a669e945d00379d49f30b781e00f0a13c20c212205bda3eff7186b042cf07135

Analysis

max time kernel
120s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/01/2024, 01:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a669e945d00379d49f30b781e00f0a13c20c212205bda3eff7186b042cf07135.html
Size

140B
MD5

3b57c696a157f2ba9e5516b61a28d0ea
SHA1

9c362f0da05f07cb11157afc3f85df4e390366b6
SHA256

a669e945d00379d49f30b781e00f0a13c20c212205bda3eff7186b042cf07135
SHA512

992ca7cb96ead771659af46bf36a4a3a761540c89ce7d8de857b21c933856f320e93164b72342a1382b5e2ded9f1926ef58938a46d244ed787f4ba93996ad2ce

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{46154701-BA58-11EE-8495-CEEF1DCBEAFA} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412221748"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2040	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2040	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2040	iexplore.exe
2040	iexplore.exe
2376	IEXPLORE.EXE
2376	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 2376	2040	iexplore.exe	28
PID 2040 wrote to memory of 2376	2040	iexplore.exe	28
PID 2040 wrote to memory of 2376	2040	iexplore.exe	28
PID 2040 wrote to memory of 2376	2040	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a669e945d00379d49f30b781e00f0a13c20c212205bda3eff7186b042cf07135.html
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
e0dada6a1c3d2d70faa5d00dfc1809b5

SHA1
02a9c73131368c4a8fa1bbba187bb0fbf1914c8d

SHA256
10b469b8b12dbee4e5a1a53e435cb0263905e73d2bd59832b7d92ee0703a214c

SHA512
b976abf20e6b120669526092811ecfa5c4960ded2cb1ae11b17c61a1c6951afcee69e8dac0b314c6a1677e461d0cad25f01a99f1a771efb53cb594bffd426c59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a1d7c558fe7ff33de7d1afcca924cddc

SHA1
e1a8d42966b566d3bef62ce25fb8a014a346841e

SHA256
675f0ab6670b598b918c8c98f2d93effdf10d6c9d729b5e0d40a4c646f407262

SHA512
b9508af520fe695ecca611d1ad42d59bf07474c71bb2f4a9eb5f81876245e22291e39c722c298e4f6e7d05210ab448e904e63934312511a166afea7af86d7243

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fbf4520321f00da7b2709178efc4babe

SHA1
fbb1d13cd95cb32922920b653f7b4400764b4606

SHA256
631e5d7f3b748b54fbdf9d3f73c4544ab090a229f9c6ff1fb02233e8587770c7

SHA512
1183ff033a3606977b9581bb76da7b3d870067fea5c77260c2b5e591ce435e4c27942d37bc3cdfed9e78fa7072002ed4ba85c62dae8fafba2f88e5b25bc86461

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e920cfeba47e2f3aef53823a97eb196

SHA1
c04bf129db273ee86e2766d1df1ab023f1f2e532

SHA256
0ff4b06f5ecffc07020c58dcc225635c3041a87df5b5e115b7e454e153af5426

SHA512
31d6ffb613a2c63fb161fc860773a993046ccea5e2345eef74f384fd521c7b5507d7c8b94518014360f10de371fa3d0f4522cdf492846407001383276f39cf7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3907760b3b08585049ed7b5016e4a990

SHA1
25cb6f2a566dc59a460b6a468a72f30013f59f6b

SHA256
dbc605fd2dc1f4353f0981b404e8a872d5c65286a37c2558392c3b3770c07730

SHA512
d4a6aab9a85c0bc527fd6a9d0d5865f693c7483f41154ee95d76acf9f0286ffd108300dd427f8c231126c45746b257cb0b736eb79f2672d075c5909fc0ca288e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f3da3cf622bdaf725e520ce1d81cc74

SHA1
d1db439ba33b4d014ed75955509f25615d457f17

SHA256
d7cc73596bb0ca611567ff4a3fc0fe8f0eb0005b44e500518cf21446ac96dfbd

SHA512
d204d57ae8d3f9b3f5bea8048b41b7407f6652785bea53c4c340e27e07215ad687ad848258a2f522b9edf610fae7313157aa9fc79acbb78e9dc64c493f9753c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d2286a15ad91bfbf2f88e3e0163a0f7a

SHA1
cddcf2671dae46af0e1d7245f5ff845fc887e31a

SHA256
c8c08a8504462c3fcf62da392bceba83efaad6dacca9f0486c3ed8c15f690f50

SHA512
af830cf1615789df9ce044e3d29f5233eea14ed8ec95f7dff0ed3d9841a6e53a2b5332f130cdc6f89f929e80a2f461d546565963471b04b95d5c1920c95c9906

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8eb7c91fcd48d4a9200a91bb841193d0

SHA1
2327f2cc3697d2d21bf27cbdd7f3e348d0d78d6b

SHA256
8adbb99eb720153157066903457b4aa0b2ca2db1d9fc2ab9290ee20a55f41a6b

SHA512
d29d08a94f6c382f026c42827571ac4dc0a2fe7779b9c77546f0afcda0d94f03a8349db5899b6e5354558b53889c70c56bc84ac1d4410d640c9b538a6052d2c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
405a2088831700261eb45bb3e7c2d83d

SHA1
346fafeec78cc6506539a155fe0dbd16d21d204c

SHA256
80cffbf9a429ccfe30cd1fff19dad3272d596a9daeb099d5c2fa4342dd4d000c

SHA512
fcb8458963a338d7abb4b4f3c09535a029e6dcfe7c4027dff4b785ee4646f0e3ad45d9ae2d1f21a81073c66017bcb9f15df3d7570d8dc3b717945a9f25828e77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f21079716fda96c85379219fa16ce5c

SHA1
5d4a34c3ab5fc6ba537540a7ef806e987687ff6a

SHA256
e4bc07358a23828e54171044480b14de1c97fa65e6a9b823cce45dc81e705c9f

SHA512
df97c86cf56161c2b79b90dda829ce008e3d6acad9a94f9868f374db1585ad81929d3708fbea62f94cd9b5298b82e96c9e4c7a93a3905b2a5ead4072aa67dba5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4703b8ad6d2efc069ec14abf2eef3f99

SHA1
fa8869132acfb165f1f441812a2594a4fa9aed8d

SHA256
eb277c9587c235edc2368a16d1a6cdcb55151d9dcd93c6adbbf892fb82a76b30

SHA512
f4c9fe5ceab15353f2c706128cb8429b1d3170c3e0b2ea98f357e5330db6ebf6c85fbf346788d66c90ef2d2965703bb3e8e6855eb7499a06c60c5ce5a917d5a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
460f8e328d38bf4a1a88fbed4a3af7f0

SHA1
4ce76bee140f619730772fdbc4867fde28469cc0

SHA256
677097e50c15f1c10145b0b658a8d44265d9ddc57cad3697450df9c800b2d8fd

SHA512
00cadc0187681f4e62be645faf03e9a9be9114c3700ec61ae7a3d81bc74aab5c3b3ad4fd22b3be6504d228c6ba04be5e6ca2c1d7e4e35c42319b754a4f593584

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e92911743e769c568968df72b8fe170a

SHA1
3636fca2945e4736845446c0615c0c8007c41074

SHA256
5c45bdf9670c58cd3f98fe0d5cec08fdfed78648d34614bebe791dc90891e366

SHA512
803dcdd189a1d313ae1d10008372ff1266355edbdcb5cd674048eaeea3b0d002cd1018377a0123e0f2c8930d0e6e876acf64010271a4ec9376d956ef7f39b27c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
9022b4e3188e8cc9d3b37336963e44f1

SHA1
a13bd5e28dd957962edfd1bd13d03ce7660922df

SHA256
34a0a079179dd06782b96e8e423a5577853e7619c92e915d107554b32c21a18d

SHA512
f64c47115fc885a34b6a7357acb9d1548b858115e04c3dec1a6d23a76b60ec9553ee4aa9d5fa002a86c1249d695f55b1944d128e4de172beeb399c1e288fb984

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab69BD.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6A9A.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit