e1b7fb968e00bc75a93464da96bfa1cfd1f5a882a4040678825ad8e04be8c7cd

Analysis

max time kernel
118s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 09:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4896e98ab4404a1bc10d0e97f31054a0.html
Size

10KB
MD5

4896e98ab4404a1bc10d0e97f31054a0
SHA1

60051a51e4d35785a452c69242c99f219b09b51f
SHA256

e1b7fb968e00bc75a93464da96bfa1cfd1f5a882a4040678825ad8e04be8c7cd
SHA512

354a3df4293499aec203620a56bad4cdd1536ca5c1bc78f2e36e0a1ff69b8fa6a0066a7d9b3c16ce11c7d1692d1b4939dbba2cf00f5503e53f6436904d49c739
SSDEEP

96:uzVs+ux771LLY1k9o84d12ef7CSTUFjGT/kocspSTPztQtLDgQRtQteQtQtWlVHS:csz771AYS/ELSS1ILDbI9IWPHb76f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 108e68644a41da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb8000000000200000000001066000000010000200000008768eb5a15fd78cd2895849fb904863ea2a9434b8ca57670bb881c433d52968a000000000e8000000002000020000000f232e5845df1526a83cfdf576681076e0c69faea51dc37a486046db23d4b7d4e900000006bf17ebc4ce950dd9c354c8a783b1e217e1797353d1f4974a8105f08ab67f1bba03592f2c0eee98edfbf98822053f853d7f2e8342f15040871df6120416a6b84e561f2b8a4404dd7178c1335efa924fbc8cc1698003fd5b42eb588926718fe87f7cb63c82eb0e255381073a6d63abf8b65a9725ef56bcac34b048124cc57504e4861d600743c6327559160cca80170bc400000000d36c4c81b7a03b663b1e98edf48a872b786a14eedc6f9a2f41571fc8e3dc7bf10cad5334e73a96433af1a334719d0e2f993573df67943bb15b836e759aee8be	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb8000000000200000000001066000000010000200000008ff042de82388832bd4948c8d66ea6caf8307208a97330494d5ca6724a921168000000000e8000000002000020000000cb5c65fd01a506b3cb3c110ff8fd267effb8460a6c898538246e36d01e2e2f8320000000734e236a6b148b0bfbadb4a5e88b304e0247e53f05c99cf9eea422ce6043d39d40000000ba6e27109bf754c74e031e7d2bf39d7bacf32f9454d86940b033956714db856ace78fad320ee9965362675715afd9e97e9ec8def1c820dc4a12d1d476523dc19	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{822E97F1-AD3D-11EE-9853-CA8D9A91D956} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410780908"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3032	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3032	iexplore.exe
3032	iexplore.exe
2860	IEXPLORE.EXE
2860	IEXPLORE.EXE
2860	IEXPLORE.EXE
2860	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 2860	3032	iexplore.exe	28
PID 3032 wrote to memory of 2860	3032	iexplore.exe	28
PID 3032 wrote to memory of 2860	3032	iexplore.exe	28
PID 3032 wrote to memory of 2860	3032	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4896e98ab4404a1bc10d0e97f31054a0.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3032 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98f51ddb1888ab811b17fbaf8ae8db10

SHA1
e2b44d03072c64c552f3dcc344110ece73022aa4

SHA256
d1dbb32015893fe926465a62abe9c56e3771375d4b141585098a0f955dc2f61c

SHA512
41e5c7cc2e1e61de74d3045cdb9712b7464a68d70f20f472c504165dca614b8b5829c3ba48df6477d5c70e3f8f49d74b58e7cf6761af418054819cc4f73b9579

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8ab7439bdf00e4ec09eaf97b786063d

SHA1
46162fb943e0558293c764c38bcd3368114870e4

SHA256
fd66420116da47a44532b9d32be937640a4aaf5cb36e10edaf129852eb9429c6

SHA512
d078741d89fdce653dec7977c262c0d32441864f36f08ea8989ebb989ea44163a5cf071c33a58e24e2dd05ae4af3efdf190c1fab505192cbe81fe461ee7d0faf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
988c2ef374571649150037940e5eec25

SHA1
7571703a1da4a8f912dfb388c1a0357889935087

SHA256
01d493ba42b97e6d35ed60459ca191888d14f866331f80a0f868164103508ed9

SHA512
5d04f62f5e45b4cfbfc56e9f44fd5e43ff90afd58cb5e8dd50a7861f08d6f00c1600110fa2e3fde3650a85d86e52ca38d388fe9deb92a4786d3cf72da34e1877

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
582ace53d84bf12880c1fc37a7fef6de

SHA1
b5b9280501ad43a0b1b1c2f3c936e894b78cbbd4

SHA256
f0ed006503e2868d594e0ea0abfb2278747f4df166460ba3578bc9b9d722852f

SHA512
1fb52fba059f4e3dde820dc149e7208ae2914ae9afffe948d210f7d7b7ad7dc9b3d9d71b8bda50ca1c7847e91cb935d9e3968d2ef743b906ea7ced3f0c5802a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bbe3d53e3ebe94018e14208e1b618d4f

SHA1
1f5ba8110b879142ce666befe3e49effdda20f20

SHA256
bdc73a2c2bf434798e023582be1170e6a076f1678a0123f0887613f84b8bf8a1

SHA512
a520ea7a4799ba65ad4f8667b3ee4c1e7bb4badac5704643ac1f74730b2b8227189dbc8299037f3148a7ee8424264a5ceb2365d4c67b1f032784439006fc9443

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf4f77c862c91e00a14128ab64e7223d

SHA1
232f64362d144e5e2c0ca486651da801081337dc

SHA256
a565f3e1012a88662b4c45a9cdca311e7fbb03ab89b39294c7db90c105fc4103

SHA512
d623621d9fcb2a169146b7b922a66664d9a5a2f2d7abf7d665c1fd185ee1f0dfeafbb0df35e169d5e18a6df58624d905622feeaf61c2b71c85760a8640e72201

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4456fa839ef54051ba139e4da4845f79

SHA1
3e72c2001dadff423a6af7a34a2bd81cdd909100

SHA256
16a1a1e566200e4a32119f746f52681c5f4e151486a97a1ffb5bb8a3517685ca

SHA512
5911c49e40d0f6e1abfebcd2b309384ac38f04cf9042d68fe08331f4dec280b250485355c37534b263cb405fe4257e21c7ec29b01920f456e065f9d6ae9e6438

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd8e0df8010615e05010f3dc653d0f83

SHA1
e96703012c52fb8b5f0ea1c979c9631f4bf1dec0

SHA256
f410415224212ddecbdb38ce01c71101392d68ba51fa7fa47badff030eea4c90

SHA512
1683e0e1c13b57867773224361d2ff79fb81aca412634398087a52d6c73c8bacf70f873f55b8ed7116ebfcef6bbc68a604261d166aa9486d5344075c83313e64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
620f9283757c4abf183abde56adbd285

SHA1
e40938910042f8ec8ab6f2e730a47599b10de924

SHA256
799b447bbfb044be4e8875273346d7369db927e29c4dd38f21a684b29ba9be48

SHA512
8306b538a7a52b2d2e4b3f8c7a2aa8cee6a43df5ebdf4f5256ae37cf5b6e965dfbd143854aeb8a9501063576081676ef95b29ad8815b3f622753b83bd2173d4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
78921a149a013cd0a6e1b5e930bc3c64

SHA1
aa5ad38b0d7c5457c01b591ac676fc9357c7f534

SHA256
97ab82153924f198ddc40b433a5ba3beb50d64bb598fb1293b3557b4bfb4b1c0

SHA512
3c61e2181bf912ccaea595927136322366b1bab6d050c71d7e4d1a7caff6720226d5d492dc18e3e3e244966a545f6442baa84cf9d9ea2477b96ddeec7b973e07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5be8402c4d15b6d8bddba4161cc0875

SHA1
6bc2e00e72852e473e2e3d015c6aaad463b3c6e2

SHA256
2c4da15d8dfdbfc911f0f3627a943e33d75217d34a8ae17723574ebfdad7a8dd

SHA512
1e1932c38217f4075791c2f1517947c830b26d27f0226125bb3bf8b8bc9c0ecb2b8c397763ac2e17b620366b8491bbaed8520c1d955d06814e2c69b5a7439e2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aebf969a409c62618df29d8de50ba40b

SHA1
0c257c05c37b3def1d5bcdaa656f3d5e8a7473ae

SHA256
a3d43fc97127da4e16f82f418486da6bade88b26266d705de6a860acf58c2f91

SHA512
bf26f4e8241b33a0b106183cd759b7bd4a2ae579b8955b6d77863ab52f37313c6d219b4c34602f2c79b8562a73535872ffe9875f246875f0e94af3e6b36b963f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8952f0b75aee784a574a63a695fd1050

SHA1
42f63ffabfd0b4c5e5b8f332de99022f971f1320

SHA256
688f2b853f4108d23211ef708b6529d6b4228954480de2fb2c703d064e8e4682

SHA512
372ae6980f0e014231163e9fc518ea5e0c2c2b28ce8503b9192d1bc4c2606f3593ae18a03bd831e3fe34198ffc541d49b2ffa821a7b604f6ac763af419b9f831

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec1e498eb2ed754d7159775cc6464724

SHA1
005abe39f1071a415729f3a423ed22123622d9cb

SHA256
1682d4c0fc587d3e9dcd8e35992850226609754c90c687cac536f7ce92df8201

SHA512
81f891f19cc92ab140d3ba908c118b3101ac91821800ce22881243f37784bbd80a193f510d56ca90efc1123f118075ce9fcbfc0d90f2ea44514d35188eac8594

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c43d788e7f865cedefe164603e6b109

SHA1
7967cdaf5f09cb7dd9dcdad846b40f9fac81647b

SHA256
b07fb6831849bbc3ea11faec92864c0ac4872a21c7a230552a738aac4678591c

SHA512
1138973f096a8099f6dbd453dc857a79748df5a4b5e0f4a4ce7526d0e4d9e3b7dd53bbbd6acda20de5d36084d5128e522362aadad44d91a5c0442788ca8223d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7BF.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar107B.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit