b7e8106cf00d940cd4c534b9a4802acad09d1bb20af4234291385eb0ed510011

Analysis

max time kernel
137s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 15:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

591043bb35fa3337184d8ad09c217298.html
Size

121KB
MD5

591043bb35fa3337184d8ad09c217298
SHA1

58bb6034d1568cb877b11fd68bbec2ae707998c3
SHA256

b7e8106cf00d940cd4c534b9a4802acad09d1bb20af4234291385eb0ed510011
SHA512

bd8a543f218aab9847099461064e23273d863fafceb790769e1c8acfd97904e2d96e9ac344e5941bbb6c5ad21d3352936a038d71212ee5539b2340aa0fe0bdae
SSDEEP

1536:9jBdcKmjizsoolYoSvnYOx5BOV/CTkU7x/78fTpIp:sjiAnWAoY/CTZ7t8G

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e01ee3433546da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411321530"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4870AD61-B228-11EE-8CED-6A1079A24C90} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c193000000000020000000000106600000001000020000000b9d55119019dc19383a53719e594c38211387dcc2b52a267df9acea9dfc0ba9f000000000e80000000020000200000001351afa61dbccbc7ee3af38a368f03ac7d8101e5375d5cc96010b491203dd37f9000000050718a6af8db6eb21c450485b5c6197b676cb53dd4a40eff1ae6b749070e44e7c42b60711d9d35115d54e9c294b8522e827321b9b1b68cbb3494161d7cfa2b71c8fdfa2e63f892c8c37641bbc9984d03b6bbbe56fc347dc815432f29736e969ce85ee5edf51d72e3139f0f7a7100d7e7ef13726729967a47e070ff8b315def0ec37138f75007b8ef80a5817ae07482904000000062dd6c0c3086593fee8d289cc81851d5172820667a961f596b2e7c6f61ab2cec3bc5a5419f83abbbb8a9b60d8b439644670ec7cbdea23b3c2833eb2c3f9c23eb	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c1930000000000200000000001066000000010000200000004f43f5ca30b9236a429dbd501330e1e2b8951e2ada7c560550a3612b460e82b1000000000e800000000200002000000009e0ef41eeea93797c407eba609fe2dc89985b1a52e266405f1f1fb01150c3912000000099f98484c644cfbdf034619591cd2a1d7d3c449030e72f725f33cd13e237194940000000d0bed7b44ba9c0f3ff3753ca59c3a4f18dbbe32f0bd9dc3bb187746c1b7cea41aa691ac8aec82a88af82bf2b9eb09a934e57d42c993a02cc8ed43005ed0f1eb1	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1976	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1976	iexplore.exe
1976	iexplore.exe
2784	IEXPLORE.EXE
2784	IEXPLORE.EXE
2784	IEXPLORE.EXE
2784	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 2784	1976	iexplore.exe	28
PID 1976 wrote to memory of 2784	1976	iexplore.exe	28
PID 1976 wrote to memory of 2784	1976	iexplore.exe	28
PID 1976 wrote to memory of 2784	1976	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\591043bb35fa3337184d8ad09c217298.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1976 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
752d6b85415b71db2323ab661cb0b78c

SHA1
a7425374a5f61babd72f040cef3b600af927566c

SHA256
28956526eeaf70f07cc414bfaad39c866181c666245ded64665c3985ad8017f7

SHA512
fffb1ca259f40a0fb7e72c2b1b1d2a569b25f6c648b6aab295914c597293d1ead387a6f3921c07622c8fcfc901b1057fc8912668307bf0c062025c691120f3c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f69911004ff87a5a2407c6d9f8f20d2

SHA1
73727e12e460a1a0b91fa94692b91e7aacdf5ad9

SHA256
e49eb22839b11240f41af036f71c0d46594bf5134003dd5dcec7649716f4ecef

SHA512
62620dbba6b4183571bd8d42290a6bfd1f96822d20345e1a68444404a6e37c9b7aa1fdaa053c1e684f9df1f96caf857a21f5e9846dab6b2409f5c66d56a53c88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c93ab96f57982ae572ede6035723725c

SHA1
ed7fece62c68ec8a0fb3abcdcd27e5610764e51c

SHA256
56a2db8e73c3d49c75c1b99b047f6309f8f985cc83c956675213af8c16e3fe0a

SHA512
4ab50abc6731e8b394c098fb3e1762a290d00425483e3b165899038dea4aae97a11e3feaab29663d8cee0525f6f37f6c59e6e43e34af0c29820b39562b40e5cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
678bdff23c584b84291139cfd2199592

SHA1
0c165b4c46e061cf1e9caa8555fa9f759cd2a228

SHA256
27e7fddb83cf532753bb18a8cb1a45cfa291c3da80ba94b5b68403185ba191a4

SHA512
e6937b27b0ad614ffc14c0f2d4ca6c1e2fb655037839ea4ed554205132d8087a8bca1aaa962240d0426daece61797ce7e27a69cb4ffe2651f5a168bdf10de347

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4ea98494178c095961a3a46e366df11

SHA1
f0ed5cf1e196ded64a8cbdd6ca2cbaa59d473938

SHA256
70581d690fa892eec77ac065f6487d789df326ff279fcfbfc47a5707ca871fd0

SHA512
c4e4439a0a362ca2ec297d7a396ff9a1bfca7f8d5575501bf5b05b3f968841e0209929a31c26a74833139e1ee30544bff168672ad3f9b9c542f5efa571c9cdf8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee92b6f3ecfe7266c489d71eeb8e94d1

SHA1
faa2f2477a0bca2bdbec7a0b7c8704d32e68ed4a

SHA256
0e09ee1f12d1be10f55c7e3f98139e5f71eb7782c1a6a867d22063c9946549aa

SHA512
fb4a9223b590599eae12fc77dbd9f1d958cf1b96f5af82f988ab2ddd964361245fac93463a8a31e1c359d20f0af05d3bc82d490015c3e2358c417e88a61a800d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fcf9bd70511fce2a98bcc886efe79877

SHA1
bfb62703cbbbb953bdaa6d423e0c5b7398015f7f

SHA256
fe4772e892340ec68eccc703b3f488b64601de02223f1091e79427d94691c4e9

SHA512
468f99baa4e8f6e9a5a1e84e07ceb8b6870f7cb236f5ce727b519c1ae83be203fe9b5fc976555ecd90a23b1a6bd39c02a1b457833ea891a3e3a1b1da2892773d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4dda63f9b350799a899c657bc110a94f

SHA1
25856463967428810cb80f355b63834e5c5adc07

SHA256
9c53c3eb85e0ddb78e56e4fe6a2295f58bf6966e2b1d54a38bf2d6908ae6b09b

SHA512
8725e6764b5ca916647844cbfe3545a13f15e62b45284c4a33f183b8e3153c652cc0f83b5e4783a873c1957c180f7e70cc083ff802d40c00e4e2793dd1151829

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
02f8ef22287fc608923df446597b4034

SHA1
244843d3bcc09228b789ab543a7f3898bbf66789

SHA256
6bd4a759ed40fb22f5129f39e3509f6ad6a5cc9efb4c9051a9c832226f5ba78d

SHA512
63932111892b2eb2dde7ddee9b35f30af9a71fd8bb635c7d085e07a78f59469f39d19394cb0e60c39088208b4e9c31b41a28b93af22282201bd08c3eb0458025

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
baa590566f2e7906e22c3d2fa6f9eac7

SHA1
486e5a26380ce678ff6737e3754469323784777f

SHA256
55277df4a80be84e120d5521a59e9751cbfdeea1426e8bd3aef286b0f98f3c5a

SHA512
9d6d70c944eda914628d9a581e6e0f4d0cf32e78b9914e6a3e43e0ad86139834b45b527088a20ebb9349fca783b602fb5030e4c7bd6eaaa38d49a4861b9202f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d2743c54a3c5441eaca44866a99646b3

SHA1
40c349075782ab92336aa78979c23aa88b3647a1

SHA256
263758f63e49a0e109f1079e4c1986202a2c9144e93501ca827287c04ec31fb8

SHA512
ad3195294b870472efa3b0eb4bed16f863c7c139e5b17a4c0dc6129cc892ffd0a535e6f691fcab1b3f313a0cbb165e765ab7c82ae1988023e5c58825b96460a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a19ef46a9dd69162364670085636ff1

SHA1
b3e7e3cc7beecb72667189bddad50a114dc80b64

SHA256
d94730ba5abd40a81f66ae2d4b3db64a46965b888c12e257bd7dbfce90ac404b

SHA512
b5aa54cf229e388619891c599af5c5c8f252ed5cdefa63ed37cb19d511133b8418f42ce7ad62e43c08acacf9fffd0cf5f30fd182f154bb63640364aad7bc5fb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
79062f591a4181c977c42e0142719b43

SHA1
2c4511582df6a184994de17566c0292f153467c8

SHA256
89b80cb844a04c0cc3f37c7b6f3dc6783a7d458ce3d246348346387f21b36c40

SHA512
49cf6c2a1076651327be451a8a89d5b91d4f72746a9cde47d0195df18162ad0eb5e33a2dbaad3f4318615d6a182f26372eae15774b2a871fe319c15aa67e0920

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
575db092ff6676f20ff5362cbea3a9b6

SHA1
7c0335551ffc869e6d78bfb0bafef00e0611b8ee

SHA256
20c5b3e21cfa9047a0736e3e55f91f13035a368a2e05b561a38ca13c4838aee7

SHA512
b83298308295122b0667f0994647ed3c7ac7ff7e9c56814a66471771872311a82af2438dac5127ab960c406c3e032835d685de3a97e9603c98931d015f5a37fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f6e62213a06b38baa6be91a41bc02f10

SHA1
7f024708520d258ec371e96ebf45077e7c6c062d

SHA256
940606f5849705c14d3526c30cfd1494396a6af24caf00443dd91e3aeb190725

SHA512
e931b40b2ac03283656ead5b763723f0b245722e2ced68f921e5780ed330da7ac174db39b2c36ecaa8541cf73a00bc0b4debec9abf4b22099c6dcf6c356fdb45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ffb21e335bf30edc5c54a057d67a1e21

SHA1
c910d95d201f709bdcec9f1d3b3ac44cb91e749e

SHA256
2361a9f008657060a0f8375a37da645393ba5b45533d949e91124f7e6a8a2994

SHA512
62f2b6793d5c8ff58ae3c4b822451b4b7c2e7d4721d92b90e4f3b46d1a6a5db79d20bc9b26c3ca233d33385971e7de98209e26e3be0088aaca682e60f7fbdd2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c80738451d781e4ddc7d191dc4d6a808

SHA1
312abd1f273bf1a037f93fcb9302e31bce1abf96

SHA256
849e9cab4d89577ccf7a4143abf49de246879876a5a12893ce0b373f33ca6b8c

SHA512
9573a2919880fae813976ac9a8e6cd4c47f261b7cc650df716e5bc084f1f1cfe53bee5b7ca55425bc3c9bcde5ecea1083537ba52a11af4444d3ca8c044b19434

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df3e251f793b9ea3b94e829cabd44058

SHA1
d50797275f0e385ed17823b3e038b1061d5ea312

SHA256
e081e81a5e702ff04b5b3102b6ed0ef2724601d5aad9659181f2e5262777c153

SHA512
f733ef85190de01692ef818a51a649b932a5601039e87c4293bfb0d6e77a03db9c48e97fd2e55e1b779cf61a059337320fc1da0ef2fe5af5a034d63587d12037

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5BC7.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5BD9.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit