dc60bde110d5dec66f51f37a2eb43527de12ee69836cdb7805b26fc14a844c70

Analysis

max time kernel
0s
max time network
131s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 06:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4da079734f4c28f693c58172a21de8a2.html
Size

432B
MD5

4da079734f4c28f693c58172a21de8a2
SHA1

2d5aeebe3cb17ab413b89a34e3bd48a21945b91b
SHA256

dc60bde110d5dec66f51f37a2eb43527de12ee69836cdb7805b26fc14a844c70
SHA512

689972924584777fb86258903448219e0d8c9186f874a4a8ba9fdb7184525817ac9cd8fd946c06d2442b6e8605b48bb994e824ff3351355a48cf0418c3e5b5a5

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7A8D94C1-AEC7-11EE-B309-FE29290FA5F9} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2932	iexplore.exe
2932	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 3044	2932	iexplore.exe	17
PID 2932 wrote to memory of 3044	2932	iexplore.exe	17
PID 2932 wrote to memory of 3044	2932	iexplore.exe	17
PID 2932 wrote to memory of 3044	2932	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4da079734f4c28f693c58172a21de8a2.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2932 CREDAT:275457 /prefetch:2
  2⤵
  PID:3044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
39c433671764a814feb0f76ae8fb0c45

SHA1
6d9b3a7335699ff7e08725852d3d4ca8aa8b42ee

SHA256
752e52c9712a6a5d7304587f5fbf23fd7a0c997c8968459ce2cf961d93c5298d

SHA512
eb7cf972ae8d32d63c2597f66ebca5ab6367339062a4865c2b80886634c7d7d7302c7b67fff6828daee0480780740f9dcb7678d133289fb9966186edff031e01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e48d5f91a67453848d486bd94662c8d

SHA1
cf4cdb1e4d2bf53e139c95fcc72238c7c320e390

SHA256
45a9cf2fcf7ed5e59d60a1b88ab0e88c3782ce6cfcd9f6ee605faea36bd08c98

SHA512
fdf9a2fc213ee786b6dc6f97b2919e46c6d3356dd60ac3e218482ddc1bcec7d8b62ea3b7b95e35b2c4fe0605e0ac841bd471b50f96939727d10e6c3d33fd858d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c7bab6427918a6683cb27867d367c1f

SHA1
68e1ceba0543068318062f1e3b6f4e68721fd720

SHA256
25f3cfa4b62ccfd5b4743ad49b5a5b04a5788db3f8e6daff79ba1c0913ff44c7

SHA512
da4d6b3bc7a5afe79fd755a82aa819b0147de450c3888007cb36425ead4319cb140e715bf9d46f01658c157a1f63d0635f2fef19f8dd514a47b7b997fecb4bb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d3f509073b5eb7c6ce1cdd7b4c31cc9a

SHA1
d92584a7acd935c863362a8ce47cc1c3b988f64a

SHA256
88ce851d43181714fdee089348be284cfffb105d55a62f497fca3582f85e5641

SHA512
a1f7177daf785998ef1ee93b82ba1e524a906cc0d9175620e4fb9e7da6eccbf50ed46d45e24d2f2eddb72e47b881910bb265dbef9434dd93a7d280d199281972

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6610d2c4667d428b88772f8d54c46a6

SHA1
3714ff1eeae1b90a34103c9a7c6407a61413c295

SHA256
a0e46161155b3dc8e630f4720cdc1acbef09604c57bc180f3409d0126b91c43f

SHA512
d985dfdd1e8de605691308e183ffddf43b400d8f2b702a516c238658c237e56cc7a4a7741f2f8a5ab486f3d0ba575d5a0c47e5e7c76328bc15c65183370de252

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
92a906c73e4f96399e0def40c18a5636

SHA1
59b38d16de8b2b1c2c408e732d50d292932656d4

SHA256
34830852f12b72d9b9da1cec63934cee47ca82c2cc8178bfff36f36cb3681713

SHA512
1e78a80db470d3e6a9ce23bbce103a232cfb3b5f6f97df855b50308cefb2ee99ebf99f7cbdbc92eb0b528a548ae8449638f0b06194f440a28dec2dd847ad5d96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a8abdcd2ef266de4f91b087ceafb6f1

SHA1
951602ecb8151a9f59660070b1a589233d568217

SHA256
0ed03ba69eb0d4bc4b6d02e5cc2da82d3165df9fd0ce878ac36df0561b4ff688

SHA512
45455822ab6fce55ce078e17bf23f277f4b37500bcd2aca20ab192a6c97124018b839a8bafcbb9725795a9662d2c4d53e5267713bd457211652988ee3ce3cd37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc8e4f742768629ea66e68343ae37c4f

SHA1
a0cbd709c8fca06947ccbdd167e50005a6ebf83d

SHA256
2cd19ee644dd365d77c1611af6ee57a1e147dfc7bd4db16b5352613bf6af9e70

SHA512
0ff120152cec16c1ba91b79b49ff967e7bc0f6301d46dfc326ec9ad4b59e5757952737a8de8f37ffc0e8bd6f13338eca90e607e4ada93e2f89ac0844e0950b23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
49f1a1189ecf4cdfbad82678444b1b23

SHA1
4853b24ea784711b18d99b04e440ec4cd2d3c135

SHA256
6f7e2f6892f108d00d43593d2e35507a606b3734e5f5b7c4e6e22563a672e7c1

SHA512
29a3b9bba0d8bab181c38d09e3ff489ea33ccdf5e1c25470fc601ac0970c3a3905f928bf317bcf1f4263e1ff1155ea732c1ddd1040f1d21261b8746b4d849685

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8fed48d59ea735f3dde7af53f23cb349

SHA1
2dbe08c1b39bbb188bfae5e53922ea119ccf9b74

SHA256
e0031e72e694d1a03315a9b7ae1f16771e8bba488de4e2bf7617e19d81142e42

SHA512
1d450475f4fabd16a6cd00f976d5ff6b1c7f7d39863e40ade0f5e38f7c5296a7ab1e02786694bb42090ca73900ca0d8e46ef0615877ec1a3d2570cada31cc6ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a9453a4c5981168be065b36d94d8cc55

SHA1
2161b6298eced4fbd701db45fa67db9d58eaf291

SHA256
cd284ddb8a3e319fd6a17068a0e63188f4367ba76d369516d970279fe998cf9e

SHA512
2ce59d71820e95656f2ea61cc8ff6d0f2f9b3c04346c3489e5ec88d101018bbeabcef863754c89e1053b5153890968d44ab4f763ba815305c35f16ff7ae17b79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d26dd6076c496b4388c5dc02809bda81

SHA1
216099164b9fb8a51326735896ae06b2060c34e1

SHA256
c0fa3f897f142a399397d5fd1604780da7fc7bb7bb1150fdd1ecca5cee42eb3e

SHA512
b95c2c230c228b123437fab373b64a312fd4446ef33ac180b5c4ce7387ef7f802d0fb6c7d9635eef8b2cd8071dbb7c5d62fc200c5985d47e41d99cd131918f60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b6ecdaa15865fb6dd1ce30ac9037895

SHA1
33d1b50b237724ceb8861a25e8205fa48a28f1a7

SHA256
d3f4e17553b98556ea9c176966e0815b125c81f1947c3cacd1d591e69584796a

SHA512
5a88eb8701ca6f919ce2aa42dfd84dd8acc6d288c92f5c80554c12e7810d76662546bf00f0456c2a7cddd2a5c5b54a91d370ef901e6ade5695e6d9c1b0ae6c79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8427ef2e457cdfbcb8ec392bd257291a

SHA1
1c754afcfcef7a2f7fa5e8c9ddab0c2b93e43d8a

SHA256
e0b29a848fed893ead9f0f1984ff600cb7219dc6a2bbee00d9c040dd59ab058f

SHA512
4c319bd4deffe657ed97e072bf50cf67734b29c8441b21a9a2469e2a5064e4191cdd0bc0ded39e0363427a04596d7b96e9c16d7c2e03272a62c9a9a104bc7c59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56a3b81f6d785fc1320d1d6843ee64b1

SHA1
bb72280ca44b2720138e4febcd644b67132df3f9

SHA256
6a2c98d2aa08ff47d80e94d985a0a5c707bb29bbab8b27f911d58dfa350c0450

SHA512
68fb588668524ae34aca11c4fd1c1e64db11b15d032fd614d08eca7a633651a9bfc0af37659bbbd212a4506734db690a7fa3a7b28510b7b0a43abc90900686e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
098c1fb2ee807362545c543d8012bdf0

SHA1
ff785a53376199ed8322887234771892594d4246

SHA256
d4945a9766c14274a242b159467b7ea93eb2fef0d8dc0f67f516fe9fcaf4c100

SHA512
a9ff2c18bd4b0dd0c7457eed1f195f7768ddaf242298f12bb86783df675d2b739286c26867d856c4ad1838d41c4219788aefb412c0391dd6ecf0be6ab6bb426c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32c1a4ae02a2d888959a14d9c58a8ca3

SHA1
98b47d19add5d68c0938723961b91c0f6ca7100c

SHA256
fcf9d839cf0507f828ac957494adcf513a3885923904b3c693aa846ac88fd7cd

SHA512
6f1bf5aacaf22943973d66e3fb3126526ce3e1bad1d62c33b5183eaffe8db7150902f10aa1f31556dc47dca94f7730c64e0c2ea41608c386bd5cda78d36b6071

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb16b758e897dc552182f883ce50cfd9

SHA1
7f2010c43ac749dd44834f2995e316ffbb3dd52c

SHA256
be3e4503c209e1a15007f6b5eaefcbde3b7762dd581386f97af15acabd1377ce

SHA512
2d9d4f92680890fd78bdcd56fde7ec9afaefb5f1c81aa290d950794fe125a4fb984a5e8ac5d9a99f4ab4e705750c825c989dfac453d0bbefc0bc895434160b91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9352c093b1da65525235de99f25de53b

SHA1
cbc3d5adb2f90698cd6a8b9fc7829204ac826e45

SHA256
5584ad5b0a1240d0c3844ea719576597d4a4af69ded87b45653f4d2714ca1282

SHA512
d3c3ec8b12063b4fe104ad49eda7ce2327b108fa5b6c8c98defdbb4b605e2af8273d43b399187c4f3e56832ce65d31039e44670eb93ebc5c5c37c07346d92d85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
0449c2116932071b859909492c574e48

SHA1
42bfdfb584eeb7f7c00865f9d5006bf34732afb2

SHA256
445ab2731c9756dccbdf84cd2cf611127fe86aebac933fb33153d3a02126288b

SHA512
2275d2e4f57925897178b6b013cd8bd036ad59680b122aef29eb7a13c6d24f732772c9b4eae24ccd77760aa8019e42eb651f66d29e19ad39ebd4a4dfd9be46fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\n7bgnbu\imagestore.dat

Filesize
2KB

MD5
aeb7d9b1e2369aeb0a28b2e583a68ed2

SHA1
b39ea9993c97fa2075ef33b9ada5161dfc13cb46

SHA256
cd6f4ba60a20f27accc50f180e987c2646a9d45367ed94e844c7a1720e2cecf2

SHA512
e32f4bb0b24d4eaed07d3ea020673e47bf58c09a44da83b1290c3b6afddd1abd5a4654c136a61402180a058d34fd6b8efa053eeb016b5f56564583bf0245467b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3EU41TPW\favicon[2].ico

Filesize
1KB

MD5
91abe01116ab422c598e9c8af72cf4da

SHA1
0f2815fe8e067d48537ad168225ab4674271fa27

SHA256
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc

SHA512
a4d5b20c3014153b6b382c43404917bd2cb5bd2a59bb1e981f5a19eb7dbdec185ace288e9700428d24e5ac623e45d04905e706f0c45a1642b1aa6c091213c23c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar997.tmp

Filesize
68KB

MD5
f2006a2dabce4f04e93d2c6be5d80757

SHA1
ad04ca757d218f67cc47f70ec3912e1300c4a906

SHA256
a07ff2e7df3cdc697ab54be1d3d74311167fcdf53ce073e9520883cc26706a55

SHA512
9fbc8314057e5a9d22bc7070133bdc0b9ab155ad04305b7814671a30715b8d568b417ad0f559eef05637f430738e229ce1c5a7f0ae0e37ab64a9ed7c17b0ad75

Download Submit