a931037159856a19c35fd919ea866969ef3df27ded4435cd2fcaf99f27fc490d

Analysis

max time kernel
122s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
15/01/2024, 05:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5c481b3e6f4c0e250745a1e7677986bd.html
Size

2KB
MD5

5c481b3e6f4c0e250745a1e7677986bd
SHA1

3893bf3db7fea34110fa725ffc878b814a6d96b6
SHA256

a931037159856a19c35fd919ea866969ef3df27ded4435cd2fcaf99f27fc490d
SHA512

3d112add58d3d2aae8e855a1feef5c2f6ce1f2c6e7534557af3e0ff10a876aaf6c27dc127a287b192623fbf3e2a536abbe3b137248399dc27fc50082512f90d2

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F1347671-B368-11EE-BADF-42DF7B237CB2} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c000000000200000000001066000000010000200000007497c11efc81f14425cd3467bc808411cf96983d2dc6871992715220d079ba80000000000e8000000002000020000000909e8485aaddd8542f1581382561c34a722341e562c82ef8d523bcc8108d861a2000000018b0c7834c537cbba4d112ce43aed767d7d0a387c86fd0570c2ef113d4feaa1340000000ab6d0f27270264708c736e1285c62f1d900bedaf9ed486d691183cb9ca05fa41b2d49011be26dd9a756160e1e2619cd26bb9f47b052d290f9e188a95ebf7b055	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "411459248"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c000000000200000000001066000000010000200000006c789fb19b5fd8a7c2793eba9e080dfd9ea4921bb96bbe2699c6f049d6c4d38d000000000e800000000200002000000091f0efba6ca9c3d828e6b931f87484ffdc8140d3cc05f928ce10d3d09a5f153690000000556877600ac8012faee8c09430a7cd64dfd7b6db44b62f66af4b2341934892d9b668ada3497d88a6a98b95e88675765491bc8a049fa181287faf45a176944018c8ab6f72f102956cbe64a15dae135caa9fe2cc403a7e42ba67134b97d2d5e0b4fb1b50c6df35fb05402f2d50d4947c58be54a05daeca9859c9a2da3a11b7c8281e4db605305c80da55e1b9ef4d7f5a35400000004172898b26c4315ba832fed674dc3072e4c37c9dab0ea226acfb1f3b22c6d0dd7f496149681c40b4429e18eda1c01c9567cdbd927566eb0402bb3b67bd979d1d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 009d20c77547da01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2652	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2652	iexplore.exe
2652	iexplore.exe
2332	IEXPLORE.EXE
2332	IEXPLORE.EXE
2332	IEXPLORE.EXE
2332	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 2332	2652	iexplore.exe	28
PID 2652 wrote to memory of 2332	2652	iexplore.exe	28
PID 2652 wrote to memory of 2332	2652	iexplore.exe	28
PID 2652 wrote to memory of 2332	2652	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5c481b3e6f4c0e250745a1e7677986bd.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2652 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ce34bb647dbac2944a8fd7d8e097c29

SHA1
0ebdb27e2ba7426786ef18d9d2906edb7a03cdae

SHA256
a4c1fffe6c2e485f738688a830a94135f79623814c5e7c52c57b549a531d8275

SHA512
00f873b978b2a9a321d74e605c2d18ea989a564e53b2ee724632ef5ae71193e0ecd4d2eaef17b3b0d87657dcd3a44e4b4692b29b3579254d5868dce348baa41d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b83972df3a55cc39431a32babbc481f3

SHA1
e07b3096c2839eeeb57f3cb2689b74df0de8b118

SHA256
690491a657aa9977457eba0371a7cbe599f7d3552b11527fe962560c7b9d6370

SHA512
d91f8232d0698bc0b577e169fb639a36b1a81e56d7cd35e41bae7ad7e73ec291b76708766f75b28456f3921bd4f5570b60ef66b444219709f62cde2d3856b7df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0200eb61ba939db84f70f785e0ac6100

SHA1
4f927db97ecb11260e3f353ba7651d4183346411

SHA256
837046b7c637e3e3a6b4ad095e08f7347610d5e53ad99fce42eb4ad67f284a21

SHA512
fc8795552ceea2eec9ed77fd10d9069573fc0fcf3e455ced67f969960b079aff71125bcf0c2169ae71a1605eb269d086c5d165ade7ea5b26214f378e95f558e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
55f8e1ef60ee1bff5eab90cb1cca032c

SHA1
bb0c756b852e1c81eabffe5f7cd8e61f2d734f53

SHA256
edc9f1858800d0f30c04eca31361e401ed8163e75170a968354d38337f4349ed

SHA512
4d8201a00c4913bfb080a8a853e30a974bc1bae869d4efff56fba241902bf5ea335985ad68b73f66cd48fa9e95a004605214f3b76df33b1ad54490b9c4ca9158

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf9727899def4046ed91472cea2de941

SHA1
49a317c480884c05cb9402503cc783dcadad67f3

SHA256
b662ec414e6f527ca02cc55f2d169f2ceeac342622c7d31a155d6c925595d559

SHA512
120669b11fc676fa8384cc8bd0a92ef00ac5635d80cc39f12bbfa48e59ed1c2a6d40d6d2ff75a6526fb433ff483d8cb8a9d34cc199af4eef2594f5fb87930880

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a3a2a17b4720669431415d4e83f9002

SHA1
b0917e7249e27cdc363306b9ce8a0842a4879d03

SHA256
e85aafea57180eb9f844b6d04873f052094e1e42af3dbe649e6fa8d731101fd5

SHA512
852017184099bb9224c3519df424456599a68284707ab425723b859953cbcbeaa254ccd8437cef98e451691663b64ed03a3921b2f090899673d40a6da7e541ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9169b05c1e6052655f1932cfc39f1a5c

SHA1
71ce764bb0d74f0d354f491e9fa9e868eda013fe

SHA256
0c190356fb869ea66db3a4345065e469716f29d9342f0779c8c35c2e77bb64c5

SHA512
17546d203d401b17734bbce923d6c1c746998348a09ce2fa7375bc4aca20eae9ef6e152ffbea2d3547e6fe003b0b44d145dfcf8166624f96e7cf0363b3f01a2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6875ccb82e29f8156e12b1be99b3c93b

SHA1
918bf998d5ea480a919b827fa650062b01876a50

SHA256
653777a13653fb567d9d1a31524eb6ff02fc3cef388a57808040c2af82d0f266

SHA512
71c42b6714158842fd4507e4edac1ce4f08b68b89cb76014e36b3b8051d3fe535c079540a045b10b805d1add2848b5b78d593f56a622b30c82bb57a9a5e77e03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a58e22dbb67e6f476c9352df4b25b365

SHA1
a7d03a26b9fcf14161bdb48233a2a3486ee29dd9

SHA256
b249991aa08f804d86a8bb4b2cfbb7229f0956ca1b22639ac8c567f7641c9d1b

SHA512
df11da13f1f1b0f8d602656aea045d9774f2c05e0ba94343d5beb8857b6fcc699c6492254b9f32a5604e8c2b1dde23bc9040ac8a496fef8de2fde6098d31299b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
90f18fa5221394b26f5e2b5303b53b0b

SHA1
4393b3bdfeddaf9ca5252592c486a9db0b74e711

SHA256
e228db830cd74095bedfb019bdeef8b9c726aa5cf84fafaf163ab5e1deaf819e

SHA512
076cf79904d2b39fa96dbb62b34015b302d2e20daccfe7a4366b45d87d6c3e730c68ddcb628a533c9db46f70cf50ad99a008ef472232a3176928183d30162437

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ab90943430ad5a3ea435a431e7b3368

SHA1
22366a44c6343fbe101d42e5eb94d53441ad2686

SHA256
f756b9d3929f55661ed13b1ca7f347d27fe72f94c7c418f16dc00c539a3c23ed

SHA512
9d1056c338ee867f8f60112c3fbe54a5de5d79c98c1eed5580d471f7b02aa9c82dd94e22185170a43510244975279217850708b8e37012109252a4028972ca56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86f6ab89940d10dcdd801186db06a90e

SHA1
5387643e3d473d621d7f544e87ef8d80e45866c8

SHA256
a3ffee3464155fe899b47f4a432847ef31c77a32824bed87a6f2af05df36ae07

SHA512
acba6fd952925251574c9f16ffc894e569bbf2d32c7c8dd3401db839227b25d0f31671df521b75462b7d3baf2c5d57a1c3319b602f3a9fadd273e20f0c837067

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5009f92410d04d9a0bd2b1cc419eb3e3

SHA1
1ddb36c66a2522dadc21b2a4872c5bfbda2a18ba

SHA256
37dd2544c7405a38f6aaf1bdb5aede87db25c9c5cc6e53c55b0ee43e15032dd5

SHA512
e8f1272aa90e0ba9585afa2834373d6bda8303df5a6c76ee98594eb8815ec1d74bf208d5355c48101f5abc4a3223eda8fc9656fb62c91952be4e6ede1ce93102

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
153f7c15cbf251a8c8826fbb6dc9c66b

SHA1
a11f4b6ad88cf874b9bfe6a4ce0dbea79286134c

SHA256
2c6bc569787a1024b281fb24810302cabecc1549ad1085217cfdbd59a8bc028b

SHA512
3eba1bae50c27ebe288c909c14b2718bdb2552857f9868028f5f757963b7e03ec73c6cacadd075ad9bc4e268c05858fbab55bd2bd4db32f0697649191a60de38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
50d1194e7c1a14442860a723d04ac25b

SHA1
ceba846ccab0a3c7991500a7b6a3886ed65d31d0

SHA256
40c8fc9faacd8e1dbdc6931164666a9a6dc985a99a71e81874243f1d5ed43341

SHA512
afefa4ce05930f972416f88b122ed4d2940fde574fcf1bb3bce66502dd8363c6a70d22776a6826fcceb31ebba857ce7673902aa1ade32c77efbb99d5eaa8c305

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c16e992c5a1a7737a8cd78189513a351

SHA1
fc8e4822470d0a363e1960f5618cc4338497b2a2

SHA256
54f9a5a1b483f2fb769f4989bc623144d5d6b4e2af586a9e919e90d5c5aa6457

SHA512
eb8de272980e94dd2bfaff7439e9488da7c3b4f305984694e19420f659cd755aab2644506caece0967ea6f1ca0b18a6bc6ff78597ce7bae37c2e07ceb3cc5e1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c40a80d720a48b85a44e44a4df8753d5

SHA1
4c30d2f919d47a491bcc41bf64693b8cf4fddb51

SHA256
5f9759df90f1f83d5416cf0fa69c56d7e0bebf2f17571fac6eb51ecaf15c1dac

SHA512
17189449ad0861a5a38f6dca6ac28f568f0585aef4c0930f79551c8fd8014abdf9b027fe3bec1e6730c3b39ea1394e1869815037bec9571ef7adc694b15a61a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab56F8.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6399.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit