8f4a884a44c8f56c1c3714fd56b5944e3043b7e28b8b7ba89704a8a0a2b1a4b2

Analysis

max time kernel
141s
max time network
139s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 21:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

49c44b175f277df9ef75aa10f30c3693.html
Size

149KB
MD5

49c44b175f277df9ef75aa10f30c3693
SHA1

71b5403b0c9547eae4f3e0a88aa8f6d57a896e58
SHA256

8f4a884a44c8f56c1c3714fd56b5944e3043b7e28b8b7ba89704a8a0a2b1a4b2
SHA512

8b3cceecf1c9a944c222ff8f6d32876803d8e716fd87a1b173ac21840ebee82e89490579374c70b688f7739c06afd435f2c4832fe61829f7f57abb33173d8725
SSDEEP

3072:D7UcjvG8rMUcXmNRS7jQrMsdSq8nWk9Df3HC:DpGXmNRCS

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00582599ad41da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb80000000002000000000010660000000100002000000088527417ae057bf16311cb187c04d8d7455a972f72177285f843f98695fc72e0000000000e80000000020000200000006e1d9a1ac72025da2a0bab06db06498140b8effc970d22b5ddd9b3d01467923d9000000003491e637a1822ad8e2b1d82eb5ab04ca38f31ce07d64734a70503f0737a2ab979bc7ad8e9db52c1b7842d35a25b108c9aa8fae6a7a54f3010096c52887cf56b5975c22c74ef0eb60bb9f8f94ec2929487a008f5bda8b6dd1fa2567fdb68e5667b95c56fb567e7a12d72485bdb12f08a4783db4483a062797496177d8f610c37cf4356c8883cfd682e3f2cd98168a73a400000008983f7f8aa3d98024e5e01c65e1c7fc207f3f2e50345e957ac6d51ac35e00e028b1958baaec8214a48a31c915396672c2b89ac0e7677c86bc1e2183a7b7fd193	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BE180591-ADA0-11EE-AD90-6A1079A24C90} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410823514"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb8000000000200000000001066000000010000200000006cae8834e3a14d3f3e2569af332507f79c4792accae6d06030facafb5cad765b000000000e800000000200002000000071bba18be7df42d843d04bc7b3745450295ac64d93f0303f09035a82f43bf9f920000000094835b962a55fee692e7e34fe22ca351ed0eb4f10cee7a32d4b6e91f93daf50400000004cab86d4a4f2e4014d87f6a69cdf6de2e1f6b94b2c5107bbbb5ca99c99db874e60faa6ba1a8e7cf6579e233a652ab9b53f6e6b6f2c39d3bddcf461aa649ada21	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2292	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2292	iexplore.exe
2292	iexplore.exe
2360	IEXPLORE.EXE
2360	IEXPLORE.EXE
2360	IEXPLORE.EXE
2360	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 2360	2292	iexplore.exe	28
PID 2292 wrote to memory of 2360	2292	iexplore.exe	28
PID 2292 wrote to memory of 2360	2292	iexplore.exe	28
PID 2292 wrote to memory of 2360	2292	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\49c44b175f277df9ef75aa10f30c3693.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2292 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ddfaae3ac135e986c39c8ba34ba04c3

SHA1
965bc42a59c3f363f854a9b6ed3cc65a11308571

SHA256
ff73a41235aec969a6214e6253424679ee40f70e03040757120d5cf44101edbf

SHA512
66ac89542030fff25880c94f36120b975aaaa4281767e94379f85ef94f80f87082eed21dbd80b3a6158e7dd34b845eb512f91c7b129fe91012ac2788316b8582

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
139a0867431a824af8205660652da7f6

SHA1
3863106cc0905c4e0ba17c728386845908efada1

SHA256
e7187585b6c94d0231225abaa25e2da46f786252f53cf95696044f9f3c1c10b6

SHA512
0e2d36582448fd538b6b271edd66511851e49f48aaea20bafc2510091f5ca2b288b6c426738d1882e064578be62efd1cda2a60a3de75e118f4a30167bbd86b63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ad37092c16506011ae053380bfc1eea

SHA1
c1f90b93b0f21b15c13f2a955940a60f3ff8df3f

SHA256
40e699c71b4fd5e9ecd700424ac59e02375cfe4689df70cc3cee321bdcd9c6c1

SHA512
59b2f8ef5cb50f05daad5acf0f51ec0a4f678f4c2e9ca877e18729cedaa149a9b2cf51c62c0b6c1bdb0e27faa5b2b8954c131f3bcb60c4b5f5f02294c9d7976f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
25ab9f604a1a88b1f8d228eb53f555a0

SHA1
b580c2a1e311dbffbfcf51f5621b5c4081684204

SHA256
ca9e91c2d1a6d426a32f37bea4364cbf6c37a48f2176cc4c2fb1461f361db60b

SHA512
30f0a7ac34f94cde09bef4fafd90a385f925839b39a22e3d0be5fd400df3a03cc6ffd926fbfee0d60c41d3204f59455f1c90c3cb375d20b41208c112e58047ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e43d69cfbe9ccd9bf8b9c8e2fbf709b

SHA1
5b21a7655c5d1b55f4d92561cd275c817a0ee8a9

SHA256
bbbe99718cb59a52fab6d8cb1a51966b8454726d07d0e8d59931deb554bb3091

SHA512
fbcb624cd2784d3c7ea240655b407229614d68c2741a2012b80ce8924f4facbdfe32773ec9e16dbc94d91327e300c391cad3bdc0832cac761926ae4e4f5ee45e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4de7cc2ed622e1f7150ed9147b3ee30f

SHA1
6a01b8f6a124782a92a5e7a04a52ff1d51dc125d

SHA256
d0b5206518a96079b8ae01223484b7538f773232b5c3ef4f2d17a357dae91d46

SHA512
1a693db3b4a54967c3552d683b12137e3a77b65003c296c13c257f82c41d1e1649bdd6c556adfc7bf7c041ba9ab5b7af2436b2249a2eb73e454614bf18ea9c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
55b05ec435d2732e1ce0dd551c3d2216

SHA1
40b7e9f7c0d70d2fa97f4c71c98d1a56a07cd1f5

SHA256
f56fdbf7fd2afce5f2ef609733e93e8c9ae222742732a389c01d1e5e0e603321

SHA512
7453dc919a4ab2845caf3cace56d9ebfe8dab3d933928b40f7b75cd1ff9d108ffb7d196c5ea826b436ceb099aaadc72748ce93073393c9be0af25a7cbae000a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6142beb6826ef90f8a34ddfbccb07560

SHA1
c0a9676f254c8f7b97370c49074174d77f72019d

SHA256
aed8c8d0e4b0b3c7228379b8c633de9151e8a4bcb33f1385ddbc553d89c77e20

SHA512
0befffc1707b7f8fceeafd9620b6a34627d0bf290419b533f6845cd874514bf14319aa26a96b032a4753becb6e980c43465d0e6d1951c0d473f1775f3ba43ea9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dface7b8eb1385a2253ac0f36535af2c

SHA1
84ef0e6565f7b1043512995424444baf8bea9c3f

SHA256
9b5e67fdc1df799e179f2fbaf4aa52769a1c0d3776da5c52f847a20a4ff84a2e

SHA512
62a73257f5521fc58b52df74d62243de68aa94458000d2231a3e752ae389b968bcbec65faa07ba78930cc2120190c0045e048b9934492ca2cdc5c70a31ac8105

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98783813f7599645f0eba7b6bfd41f63

SHA1
8cf405b7cda0f2aca479ab85a743ecbbc24c2abe

SHA256
fc7fc58b4343a662482cf27c896608e9c4805971aff205399fb6691db142c493

SHA512
2b57e35245dd2de6627a39df13f74d889e594c42931f91789b3d53081fcab879c6c40ebfb95240965aa14b6366fa51ec7db0047eef5833287071bbca65a1595c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a99d952709f49cd2e6b35f6c4c86484b

SHA1
db3784fd66435628e4baa47f18130a5f2b6f3091

SHA256
1ac7e540d17fa54e593f3a072eb6c7be9a00582d997769c20cc2b6ced18e2d9e

SHA512
ca41b237fb2aa390f3d2c3f97b32f508eee19744cc38642213f83f1f552b47a12dac6a21bfc69652b87bcc57d965b7300f93799a47c6a33d041a7cf5c973fc5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d352e720a3952670cf7203a7ba8ebb64

SHA1
c512eb8b8b4a51701a6fed1f899ca721f7f4cb85

SHA256
1b5571fe661af39f6dde77c1d2db3e2f230c3966b3cddb5baa30fae573e98514

SHA512
747c03e476dc5455f03086407f6eddc931f357c1f95141f57ed14c1c66c09a775bffa5353653e7809b35746cc47d218a96ee4d344cc14edf4116459fc778cf86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\53STNJLW\cb=gapi[2].js

Filesize
133KB

MD5
288c5ba5b7001fe841c32f690f62cc93

SHA1
29aba9d8e4f7cbe25fa5e64b9ecbe256e51fc789

SHA256
c2f33dc18eae27d4e878bf837dd97f1bde5151e44b0271408535bb93265b8c52

SHA512
e375d41344a086d35accfb02bb1f91e2dd383db032af387fc3d6b1230057cc5e432e9b2cdd976e51425b4f587391d42f4d9d857c2e6f11e822a65edcb85f1c9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M2VO416U\plusone[2].js

Filesize
56KB

MD5
1944af3661da46249991197817b6cd8b

SHA1
f952df40ec79fafc7c798f37aff92878977376ed

SHA256
63326a1c4e0eddd3501f0a064b06a2708eb0362f3ae934f53145978d3d0799b5

SHA512
0bef19b32be337cfba179ed9ce4533a207cfe645d2e5fe0da9fadc7b01c72704fc89749670d1ac48b8d494675bc62ac089fdc4d8495979226f10828225594376

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8B31.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8B73.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit