464513ae3e9368b8782eb52cd36a5853154310a396174ae62bce03f1bda8e82c

Analysis

max time kernel
1s
max time network
146s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 08:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

background.html
Size

1KB
MD5

765526318b49b078d35a1a736bb96eb5
SHA1

6dff92a26b1e1194f32ba3f55765d6f2c705ef29
SHA256

b14df17e9b5eda2f908d1a50d37bb287d4c7a42f9732d397323685bfce1ca2c3
SHA512

a948e1be69de00552772d81cecc62cb260e9deaa8821935abb94194a5a4f5f547e47c65dfe2fe156008aaf69064cbb08bf3a874003e31c4cd0a5c580ba1a8e75

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D99A2E21-B123-11EE-92C4-6E3D54FB2439} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2528	iexplore.exe
2528	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 2492	2528	iexplore.exe	17
PID 2528 wrote to memory of 2492	2528	iexplore.exe	17
PID 2528 wrote to memory of 2492	2528	iexplore.exe	17
PID 2528 wrote to memory of 2492	2528	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\background.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2528 CREDAT:275457 /prefetch:2
  2⤵
  PID:2492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf2f640f95e2614fc87318d2d2e4b2e5

SHA1
3b98b2418300cb6f840fc99bbee4fc2ab5d86184

SHA256
6bd641d3affbbe13e4a3ae720eedb93b5f4b5451c9d73b4c417d5b9691050f5a

SHA512
e5b538eaeadd722f1a449a134e12aa5eada8d10050de614ab333e073476d61bb9ce0a21d254cbfc24774dd95c948533172f6c27f52ef558bf35c3595399aad75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b21e60946c17771c49d2829c7afb7dc

SHA1
671655e037bf82cb8263439bef31c9f86006f304

SHA256
f2a851cf57dd1666a3516a3b0ada65594521c60bba699d06bb168b964b4eea1a

SHA512
a87baefaba5796003541385bec4f908be2674d3ad6cb21f63b1057093fad3ed1668668ca2313953f0ad29a6be2cd071773283dae917e528e3506b80573e65ec5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f282182ab5c816294d91c23215475dc1

SHA1
09bef02f21ca4f3fbcb79508e4d44ef7fd40c34d

SHA256
e17689dd7fee9c323065083b3ad5acd823019c01429ff051d5bdb403d4c75c8c

SHA512
6795ed0da84e00b6a4ab8b3b24408c14647d59a0c566625cd6b083d45f274894eca47ba392cfcb2cb2241b6ecfd2f0726d35016119f2f789e88ca32f9a0ece8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f3d533e89a2d884b169bda1a833e7c7

SHA1
77a140096af9f4ad081ba6c5b051b80a0134aec5

SHA256
534e6b2295a91d373582053e0f4362c5a5ba51bb7f5072dee5027279d1364b26

SHA512
b38c0b9f97f33778afaad6199c54d72761690b422ac10bf25a9eaef38b5e768c8a83a1704e9141a592fa479b361b9ee5576e69afb7d75e46277dac4d88a32b80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51b5e6caef295d0e0f9572be7b02ed53

SHA1
48e293409aaf5abc040df0d00e5e860d1b717688

SHA256
55624199009dc7c44b113ce12d742c1db3d9c6183c8fe6edcae96957f7a8b65a

SHA512
150d5e8f53dcb312dacca89c74027862bd41ae05c4d37c0ce5997d525084bc68984f74ffba748d8099e814e1df2bb1db2f9890aaf1c3c30c6cefa574cc69a32f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d4260cfb576480f5d98eb748ff09493

SHA1
dd55537725f8a0e598788120cc8750a732144291

SHA256
4fce2f0dcd67be3688c1ed8441613954121477384adb07eaa4d3349afef8c39b

SHA512
a1333d9b3a82e4e66bee68c685b2d1ef3709c6f782ad50e4eb758ed7cdb283fea4724febd810401bbe94c8132d7cd5b3271305c38349ee444417632030a4a202

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d43865de7c7db45ba67a1e4098c1cdf9

SHA1
ab14712f3050cee2ae6237e4088a4d21161e8bf6

SHA256
8d63ba9a2646ffad0a33e9c501ec5bfacca81da5720c0c5c36393fe87dc3531d

SHA512
4ea86b820902b8061ed49f0c731a2626d43fb6503d0ac1a4762adab5247c0ab8b2779783a73d55e4f87b82ba471cdd02d93b8a8cc7e59e953a1ca3884c584ec1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
daf38f97b4a24e5054a4c3f289440173

SHA1
2f5ef6dbd6b1f65f2c35bee9069f8d3cc0c00197

SHA256
b4b1b4c4c6ad35c28a5d23c7b89f77f4e2f4ddc492e0542aa2d5696115569de2

SHA512
d0a8a6531f0d2a35242082c1304ae1e0bfc6925a04faa3738629e48c23f8634fe2c4f4909db6be078825b403ec54f6e941e4fb37ddc36d9d23f96d311e9fd02d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60c40fa41a285633ec2f93c54992384e

SHA1
5649e63094ee1e55386a143487bf0f5a230f0684

SHA256
dc8cbf817c4e587e7106adce9706bc18eaace3d32b3bc2977d07ccd0f8e1147b

SHA512
bcd5ca1c2bf668cd3766453fb94f4057d2b766a29c4bbefdc4f591b43153ce1f40a298f9ec824081a20a488cdc149865ad3f0e20c8101532c38c8caa924fc1d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc1bd140e01a2c2ff4c737dd6496c88d

SHA1
b761c1842ad626de4b78b6f53959f06cdf346479

SHA256
a0f5149478b877d41f7bf34a99cd34e1235c86dabc2d73e262499f79b10c1833

SHA512
a751362e726bb50848663c04cbd2e5eb9697a7bebe2c9c2f4dd2b697d105b8ef791f7a03042688d883e9891737324ab4bbae09bc5e15201671b9cbe591c75f79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
edbfd7f741589ed01e82d9a0d8f0b4e2

SHA1
23d7e3990d9f84f9fdb175c01ee3d2d12e0afd5a

SHA256
92ccaa50439704a886fbb4f5721dcaca0807e797ecbf332d2ae56b3f1c5fe183

SHA512
04840fd9cd25e3e172aead3e3cf8552ed3698758b91d2be3c327f32266c51f7419d8ccaf38a9880c53612ad1589559692a0e84fd41f9774215499eb4396f20da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7b2a27b55ed8fb138935b12f1befa44e

SHA1
6e12bcd5828e60265fc55282835b60e455265f49

SHA256
6c606fb278267a3005d0860386825821921dd921f1ef0e50dd38e50a0d4eed39

SHA512
0da504cbdba1143cd1a6f105c5f6f4d0c250269d2623c480d571cf54aed155c5a9c9bfeb245e0a3aa8c27446d9d560871f248f536b2e3dd1a9baa414c5ec82f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce2c7da37e279b6abc59f3d8f535628f

SHA1
39fb5378d0aaf93a8e582d90490ed930bbcfc233

SHA256
121babe4c46f82656ab9877e88306f80f998b728b50d935abf8803f2745ca88a

SHA512
51befede4c0f698b779a60610fe4e33f1f907829340d996721e63bd050ca0a8bc4f4cbc3283159ae55752910bd1b172784e88508674ff66da5e88e1c698177ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ef679e7d50dcd355521f31264c5f2b3

SHA1
cda0e6192d2966db6b63f9e8f968d08745017183

SHA256
fbe099bd1bdc7264100b65f78ed4925da6e98ef3f71c47c09ed3a2b0a0c718f1

SHA512
2088aa4f1d6f940760401e2d9b30f1d5ccc1b4ac4dcb685844513f92b65769bcce7bb7b132796965018554e2aed2a7d16a517ca9f2c66ea763eb2a34cb6007b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
099dcddebb80649e26ce0eec7712a1ec

SHA1
d5e828782e935abb1f31924343981548cbeff722

SHA256
1e45bca07a7c659b0962c1479ed43f840f285377f962197b344edc04b5a8d6ad

SHA512
da21e9b259e7727487682637b5a7ee202d2a763b671cbb277a76bfe625689ed4e6c0de5b623ad7b6df8bf28aaec60248d74cafec9409cbbe17cd2d4c5e6da365

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2dab1c2d22d595ba78ca50d7e7d43894

SHA1
eb183e7b9b6f00a1f000a635e1704baa6da95661

SHA256
46b04952f58a7ffc5d108e465396afb6addd3975d21a89f8ce47e4ad6ac759d0

SHA512
4b4a1d33174d391cdd5ffafecd31689202e5b7404f3e01467ffebc2ee89d325e4786220fd3c7822b0ec3b4aa9e61a3df0191f4da0cb085aadbbca5b1346433af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab458A.tmp

Filesize
1KB

MD5
1f1a3b101012e27df35286ed1cf74aa6

SHA1
46f36d1c9715589e45558bd53b721e8f7f52a888

SHA256
7f0b1fe38c7502bea9c056e7a462ab9f507dd9124f84b1d4666fb7d37cf1b83c

SHA512
d6f6787de85049d884bf8906292b0df134287cc548f9f3fadd60d44545652d55c296ed50e72687f776f0bf6b131102b4bf9b33143998cb897f21427fbc8306a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4668.tmp

Filesize
30KB

MD5
64cfb3f2ca1a5325f9308acb4b502123

SHA1
305219576d634939016b9a185fe7da42a684e527

SHA256
0a394c349a07e4a3de538eba950c0cea5e8c8171aa0db9b8d1c26a2031a66722

SHA512
4f620d75368fb9a2d3a81526ddec5afa17fcd982b8547ac99053fb128d5603463ae45bceb4704d660ef33a4f9142886f462db9ef9420be46d70d8858c15c5285

Download Submit