aeb50abedd1cea9f816f82bf5d9cf3c4d2a3c5e0d990825f3bae74e7b783a89b4ec7ae1e22530512205c9aa2385b401e8e8319aba6cf1dc543caf191ac84a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d71229260b30413b8c80e4cccbcc81c

SHA1
c3974fe1caef979e8edb68bf925863a75fed8a0a

SHA256
8edd28e5a4e690cdc2523861b5ac54a376ae4e637e391bfaaa507b0514d12f7e

SHA512
0ef6b49aa05e62632a48c4f4ef98d32236d59aaac0070413a44be207ea80b3225b1f1fcf8721a2b1c32c3f0eb7f9367691cb8a781721b69b89e2c00e5f24dfd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f3db676126121c739a7cb7f908d62f0

SHA1
132612bec7148358e8ae836cae4d35b63ec8dbc5

SHA256
59ec152cf6bdd569e97394dda8791b7bdc3bdea796faed407a6ccdad6f7ba798

SHA512
6182bcd25162d0e2bd0a837a975e5bbd6c45a9f714669446c8743e87b41d5f8428e83a990643a8c4b48816a12a960a07e7adf90a9f0709aacbb5487d34812bba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
08f3a86f9bc709093ed528337c389663

SHA1
f30b2eba321f1831984e4e5be355e04e326df309

SHA256
5345b58d103a6c2500a6a5efe9e3d46c0332ab6da15c070552d53c2f57dad476

SHA512
14d4b0c94fda9080902643273a1d11b83865827bf9a0cdc7aa4229fc921a674c1b15b98a20c408544d66b90bac7ecdf143bf0091fb79c54829d583be858c2fa1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
88dfe37c1e5d1475a8a76d706a39ae64

SHA1
28dc68c1b0ef3088746fee0e7a77165daf362726

SHA256
983f306a77fbfc253c00c71b0d179341d1b77ae180de35327cbca15941d9cff2

SHA512
f8d8816b40e19295590ae7093dca70c5958d8913abd2e63ced8605712dc3eb86714ff05bb78acaecc93902a92853f5111f229639f9cd5ac2202e18339787c8d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab931D.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar93BC.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit