8ba229d46957dd48f04a96f062cb815cc636c7634ccaaa909878bab1123fb2a0

Analysis

max time kernel
117s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 13:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4e6cd9ab5ada9d6e824cbc4b84422107.html
Size

539B
MD5

4e6cd9ab5ada9d6e824cbc4b84422107
SHA1

f1875c181c99820f784b967c83efe00865631d78
SHA256

8ba229d46957dd48f04a96f062cb815cc636c7634ccaaa909878bab1123fb2a0
SHA512

241e20df0cb812e89d82a87a0f1ee9d93e28b5ba03feaf10be92b43a8616b7a8a49cc7bd91db43a50b7f5ee96a2afabeb9f57ec8409b738c161d814fdb4db16b

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E0D92571-AEF2-11EE-95CA-56B3956C75C7} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a00000000020000000000106600000001000020000000b60d260b4189513bff34076d0c7abf85258ed02b372258a9b83d140b66ab7bb4000000000e8000000002000020000000994695001d7479117bb7a41e338944d2587c3f2e80cbff86f07bff9e04d4454c20000000ff3c57a125ea726d0b030b194504773c4b2231de79428e293026c00aef7c69de400000001fcfa1beb0e438f6b6732517b1ecc33a97cdf1a80cc16a06ceaf082cb5a7cfabd1d939da33eb254d05279ae396b050297ee16314e06ed9781971fdb022a2b402	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410968738"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 100b66a6ff42da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a0000000002000000000010660000000100002000000069c1f46e0f123e1910041ae3519c2cc3d39bfdfad4e60f1266dd1b7401966237000000000e8000000002000020000000aee20ce514e19f83cb7a9af23f3f865c3e12a6ba7524bac456745f3a313a07d290000000981440429b5d43df9968459ad21470740eb05362497fc6d71f1e9c71aa3185fb6fe91f961b6e59962e43da6b9db446cf1c77b3c59b052b0098fb2c076741b2d2332472aff59174d1c45b2850fd727a75bf2eba940fb4bf7391597d214117008e65534c2545928adcb2e864c83cda5d1eb7914269dc7c5fc663516750a0e79d613874eaf21baa9039209100193ed1e1b340000000eb0635d3762671ddb2314b57a3e0aa74b820b8f9669f91a556fb7b0c103307293990b6ed320b74150f94e9dddce5b87cf9f1ce6acc0c8b50e1bdbb2bac087f58	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2204	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2204	iexplore.exe
2204	iexplore.exe
1420	IEXPLORE.EXE
1420	IEXPLORE.EXE
1420	IEXPLORE.EXE
1420	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 1420	2204	iexplore.exe	16
PID 2204 wrote to memory of 1420	2204	iexplore.exe	16
PID 2204 wrote to memory of 1420	2204	iexplore.exe	16
PID 2204 wrote to memory of 1420	2204	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4e6cd9ab5ada9d6e824cbc4b84422107.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
caa7c487833be2b9b3d6500298047242

SHA1
35e64e58827a60dd2dbb2ee9b333b252e622f22b

SHA256
7021230514b39e30955c6c6fb98e024f7efbc9dc1a3d9d041760c5c3a55b8a15

SHA512
0db1064bdd8e61c0877822f33f16ce12684c97a1b39ee5c616fa25064ae5b8b1138b911be19ee8a79cd54309530c451f04568f6040dc07e615ffc8b07c5a05ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a35362fc837e3b08f9cd3287aead6efe

SHA1
40b3be8e067bf9922eabe55fbbb9bda11dd070f0

SHA256
279d19158102decacc38098c54a42c658ca873937ee43ab487b9d2dff2a6c44c

SHA512
08847b31ba81887825374906bf04cfbb45dba2c7243213167518b32f0a3454587ac35c16babea185673528eb12e0bf0f80d4fd4a6e3392cbc8ca4ac2db15f4ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4eecfa8f99b8a434050f7e013449bfa1

SHA1
5b7f6511b9041a2ff63ac0fe7fad35c0ccf94435

SHA256
a2a33ff8f5104b4d0a9b241541686c7c1cad1a14249c71b0127ecb35d7e61c0d

SHA512
9ef7df2e308459736034045d5ced2edf53128415f5ebf2d24291658ebacf20834833826cc579159e2dd9d04c1f9b89b493ff973c870e59c2964218a1abad2a86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a0775892ae010809856295cdcc6da402

SHA1
2f3d904b4373834e651cbd6a47b2543701119b76

SHA256
7440128cae225062b47cef52561382ee5c6cb84fb262bd3090a1468d26ca6288

SHA512
647208c2cc771524ee53e11acbfbc5869bcb1f3a6a23c61cecdba364f9ef15d603ba084fe84e090f9e115e6e10bb5002294f67f80a77fb4ddc148da77d8de57c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
44cd1c25e2b29963d420704acdf0c46f

SHA1
f937011d3ec3e36ecaf89b96173a8ff3a5bad11f

SHA256
be3294108d5288f80df8ad91e75458a4f3a054892d497c5922b0f5b839c90620

SHA512
7004f2f2a751f360a99a4372977310b222168cca6af36ee2e531763e6674c3e643b3e122ec649ce0fa1f8ac6979f4e62069b17e186d04bcf147007e114b7353b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bdb8f80788ea32ac69003ce901c3d88a

SHA1
0a93aa89eb861095f2126ea8e4d740736a7e1c51

SHA256
97c9b556a98a862a9bf851bcc8913ada1ff067676271d4dddf9f1eb4b50fed20

SHA512
53a7e355c9569aa6bc6c46259e670ff1da999142f57b656547a86e14883988f6e6fd41f156c0686b2c64a52cc64b0801d57822719e1b66e6d73d24ad4202ce4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
93dbc36ec5b8b8b4bfb3881f5e9147ad

SHA1
b83286655635efd83d97216637a765f2967e4585

SHA256
4e0ea72f2d53ef60b0991437de2d466008ea3fec06e8fe2f5512839f2cf723d2

SHA512
815e9dc880921eadcb69c384c78b2b23342809cbf1dfddaf9145f38882423fd796068ba5bcf8c958c3c49fb111eb502c1190b67de82df675e11639f24af8b6bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
10d9a9e37e130ca7502368783c8fc143

SHA1
f2cf5d093548e52ea4186b79c0d53ff44e14fb60

SHA256
d23bbe1e3709bfe2d26b440980d9d5c6f06b8f6d82f83a3ac278104f13f88102

SHA512
e2111812ed6f4ac3cc17d745534b4b75c951058caa7b3043df1c70f430a87c87cad1d6bec9d6e5bf75536fa746bbe6db79d571b321e3767450d3e3677573c5e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
892c9f6b4801e365583f8824f1e9379d

SHA1
f8b847f561788508817cbc58e49e19d30359bb0b

SHA256
ffa7be22996dee6ad58504e39152e27b53aa993f5924a876b620c7539ef63b31

SHA512
29a90b96c48f4c0b4ef55a1de1a8dc8dfc3b8055337de5ca7084a422ae51cce437a1b5873e74500ffe88a851ccdf36cf41b9692a33e85f9e068ef2a22ca0e826

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
688264b3a28f68df9a1148c6051edf3b

SHA1
87e67e750e5a7905498971e5ffd52d3c73c9be2d

SHA256
524616f214bcc1eb55d11235b5b5fc5f24454bafcc3fb3911ddca32f9d02239e

SHA512
4efde812c21c6be17475377b14829426144d1a3b26badaf8ab303d68de4d68d68e6177d22ef5f23f8e20b479d3f8d26bf16190caf7c2e9c26d284f8062cf1037

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
330fcba53eec6f26975beff2e6a69544

SHA1
b5f21f37015c3ed8a41b5b7c4118b853ed57a5c9

SHA256
a7dbe6a3cfd7374a58b9ed05b6427fe7cf9913e01b84aa3d7c05de47df8ae5ad

SHA512
97616fb76d97c42f18a46b931111c78cde994eefd71384a7f27f3a0e4938f7b80b1e437b204be919a47ebedc7205fe8d25997fd360b513bea873ca52a02e8ddc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b63758e4ce05c6bf661cfe18ffa360a6

SHA1
62362a5ae4534a0998e3059b87f475866399b3a4

SHA256
7d6c284eb442d4e3f8aeb948346aa1285cf70aab00d1f61b0540f869f3b50729

SHA512
446577076c644339ef79ee13c93541867508847ce345b4c2168a6d16fbaab56119b205dc8b698a11ebd56de25eb71e1d06c69190b52efcbfdbb4eabfd17f0b71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d156b530ff321ecb8a5a2af07bcc50e

SHA1
3340cbe4d5bc8860ae5bb447986d5573d2e28883

SHA256
0d59d31cc7fd9f2b2152ad8c8e763b949bb20763bd561e2e1f047c74ef809361

SHA512
483309a98f09488b0554d5e0fb8b65121b8cb21b32cd4f372080bf53a77597203a2e6855809e4c917f992374974b3997ee7bd928b007e583664908a7c3b69149

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
28eb987ce171c6a5560373c3c9c2a6a0

SHA1
8317c72db7fa910545d0ded2be44c1b43938d014

SHA256
3f852be9c2b42a69cc0662e75cdcfac364349f0d9e3be161fe3b9a1a899a1897

SHA512
e2bba5c270286742f58379b1ed955c792b4bddc456c24b2f54fc79f2f3e871e99ac2ca4f12617a3e4b69a67057c660e11bb79a0947f209c06f282bf519591995

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b34baf1f5dc8355510dfaac5c85e55c6

SHA1
2b46e0a5287b2c394fea4751f0a88edb7c628d58

SHA256
e3b41be9949bc9e5ce402169dd75365d4ba931f6f784ed3bf8d4f89b1146331b

SHA512
ab0f3e46bd667df016ff35d5b65b606d1b7b2231c0807dc0aa38b94780a809f432a2c141e8892942509c041bd00221b45b31d3ba39757c60f283b90a12722f0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
401b00a354ac467db52773e6693e5036

SHA1
a8a3a81c5d8831ff4c0e5c27a79a8ef4cd3e1b13

SHA256
b4d2ee37b613735cb38b64b0a98f40b0ceb6b569bd50bbe40af2d6e7e8216dc8

SHA512
e1600ae1c9a8109b4f1323aea7cc33ae0a478b12db7c8a189ef19d5d74ac7564f73eacd38178bae0eb5ecc2fecae54909f56625a00e06d1940cd685783bac439

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e927f79c623cf82585f106b5559d7eb

SHA1
9edfe9c345f243264eafcafb44ba4d502e8af2f0

SHA256
cac8d52298b7f650f71330eb521ff534490f58ed590bc0d392aaf2b31364d1b5

SHA512
6a2e86024e54d9b504ee419e3189eae3f1c8a6ca8fee684cb3fa38f39817fa12bcd80451c6802fe5762217b1c40c62352c465613d6405bc2f36cc36431bfef81

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3066.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3144.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit