034f34ae9e523a1ace2016237cb730b53c9122cdcffa231d28bffab49cfe5d70

Analysis

max time kernel
0s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 11:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5359264f6732830cf38e63355723dddb.html
Size

2KB
MD5

5359264f6732830cf38e63355723dddb
SHA1

f4af46b65e604b9e57d8e00b42b2e5651539849f
SHA256

034f34ae9e523a1ace2016237cb730b53c9122cdcffa231d28bffab49cfe5d70
SHA512

4bf2290616fd0814ee15570c2bbb54916d0dcedb9a6bebf8cb38c9af08b4b969db074d8ca10dcd70e4cb0e530e3385251647dbff17f29994955657a71cf9553a

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{49EB5A91-B071-11EE-A83A-5E688C03EF37} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1200	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1200	iexplore.exe
1200	iexplore.exe
2624	IEXPLORE.EXE
2624	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1200 wrote to memory of 2624	1200	iexplore.exe	21
PID 1200 wrote to memory of 2624	1200	iexplore.exe	21
PID 1200 wrote to memory of 2624	1200	iexplore.exe	21
PID 1200 wrote to memory of 2624	1200	iexplore.exe	21

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5359264f6732830cf38e63355723dddb.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1200
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1200 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a348075f1cfd6a1d2a530d5e4f13322e

SHA1
bc2bbb43354bc3038360def7612e097d61cc581a

SHA256
29c007842fbec91687ff8aaa7c0ee94ac95e430d532061fd58a80cc54e155308

SHA512
73f65fffa1338e247f4f6dd5384eaef3bce54a8c42179bf37002784fb01eb44d44a81e7ab0ffba6b90b18b5566d71caef7a64fdacccac25fb6dc2edcdbf79fc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7fb7ba7096d4347b5ba9b925078b8b6

SHA1
fc551b537e9c16b7e198617bd57148ae290d0f3a

SHA256
26b5cc007123a10c30b266bbe075701d6a684c7ec043f5adffd9382bfdbb8e0d

SHA512
17bcddc8e3565d1730a547733d04094a358ceec1c6b2396b9d80434c7557d477525ce279c92014aece4ad70d6022ba190d65c342f79f25a476aded64b7bb0e81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
741241d2a4dbac80f6867d3021ec60ff

SHA1
5ff87a9756d2dd04533de75b882aa5380deeb7ac

SHA256
9d530be0f650b5a374bd2b0b897a84ee83d258026b5f33a04b5ec73b994b438d

SHA512
a2517ae3d3af32be7364e804feea296a9445ded9fa25e331ef0492baf0bbd58ba2174b46606bc4d987809a16aed3ff42092bc2e9c2f389a6c55298dd0180216e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96927b8c3c260b1feb59e353aff44ad9

SHA1
36ec7d7ebfa6ef653baeba223d1fccf476f46669

SHA256
e1a8a8d2c94e0b0cd83cede28bf611eed0c958cb1b69bcb8e6924386872c5dd9

SHA512
48685b825dd8f4345900049eacb4337e0a97f1be56228c4ffba766e97a12279c6928a34b8570bbec387a54d9c7d102d24aa1b6986a8438ec6fcba3a5deb65590

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a687bac4443db30d812b5cdcf60ba23

SHA1
2b2e738d040e3e3982f5b6324322cc091c8f911f

SHA256
c27222a01a758c9ffbd71d9f65249c8b44093c10da4073bc991d5e748e32e471

SHA512
734376785feb029ea6af8696ac9edca504e983f3f2729badd9f0088a34f908d52de30380a25ab964c11b75b5db862d1791d4bd7c70c732f11d5d2dc1c164f8b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a9e007a38efaa1911ac79535505131b8

SHA1
42cffafc17fc7b01a29c115e0940d38537410a5f

SHA256
0cd2c05a538e8f90a9b87f9f4008ffd43e736d9d743ffb674f23d098221cd3ed

SHA512
7bb11c2911a0f1d65187fa8bbea6fd9703bedc04d5bc56db7652ea746d78dda7ab5f47657aa945fb010c1064334fb71e25b1bc79f8c8cd7678ec9499588525c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a7927fa0e90fe74453a65ccb0db2d43a

SHA1
98ecf1620a564ae63e3bc73892eb170145547495

SHA256
87d72d3d4cb5dd1d61f093c6cd10be7da9db8278b27ee64a407b906af69c88af

SHA512
ede8709d8a6dbe37d025cf8c070095ed68a0141b0e93149078cc57bce33e2772a10915d372fff63d4759a11412e1ae78d46599be40a139e6969bbc09b6660533

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef718fdc342b76ce91fc9714be1abded

SHA1
cb0df1a657bde7bd992a6c76b52d1aba72faedb8

SHA256
793b5530f8365000b41f87131ac2197113f472c11905e9eac1eab1252947ac14

SHA512
2d6c5ad6c2df5cfe1e31cc7726888353613ea99eb80d452c36195d0d37637facdc1ccc934076f7f5836b71bbefb68867f012ef7875d9eb69339efcad25021881

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c084ea8d28da9c7f0ede21faba4905e

SHA1
31fe265b84b4d63df8895017288c46b930b5be7b

SHA256
161b577b60b293c88d46ffd147be4edb6df18a7b326902e282a65f1365c88097

SHA512
fec59afa1fb59785fdc6d9bb1db5d712a0c956aba360cf30986d801ec8ca562331175f60959913a6e7dc34496d3c24e63c2150c3746f47a43983d0d06b688a62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2bbe964e4a421d0e93b721ba5e42dd2d

SHA1
d36cf2ae1768b6088ed01c88a3e743a3b2635890

SHA256
acc7ce737042872ba5f76d19faaa743fdd5182da2f203625ec111b3807328d24

SHA512
4b65aba6672dcdcf34cda44bb7764acafdc1fec81d21fb70ed1a45b287e383b5b9ba07fd344479271c3eaa2b05ccecfcb1e4fbab417eb3031f72eaacf4b7b5ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b9583d7a22b071444241f3462040d979

SHA1
62ce2f2a3207dbee79d7b4f78e970d448d6e7cfc

SHA256
dc2d3ef1dd073c1fc48d477c7f3ae2e5733f517ed5fb30cbf6e57cd369523e5d

SHA512
a8da0a1792d9c683651bc2cd238ba4d456c55e15625af32adee900eb05959053423381e3114e6ee4fe4a03cd2d981be55fd0ee80b2bcc5c8458b91de251376c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e1d63c82a6888dccefaff1a293fad008

SHA1
df10ab83c5f6e114e1843fd5eb290fc416fa1300

SHA256
d0ed6ed2bd08a47b52ca13ace2fc55ec06c70ef596083ca42d1f20d1db42d5d9

SHA512
1b9c8ea892295ab0286df56553c218321173a6610140434602da8d90e90dd3c3e404ac39818f931c6d203fc996c68b266859dec3426d6ff0cbe97d05afc05bea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3fbaacfcb7981ac9630f81e793021923

SHA1
cb4cf61ec81bec2353a26fceb625cf7207b8952d

SHA256
a824f2403c5c52207223e480699a188b77bdbc09ec9cbecd6ae21ee8395d4d39

SHA512
d6c45811a2bf4168708c7c82d336513978fcfbdd4420789290cb6846bdaff013e31a988911839475ab996f7c066586967344a1c61bea48775a547cf2374c86dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d0bc7aef45927dd214adb392745af64

SHA1
a9489a415ccec64a39d75300e8e28b6da437f96e

SHA256
3a953478156ccd1ea8aa0175bfee473a8be13ad0738fab45c1fe29b14e9a3125

SHA512
b1595e4b5a4499a3c52f1d37360d451269e2cd188087c5205d49a5c6cc8d9f3e1497a5fc1897ffe25a45c1f5135402923b57c130913963ed800a4be1ffbc88f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
606f965b32a03e7595c8d52ece0384b4

SHA1
c7697055a14da63fe9051a00992b6754e15fe112

SHA256
0884d728e7d0d6f2343931ae6b386cbe53e973ea03d33648296dc7ddfdabe87c

SHA512
711b24eb5335dd51cf662eab860daab9adb49bfe9e62f8c160cb85cd024458d09785eefeda0c8019afac5dc71b9e7067717f638fdc2a4a50a9a00edc822eb579

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab75A0.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar763F.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit