ef227fd396ef9f5b4cbb4649bcee7d73ce3a179b5711f319fbf6d86e41a119a4

Analysis

max time kernel
141s
max time network
147s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24-01-2024 09:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71e8389868ee593d33310ead2bb6f5f8.html
Size

44KB
MD5

71e8389868ee593d33310ead2bb6f5f8
SHA1

31c7061d41b723da7be194cddb6ac1fc3fc803c6
SHA256

ef227fd396ef9f5b4cbb4649bcee7d73ce3a179b5711f319fbf6d86e41a119a4
SHA512

c77cac34021200a25ae91bc83138f8c0398247d7c6ea38786c2b5ec6f94b440048ad84daab3a1039b4ef8b45c91fbbd548e3dfaad67ab91f8ddf7e351165c5e0
SSDEEP

384:PODt46noLL3f7gozZJUN1ITnCiCHZmpotoRPfcreEmqa+P+yUFAQBLHBjQo2Vhdx:DXsodJU/ITCV5mamWrJZTGyUxVF23X

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412251649"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E52A23C1-BA9D-11EE-BFC6-D6E40795ECBF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2912	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2912	iexplore.exe
2912	iexplore.exe
3040	IEXPLORE.EXE
3040	IEXPLORE.EXE
3040	IEXPLORE.EXE
3040	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 3040	2912	iexplore.exe	28
PID 2912 wrote to memory of 3040	2912	iexplore.exe	28
PID 2912 wrote to memory of 3040	2912	iexplore.exe	28
PID 2912 wrote to memory of 3040	2912	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\71e8389868ee593d33310ead2bb6f5f8.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
e96a73bef3cc547a64612dfab4b89288

SHA1
621473c13b449e41a654de588bd9dd07fb165a7e

SHA256
45df0ca418ed65252f939c6ac5988e8217e9dd8ca977561473bf8b40b6f915e1

SHA512
86075384564047df6583fe603ce39a65f6f264aaa86af6d1b973a99b283f605a5e5d131776b80a683ff3a8240fdb7ea86bbe40d264626c29aa62e1d01211f1b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

Filesize
889B

MD5
3e455215095192e1b75d379fb187298a

SHA1
b1bc968bd4f49d622aa89a81f2150152a41d829c

SHA256
ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99

SHA512
54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_33A22DC5622FDF6383E749748D25F47A

Filesize
472B

MD5
3429da8f69254d8b711e36d3aadfe53c

SHA1
16e9c0004ffcc609cebf7ea109ab8fa50b710532

SHA256
ccd3db62eee3b15423932cc764bdbb8bc9caee4f89fee9e4880a2b0e6ce3440a

SHA512
d692945a19cc4d70adef3b256c9e285e75e5000877910fe2b17bc8e71ab7d5b3e4fccbe8b0b643f7d0d7b4b955a76dfc02bbc6bac68e4035caf3db4e4842359a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
b3f1066c2cc397a4f08b00bf9b0b6217

SHA1
745d83f9711cbf771e2967019c1339d9c4c1a326

SHA256
15b67f5a112f4285f86f0b1a157d8442e3e1fda79c26b6fea782e1b8795e8438

SHA512
f07e60587ba987be638ab841bcf05bc9751e19320f1ee9ea52afecd7d87668feaf0be16785c488af647a4f8c4824c1a1e90a13aaf9370580d47e64c57d49b5c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
13cc54089b25f729d35257db309262bf

SHA1
f9478adfd47b8d572cea1f92f51c1024212ab67b

SHA256
e8224816a37c822ee7ae3d1e3cbf83851111e45c3f11ac86dd6b02de2f3730c9

SHA512
6f3d4ce22d4c9cbb1bf10447f3fb414b9c40a2bde1e748028c376c99f933cc870e2d3cf0a915c2e3f86b24d642e23e87597d16aac9f93a638ab67b4dd960a068

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4A9377E7E528F7E56B69A81C500ABC24

Filesize
176B

MD5
8015ad9376ced57daa498742a56d817f

SHA1
227f699049e8a460623c33b916331e89964ff9db

SHA256
3da0af025c10843a94f7df3c433b7346e60dcc8899aa5863170942376b468341

SHA512
3d90b7c601e03691fba72ca02447eddab8f88e80f843a30f1dd93517de747a7a02a435277e5a0270e2a3a0875ea36a0346d5ea736e4cebd83c167cd857da8291

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
79677fda7ddf98f4a55c0f9e6be983ac

SHA1
217b9cb6b6e2bea7807f80bdf8f337d3eeb8c849

SHA256
5bae6771a1f662f807894755c3e8189e157f858563fa6e5b9bdde682267cb835

SHA512
3c99e8c6cfe3193ef10841e15ff9f78234f7c92ef01405c68ccbd3f5815a8d54639e3c669d9aa750ac800e5b63b48909114b9188fd97dd29fcdf91a74d58fdc4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
709f614135bcc0ce0da3c3e75ea710c5

SHA1
ef5c0201c4881dea3b198c009f568fc9916408ff

SHA256
3b7c29bc23bdf66528f5aa897d6db464fe4d9117fb505598f8a6d4619019cf1c

SHA512
8f027d8475f69b0b4857f44f28d3e0bd8a537c28e8adca523af5f1bd69b222cb7f33fe38258eb0c7d6f139bc00e79c63839e135c72b7b0b3b3ec85fdeed2cf6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c3bc04d5f79b8876c0becf05879b0a03

SHA1
a316eb60a627475431bfb1d7f5ebcb53917bbd1f

SHA256
b5245f1ef94e202115ede30c4471fc906e7ccbbad739dc3e54c67e4dbc15eba6

SHA512
59ddf07642d57363572b5bd9ac8c77cb764ad869be4535f56f011449b51a6ab0532b4594ae94d21c11ce0e2b7f9f7149f3999f18036e3c20f618b7d4c5bbc46f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d6af87a2f4b1d25072fa17b325d4e43a

SHA1
f5f0559abcf29fc02676272626304b24d50669fa

SHA256
ac73b58f5443c35c2facc9c189291ee67673c861f437d603d3118a4032389051

SHA512
66b34ab3f5eb3ad6cef3facae7be36dd29fbffbee9ca594d146f201fe78828c0c26f1ab655cf2e5ad0e3b84aaa6e495750b34de0ef8c672db5c6d5ee34e5599e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c316b664048e64f895fa5f5aefe45a63

SHA1
095d2996a17ba64206492f8f6f4280cdab5c9f3a

SHA256
f3414abc942156816f458e37c48fc3030ad0e198382d9c9d832e65cd51019412

SHA512
1653057b34c8e791db577d11fcb9411fac71789d74e50d997cf6a665bf0c29e57b55dea6aa08dfb3a06d54158769fbfccf5db9dcb62afe69d54dce00f03b31d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3923c5c326bfb83b615aab6fd5fec4e

SHA1
8b9cc1b6a71f1def0f70871dd447f58afeb28c21

SHA256
32ea0aaa7cb9ecccdf6741fb48ce5d50b3774b4474423b2b6ce996b8cc1790e8

SHA512
fe3711a0fa94a62627a3e5f1a77b56fae6ed09aa1fc3e9f3cd3582949b24a17b01ca0718111af32df38712a36e69bf7b7cb38e1f9297aea4b48cf0b06eb29ab7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab0aa55edd236c61a8594a134738adc6

SHA1
d275140af9b103f313d26300656d21518b73284b

SHA256
843427f2baff13b10d2b594fd467939869297435717949aa7c271a98158828f9

SHA512
b7295fd08aecb9ab4ba7d77068725f8878b1b959a63a1490a5f2f7331c975f5cf5e9cee91f4ff5e66f7202f468e067f7bdd48ebc366a3457453b2ec8374674ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf9b40189833e71b45d8339d0fad2f28

SHA1
593971e80c29b0ea3acde4f91515eec9501335c5

SHA256
b2ec148de83b8ebf9cf83c7412028b326fb9dce6869903186aa63c44cefe9e40

SHA512
35f4cc40665e02648283bf080409fc2b9dfa8366709e797d0888df7468b9ac6b5805c0c9d96f82899c26ee10a02fa83a1b216a0f295870fead18abd0d9e9af2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d42a990bed3ee9d48d514be783997da2

SHA1
21c45a27b55d9cb5c040a68703c492c2238606b6

SHA256
111ea6baec08391afc2d817c960c2b4057e17e61e045849da1395abb5e4087ba

SHA512
a0173b991347c0e169befd0cb578b66b1361b9045c06ff2d98b98e1ce8e6fa2e8f6532b4b9984ce9b6710b04fa5697a3b858a9dffb2f30212e91f82cdbab42d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e4f6e6df9b5b8efc69fa719d3baff1f

SHA1
bf7362caf3202cb23df3a901972d936b951cd912

SHA256
1d93cde50caa88b938c022106c218a23298abb42fab30e0aeac6cb0ba477746b

SHA512
a7acf22f0697931cbe838b93e8aaf63397d631d513368f0abb0d3d26ad06de5091eb2c72f93fcb78990ea69c9622d49753c8af93f38799536e544e24158038f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
fe4548f5bf3724970e281e3931be6c09

SHA1
4d8858cfc904fd39521efac0e2a7014c447ccc4f

SHA256
a82fa9746c9a7c05f77807d4d31db445a09b0b7cd51b37cd9141d2ccf7a95fae

SHA512
2955542c4293fba9403dd92467ec4706bc54ad7511d30be7d46722dedd853d23d19d174a987f5f6cbd4113b777379d3605b5002bb3e8b1282862574a78131530

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_33A22DC5622FDF6383E749748D25F47A

Filesize
406B

MD5
4bfc44f6d3da025c55c50681dd792f02

SHA1
7fa771fec34d3174c0fb4f46ad403e76841dd88f

SHA256
769f71ccd2825ec371290675051efe04d3d0fb9747305ea16300240148cc4245

SHA512
a2ca669d2bc020ea00b690473f057e1d76d839fd4653182643d04a8f80470e2a8698043173012890a897520f4a44234c41b2b3f14c6877887e7a598f89663bc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
818a32e368c552604823cdeb0fce0dd8

SHA1
4dc42955d3af9d4c3a1a7c4d37817bf6805f423d

SHA256
b536abdc73076c12c9afc2f679f6eb18f375209d176b973e2c8ecc0de0bfa1af

SHA512
fe4eb05b253095e00c36f140e49619965084b4009dae5440aff4e9abb0b27f862f9375ad57928d5ebaa6329c500eeaac4d605d1a63b43b355df0c859aebfdca9

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE91.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE96.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit