059fa1b5c5490b36a1ce969c8cb64f37a3b85c6327423d9b80f012aa566f523e

Analysis

max time kernel
142s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 12:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

56818e01af9fe12d4262c4d797732abe.html
Size

3KB
MD5

56818e01af9fe12d4262c4d797732abe
SHA1

07e9a6924512f3809d8d3ceca310dce91e2deb0d
SHA256

059fa1b5c5490b36a1ce969c8cb64f37a3b85c6327423d9b80f012aa566f523e
SHA512

ffa0f6df176c77b7b344fd1ba358fa39edfedcb08eb8afc2836b315baa14ac52664ac65421a9e1a9b6b181bf7a7b1972012b2ed4df886e8d9a39cde99d5abb05

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411225671"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1AA741D1-B149-11EE-9305-4AE60EE50717} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c07180ef5545da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d6000000000200000000001066000000010000200000005384078c6ec33b9b4494e8098bf985e93278ab36983e792cc208a9e4d81dc7d1000000000e80000000020000200000007523e7198c75d2dd197019e5169f7dba61a97b8a13c0744eebb493eaf2b2dea690000000ba5f3a2c78b5d0fb4511a0b7becd6aab77175ea6bdb7d50ff267171db5833bcb159c055c24c8bfffc50ed780c6009af51da6a12718827716ed2c5056e901784178fa8a68c5f657fd814e4fcf0386c49e89582969be1b3f5dfd5a61d9cddce3c721e1475f416f6304440ba3478d452a9306b0bbce6f8d65e7bccc579f372543dbce8eaadf08678755beca346362599d85400000009c01a492eef015c83c8cb38285de0dcd1d5adb5b42dec24ef072d0533a55a9e70b9253ab633986b11d399e05ec080837deeb90fe420953e6cfc1f39bc2bd2b34	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000865f605b8cc624d51519c61babf234bd305c8bd551c24d656771d0dcbbfee052000000000e800000000200002000000089a0b9a4745a141cf2f9bb1da4cd53710fef7089b373f685524f76835c31c5c02000000049afc5e5666baf4e7c647795798cee8878f2b9ed007f9090aedbe4aabd1f6b9240000000f1b11b31aa1fb3893ed5f361b677289bbe260885df0322c94ad7e269fb44006c35bccf38868aa357a41ae1672229040b6a3aadcf2d0f66640ddb095ca3066707	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2296	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2296	iexplore.exe
2296	iexplore.exe
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 2700	2296	iexplore.exe	28
PID 2296 wrote to memory of 2700	2296	iexplore.exe	28
PID 2296 wrote to memory of 2700	2296	iexplore.exe	28
PID 2296 wrote to memory of 2700	2296	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\56818e01af9fe12d4262c4d797732abe.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2296 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ff7a35ddd2daad55cd33424905e1311

SHA1
056bdf1ace5ad59fe381d4c44d43d69c5dbeb35e

SHA256
15202bafd24024b53b71e6ece62542870b4cbadf35dc09adc632808c00b2e737

SHA512
082c9656ba50fbd4f2b603485b17a5eaf061ab2c83afda3bde91047fe2503fbeae3cf6b68c3b7dfafec9a62cb42cc71eca3e16831b852d3e597f74594946f58e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
786ea163823d6cce1ae71c1abe9a686f

SHA1
e408d0dd901bbfbd2c9b51651d2b148b9853dc36

SHA256
4730aad20198a0999c57dc7eb9ad2ab75763bb2a42d6feb579bccd9a696d92c8

SHA512
dc9d87d73f2fdbeb0ee7124cec00897988e685bb6f05710f7f550b306759f5e63d99f7d9112255b835060f9dfc67fd0182a6352245ac3dfc89cbb59fca74a667

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c6b3893c95d739f8618144a29ae8a229

SHA1
7c09088ec992a49248ad2252e04f7b9211cc5fe6

SHA256
abd6c7cea3a35fe4d61e9a55b01f8d4cded02de4b85e520ac0366239aeb20a68

SHA512
fbd5ab6ff563f6b40aaad29dd94330d5f76bd9cabc3282d8d5a61a6470734d81d19d40dfefecd3906823ce82081e807ac7f41b9bb07b027aec85513d4321e3d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3554e9728cc77e8034b8fda2a132e10d

SHA1
ad269eda353540f28b21a17bb3608f1dcfb5c0d4

SHA256
fffde570d3aab02bee7d1fa147e5a0fc605d792c6d34aa1be456a7782248a018

SHA512
61b6f71c25ea57fcd659aedb5694d807427cac7277a8e60a499b15d4d09f79e68fc0cd2b7afdb35b080c534e9b99512a6887505c04a5fd6353bdadb62b4816ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f28cce974b0ed829b11e1de254b7839

SHA1
0fc20a2eb9ed7569307903dbc4c47c384b1da9bd

SHA256
0f5963bd120c4d9c1fa9ccf09119aa2f931b006d519e1b7f3ffe9afb948648fe

SHA512
c7305ce9f5379475bac84fbccbe174314770df6e104b0f7a4c13103ea01592d0ad635a236eb56d059044d08cf561f33d69242dc8078fc1c9a1ca54055c451486

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1bf13df58dbd800f378f921adf81f3b1

SHA1
ca12ec3fc6ba49f211b70e100194c6f9a3039edb

SHA256
4959e11100c8e0db758e7831f36a772c41911d111c8f6cc5b4477f290435f858

SHA512
c6afe4dada83ca2675d0ab129de366cf1ca3146eeed60c75bf3b52c0a379a26d3101b4e96ac88544752dc3cecc55c29291a293167105234c3c3a75593cdee09c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9b1994dfadc106ab12f87c071a5352f

SHA1
017274c2174c067a067c3583d96344436c7a19a9

SHA256
aded2eb09ff908558e5c4d2414903898e7e23d246794dd8903d516f6a57de03a

SHA512
933e042a92d3dbd99448ae50722d460d2ec445aa68a766dc72394082983cf0c470fbc431b872f9b53bd673f96507ad892aeec211cc82e5ddad4b7bbd0a3ce841

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2f83a20267a15690ec84f828a6a8dc0

SHA1
682993e0d4a99d8580d7a8d8bc25c027040638a4

SHA256
d3e90f78c4abd7a0a097dbfe3882af9ecf7f0cb722f22de342fffadab66e448a

SHA512
95cd6c3b07a5b1dbd81268484928488d91c75f30265d40f0a8c5c614874e6aa340ddeaa3a7908c615fd10ee400c40e30844ec3c62b6c33967684f975c2eaeca4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
04b3687e9571c1018c14a4083ab31da8

SHA1
41cc8e96b21c7be6d9902a0c922fa368017d7b0f

SHA256
e473b5ea5766333e6a135513a8ef53825865b7df5de07d3797571ed5c95abfb5

SHA512
978b3bba951fac7743c88cc6a09b1e0f143f05d26176f0572cca9c6c5e14450cb69343a0f06d20d5392f6d3d8ea2786f992acd2dfd8063157803c61a49f24fb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4be8b69fd8bbd7239bc49f30ef5a3ace

SHA1
57506c78181d6c462c3e6a628d637258834bc20b

SHA256
6e61c0a05c5bdcc70c4e41c60bc147a0923fbed834b8b6994703ab81f9e21d64

SHA512
17be745e67cc4d1a0a4b041b9fdbef178a36100be5c8e6e9795e3b605dea22c6b9bd9e8ab5a6b93e89babf46d652073243676df8c82e7a10d07ffb24a48103c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c647d9c057e03abd7a2eed45b8b43fbf

SHA1
a730614bfb9a2117ce09afdf1adb77fa50d1bdbe

SHA256
ff11d3179a8c553e5fd93c3d1798710f93a5b0f1d6937f44c21cdc73db6e093f

SHA512
d2686afa151cab39aff0c41e4a9fb1dfadbae70c9beafa36af99d63ab289addcb31967fb6f9d0d4c4594cd6aebeef6cb9a5014007ce972552eddf749a80e9635

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a3a47df370b9017e739b53b01dfd6447

SHA1
e049918b968df65c1946a3b218a61e1d785b611e

SHA256
bcfc8d58c37062e5abbec7ff7212f6a43e48b53d3b99faf079b9dd06b8d8021f

SHA512
878aaab7a5655dd44f1417fecbce0b7c4cd512a17c421ecae97750578d6585368166916db0f949ec3c867677a86ed7bdcf7bc4d25ea007009636ec497dc4eb76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a0f4b4a8d65b3f9f43e763bafd0865da

SHA1
d830b95af07716ef4005d52322e2ae7214c02afb

SHA256
ae422c5e8e8cb2009fb50adfaf02a16fcc8c967a9b253c3104c13deffe799f56

SHA512
a77b1354b1ff3718fc31a6b24ff4cb092374deb392507eecb393a9ffd57a1110b06dfcb382e80a639732ebcda1b9b3dfe5106c7e7d07a6491b1e0fdf207be4f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
01befcdf5f31e1d9798645da7ebd238c

SHA1
7493f5b84b8c1dae60fa3b81bd1e621b4a500840

SHA256
740caedad3477112ed3e093c30cc17f9f3dd4d5f15d1d9937b22541c9fe6583f

SHA512
e0158e283fe95b044b642323506c16bb40763edb8d7b10c55363c486fa18f4ff8d424798f2b0ce39367b09202077850600f65f4f82c2ee0b73a6fd07b0e153ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
56b9b4c19996aa05581d0505559ef753

SHA1
4ae06642d833a273d2e87a5125a2cbb3a62b4ef2

SHA256
28c1643f96e77e213e3fed0a2db9ff0ec6c22accb63533e1c820be847eaf6c34

SHA512
6b9c4f3efcf64f2ca36ec279ed815fc90fbcc9baaa2456f87687d1c583ea90071a46d752c78404a7c955a395c9392c903e47512533ef37cce13cba10389d27d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab231C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2764.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit