22b56138279864e5cf4f7d51ca1d1db527be8462729de175adbc69350c22aa58

Analysis

max time kernel
118s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
08-01-2024 14:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.htm
Size

3KB
MD5

dfc9de0b25e46d436dc3faa8e4605563
SHA1

27f2a97ebf6622c9663ecafdb983ae40515c75c4
SHA256

dd9b9cf0cfd9627d4666e54f060e55cb2cf50f317aa672f615954459dcb707b1
SHA512

817b5aeff5b27255c56cd0c5d7a8138e40d784f4f3545131570bc0dc85b24a3f3ca7bd5bcefa51c018c4bd25cd539d1a780fe9aac946a3391f7d68b2962d65e5

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410885820"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd7691733418900000000020000000000106600000001000020000000a572ea5e9ff1d741bf0d68334ee8212f4add0b00f3df76c0bbeb0c25b86cd195000000000e8000000002000020000000a32422e8614aa7126c3ad0e0f0ffcf3ee79f78a69beafe7098157c80a510409c9000000065c473681c7e726a5d9517314d14fd4e704ff22f3c0016e33f7d796b4e206ee6f37bf9c529782b7c6a1e2a25a8087fd73ccd3cdcd40780ccb3071e7332a3bb8d2100829d020614ba6351bbf9bdfff4d93ec153a2653e23744f85b004be40ddd6ceed1a08554e98edc49aaf36717aed1b66c83dc4ed7e49d94d611f9d6662f8634e087ebf3117b5b23aad468a3f7ce30240000000666043e0617464d667935f1cd852bc2b32b6c281ae98b4ce3851bb139a098dbf1cf6d6182288a16fe95b6755f023b2a1a3aad569851516a9765827dab4889424	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd7691733418900000000020000000000106600000001000020000000adcafa7ea671300fedef54d0606d0cc797c07195c00edc3b9dc51e674a3bf1e9000000000e8000000002000020000000435456bd36bcb1d53b6ae5b2e3149f1900e844f27258bf6d0d0b57474d8a7d2a20000000f813b4e893cf583b3e51953b54a1a7005827dc78a13b583b04dd9fd34cdcbaa94000000048bd7be1845b45187c2fa2521fb43d9a2a665b975be3f7225b929362244adb43af649e53bed8a53f1c1766d1e8474cdae6715a601df317ae072c18eabb81e847	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D186A9B1-AE31-11EE-8420-EED0D7A1BF98} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50a1b0a63e42da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2772	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2772	iexplore.exe
2772	iexplore.exe
2744	IEXPLORE.EXE
2744	IEXPLORE.EXE
2744	IEXPLORE.EXE
2744	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 2744	2772	iexplore.exe	28
PID 2772 wrote to memory of 2744	2772	iexplore.exe	28
PID 2772 wrote to memory of 2744	2772	iexplore.exe	28
PID 2772 wrote to memory of 2744	2772	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\.htm
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2772 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f853e06b45f34139462af9f4d010db6

SHA1
3e8082be198262e0ab1888693cbf05e32c2d30d0

SHA256
3a1be649cfa03631850a977660e195a483b2c4c7915fb060b07e0b6565795239

SHA512
ad8aa0d0d35c88ef5292effc981ce7f34c6557ebd411ab29ee88c9584308c90b42b06a6190fb4792cb498ff5e1573ac9ef385edfe08b2bf3c2e97d62fc9ed699

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
407ab8ca2cfe85994ca8c85ba4d38511

SHA1
50c317ac56db99facbe5ae5f4c9961db811cf29a

SHA256
5992794ad6c999d928236d7e37a9c58213c17b3784afc25eb64c0a8808d3cc67

SHA512
e26bfb8970a0d4cb9e02dbec790ce4834add1ca940c974571c499db90c97cbf9f409f02ee6a82a1a9b49fd36b5a7cb86ec72cbf73f04f0a75e20205acb30be72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
85eb387a9d6fd88b266be94134312367

SHA1
cfa6c387eac89062f03b80aead278bb1e5749864

SHA256
7f535f632d8c5fdcefe343eadff4cf6eca6d7c41dd9388306810cf828a3e5a42

SHA512
cda687520da2191832260535fab1dfaf1cf8d230a86248806f792da37274f02eda26243e9d4b164ede5810e570ad665aa93981eff6a9711bc6122e196f9bf61f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed3a5efc76707f58605a2a50611786c1

SHA1
a983c14ad9985e34d673c6f666c8ca01fb31f2ef

SHA256
2fa12c246fb6a70cca5bbf94ac5b4ee08d85c1192faefa3365ad5a1576a49cd4

SHA512
6cb4ae6555b8288e651f525dfe24f8f480d49e841dd1624cdb02eef279f4c8d86aa1d66c42ea1a99560700d769dfb38bcf3bb0d7df02acd76652d35127be4c04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d13b1d034652e835bd96fe03f42e1ad0

SHA1
ba4b8e410dab519e91da96509562d220a4d8dd35

SHA256
8a6e4594ed57c4e540e838bf1ac3d244c87634ec5c7fcf902c9d80747d01a56a

SHA512
3c8892c0fe24a1a261ed2269eb8cef86d188f3d7fd45cbb6e6fe3cdb731e5441fef18f78e29888f0a7ac69fa1494656a5176e062909cafbf49ed46ecdbc050f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1a393c06fffba53d76726bf55af7084f

SHA1
5cbb90381395ed7c793d4d76448b87e658191926

SHA256
46d75fdcf30a4b4382cfcc4644f1a5d1b4ac71bbb6e7de362e3801440c27938c

SHA512
683d329bc95be0813407cf4ab3efdd47089a0ee0dc48e58158e0cfd4d9744704037e5513325e16c3dec3d0631f4f632a63a1cd9f3049d3d0eb17f82f77770b8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a09cfd5ac1bd15759ddeb9876e06c3f

SHA1
e3160b2ef5375e983935899875bbc2193a4e5eb7

SHA256
aa7a742d67b4bcfd2e75484dd75a8a7326b4b69212bf5a73131adfebeee2b390

SHA512
2953d9dbefe4e6e3705723193f8140a80c10b3ab0683a551932316951bda52f3b866c2232dca2f1e2eccfdaec8507417c07bf16f776cc386bcf7eb0d69b5ffce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3602ee449e880b9c9d742da708a7d14d

SHA1
96e0eadafacb58c4a960687aa59eb9ad22f6b11d

SHA256
88da31d0aee2f739a0437b8e2bed43edd15a184ee0b61de59878f379ff19c567

SHA512
4d692af36fa3d41904fd4db00fff0bf8d245d584ffddba0c56844b3f457e892a8e389f291cf77c93676cc512e2fb4e4f04755c7a8f7bfd333e45deb3ab9cfc5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ac53d0d5df44a68e754afc0e40e380f

SHA1
0f3c18969ea911fddc6ad0e57e074e844b3f08b6

SHA256
cbf3a98d85740d25b7166f30147de23cfc7e3691884cad247f2642e68574fe03

SHA512
861eb48c8731d371c5f1ead2ed49fc38dd78521da01bcb3705daa43c464ad85ac17f1fb47aa135752596e59ea17d4e27c146ce5b996219fa8d5348c3f9f631fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ef3fc6b15001640dd3cbdd27086d929

SHA1
ef2dfc615bece142203d3436dd2d778be21028ee

SHA256
6b9fe8c682933f2f1673b68acea4d089560e1708874278b4086b5ebaed208651

SHA512
c4d10cc965b0cc3db4c315fde873dc77768ee6f586968e3d63f9890e3bc413e9ff8d2481bb27f7801615dc13000c29bb3a34cfd60e759cf5f594b3bc24518bdd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd7b73c72a50ac70eb7ad36198b110f7

SHA1
e376bbe352fc7de063c606dcb687996193c6da08

SHA256
a5276a3cfaec17a872c7e39ecf948e91507644837aa613741f08d014b5af88ad

SHA512
2a662545128f9175738eadd85161e1f19001e4c5053de280fc258c5726d6c87ae27b8d3d3fae26d746f741b9e4f7c036a0f9575e8a09d639f29812fc1338af7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d07874d4a0606ca90c2707ea94919774

SHA1
0cb6953ac82e8ae0e8e33fb84703999f3af121b6

SHA256
ca3c9cecb1b3636da9c3245902ca87b98ea6d769198c7fba8bc7aa4920eb0766

SHA512
c24f97cb3cda1f6bb7bfdca0f13a2a84e45fbbce4516cab01326ce0f245142b06c571b6a6e1998c68ed22d19cd6a1c2cc513481f1963365105d0d3facdd7e73d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b8991466c8d58da14bc9753ddae809b

SHA1
193fe05c8414745f274f3781e11fa1a30326c681

SHA256
6430147f6c7768af63cb087cffe70b08ef6a93352f89b2569fb95c34c3f255a4

SHA512
f969adeb01e884d369a62e31abdfb950e478ac8c2394c9530dfd26d4576c4ff1b1ea99cfe76078de28b44e490a2431914c28a5bd799deb5ee8c379e44dff207b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
790371c65dc9c0c1f5f186b85926a519

SHA1
c3bc650f83851869dfaf1399ce9395fe4c3cb486

SHA256
ad0b9539a1f6d008c2176fcad7058bf9ace37aeab14047023bbaa0a1679ef353

SHA512
2f6fd849cd81bdad74c6b7cb8a3daba985d45aa1191b869d9e849b6efbeaf47f36fb165ed1ddc3f408785252bccf1ba6c8a5dccaebd9853b9f9253f3476c0ce4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e09fb6dee30d5d73b03de7ce74a8cf9

SHA1
0e054633bbe142fbd561405ddd158ab6a8f5d077

SHA256
97bcf9541a8d639520e8da84d6c1834c5657f17b852a9318c613d8cbbc541129

SHA512
cc91855181c30508dcb5301f657c91cb11c81b1621ec83d4828f7699b5de1600806f3f11e45d1eb2793e943ac2f6815b2b1dc1133242f74acaa1e4a9a44ffd9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab719A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar721A.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit