1f40c304fbec0ced12f9656c27d4b1218f02cabc902e31455e040a77c481f72d

Analysis

max time kernel
120s
max time network
137s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 04:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5284be31acc46fedf8fa32a9065ef58b.html
Size

1KB
MD5

5284be31acc46fedf8fa32a9065ef58b
SHA1

1775b4c1c4b0fe09857272c38e9a39b93027c358
SHA256

1f40c304fbec0ced12f9656c27d4b1218f02cabc902e31455e040a77c481f72d
SHA512

2d065162d7d534e78556b49cafb2048814171dd9f81301f90735f2fc9a632f6d42759e84cff0b272cbf54e1d81f55199d5303adcdad3174321bbae590404721a

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CD29DCD1-B038-11EE-8495-CEEF1DCBEAFA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4087e7a44544da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411108723"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb8000000000200000000001066000000010000200000003ce47fd12e584d0626489258f904b338221ba89813f71967a5ebbb6bee3df9f0000000000e80000000020000200000009adbea2a4bb22c1b53207039e4826674eb8e4b0102f6a251f4992bc287630b89200000007aa8dc66b7445c982a0ffa09a0dba18d6f3f3017820de2460456d320aee4082b40000000a22a311e12c76c8c72d6071865954d0a5399926df898a60889558a564f228187694b846b9f4b436f16d4157742d65be1cdcf1dd2e585b25b3a0941c4d2c2e639	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb80000000002000000000010660000000100002000000085cc675ba739625777fb664e87ab18a9a162a9d4ad6ea93c2a4477d5721d27af000000000e8000000002000020000000104cc3e805b8d92ff17d55caa214deac57b89ddd4c285698f97edefe46ed48ae90000000fb8e832409ba3da7667a17ddd3d78887215ab69d75b12c5c907242eed3788527e79170d743c1032383aa0b8a099a4a4ab0d785af8cc1bdc96b1042fb996c83585183e6eeec7d9f0b433589ec9a5c6ae80dec62a40167806279d12850c86068e5773071ca7f345634314b2f6b02c22e3e28598b757f124a603248c9f13ed1de86d4c6007d221a11c43c9411d51426698640000000206342710b145e561a9fb5b1c67cff3fdd20fa672557feda64c216073b64af309c98a8aae1c7bbab10d549d808b7bd59d132698129421228221d99186bcd1e5a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1932	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1932	iexplore.exe
1932	iexplore.exe
2316	IEXPLORE.EXE
2316	IEXPLORE.EXE
2316	IEXPLORE.EXE
2316	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 2316	1932	iexplore.exe	28
PID 1932 wrote to memory of 2316	1932	iexplore.exe	28
PID 1932 wrote to memory of 2316	1932	iexplore.exe	28
PID 1932 wrote to memory of 2316	1932	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5284be31acc46fedf8fa32a9065ef58b.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1932 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
127afa25adc267c24eb857b188f101e6

SHA1
3d6c3af22bc98abfc68563823ca28975bde82829

SHA256
a9c930526764fdaf2cacb51436cf5f7451e1a0df4f55ab7024cfc94f93f97c30

SHA512
db916c44c16c5a644b0042744d3718acea4cfa6f14909bf1e9377cab26ca1a27357d997f44cc12039567176af3ec448042b6585ebe5705a6bbea5aeda0d13509

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad96e0f3178872972e1981a21f291d3f

SHA1
58fa974d3dbdd719fbd7be8db3a5a6c0c1e6f415

SHA256
f921159d14b97a8f9922221de45ae4b4246c62c407609d4b092d80226df6a02a

SHA512
e98b294140e5eb94736d7e23f6666ff58fb4c5ced4e9f116969fd7b9310969ee3f6fbe0075ec293ba1a9451f27bea85b3eb864840ad55e2e5bfbfe17f699b5c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56bd8fdd520a9c4ca3751b4b5095887a

SHA1
4198eae1a49bf78efa07d7664175c08a7acacbad

SHA256
de79583902f1a4c417d0dc2c06d559b972681cf0765a578b9def8872bca6ec13

SHA512
af9b4161e57db2f788160221cbcd4611cff1004bda0aec09ca3cb216a2604c544251d06933ff4852189b99536d29720907645008dc7c5d917bff5f0e5ca34e3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75bdcb5687b42789ae7d0cad3aa6bb84

SHA1
3afa7f15b1394907ddd53e14dda33fd3b379de89

SHA256
95d5efb3b1532db7b540939624568e3d0b9fb49581431cea7a4b80b9711d5134

SHA512
52dc41828440ecd5b946e833a5f0deb7219ad350601777ec9be81b67d556e7e8527f409c2a181128d4226bb92c0ed3603e85d2ffb12973dc9034170482d4ff69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d0fd93518965ce15a29ac507871392a

SHA1
59b68316d14f52bd08eb824c46c2f566a7f9ba4c

SHA256
0231f0aded1c77681ccf3571c19de9367660f81bd282f9b2b3330b3f40b206d6

SHA512
d4cd3eba418336ad2c231f582c7e201974278c781f1d4bbc90602e8758c7c812e3f936ea8c43f77191514b000919082a5733a6e05da24ff3e2e02bdd72d1ec5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aefa7782adc7b8b1bda0b6d4c29876a5

SHA1
08075dbb9aba9e310df8a7e7c72c1fd4e59135ab

SHA256
e3e2347fb08d0e0eebf153b50b033739d72f7126625023f8afc19dc6ca646c89

SHA512
ffd96e77fd2d1f530a8b04fa81008511e84f480cfa9c773108cdfece2690a345641971d1411f0a59d932f1b1dee4ed4cd1959fef847a7a43467d8c2254083466

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eca2342b5214dc8b76d5ed1d6568e648

SHA1
508ccab5bfa5ee19c86cdcb467ce02f901d4db4f

SHA256
5560844d76522a262fdb6b3b588afa36b372a0408907578382d55cfaa578c9df

SHA512
645e7e0917f6f9fd7152efc3da74438245d9897d1631954b29012a8a8c2f0a0290c44c3f0409c6996e2d0c99222d4282b93ccf10ecd6bd342027ce112276a268

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
30cfc8f4538beb1b356e318613ca6a79

SHA1
48da3f61ea4d02520d636840c439c9598523e2ad

SHA256
f495fed4b3ea506e3bcc7f09e69b040a912c635e4575f5cdb5d4ddecf4242677

SHA512
5fbd15895fbb577f8270bfe897823f0bd0e798f2ba8513224d5d81f5f2cdbe8e884d711babe5af4d62edbd96ed04ee7749584e43d0d3ea77478052da26a51b4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5aa3aa4aa076f388fff1c20a49346fff

SHA1
68fed68d5144f17cce36bec3c9733bfc905320d8

SHA256
7d4f5e88710ca0bd6b4db7f30ddfe5c297d594dd47cfe9b5d1c2fb909d3d0d60

SHA512
0e05a500b2cad8ae2e393ae3b7f2fbb2f570e5056f34f39e69a232e323807cedddeda240023af994df810a717da2ffe9d90173bc28768de7a2b14bfe8f4567ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aa1515df466955c866ab47ab15261ea4

SHA1
85ef001635d6db17ddad014ce5a7917e6e4cc45c

SHA256
fd47ba3a21a07201d99adc536d36d8222c79e6c71c326cf99c22d1165190e510

SHA512
ac3490dd072d2d81b3406b0f2879451f038f97b7bdc73f808a57adb257c3e25082321c6e9748b1c3c5fd21916bc1b1d29fd6de8e5db876b6135e617403485b6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1296acb34ed19c394d22b7c83c7e2f37

SHA1
f79de52a416f18f5b8f12dcd474fabfae0d0e807

SHA256
f89e8cdd7509b4e9bb5bda1cf931bd98705ea42492a281fb3c188036fee30e0d

SHA512
d01b491e71e8db12f9d7945dee3962a279d7b84e13dd5ea3a0f6e6dcf08390c5cae0a20c569d4fad5e924b94c39c40cc226d3028314b811d70c1c6244754c102

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b6b915078b69d32387f2392ef4993c83

SHA1
752a8cb2ac26b914da878008af3c535b3acb1965

SHA256
9aa83a9dfd012b30640b3881d52bbdb5407f5026c6699919cc9698a59f828abf

SHA512
a4b17eb6526e5038fbf3ff899791e11c444aa8c455afbeba3106c5abda5a959eea40940b2d38a9408a4f666c45925fbd23167f036a6b23e0223448d4cbdfe545

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
223b4169455541cb7dc716a94fde9fbc

SHA1
05e5c9af2c19ba2fb57dcc8d598031c5e447edfd

SHA256
983d429aa229ef6d06cbdabbcaa518920e04202cc7c9de0099fcc20fbc4cad42

SHA512
54e978c94fcc63ce878e98168b36eb8fcba891fd6a68bd135bca8eac069f534122ef9133fd4825e39e2961099f81a53ba42b8eeb95a82182194848ce2d30d495

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
15ac875d41453d8b41e82640938fde0d

SHA1
fd087150226fa05283a03ec018f3e01c456fc309

SHA256
7b0d351b434a16762d7628fdc6549bdd256d0cd42f415b7a55c5a1cf7db767cb

SHA512
4217d7f3bf9557ec4e5c8a873fc7c2694c47951d888532ff9a9dba3e0a97673a880380748299fa358f8b6ac9df255023bc37b95eb5020396530d01881aee1603

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab92A0.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9360.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit