3f867bfbaecda26c6937292956c300e54acb46ccf49659af79732119b679a626

Analysis

max time kernel
122s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13-01-2024 22:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

client/view/playpath/402.htm
Size

128B
MD5

49c6203ef8a2557465bef1d0cb5368f4
SHA1

ecf1c2743afb5dc47161b6ce02eb1dd5cba66d72
SHA256

331b0c3fc1f44cf23dd541b43e20acccfa9d54f7d28865b36cc77d1d1a67651b
SHA512

93ed6d931b9bf46b092533f7a0c209cd021655924aab0984ba0bc9fa33aedcaaf4e6bc7df05076a4f145abb6170f73ebc3d3b0dd28448559d3e8991774c59dc8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D09CFB01-B262-11EE-A20D-FA7D6BB1EAA3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd769173341890000000002000000000010660000000100002000000032181ced18cf019bde6a570ed1a75d0f3e22ebb32a832d2a77a892d6228da43b000000000e8000000002000020000000830669d931cd2f48b2572fe08faf23d999144eb1fde6f43dfd603b2977c6244f2000000029e397aefb5ca141382941dfcb7b53e53f512935efc4e91556bffa1ac307f7ae4000000035fb1db1e56b38413e7cb646018e3a8b35aa5ef53d2d5df967137c0ce421ecb4775ae1522ad04beeedb7fe8b92ed8691d2af81fafe5d8e94933b84f517806990	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd7691733418900000000020000000000106600000001000020000000e6f16a1c275ef05c1ee972ae32411de502d1790ee9240b847c7449a26366ae18000000000e80000000020000200000000805453fd64d9a35fb258effa82383bbc1a18a9257f308b8dcb289e82b8b13889000000081bd203173e5dc5e68b663ee4dcc97407cf163f6d252ddd7cb4c66c30f9d9025b472bc3c0ebf9088a1740eeb74788493c00ccd544e2f56ed990d62a40518962311ce83512f16b7573d76e502b688f275c90a6d12a5ef54e2bd2d5f485b6e408f6efe2e354b285dfc5272beaf77ac2053e7a4cf0f00131d070ad3a07ff300d4a4901a424f5702f6bab8e3ac66af515bd540000000c3c9d67fd311c6e0784443e35fe38312356be6c17e193b3082d94d55ba4613780a1f147a45eb7005286bee911e767f4981e957fd7725f9a15a8de7f3b225b678	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0608ba56f46da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411346667"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1252	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1252	iexplore.exe
1252	iexplore.exe
2420	IEXPLORE.EXE
2420	IEXPLORE.EXE
2420	IEXPLORE.EXE
2420	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 2420	1252	iexplore.exe	28
PID 1252 wrote to memory of 2420	1252	iexplore.exe	28
PID 1252 wrote to memory of 2420	1252	iexplore.exe	28
PID 1252 wrote to memory of 2420	1252	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\client\view\playpath\402.htm
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1252 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc170f17289ce614d2e305e516a1268e

SHA1
303c033882d74993e6b1acacae17b4eb568aca5e

SHA256
303e135e8ce7976bf5f5ed99976c579a9f33e8c0ed3043d818cf8433c0beae2a

SHA512
b81823efe10ae82bff35cecc223c5a4e8b424504d4e81e3feb29c31eec02cd1269285154415e1e6338d7dffbf97fa49e0d886d7e30032d6eeed1e03ba8ad9743

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cca9b05f54a485cd986a0995418d9418

SHA1
77be030967e1a351b22946bbae76563dcec4ebb1

SHA256
c8377c77050d7af136d03b4695807c0f63ec93811315a5e226c5f0a1aa58610a

SHA512
dbbf0fa33e3599a2fdb9613f7328c52f3c1736e139e0716d90cc9922cc1f5262a8b25c9e8f60d0965cc968ea5eb34abcd85dedf73e288a9707539e92b94e2fbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9922b5ea45b203963572c221609de5f

SHA1
e183ee2382454dbb6486ef946006daed66424767

SHA256
53e93cd1afffb284484fa1c535b6bae1a9ac0f6b967a5e300d9830caf452755f

SHA512
1f0fa9fb28d45bd102dcca7fff62a56fd6073a42a548cdd80b4983b7a1af2757b01a098f3ba346ba3c991f37da39e99a54fdac3cbc8a6c6b85edba379782a5aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bdf183cb8f85ec6dd09741d97ebd78e9

SHA1
9c963109949d3d1b76c1f6efa1032bc50e32e9f9

SHA256
7f9fe7f1e84315485dc6bb1479d74ed716e556217ec0c657dd98abb07c943848

SHA512
e30a6c78402bc5fbeac699fba5ef496f79ad7729b1d79e08ba081818da54611cfb50ed367e2dd809a0ff5f77e48d131e3c7efd447bcc37e496098a22a3216ca7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dfe44ae2d8af54d524b9076058aa0b7e

SHA1
74eb35be4234d7df5e06c56025d55dd3fd20c58e

SHA256
b332f55ea89dfff77a15452973196d22a9b06a7f0117ffe2d45220c7796ac20b

SHA512
d2f92c04739e374580c9aee2a7db01f1d7f409fa41e0709042440d0d0d5fbc3ff34078cae274782035e065fb75a669702f0229b8df96efb3e57487512fd77152

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e7b3f09c6360c6e3fa8a264cf8004dd

SHA1
fa848dba4ca9a8e8b21d7b674783fe8c7d2053ae

SHA256
bd3e38aa5e8ce7367874b2368225da6a1fff6a034e01c572d944801bac913d16

SHA512
a657a116c900f5fa05757a05af44d786c4d4e5cd2311ea870e92fa0e4d645b03c95ca8c9a48deda80a1bac018726ac483116cd700622ba410b46f3575a4a5f7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7b65aff39e0761a208308f3cb3ac986

SHA1
0fe0ad7f43d69caa812261f85de2969edefca7fa

SHA256
0ee1e0071b7ee96394c5b225714d4655afa62b9465a0f8de183dd2e7485849bb

SHA512
0aa836426349df1ecc82beecea8c54b45e1cb124c8e0901b893adfa5dbc037b48d2d2b6dfe532fbf867442d103a11ea659907bb450182d826aec7684e66fe916

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
002b0a760f99ce1cefe5bd4829032041

SHA1
f005934daff774087dc5fc1d3026b33ed0bb2cc5

SHA256
d01409c727f49a8a499c5f823de8d7ae21935e8487bf1c5dd58328590cacf042

SHA512
6222e16fa14fa6bf0431f70777dcddad44c48a30b6f145f1ddfb8d24a95424e6ca8704dbc1d1260bbd1dc34e833e7c04362b022794fff8c7bd44723ed7a2b761

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dfb8b863044a631ff14f61db36e83344

SHA1
baa5fe467c72d3105e855380bb206249bae729be

SHA256
12865dcf7b454f30e240499a0105571d7b6c63c4ce1db4ae493477e856a3214e

SHA512
8d4ea67c4f3d143bef68124384d0c0ad0af93b9bcba5ae8e8df8f0b24c9d126e29f7526e9d648e880a2712ae3b513a275f3300ecd06b6f9790aad81705d74570

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c1dfd27053c802848e0941f5e9a5a43

SHA1
323a87255f5ea7d20f8bd47faf7f851d90a6dd4b

SHA256
c6dd04da479139084398f284b2a304996761c3332bc27d8292c302995e49ac11

SHA512
ac9cfe534d3d43369468d89df480abeb80257d8ef35a1e83b26e54c8184f231f6ca4efde8e88a6557f3f7cd40abb4e7f3d4eaffbb548c266c2cee8ce09332a88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71e0c28a5806fa29e65c8714549e3892

SHA1
06a930938b8f3fe8194e48d0018fd0b9a710b9bd

SHA256
66791253d4c4e7f5686de90eea77d7551a620d9e0b4d416b1a6307932f53c538

SHA512
e4aff4d915989478c6fa214f6c992e077aa2071ad391df369a1beaebb66dec7d4319643d10ea2d5123dea1ee71b6f82fdac7ec823db9f2be2976c2122dc3c651

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c092d7d4d084033b0bd290d9924ea97f

SHA1
e7f322668c3a29b9d980df3b8bf3a7e92ed323ce

SHA256
cb2f7dab50546e7e988b043fa0707347dd01ea4de8265eabd609bc54fa7ac652

SHA512
6995cab16e212967e1ee50a7147d151473fa73f0422823911b246655c94054dce0dfe275c647356cf9caba3644b50f86ac0b089d050052245566e9cdf2c7555e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da8ebb67a4f30722fe90f3363245e1bc

SHA1
06ff99730f6797b46f7b4b00d11e107d7bea0641

SHA256
1c1187c05beb78be3514bb3763b8ba4cb074978bb78ab2889ff51e452b9904f9

SHA512
c837e2c40b1e5544535c07d6661bc4b64be8d5cff91c90b0c312cb14c14bcd742c72eb051f3288c9180766a47734074de91a09acd1ccc605ac9383d77d678b92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef735c6bdb0d3c222e53e5f2ab6c1189

SHA1
db143057b47cf33c0aabb3a6e70d2a28e5862c11

SHA256
4d0fd297322984270a04ce56504082231c01f7ea4ea5888dcd897f1f27ff0348

SHA512
0384867c69c4f724496ea1f5e43b1b2b565292b7b8a85a2f83ed4b38907ccaecc3391d2086058706e2d8a6a3c940ed4eb39dbd35e7617bd3d6a4fb9223a979b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f9d5e6020882a9ffff07cd2a72dcd8a7

SHA1
ff923dffde774745984b79259223d23a7541bc80

SHA256
d181616202777b475df74eb571adc622b298f1f8f6b3facf0200217c9e3496ba

SHA512
91b6a0bcb233f411f655b9361cbc76d539e5a3b8f35d25e401dc98bd63cb1d7fd66cdade51c5420b874050bc8c0a3c762c708258ae69076c650f8aef9dd9d9ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4054a373888dcae1fdb8fd69897d08f2

SHA1
93dd7b85c1b3ebbbf433dde0f16d0247d9219cbf

SHA256
6e65581b92c94338e866461081db80bb84cc0ad45f01fa865ee89bb935ebb9fe

SHA512
1288566b895e55b75d7a9223ca7cb12130a30bcaba795434ee70c08dfdcfac91e71e64158d91d9d09ced9045a7bad07b4747343fb01694fd364080fe2d46b0b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34e42172718534e8467924a5e6a2a439

SHA1
d1828749eb87472235db753bc6455f0584ed6423

SHA256
3f1cffd08188ab1e5c6bdddab19200677d7cb2f8939153d82f7996cdfe268461

SHA512
18ddae3551c8aef5ebf3b7f2219b8b93ee49b4695caa03bab1fd024730887d97159a031b4fdcbd3fb9d4d8fb317fcca5ab8e27bea6585c206f9b7452c94a1e8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f525fa07ae9b185ec8e8690fe2edf3a

SHA1
0d10b09a5c2bb1e970db4cf946d99622c13d546b

SHA256
91aee8928ea9c508ea9cd9751f9b3c09dfc19d3e8012a9fcc10c474c6d7c477b

SHA512
0c6e83cac8c16b05ab9f730477ddb19a832c2770bfac94eea5f07330d7840e905ec8e1322221df59d733de6a96de17195c986b4f149882ac928eee9b25a04bc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab55B1.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5A08.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit