4fc876b024a3716d5f9e7fe70815de6520b56a1adea9f5719cc7448f02d90b29

Analysis

max time kernel
122s
max time network
139s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 15:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53f43b1223429b8521980f09f235ff73.html
Size

7KB
MD5

53f43b1223429b8521980f09f235ff73
SHA1

dfacde967002cb14d453ec79c21ae17b8ba6f06e
SHA256

4fc876b024a3716d5f9e7fe70815de6520b56a1adea9f5719cc7448f02d90b29
SHA512

ef4b9c4c5b8540f67e69e27e0a43ab4784cc3db1fbd48e5823d21212928430fb160c59cfae6aad7b379cbb4a33425a735ef215d28e22fa6e40da3abe310316fa
SSDEEP

192:FyB316jL8D6ILkeITc8mVGUGTpO8BXjYm5:Ita8D6ILkeITc8mVGUGEkXjYm5

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c193000000000020000000000106600000001000020000000e536beb242bde97447e13e0825010e47f49539d4fc941d5c5863489c3f4ede6e000000000e80000000020000200000001b3fba576efd68ee46e019754517a93431584ce94f0e226acc9d9452acef795320000000ea50482767712c1f7c9b96fa42242a05055aa514f53af560cc0ddbd3b629c5f04000000036400c9be89cb34167c5c8ad709798bdbec5efe3267cf0145519a2f2f36a4509e313081a3f887ae2563cf9a20797808b81ca4d8c7d1276682def63715621b400	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 804e3750a744da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411150667"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c1930000000000200000000001066000000010000200000009e1642601fb224bfed3d851f71349dbe19fad8d7f059f4bcf70538c6214aadf4000000000e8000000002000020000000a5c9aa42386e58cb504b96eb7738fd4c3fc34cf36bbea2c3c5c61f7ce0cc6854900000002e659cb961f36e258955bc8f16985711994ec50139bfc2a636e600285dafa243309792aec85b881f575604987c77cda2cf32b78598fea3746eebb89f7a5707c7ff66c3a2ae0550147a7ea86b371b8510fdcd6066757c4c4d706926479e76775b31163b4e8e50fe46e62e2c42763e192923be4645b195c12de978c943acd03529b10989fa3aba673d8a17824b7972569c40000000317ce380d399c992b3a59232dec20a42fdb9ffe5d44c6662a792d562aa0b7aba3de0eaec9be0247346a4ae37e2d83d56247480d97e5f24d6371fe24f7afebb9c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{76DFCA31-B09A-11EE-81EF-EE5B2FF970AA} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2988	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2988	iexplore.exe
2988	iexplore.exe
2744	IEXPLORE.EXE
2744	IEXPLORE.EXE
2744	IEXPLORE.EXE
2744	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 2744	2988	iexplore.exe	28
PID 2988 wrote to memory of 2744	2988	iexplore.exe	28
PID 2988 wrote to memory of 2744	2988	iexplore.exe	28
PID 2988 wrote to memory of 2744	2988	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\53f43b1223429b8521980f09f235ff73.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2988 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c578937eaae72bf284349e4b40fa6de

SHA1
7e94cf4c5024f30f162f8a25d9f077ec56be2d67

SHA256
040f8522da9fd01cc7e9b33809fae666498e2335af95233f29e1075a8c6fae92

SHA512
fae1f28dbac98d7985534ed8dde2cd9d23b52e9d16c9a0d2f9d72c1945c75f32a059c25b783cfde4a7613f782e44a6bbcd30ef17c5e203a8bfee759ca46f1855

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5727648e927e1ca30537576aa562b36b

SHA1
0f341780ffda81db29597f8262729ad4cadfae66

SHA256
59d3adfa2ae796f9b2403abd554292446067fdb2f773ec6580e3dbbed6f719ef

SHA512
b225cbf196c8b7a1c678e61d18553674074a438c2729a2bcc9074481452d58382bb7a4424d0bd1b84968aa47ddd6c5c2762ee74b64698a1a72cbc94cf2002b53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0841dd42c17a174c8a503ba3cf239f57

SHA1
b0a4587c975a9be98bc4c7389c4c779acd23ba46

SHA256
954a7d6a555f448e7894abcfbe8de9014bfa99020cbcd27ab7aba5e56f4e64a6

SHA512
662c2c0fa66571d07067768922586f660a99e49f1498fcca03d61d77f0fb50d12ac7b650c6660ba4491c4df2fa1af7c486a9f9eb23c97ebd91f95270e860cf2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c81cd7bb432954fb7e0f98910759e7e

SHA1
9bfdc801b2ee4b4bb6f990476f3a1216aa4d794b

SHA256
557bff283df1958a52d14ec7c89834dcf3487822b1750eaa56b3be749e72c633

SHA512
49ab975fe1a048b5f77db1e729de1dad2e322cefb70f4d8f2021727df910a715f503b1b7a441cdea80ad6ec295b2c70621586b8a6c16c12698c012d5bae21e08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff2815240b31c2eb26e276b4a9642bd9

SHA1
bb30767a55d8e7317f1a4878a4ce964ddffc7a41

SHA256
d56fc512fe1e4189d95b7c11bfea05d242dbff082d5ccc5296f3294618bf80f6

SHA512
b60851d3e113b45a5021779a34111e5fa5da66bf7830d7bc82bf4de8c4486f54ef054f83a5225e31307c9ecf5db93b41ab0c0a999e88e91eb8875860a7ccabf0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b0c5b7ba8fcf1813cff00d779fe076a

SHA1
512d9dcaf6aac1310b2d4d432dfd4cc1985d2138

SHA256
b0f6b386a372c33ca278a31c9cf420790d49df292e066a586eae7e241f005bbf

SHA512
4c59922b7e685b774e26854411f7f9b61da840419c5febae91c39d6fad84f9ff07e9d7bba4ea39a012257b52d658ae7c530eb0bfe78d4ef39c0155cdd61c4db1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
535fe279f3bde27850376c680ee4463f

SHA1
e53639745624beb9a993a6d074d620981a9fefcf

SHA256
76209f7497636980cefb30c1c9a1bd8dd4d26624ba958d3362489b07261ce23c

SHA512
658002f9ee63e04fb2582c607eb06a9ea9559304382b05117174e9a5bcd3134073c65e502ddb11c66741a79ba8f540037915a4f96b2439c6b1bd7fbaaf27b67f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e522aeb435b38b6037fa3b926f98e64c

SHA1
55188f6c925322712ec47f203dfbb3c735ed7042

SHA256
7d890ee771e16ec3b34880cdfeb4e1a37dd9788ca94eb472e0dc0f440534e458

SHA512
e87e4ad99718831003f6308df85eae0ddc39f55b06e830af4148a19349068a34112f9585115248a98c7c26263f128dba23f90fcb2c654909ca966b8b30cfc56c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9dda29ab6a99c11aada35ba63d834999

SHA1
58f327b4ff33494971dd4a8b382b73d834651f6b

SHA256
d40d19bc31756a39ece2a58b83732716caabd32f56dd79c80ecd8b92acef7edc

SHA512
caad968173b820a1d20bb4f18275cbe564d2c04feba2523580c46466f5b3a7683ab7e43dd869075504c55c739381463f036b24f69cfe196257ca39227bb68efa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e481b737b552b1dae30222afda0bbfd

SHA1
516005e27bf7f7237169217d949ff5249a502e04

SHA256
1b6bfa920e2d130273ccfe7f0018008afcca3595e420a4d3d2dac19d77b21520

SHA512
97e236b56a02921f2af03dff3476c2567f3729aa8d232a5afae065db87c15f06ebf064a837731f356fa9f3aaf71aa9d586cf063d9aff09d82d6bf455ae3aeb19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fee9d5bd35861e7982d17cbcaced6cc6

SHA1
15b502ce53bb6b3f40e88307c3a2f314896a2351

SHA256
91d6ea0750f75d9a67439fb85b1f936b7ad3c24af820d4ead30c8b5f5bf97c26

SHA512
0b94d0ef2106b5a16ec4505acea39c928bed5d2ef5719cd6854f2a18f1d42d199092a22155f82d5828358b18a6da7e41c752080097f49c2361553d3265dd65e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b00485678bc2db6170c99a46fec26f9b

SHA1
f077efd62a526f9ce212db293d5db7bf25814709

SHA256
fb8660ddf3adef6606cc9496facb24970fa68716f8ced3c10d6824259a0ad4ad

SHA512
227aeb21154244ca95dbe6a739bf3a2ebbcc5089b41eceb1deecd5debe2f042704ccee03ee379e1e18abfce5537d8601ffad30a9ac6c0f5657d76cbc95381c0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b90e662e8500375bc6cc2cf39794a2f0

SHA1
fc3e671c6a18b91675a1cb41439a68758dae4678

SHA256
0d883206a68b513756be94c0b52cf480ed65f1386dda63874dc9b842749c9f5c

SHA512
e249d2e6a35c8edf0b8b2b9c3598d4a27d21ae4d413bb60fd755533de32985b347a12afdf70f150a6d90d762f5e98cdf04eb6c26ef85671f8d82fc7948f81314

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cd73c6aa7c68b21327848b6426d8dd3a

SHA1
78f146d608cc216e4431df3e55e8c33c1205d112

SHA256
f91cb0290b8eb54c8c686abb63637db819532e25c89c334a2c2bc2085eec09bd

SHA512
e0ca64596f779f234198d9b6a96b0db4db77d39992003581c56859d207b58936e79d40157e739026a468527468698fcae59b81826bfdc67b72980e24dd1113f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d0c6b97f52b97230da89d4a34aa96d7

SHA1
6d9eb2d5d49ad0f627327a28a15f7750301a8a9a

SHA256
b3d28af9516d4b1b79be7e45f2a43462e29e343738cc2c023118313edc6d7e5c

SHA512
8f58fd19c08ad19346f2d8a425906786577f3d69304b190f339541291934590d2eb4e6ac73ad02cc03f3ebf3c8a8d02ef0502200f8f64813ea4f98c82f82c044

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab82D9.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8397.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit