5ba19b64492d21f97d9d18b61ea870a042ccfa3f7ad67c6feb373da49a26909a

Analysis

max time kernel
133s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
23/01/2024, 23:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70d5fe1e9aaea57c6c127e0683381bcb.html
Size

254B
MD5

70d5fe1e9aaea57c6c127e0683381bcb
SHA1

f916b2f4ad5d7992c6ba1160a97ebf17737a5a06
SHA256

5ba19b64492d21f97d9d18b61ea870a042ccfa3f7ad67c6feb373da49a26909a
SHA512

266d00540a63b599d9a1bd438a01c219c7023580fd881ddd4bcb23a97bf3d4e86eb6f9a23fb1196a59a872ab68abd8962bfbedbb5af8f28d0ee2772e18d1bee5

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412214259"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D70A0821-BA46-11EE-88A2-EEC5CD00071E} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a00000000020000000000106600000001000020000000cc8b6733368fe3fd6cc4d64837811a4d7fb40518ed1ce264b1a510d42562ee01000000000e80000000020000200000000e43277e07e7153e1df39a85d79a5cf62121b80d0fbc7e9c21bfc8339b695014900000004d891d1393730695e1cbe0ccc73f1df953100cc537c80f5d793e696d0ffa0d110c1fd53aa47c47cedf01dd9fe058b9949c4c51988c2b8a434f3adcd895da688b3a9d62c8cb44f419efc38479c2b7dea39c92f08a7c5cf9c9f2e3f3a7e6fe559cf639c382582f3c4c360f849c8b46258bc00bddd300b825f2aaa2b444e81af4b1eb5fdd8f19446d32486a36cfc7baaf1840000000f7f2566a6ba90e6a6ea77f77546d50a8a0f5d5cc46e77d8bbc401be24d9186bfe5fa65175f6c74f74374e96c540f42fe76ee9acf73a0363ae587c6b8c19c4650	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000969d72c3e5a03a40a0257479feadc03a00000000020000000000106600000001000020000000e1ae992e050d70200319d29b0ee80927fa6382119fdb6404fc14fd1814be0d84000000000e800000000200002000000093e3b07239827e9285dad14bc3c56307c580c12bcacd1cc3655e636e9f04819e200000000ace45a7dde7f4a203c709b3784213c147b12a0e055e0e878c150e952b813081400000004a54c14ce40f32353a0cc355b8db98426be078cb05f215d7b83a641bd7beec7291f727700d616bbe166e567639520b7b59f2d94a9f236b8887b2eb5b96f2d457	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10779aab534eda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1992	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1992	iexplore.exe
1992	iexplore.exe
2384	IEXPLORE.EXE
2384	IEXPLORE.EXE
2384	IEXPLORE.EXE
2384	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 2384	1992	iexplore.exe	28
PID 1992 wrote to memory of 2384	1992	iexplore.exe	28
PID 1992 wrote to memory of 2384	1992	iexplore.exe	28
PID 1992 wrote to memory of 2384	1992	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\70d5fe1e9aaea57c6c127e0683381bcb.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1992 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
131d5b026e4255a35f1da42b5a4430d2

SHA1
f0ceddd2fe63fc997ea1af89d8835a097fe720ed

SHA256
869be0c9d92eadbc7bbd563690e05ac0486eea7263e919b53192979477af3a7d

SHA512
9b23b80fc64c0606d28f6ce7d8715d4e99f574b730e942fd3882d8ff3dd5e5c0dbf0088943462debc02fa53e9d9e71f68c21f2044764e7a939942011f33e851b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c69e615cc1e0a0ea2646d47b750f033d

SHA1
72e38afef982fef62025af3a010031f5ca9543f9

SHA256
7f9ddf61891970f23e5891a35b1463b807363a6dde831327d6a218ee16d9d75e

SHA512
02ba50a0adfce3cefe47604272644f155cf8e333808daebec74c8f4911c8eb3684c23302b3faaaca2453abf95b0d8c702863f8807241b7e73e0f0af52bad3983

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5a11aa78fd3d098520e6a6b31625c02

SHA1
3bd313b4519628f98bc36cba5a9581a1ce325560

SHA256
2870894edac6789ab58bd9b1e5e3873590153ea5b693e8aecd76dfd0353545fe

SHA512
e9496a85828edbeeba38516bba4669265ac83c1973afb08a3b0d5b9c10f6d67c0d5988873f3b9d07c9afca4dac18e93b8b0d8c18e931bc27f382c20e1defbb99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d09a542d7ec2780a9e3d44192ee12797

SHA1
0ee575727f8e2eb86ee6193ca11dce1c7cffd954

SHA256
5c6ca1daf77a5fc95d7a7662d618d942cb1ee0005268b3b7bf733c82c6f33b1e

SHA512
b0b935f6afe161d09247028a2fae9fa4ff7fbe92b3a5583c0236f59b2018edf01f52afa958b9593bb7b8526a26887a2c3d951206e7496ce87c20944f604df1f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
042939fc798e08cbcf1743042dace155

SHA1
9b059e442ff89e0c967e4bde13b322e0e37b8dcc

SHA256
69b2b8ec16a9daa2db0e5917d64dd9ac9fd01fa31a3c01348971efdbb7099c73

SHA512
7b4b7103317b7fd6ff7195776c9da98f930fd63ddafdf8a96d53b961147aa80eee290ab649ad0081fc42c9d55475abcb6fe8b6de47ccba73580116889b1521e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
03eac3b7efe648510d1c1f0c31952902

SHA1
f4edd3e98d1fb7a7b9cbbfaf47f1828d5329f24d

SHA256
7efac25dd0b6d20af5e5d4e80fe0db366d4f778f5eaf205accc7d3048dbff551

SHA512
a12ecd1cbf73defd638398c9845020dc90574aa24d17f8c5ad484edce27e91fbf5cfb7048d340bcc5431a5721567576286171ba6e9c1f1e714a380fb50589676

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e92b0039bb02ae514b98b0703c5b458d

SHA1
437df72bcb2e0a50cc014d477cc9c23e4b1c6109

SHA256
f25c987671ad8bc9491624aa5f2abc9e3382d5de523e8991de4e0444b5fdccf1

SHA512
80fe498b16fb8fc682d2f5c5cf2b88be4e22f0ef83b4931500ac5cf7798f4f6bf4d263aade6bd46ef1635fa4a5df876a235327e0f41424d386f554c5e83ba2de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
28d9411a18ebb17a2b4d64b295be8211

SHA1
0865bf00bb190e864c950efc663fd3dbc27eb7af

SHA256
535297c5c8c01ff79a4ad182fa4bd6b019e59fd225aedd8f057a9f45c1f64e13

SHA512
5c1ac84255216416922ab88f59f706cf62d867635824ceda46764f629eb25be2ad7508c53eb6772df32fee06fd293cdcb979d17f813def0a5b0b25f391ed65c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76ad081616a90842adb07b3509ca634b

SHA1
31b05bada567967b7272b02fe63799af712860b9

SHA256
6fe1f14828adf3faceba9eaf704ca1e582c85255fa1a1df061a3457685aef90b

SHA512
82c55337b2921e6377dba864c7167e60a21a3e8feb5c5187fa178ddeda2b39410d8e3d4ad0084a7c80aa0fd9e82339cd8cad462e2c5b45de173bc4bc466a03d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0835bc365589f6395c811f1aea98f910

SHA1
e473a7b8ad4f5f732507851b8719f92893ead8ac

SHA256
0818317c72ae16a852fcd93723347ecdc9156b6bdfb0b585fd622ca9a437fd2e

SHA512
6b6bc197e28176f369fee74cfebcdddee40093355c85cb887606e30f3bb74bbf6d6004403be0e312355cb8f8b5aac442bf16cd80d5a00c11b4c8de1663035769

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea2628580aaadba049eba99df8aefb3f

SHA1
9183d562619bb9212a205e78b70809a615cc88cc

SHA256
28b3e4ca0dff140a811ffdddcd786f22afcaa4ae222bbf391e3672f6d27e5dac

SHA512
ea547c50f0d6ed5173773d6583016d137687555c83de9c64e0a5cc1a200ed529e407ecd61b67999459ca27dbbfaec98409f7588eba724a8cc6c4351bac8a64d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e8dca2b7617ffd7ab0e02bb806fea99

SHA1
78716d2c778688033f8440c480895abce36f111f

SHA256
2cbd289d9b654f6527e4079c441665f2a9ad21fa710452b53f9e414abd04f473

SHA512
251d141a489a25d152b10b3b706cca9b854de648ac95c26a4c8cac53eb89bcf3decbfcf2ff311fe00eee41cdff855eda604f21a8a246f0b512f94d126244c776

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
16b8d7bf8bdc5d8fd919071efd318975

SHA1
0f978877f4e9c909113cd8ec7bd211694132bffa

SHA256
a6e2533621c94c6c858693ed6386d9eac41adf145ec724fa061f20246860059d

SHA512
ee0362987248120623d8fb16292f677692d9a6c336672d58f99b8d745d1eb02439584eb32d1861ee649524bbc8a3a5afbdfe60ccfdf98cc16200d86882e8a4f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1c11a7ca08be79e71691a0c44a930bf

SHA1
14a018246c293bbc22d26a9bb71ea2d6b075a4cb

SHA256
4761e413deecf0f6c783b0031f4e867f9e5b7c6ce5a3e857e3be1a44d16b97ae

SHA512
cfb8c64ed30a2253b0d2e01b013720be176392c4b38f39849df93b5ade9f541cb629518cdb0ae9ffeef2a2622bfdb9001fcd4e8e4ce28ca914a08f6d1cc87248

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5422d6a141ad3b17842963540ef270b0

SHA1
47d7cf59b21d325ef712bc72f452ef1a1223deb3

SHA256
cc103dd62aa74be0f5d1c54bae93450c59b8b0d21c3b83bb021e5cdcf7b88122

SHA512
ba7f8caefd61e3db83004c6ff10773b2508523475db96fe202730232eac4f04c7dd407b8777626ee80c1e7bcf8cd585558dfa1193117295e1f05b1243148795e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9936146fb5a16a43c5455fcdd6208b2c

SHA1
ddee153c39d63d37587320f5156cad38902b7cfd

SHA256
1a123cd21c85543de0e86659e7f35712022ab5ac299a71c1848858e8abd57c59

SHA512
b6d6cd6a6edb1d7c2dbe6d3358c7d3f0fbfed0212479864bbe6e94a4c656b5d9fc741c01ae3ea3a0ad356484193b64c9aadced1517cc39df9b5f5ece555d9ef3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
abd374a2fbb305928302c3c9978cda96

SHA1
06d88799923dd0b2577bc2137fc96e363de76187

SHA256
563f102a9a8e467f473695d6058653b335699ccb9698805879b831766d0a95eb

SHA512
e4f3bd80a8eadbf25fad7daf15ef5ccec1215378235a33a6b7a8144f49f6ef6a502252352371ca2648eed6ce202f0baa3ab75eae36c8b1412fbc5de4724e6d7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24c482679679541f7beb11af3472e7de

SHA1
6d454af9623d2471a25d2e5c1a3d7e80d75ce7b1

SHA256
09b34cb09033287ad902fad4ef64c62ed07b333104f6baca9d67a34adab57ae0

SHA512
0e1bb7e5fdf499937c91efe17cff2625b619df1f5164364cb341c5222cd157119e8a112223227c4a5f2a129b4a1f1ada40c06cd078aab7d754e58b0213a1c17c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab23B9.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2458.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit