43a657794de962b9f61e285d1b5fc2eaf763542345423fd1595139c8869adc22

Analysis

max time kernel
137s
max time network
144s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 11:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58d7fbfc8495f04618c60f71f880b6c6.html
Size

6KB
MD5

58d7fbfc8495f04618c60f71f880b6c6
SHA1

0ec2318a0cfdd53361ee6a23fe7ecc132f82890a
SHA256

43a657794de962b9f61e285d1b5fc2eaf763542345423fd1595139c8869adc22
SHA512

87e99a87d6c93514f5215ce1faeda6eea8b38b9b5b2702dd6421d077746334dcf71b47f6e9244335d9c4513e9348a409bd2d92ec04a08fb969b988a6fd7c2a3f
SSDEEP

192:SEX9uBsruD3xQ0HRzhwkXJKJUJe+IlsRp9RHC:SnUuD3xNRzhwkXJKJUJQlsRp9dC

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8CE640F1-B209-11EE-A20D-FA7D6BB1EAA3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd7691733418900000000020000000000106600000001000020000000ca7c77c9aab5684c8b63994f69bfe6de5243210fef6687444ee5a66e7303f961000000000e8000000002000020000000bff60e0130d4a711863bdde833725d10b66f53929dac59ccf75db4169d36f6d99000000050a2ce681967579792d5e303a650f2e4d91d28f3ad19ad874010bf4cb6e2f71b4ec8bf43a00d4e66c32cff94939bd90e5c89bda3e9bdd9c44a2505014f630a09ac7e5883317fb0f171cb60bb372f027ada261d5cc2364834a7491e98995c4c754659381145d75df3c393b265faf6982b0480150bf470f616c08c76da3ead8b34271c1e8c7d363b9a7dc195f941f5420c400000005342ebcd5da1afa8a0c0b4804f29fee1c3d988de29a37b0e1c480dc0239f41dec4e60da03f7262bcb570abb4fe636d8688a123bb41118f632faeb09f2a25b2c2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0d3e0611646da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd7691733418900000000020000000000106600000001000020000000a5ff468f4b08e4860923ce112f5368ad7b8d7c8b7e8775048e20e78e7d07140d000000000e80000000020000200000004982d2c9a909355ab00a4e69d3b9b262083c369b839bc03b4ecef0eaf06327f32000000080504e2968d139531dcaea84b61cd653e7a3e5ec2ead98d1704f30b16b5ec64940000000c5aa25c6e5b07b639020b49bacc373569caf5b9be25b6979e0187fba1b362b05f2d8815e46c7c985d228ec8f43b32ff09495cbca9d6ba419acec6a86ed7b23d5	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411308327"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1804	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1804	iexplore.exe
1804	iexplore.exe
2512	IEXPLORE.EXE
2512	IEXPLORE.EXE
2512	IEXPLORE.EXE
2512	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 2512	1804	iexplore.exe	28
PID 1804 wrote to memory of 2512	1804	iexplore.exe	28
PID 1804 wrote to memory of 2512	1804	iexplore.exe	28
PID 1804 wrote to memory of 2512	1804	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\58d7fbfc8495f04618c60f71f880b6c6.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1804 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69ba34e409d6e2fd6c5c5a30a37c47a8

SHA1
41a66e50ebd31ce0a0c14b286a8ad8b323274684

SHA256
447f293dfc78c561f11beb4118acaa31af73b6585aa00b4f1c3df128d25a9ad9

SHA512
2e978e7acf341e2f5bebc6b20d79bd29048d6dd80db779d52aea63506689d0ad777ec508e8e3574c627bd0c8a2af2e50a99e7979900447866b64cc7ab70ebe1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2544c5d66753f02d54889069b554e5ec

SHA1
157e02f46b25652aef3795b72da0d9441f7cd051

SHA256
a54939b184fceccc1e58673f05e6e40efbc4b4232ad6c855d3f0f8c465944d07

SHA512
6a715c12f01603de43b9667919cd4493c42155a18e24be5d8f523bc92c66e1751c669486bb3258084894262eea1377bbc010b334b5474e7fd0cf4154dc827382

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4fd707e815fde21be2494959f0194478

SHA1
f74b936c3d45dcd1fab701e20c7b6225b269382a

SHA256
b6d34afa8641eae0328f6a93063d5211b145aa756eb75394d6affc7d8212f84b

SHA512
dfd52c580eed0f6e5fe1d9e106815bcabad0acf51147efdfe0125b5914acc834232069fe752e87e0d9b67c784555d200de05c83168aceacb19481d628eaaf8ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
850e861f906cb9c7ad77d445338a6a2e

SHA1
c3e273f15919dad984017e1a9994baefa24a2287

SHA256
1819758911c6c457f2f48007f39603ab8487ab6570c99c7d5635aa117fb4adfe

SHA512
92585b60db44ec5fe9a0fe7066a8b58822552975c5d81e1b1a52a41cf3468415a0ebb7f9a8852f557fd3642f61e5d0eb20c04e7e47b0cfd0ed882145884ab0de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a7b3c002c5eb2c2e18d38cd3bad0c73a

SHA1
c2939a93a1c238f5f4ddb89d730a5313b3fcbd06

SHA256
2c547cf655a97746264a5f3a9731d3a8609169d77c812dea56187067f8e6ad1d

SHA512
767688d33efbf5e1a53db5729b8839a9758b9157be45595789ddf3e98d8cefd6e331316a1595f01681dbd0bcd48893c710c0321aba681975814b6e2334e3a8f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d1c18c9716678f4fb595ada418397b0

SHA1
3f229713038c6ebdb436069ee0bb7c4ceb2d57ef

SHA256
44453381f98644fb7803c88e630fcd4b4067d3f1e0a27ff88dfd48cd822a11ff

SHA512
3da609c51adb8fddcc686faff3a23126950da36159e5a338cb74ea9b0f9442308334f69b362b0d9968411703028d3abd723cc2efcdb6464d801bfcb68a917cd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
89ffd23c97a53429c9999558f3b64a37

SHA1
52c99138cc63e4c530a706ad9a4800e755cd766d

SHA256
4404b9e38e69555b83e629d5e8a5731a87ac59a5428da07934c1e9dbbe3f8baf

SHA512
a26c2bbafe10b8c7a71ba67d2c29bbf42bca57032099df03b5da8ef3db19b7934f01abcb7790a2d4a4aef9b67361845c4ff33ae20f5323e4ea4c51b1dba2bce7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
153e09c806d70dc816b498c045f26284

SHA1
b262179607db224b409387806033ba61e6a495ab

SHA256
13c994a4cef58216040476bc953be7ea3a8f874930ffa5e719e60cc1a1b7c407

SHA512
3fdbc86bc6132fa9578d72a9a63cf75ea0d90f3447b4f6820f1127e89395538116a11295dd592433a26de8ac3bb13ce36f06f3248cb8ce1939d4cd3b68e3ce18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b89c0b0feb4a391e8605e0a9aa4eaf7

SHA1
804bcbf63ee0ef9a91859d71bf8b77810924c0e4

SHA256
4ac5c67ec7d9574126b16ff0f4fe6346ed451e4e2b1b53215a610fb3fc577ae4

SHA512
f72f8b4c2f16cca206106f5279b613551e8da368128b3b41c93c87bb6a7d5b4f505edcb4280f6177d902cdf9a21fd85e111d1413526b315e0229042c295bc1c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7443d44f880fafdcf768fe207c7a6e22

SHA1
7f2aaacd19d0ef412ac618a86370f1115681c0f2

SHA256
e9b7a99da9f96aee77f2223439f38287c740a62e6ac0f74381cb26f4bfdfe5b5

SHA512
b7f0b209d83d7e5a99aa74ade8dfc648c197a68099d7832cd05787f42da0368028b7a6f9ed6ed8bb90a1cf139997caf20da70d564c7eb6c51ecba2dd66ef3745

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed8aafcc1d7d99769bfb11cd3aceb78c

SHA1
0c0dab2085efac929aea09cda21cfadbaaf11229

SHA256
f2444a09b122a24791493d9f607b7d3987d282f95d07456739ab05a12a135f87

SHA512
2ab957ac6ca63e5dff1150e15a7ad53204951f78579698f05b0af8d38e50c54541e96acc1b266db9d7d3466be4d131b6fe22faf4cc595225e7ab0bb3bd544f40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7017df452c66fcdabb109003c4944bbd

SHA1
6ef9527adce62639e1bd6c6904d9f45419c1d043

SHA256
13ee82fb2a541f25b6eb491ac32258604ecd2f0ff10e5cf06cfbf49add9ec574

SHA512
ffd3a1ee46477b2519d805ec141abb3c4b9fb3c5e1f1be729850e9fa548ced682fc7e0273dcbfee71e70c8900b508e4859c85e53071d131e7a3e053ca0f299bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
55716871014da0cf4ed00ec6a58ca814

SHA1
78e461c4f0c12bc4515db643b2dcd2979275db78

SHA256
5ca35aed812c3478a3c831eec125a97f62610dbbf4f73f3c7fd6b76c2cc0a34c

SHA512
30c3e7add67656ba88f452bf1a832c24efdc40880d41a00958565e523c33fdce7f93f6d4400f0a250f0c5ca120e21a5547b58e2a92262d822dd683fc2d5f0a2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2339a2f9597f1206044104f6f3ff2ea1

SHA1
1f68359eec2582f5cb58a8015f2425816479f201

SHA256
6f5140e5ca78f07803c69978f3c6b297517e6d9e7492c563f9b245301ac5d628

SHA512
7794116c5a6d71fe45e00cc89cebefa4faed52f3f1698d68f439b048314782a9e355959cbbc7d0714012c7a7bce1f0c6bb5d33b9abb9eb0f7112577f0a1ed7ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e291e77aae0347393b442e788a01df54

SHA1
46799e465165fd2a651f71f64a6b9035ae323d99

SHA256
ac27ec3f9d79efbb135c38c188e441862f6f924ffee67561de48ee72bced6a62

SHA512
82c3de81c516d9bb7908ba8c9636cf2687748b40870f1d52ec75a4eb1060ae627958c60d6642cbafdb2344d2dadc31de66786d431c1eae87efed58354d3a34f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0fcd5bf74ddd07be68333b232485e172

SHA1
167e8d15c8b4f131e0221727d3771a466a040ea5

SHA256
ce7bb771e004a34e27418d601df937aaafc721ce18eb5cfeb320ec9dcec2f44c

SHA512
cd3f16d1c55e6008e272db17d05290e6e893323739e4d98fd850f5311e54daa4d2c601ec83fc49dcf8b5a5dfae2988ac0a61b12f353e635793374d7a182466f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d113311da6d77672f0937620b804eca9

SHA1
c413da3bb2c2a1df3e081665fad7e1edf2f92ddd

SHA256
86a014881b2e5388bea828a12ccb25baeca83a09b2caf99a2fcb5d59f0e7c30d

SHA512
5b5a266ee9d46748f467a8ac1187e5df4cfea863fb6499737dee0c4d79f5291e41c86a70c3323a8d28c6b29c32a577775a4da0e27b6b9d883654fa60b6329a41

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab58AE.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar593D.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit