4705b829b643238548777d81c8d68a5766f8e9a2bc97df514b8b474812fa2100

Analysis

max time kernel
134s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 01:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

secure-email.html
Size

572KB
MD5

98fab066fc2ffc4c2befae37ede9cd8e
SHA1

a48b73f24984c154f1ebd5601f4997390e8e8373
SHA256

4705b829b643238548777d81c8d68a5766f8e9a2bc97df514b8b474812fa2100
SHA512

bd8b1110a48a7c9ec7b4acddfff7ddb91d666c6a8383fc061a04cdf4172ee2d524b13a6c1dfbac93a17b52300fe3509fe02eb7d92d8c94ed6dffdb9034b6e996
SSDEEP

12288:1LHh4tGUfSeTtWkhPqPGS0ZcofmvlNt3KdDOt94BDUk5vX9:ph4tGiTtWkxlFZD8lf6gw9

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8CF1C1A1-B0E7-11EE-BE5F-46FAA8558A22} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411183772"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90c3a861f444da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000cdf2797ac004ea9238d9d73321466e90dd56e1cc91122ae2ef6c41c54844324a000000000e8000000002000020000000bbe17a56ad1cc5812311d406f9761f72d10631ea644aa9517c9f2c896dc8392b900000001ef1a25ecd94bca8f8c6e282700c86aadda0cbed814ea8216c3a99f99dc8e2f6f3acfadc1ca75c797f1ce34b5beee4b914dc48e587cfe0062de5684873c593d4cfb2c07a8e7e1ad746de76e702bdd0e85c859fe6ec1bbdf7a57a0db1ef12112190d5202116b89ab0ae1fbc840371f559abf847c2a546d68c968d25c4b03f392695cee0016d426b210c85100e66387d9140000000f27b507c67dd9f779ef04646539ea3090def6834d36e0938208de919caf44b6831548edd45ac77870a3c73ab8c949bca6ab91c1be754f37845982e1df31cfe1f	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000f0ef246030715e12a41cee66c203ca2d3bf980130094ec8a62b7bfecd8064fd7000000000e80000000020000200000007d54286c52ba9780b2c31443424e5b22f02ac22fb6007f7abd3adcf75c4573af20000000b770c2d0d4a284617929cca9882d233dd8dc5ec9f80c7b8f2a9a38467df7a0d7400000001bdc54b90661c90312e040f12dbd98f6284aa9bb0957235761f88d9adc1432546e9aba521f2278ab2dd5fa4a549525d1c54a82ad7c4bf2af7c8e774e9ed91eab	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2196	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2196	iexplore.exe
2196	iexplore.exe
2244	IEXPLORE.EXE
2244	IEXPLORE.EXE
2244	IEXPLORE.EXE
2244	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2244	2196	iexplore.exe	28
PID 2196 wrote to memory of 2244	2196	iexplore.exe	28
PID 2196 wrote to memory of 2244	2196	iexplore.exe	28
PID 2196 wrote to memory of 2244	2196	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\secure-email.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2196 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
135e9ba7815f9d79bf49f24531b2ffa8

SHA1
d497fd98f53d0d5ddee9a9a2121628c14b2d3040

SHA256
e53c038bd792ff996e0eceaa75d6569a5aef3e52060fbe6b4f419a5cf115c444

SHA512
f837a0b701c483bdf21e88325ce0aa37c6bddbee9f0c90ed019af61985ebdf991da20dd45331979206f03c57b7b8e27b8bd5009d662fde1e39743dc9f7078399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
674ea652fa3969575e3c329933e7fd67

SHA1
2a42dabd8e4e886f10d95b15c38228a93276b012

SHA256
a4ccd77b2bba622df958d0c1a296c7aa97cb8a3170092c0707f5646b73ebab29

SHA512
2aa1fde28c4f1c6fb3c088d16a8c7d3537dd68ef3c70229455c9e4d9f1b09bdfb3cf30e17df20aa254ac6382c01cf5f39348e3172b684092ffb4ea63914995fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ca2fa572ce9cb54d87be929af5fdd4d

SHA1
634ec3555d2deb72b4d7d69eb39a16bd8ca68e13

SHA256
2e49e92945128b1a03de8c33596359ae9c7192471c3050ffa92f34108fe78a35

SHA512
dcf67a83e703d9fba154aee85f984f0e7adcad310b6b2e0d6c3effed09ad097b9788420bcbfe51d4aaca47afcbaf9916574977eb5fd9bfcd5927e42940176f2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0160cf8d7765ccb7b0a3b2e066e243c3

SHA1
b9045bf9de7d4ce4ee90ea78a91f1966c4d33579

SHA256
5c3d6df8f714cc4af01c7a97a71d9de53a8b5b36ad7619834f2fcd2aa0aed376

SHA512
7e7e159f45aaff45ae803d7a29f4263a179708ed36d03e5c4f032ee802658ca8c5161f8c240fa2292337e61346c4246f625b429c8737be13b10e55ae21c7d3a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
77b37a6225b941fff1a820cc2c7122c4

SHA1
7206ecd7528c99007747af0858529db23c014cf7

SHA256
d4fd2df6406ce2567b4033c08a0a1af9c2fe220b5e61fd57c47c4575613adddd

SHA512
a066e30ecae303b86320de33c5da38b2f39e09688281aad341d26149cce734a71295b88f3bd2b6a7d4bfe9e0832dd68c034b8e63455ec53e3b8e9d5bc29e4f50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56c7d635f98fc2f941f461acf595f32f

SHA1
d85ed898a5c506c6f59bd771372b0969263e6de0

SHA256
9d106e8b889951cf85b40cbdc26f14a277ea9d39f026b18dfaaf6636b9c19eb9

SHA512
a2c3c821b776a3d6ff66a12d06a58a9456d0c2fd35e432f77598ed22d4360eea2f5635be4efd6c2757768b1d728d3ae6c27e4dd69a2df169bbfbb87c2b877336

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e3b8413bd8d841916a6ce4f75c7cc10c

SHA1
e6056010ccee76766373fea34fe2140f62310a92

SHA256
7f0c490c74bffb32c0dfef5e31c3a1835f294410a49bc8bb55861a3fa658fd97

SHA512
b7debb95b28bf6d6243209a2be2944f0896266e2af5d4c6d3ee5768841a75751ea2053721c8409adc3de19b4f8ba41833196e8ca98f3a3c6075840756017617c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5316fb92b815b8bb154df9c8571b701

SHA1
aa4fb5fef936852fde7120623df7fc8a1568f26d

SHA256
83812f42fd19ce402ea6d977eaac7812946c455cc1cfb3869bc069205f196dd5

SHA512
f9849b66e05942623d73dca9846fe0b120c8859f10582c278a1430b0078ed7ebd8050f8caaa3b24a27e495eadb2312fdbc62ab3aab864dac9270ea572e79d183

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf197df9915e5a6283e74fb3002d2a23

SHA1
97c70dad27bf0548d6d5d2000d090e7a866a4ab7

SHA256
7362e4957bc09baa3fc3408d9f9fbae204444752acf570d1a63609406a8ad8bb

SHA512
b164e61c50dfa145efb6556e37e0369b3dfc1540b1eed0dfbf99c323d4b40e69a18867add960eb42ccfe97d57083f20afd66322923003c2e1dbe9d90525045c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
65d1697055b4f67bc1733092a9cef2d1

SHA1
5e0cfa50ccabfa59407aa072b73ab1589aeb3e36

SHA256
a8593bcecc243d5b9215c8bee1d8f455b640a7fb001a7d98b288b6499fc9e5a6

SHA512
b78e9ae71e450da16a8d92c22ac21197f00819fa4ba7c04e3b571f03c26602d1aeaf8dbfe171519773c523a2dfbfa3d08a9c4b1c8d71050987a5f4e34f7135ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
65f2c56c8f389520ed5f632d5f979063

SHA1
e3b64bb960fe74a6fbb65da91644c6d1c9cf4de6

SHA256
77ff0251d804fad9ec34f8886e8e43b5dff02be5f3526250551d04fa695c54c0

SHA512
4da2bdfb9626d371bd6edab41382440ed897e8ef04b57948a94088cf082843477d89cfc259d7d48971c26c80540b55c22a7fa3aac882b05d3bbecf9bfe70b832

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c9fcb81efcf7aaa5eccf2ef3f38a715a

SHA1
d0d55e98bca4b2e27939451212b593b70286adfa

SHA256
15f39cf4f04aa9408161276ee4da86416573b16e754caa673d0c68a52364c7c2

SHA512
2879adb42c873757f42622fc1a66fc3fe3851199b1c285d8e2432987d3d37d83f3a20dc13b79a208061ca6f354adf1b6ede3c6db7aef680b16911a3621709f72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0433075a7aa674135d79bf2a6f2a25ab

SHA1
48827cd4c21ed4360e1ac1d4213447858a01aadf

SHA256
100c85d8342a899f270817b0260ac6792eabeec67e8c4806751e1113cd801b44

SHA512
8ad4e98a08b6acb7547b02b6e4c60611ccddcebfe3b598378ab13d4beacea9bf4d661280c38769e9362f30a061e07c3f8cd7056f27bad34a3b70ba322dd28ea0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1672912a40af6340c01c637640d4546e

SHA1
1e904ac4f44eaf2c79d9164aaa4eada6d52064e3

SHA256
9ae6723fc04b3a077c7e7f4d1ebd37d8d87d691048fb03c7925505d4e84cb0a7

SHA512
4b1915b992691c723e1d6dba4d97c7e3abf98b6270478bfb891c4d0ed98bb7b93dccf54e10076d0aa2069ae4aece17cbbf4f63d376a6843aeaaf4fe936dfba76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
93f9c4a55eb0682e690d035c20f844ee

SHA1
851f3cb69b073da7031a44a57fb7eacec1606fc2

SHA256
a470cd72a7a6f744e0ad8ce26b982ac9ec93252c6a9824425a3f07b3f46e65dd

SHA512
2b9ad685f42617ddb904eb68b204227407169ceefad21d986aec1a295a7528faa18f6d80ce589685abc420c829bb345e762ebcfbc35e78ba1fe560c5327adb31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b674243a9b7f092e5e18c24cfb7081af

SHA1
f658608004f56c61236fbfd72fd5878731690282

SHA256
c748e0d47998777d924b1b49439d829916da0e09a9981c41c26cb029f9cbb42b

SHA512
727e460c1609b2a81439483bb82de4bbb060dea28b8e766338f2457dd26bd3202a8701b750292d4f5e4333cb08fd17fedd9e718d3c0d4aab442b560e5ce03143

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab27FC.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar28DB.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit