6df6f20a452e46505a2724d91549768e514acdafd844ea82f16e7b697a9c8ba8

Analysis

max time kernel
122s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 10:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

48b47a254b7e3abe51233e1c363e7451.html
Size

40KB
MD5

48b47a254b7e3abe51233e1c363e7451
SHA1

48983a0ff1d4001f8f0b2f2274979cc93eb72ad5
SHA256

6df6f20a452e46505a2724d91549768e514acdafd844ea82f16e7b697a9c8ba8
SHA512

a46d1b43d04917f783cce40736575374ed88ae27c140f77f633524db76b14ef81e1d565ae4978e63279cb8b033623c0475cea59f3cc9359083fe2348d2ffa79f
SSDEEP

384:xQfThKkxnT87lWozO3EGAHcp0SUeVEq0ryZO9YooS3wnDc+UT:xQ9KuE/Hcp0SUeVEq0rys9Jwn9A

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F654F681-AD45-11EE-9B8E-42DF7B237CB2} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410784521"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a00fced05241da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d300000000002000000000010660000000100002000000089a94fa0e920a1473942ace4b41bdb2e9b08211a3dd80bced07d3549ba217faa000000000e800000000200002000000028c9b4e9294983403f7ddcbd1ebe53cc33406f063330763fcacd3bac668fb6dd90000000d452aa63b55c3a043088cdd6e1231ec64711c70ab9e582cccdd4a7fe9c3a436fec2ea6eeef3c585929d2a42a767ba4ba5bf0ce7383b2b863cc476e22e29c0a460df6c92011b7dcb4e4c29c6d742f80b04568974056c9d969e48df73e6a72acf7cc6c737d0db116a5cb07fa8b2ae1dcc6eb7d0f0f819c6913d0d7e0c942b921229a32d7d7c9a640c69270ebab94fc588140000000392352fa65bc91f2097120989b71c287df7f3fd36ebd55c5e41a43ec93d2118741ce52f39e6123ab040c7a98829bb11a0677d5edf3abdcc1cc968d2aad56bdb5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d3000000000020000000000106600000001000020000000e36b83dacf3941468ba3af8e75f293d9ab32cc042c6366fd41c2ced5c567a1ed000000000e8000000002000020000000453dd3265d76a2a6bd59748686dc1a678c957028a135c3204b762b1a752dc2fb2000000021ec64bd50cfd1899bac54e700880b5158e0175b89dee7d3cb8b88f925afae7540000000dd8698754c667bcac0ce85ddefc8062bb14ceba58711c8a0774db00f0addc5edc88136d763386b7e772eace33eeacfe85f3d13538d2afed60a68f84a66535c53	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2256	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2256	iexplore.exe
2256	iexplore.exe
2316	IEXPLORE.EXE
2316	IEXPLORE.EXE
2316	IEXPLORE.EXE
2316	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 2316	2256	iexplore.exe	28
PID 2256 wrote to memory of 2316	2256	iexplore.exe	28
PID 2256 wrote to memory of 2316	2256	iexplore.exe	28
PID 2256 wrote to memory of 2316	2256	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\48b47a254b7e3abe51233e1c363e7451.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2256 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\952665A85C3C6B581D1B9AEC9BB41CF4

Filesize
503B

MD5
51eeba476167eeaa18551b8b9636af60

SHA1
0affc150e1cad1934587fb7042d89340f8660e13

SHA256
a2a6f56c5f595d1d7add7e155221279ec9e0150431f94e45889143e44b9b5d26

SHA512
868f1ecc3b4fa040d6f42484d5690ac7ffd04df8f0ea19e4b9efa277d5510c6f5b68ddbabf94908540a43b3e214e6faf804a58132362865e4cdd1c8a88e0778b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ddb46a0f8b50233cdb510b687840e12

SHA1
231f97237096b8b34c44ec4c4a0f62947336a687

SHA256
7da1fb152174706d5a0d10600356cd442da2015d6003712b571791bac5ac44aa

SHA512
83e086f99f7ccfde67a5b539648f38a693ed174cf173ab11820ca9da46d97bfc5cc23d5694fc6fbbc2f77de8f1ef7bb70f85a8e3e9ec4a47ad19c54f9ba5b33a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
248dfb594a32e25712f6d42b957860d7

SHA1
b4e91b75803694336ce52539a1179bc1d649064f

SHA256
f7e51bda6af6df938a8222285ea40bf08860a6d302a4048d3757e890282f1cef

SHA512
db67a1c83b7ff2beb3ebeba24881952fc53a03405f23b06af040b6a63b30e2c780158d02e4aad8ab178aff40dc0a2b93ff40232211b934e8b4dc0729cf45e2fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9749f5262a5f515960d1b6beae24f9aa

SHA1
401ac5998f78d05aa56eb590ba24c1cfce8ac969

SHA256
5b98a290015a134ef5fdafc0ba34be9d764c6b177a33b0c09870adf8dcaa7074

SHA512
58b527d54879d257aea678acd38df8be5b63d367aaf3507d0904e513aabd2f1b92245f49f6df34a723e4dbd642c7d8aa792f283ca3c75b5d310f526a9eef3499

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b17d8fcdaab8be4e4d2e7e5da5d96071

SHA1
f74a005d1e3caa6c6c61a4ee56120cab910e4fa4

SHA256
b05e0bb16b3ed02a214707579ab499ccaa284bb3925eb6bccccccb6fbaa5e50e

SHA512
7449cc236868447030f27fa5bdf41632783da0d9f47eda71caddad95d216b0b91217ee4f74c72945f541e0073a5516066b5a70e1cedc76ce44afc0deceb7feea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bbe1068103a3abe2e2d2e26ad9e67d20

SHA1
dc287ad5fea687c547d24a1bad80db7c8186f6ed

SHA256
09f92a9d85d220ef09e6082120880f82743bb583d7381e01a933f2f89279c3e4

SHA512
ac2776af37b67f873a72021eac37ea982a3072e736178e98d387d83ce3d1201a0dece659a2f9bf898efb9a5090b2c8ffe2c871fa82dc6dd9150e7f575ff5b6a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2bcaadb8ac6cf14eadecadf7ee83c45e

SHA1
06ca37bb22b53af5360651f7b8b7fc44b89fd530

SHA256
fb639583c48a83ba8d7e1a0f72943d7531e28d0034f05da06b0867f110ce22b6

SHA512
d6b9db48056bb6daab45ddb778c18f7467bbaa1f436e04519ddb3ad7a07feea4b435121c929bd1b92ca37be868e979a50e46a8d0eef646d71be42b7ff58a5934

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e510e2573a65f2ba479e3cd99c68384

SHA1
d0a33207f277f55a844b9fab341444abb347c02e

SHA256
555c36c4a1ec85b6d013eee88679953effb20357cf6581272f231f415cbde285

SHA512
1908754dbe412e00e47c40a8d1ab9bed1f26c778a5c31905ef696137832986476151f48480db519d6e3674698d8df459fe5c7f9210f78e9416e09988ef159b25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c46bea1673448ddb108a0f297cb9653e

SHA1
4840ac69732e336f640c4469605074d759d8904b

SHA256
bcf923b65a9adfa391ba2c039db31a66011fd10c4e0be3ae82889cd424ec8be9

SHA512
b534ad75921720b57596ad0d7556a0bf0a0459e0fe2e1d8d6d2b147c9283898d1370094fc404f962a1d9e8d3d5da86b1c9fa067fabe06e257710ad73d076fe63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
134a9d6419127d46127e1e7954b2826a

SHA1
b60d4c439d053b0b8a2ef4f9e16a0090615e683a

SHA256
05b49163da6739713f1f70c952ce848b5efc0455b835a7fb9a917a0713ba9bac

SHA512
08878cfda4c2011e3ef3e24ddd940479eaa20745f10b76ce35d7200f3d9a716afcea92abee3faef83971d49c964ca5789587101bc499019a926b1bfde1f5ee28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f2fe3999aa0febcd22613fcfdb23e25

SHA1
7853ba3d1544656a355e853bb37d5a106747dfc8

SHA256
21a7e2dbfa27ba731ab55c4e5d9151fdb335bf5f4df7a66aeefb2ae75d10f1ab

SHA512
f40ae1f22db4178a297685528fd05dbee6cd7af0b01111e00612601199a2d2b42aa9c2d5979941ecc84d49cc7f9c7d0c153bfb9b265038f3dafa5ee7f68beff7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
35db719f0bb4f8ed3390c26f15ecefe2

SHA1
cad62eaaf9492bfc6d1ebb2077f0dfa4e6f70bdb

SHA256
9553ac61dc1ae8732ec249da80bf0d7c68f32c01b93f156310ff0898c325ae43

SHA512
34bb7246a4f262fec09b5ddbada3f860a6902127a3cb31a317499d761992d072b9c58389900f97d7caa5833712e8613c1a1be3afd893d99ee4b6a12640d5936b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aa811cfd81d5babc27caa99457559034

SHA1
6d9bd1a920f21851cbdb5839fba61b30faa77cb7

SHA256
699946c58c258e058eef519869097aaf579050a79104eb157370460a03a0b5a5

SHA512
489a96a1df68322f5049cac9eb9c973c80d79ac921667e637c7ed4aca1e131a44920d2a12b5db3a0972bb16fe7d519da420bafddcede007000fa064fca55f128

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fabe3d32ce4cb2e643b23900f2adf7d6

SHA1
386b7b920727f7e1f035d9771110a7e3c841d369

SHA256
eabeda7d1cc7db9bcd91baac37bc38014ba2d49e3693cfc2a3c5e663b58921a2

SHA512
3ebd4de05542ebf69219e22591e8ec302ab286c429749c75e384f81e09dcd7c1cb8a457c6a09636df5230256d1699ddb3691c4010e79e021d38fe59d81ffe4cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c6f80cb2bc2e88700e1fea9b42b72248

SHA1
7bf303d297acdf50b9ba51aff6e63ea4c6638753

SHA256
cfa605d2fce860cc8b8cdc155a39abb977594ba0a3aa3990ef349a311196902e

SHA512
99bdaff33272ebc48931d1b96b03573ad40abae78d45fd49fcdcee1f74b8197710cecd51823d831263012c5b5ba70dca785d8948cbd1157af0ca7f2952794bce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e9722815ecf067637dd28cf79567c502

SHA1
d1721cf7b80923cd61a39df00bee8246c191c2aa

SHA256
b768b851c7640e175aeff71048d4737cf2b365b2690b8b0322fda89aaf768150

SHA512
3691d74c4cb9f0b4687c3146ab85d7bb9449b29dedbabd8d8862cb49228b5098be2a6ba5ffe9cb6666187d24b02a4210795414db650ef85f85fcd80cc234ab84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a8eb0c6c99a45870a22f874e3ffff4b

SHA1
8a493825bca23ce3ce458203dda31926e13c625a

SHA256
f238ba8c4ebd0527df55d302b19bb178934f04eb9c8c58c9b421b2dd1e6e572f

SHA512
e1c6e6ad452a5ba1f6104cbf57d0414a6bd5f7b00004b99fa29f9ec90c5041d04f0a8068938e9c3f2d80cf190156c45f36735036d1660b33a15ac7be909ad3df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab604B.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6128.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit