fb7fc98521d6964f58f8bde16f1ed9cf051bcf8e51cf688c9d4067af506974df

Analysis

max time kernel
117s
max time network
160s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 16:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

497ce70b95c83212d851b201e2503ac6.html
Size

33KB
MD5

497ce70b95c83212d851b201e2503ac6
SHA1

751ec6e89018ea56315d3996548ee3d6855fc557
SHA256

fb7fc98521d6964f58f8bde16f1ed9cf051bcf8e51cf688c9d4067af506974df
SHA512

573842b97df0f0dc973790b63355d8f20a34582beb7dc0bca27b769c73424e2c6bce08095d2e3b8af98c9c8021e6c5c6e0fa26da4c6fdd63bd5b4632c4416d65
SSDEEP

768:KON/oWZOg9Y1UPDYqYiCgsWccQWpxj3JsEWxJioF:TxO8FYB/gXGWNWx

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c00000000020000000000106600000001000020000000c5018be7228edc3b63777665fcd036905a8a5a409de9a73a92efb9087b9562f4000000000e8000000002000020000000a76313f1aa40a364e6e7270d62450984a53a46e9746c55e595d400e61869abb12000000017cdab22e2d9397a8809b6a753123194266aa7e79ff1410ad72183d34024634440000000fef10f4a469a267fc668ddcf410134428593a7c226b021c3802e4b2f33eba76c377e3eb4f99e998539e5596f66f0340275720053471dfbe0e07525b0ccdb1224	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c000000000200000000001066000000010000200000000415ba06008eff5c5fdd2cf8b248114d6d2f4608f591ced3544b4d74aa1bd753000000000e8000000002000020000000f50fc9bc14cb06bb989fbf7fe070149a37b433e18d2dcb8fb649830453e6ba3190000000f6e76f208d087ee8a26061d551fdf040ef21606860fae057ae70c9e2bbab72a251f88522210ca80baeb1528420ef879ef9456e69d5baf13a4a373c57ba107c3b3eb50bacd0225c1aab5f6afcbf09949bc88da1daf41606de11b63edc057d0b242f79a35017a2a02521b382736b7aa1875e2d1c39a995ab54aa3e0138d17a13a887396da72a220de0025442daaa5d31224000000036de0c0e0adcee5a677b8717cc05589ac6e5a5e115adad07b56efdf7233e5e51709dd45b98c8ce37f2bce60d2ae221696c14962bc7aab03dbc32ec60b27e99a4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e03ba7658741da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410807085"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7F4FED81-AD7A-11EE-BE57-56B3956C75C7} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1968	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1968	iexplore.exe
1968	iexplore.exe
2728	IEXPLORE.EXE
2728	IEXPLORE.EXE
2728	IEXPLORE.EXE
2728	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 2728	1968	iexplore.exe	28
PID 1968 wrote to memory of 2728	1968	iexplore.exe	28
PID 1968 wrote to memory of 2728	1968	iexplore.exe	28
PID 1968 wrote to memory of 2728	1968	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\497ce70b95c83212d851b201e2503ac6.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1968 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f24f37b3e6eeeedb5f0c343914b0cf7f

SHA1
66da19a9f3331fffc91ee87167900fab2fe0a25b

SHA256
cc758e40996dba79aa9d84644a2054b811595a4ae5cead94a631cd1481723f9c

SHA512
57caa6f12f3f34836c254bd64f4b8ad73cb50fb7cf1aab5508f1556bbf3f2c95d1828b68e02570b164b3c85a5500a1ff4bdfc85aefe306bc831df91333c42e83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e4939373bb8a880229f711abff8c6f5

SHA1
1d58d446e55f25e7106a58eb8f269fb626d29452

SHA256
4ba149e3cda0ebcd5a447d844d3f0753c191002e5a10f70ae669a56b14629203

SHA512
baaddec53dd0624ccc04c19883780682853facf4dde4c0414cea5b373a308dd6fea23d151dfc681a5b55227f52a21dc15f401fde13ef4d9eca8778ec1486295d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a52789fd2a60713982d3ebc6cdbb8b6d

SHA1
ff39878a052f20a2a992323927017a861dbf00f8

SHA256
7a5a2ffc10fac939823bfabad718ea13c3607341a6e1901f45ac9b5f5a87e0a6

SHA512
78e6d5e2133d852bdc1cc71d7edf1f21156e3893e0303cbd7adb2adc9de267f885483b352ffccca40473ebbe25b82b44f81012ba65e7bfa6b95161f7bca9a26e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7af719f48dc6873515ae1ae2cecffca5

SHA1
524b5d13cbbb5b807238c4af182e8373bdebd133

SHA256
85bce0c01c1a64436047cdeb73c48fcef5f7413b9cc24c8fd3e040e92a389b74

SHA512
892855063b6531fc6d58cb14fda5bf098406719435c586a9d1cf7ba1f82a322ee030da7c9e906af2fdd2602703e235ffe02699af9d5e96e3721d256c9e26023d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b70f9223e6d46b3b638c78149067dff5

SHA1
6eed4f1b949f6d3fab139a5fd7800b776baa871f

SHA256
53881a4cd9f180c90e15295399637a25870437ce1116211f1e287f82932a5e7f

SHA512
15aa4ca16e9fa79023ee1ab670c50f85d294cc85f7d6c69f4bc822b6809dd175700ea2d6f9eb1d1bb6848a59f276bf8d7d1b8fd63b8d3b2a359ba111835e312b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a0b6de6296b39befa7c9b19c91fff3d

SHA1
50395bf65c6b6d6bd7ab2c19f3f2cc4d2b256ab1

SHA256
27fee94940f9cb6fee59e586de54db24de3594d69786b59e1ec8c57c9fa98146

SHA512
e5786aec2e5c5743767bd4c45385df2cbd23b7687e997ad6e19a146acd1c269b5ba18efd074a917f2f165fb373aa14b769a093bd32bf7fbbcb8629997fd2042a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ebb1e51de62db37a61334d965a5f456

SHA1
78a09b1690bb3c39ed8844ae1209b4ae6dda4dfa

SHA256
692f7549d708728c35654e9851057a95b2c9368328bd71d408f23f6541cfdc18

SHA512
7cf96d461a95b9b502ec05329d7f3841b24516e21ebf3a977e98b551dfa523b95ed344b321527e916a0d967010730088ad6ea2b11f37f2b6f8ff8e4b6f9c882e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
65716f2b0b729f7ff1be17cd32ce9b77

SHA1
8a82987e6e0d1cbf7c95625f6c44607e2558097f

SHA256
cb3746b9b45fa519cc04c6e10f7eeba38d1f534917d90926b3b4e396087baa53

SHA512
cfec33104e9c7c87e675f38eb9bc3395a4771d9dbf2596c44022c135106b923fa4b868da735af8022ebf38444c615df4a8efd0731e849d3bb03f36afd4ccde5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd21b96011359b4f2d87648b9241a691

SHA1
5d3447e3c0fabd93dfc3e5e00573a71a6b1f261a

SHA256
75d176d518052087c916f817cb93342ca510decbde02d81e5707eef46109e48c

SHA512
45043a726f697b1d2e69699e56b7288ffc0e4943abd331ada74868a30451c95bf84141c21770eae2e85798e918994fc5eb7c48d00970c6c9ee1db38f46898b01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e41621e349c464effc6f9b2185ad69fe

SHA1
92fa66eda8dc49d8c8d450168a50b67363e18658

SHA256
1ef7aedd3499f04a9f1a992b68163e8826883c74b9c3e2013e6796cc23f8f485

SHA512
118e03c04468f7e380ff152fb72725abdf11ef5867761bd39d59fb0e88889b0179e5945ccf0130d86c311c6193fd6ecfb5fddff2abe015a36a9a139527ba4223

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da8ce341052c30faa04c35fd74e2663f

SHA1
dd287209c46b7fcba6468574278b42bef78c9a11

SHA256
03b76199231b24279beaa7202d7470b4964721c5a4e60e92153904622228866e

SHA512
2e573147eaffcd86b62622679a36d733ba2e3f0e58d6a3f4698ecab6b6e2f0783f6a7ba79c5749b30ad17656ff0d496f5f7cf186b5e271c6dbe1f173d7ca546c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a1dc56d112ad231dadffc3c8c269963c

SHA1
8f82fe8e4d21f8109265465b511717b2861fcaf6

SHA256
e232fbee9e0609d256eca2ca1d54a720677044d24e3ff65f2f04662705acdefe

SHA512
f98703e4cb4dbee2568164a11b06d597f811b209037cc46184a32e94ac25f9ecf55ce1c9d1160d84818e3f56ffe53bf1fa05c58c612b75ea2c044f552d4a13d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af431eaca68d102affd14cb8ea8a08d7

SHA1
c9421f370a8b22fea8bada19299655ffbfc1048f

SHA256
198e33050628484a84e1cd462a093b856df54349cab1bf7a913c80f054ec6e2b

SHA512
d2125c7519018f0fa50cbd26a316d8f71c7eaf1ae34416966a169407b388d57932921a4a479cdbcf79acee75460f2bc7222adf2ea8bfffc70f6518fc0107d6db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
202824398ec0ff8a631ce0126a10b4a3

SHA1
ea470ce77d32d5f49af24b1944756dafdf7e4693

SHA256
88a8797cfc14b959b5b327adb532c2506dae9b4ff64164d5e7df718856507649

SHA512
75e575a2b1031d684d2efbea5cc83b9ad9eb0b4a7f96938f6d9f86c1cfdad3365b2bf9b9ee00e93edf87b5fadd65b75569d7512d42bda3c5192b5e0d6804128e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed25df21f87a75567f6421aae8d0df50

SHA1
2d828d49b7d013717606a1bb8866de09e47dae75

SHA256
0ce0f416b58dab54ada29d2ca138cca0a8d0279b8cd69a0372c3f8c42e8421e1

SHA512
c02d0e1991df40f6247c97b6e81145b1acdf3de98e7c344fa3ace57cb11b7853879596b52aa0a20df3a425cde8b0ecf4987560392ae29ca7e473d464ac330f5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
48e5339918ce1cdcdeb513e16e5dc972

SHA1
3d70fe855225dc550cd6bb8556c37e34dbb0304a

SHA256
a59ca85c3fa397b8c3b91bdefa9b455fea250a86bb0aed95fdbaa99757e9940d

SHA512
1121d3b48216a7f1725f9a374201d043c28495292d1a53096f5534f8bc18d1ec0a7b6d7ba0aae9f8d335344643085f7a8793b743b25546c5b13eda6134ce421c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f97bf79614bc8a1c52e72f5ec0ac5da

SHA1
15125d7a8b5bdcaeabffcbe968613037f869f3c6

SHA256
6c1e6c2bc0bcbc30661f7ea8e72b3595af2a7bd5bad90f2aabdbcf35d27305dd

SHA512
e6bedbd5c820b19b69b4f33151702d2005dd2f76a4baded4c28073b5cb05d41b52a420fda8f27dc7978f180aa720bcfc3f4888ad338d2333d590c7ac756f798a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab30D3.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar399D.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit