fbd605cb5439be3f87dcd2073fd78668349aac704a5fdc26be65e3a84e122ebc

Analysis

max time kernel
140s
max time network
146s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 16:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

74fcc822d0094573f9228804fa023171.html
Size

2KB
MD5

74fcc822d0094573f9228804fa023171
SHA1

ec6cc0a19c5235740d4f5ee16bd14dc9defd621f
SHA256

fbd605cb5439be3f87dcd2073fd78668349aac704a5fdc26be65e3a84e122ebc
SHA512

fcafd4a71af917fe1cdce6b4aacfd4de684bc1eaf02fcef47665c89198607e2fbf4919eba0000f7ccd800b1de4eaaec01efac86f7991f8fb76659356e863758a

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70c6d817ad4fda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd7691733418900000000020000000000106600000001000020000000bf000b5e747b0c9a0711d1882d6e9ec10faba005a84db1a09f98ab0f1fa00305000000000e80000000020000200000003e92a63b24492c59bb02aea06e373c41d22842e1314d42a28b412fa5db3404602000000099f70531c8acc63f3f08bf12a74acf635b7eaf6a4fc6a518aa611e61840565554000000057d2c75bf1929e8b2769e3b1614eb5c891d58848f4526f0327b9f63a57936305b6afb8198db53019ddd438a44ddf9a96b109b94bde49bb6a8443e33f6408535c	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd769173341890000000002000000000010660000000100002000000022e340bbbc2e26886807d740f3459a97ffb6515286e1b291e80357f1b8134919000000000e80000000020000200000007ba5bcef9cb38c413233824d7c45029c5bb79b24b1704db1a718f48e58eafea390000000918267315a756e281631b0c71eee66d40b478eb646ee44f3342b3c1e75f46739c8092f1ef1050b35ca6e111ecd6e4074b175b45960baf107edbd0a9b6b152f57b70c963c6cebb64cca5fc5cf359b7ac3599e24a3ade30422c1939a048c269907d460d8f996ae457eb25d739f632b485b8ff996244bf082608eb78170e162dfea6765b39608ca534cc333b139e7dfb7e04000000054e8418b2f7e2386e4bf1c0408008b8e4d0f0342c743bac2e8f52bd6a17722dcb0c55e8b9d008414dec92c11f58d7a9c436c9b36b3f1e5c6f20c994a27fb472d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{42777AC1-BBA0-11EE-8CB7-DECE4B73D784} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412362617"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

3024 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

3024 iexplore.exe
3024 iexplore.exe
2280 IEXPLORE.EXE
2280 IEXPLORE.EXE
2280 IEXPLORE.EXE
2280 IEXPLORE.EXE

pid	process
3024	iexplore.exe

pid	process
3024	iexplore.exe
3024	iexplore.exe
2280	IEXPLORE.EXE
2280	IEXPLORE.EXE
2280	IEXPLORE.EXE
2280	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 3024 wrote to memory of 2280	3024	iexplore.exe	IEXPLORE.EXE
PID 3024 wrote to memory of 2280	3024	iexplore.exe	IEXPLORE.EXE
PID 3024 wrote to memory of 2280	3024	iexplore.exe	IEXPLORE.EXE
PID 3024 wrote to memory of 2280	3024	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\74fcc822d0094573f9228804fa023171.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3024 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0927529088bf356b1dcbbd75a5a9376

SHA1
1d9adb8edd95fa03bc29e43271cdc9be12f10ed3

SHA256
ff2aa8d0c8a0f0b42b041d2167010e352820925d5991a91da15131304b152f7f

SHA512
80c02a059e1972948909a49a9324d8369553353d5a6000dbea326c8722068c97a7d39cd198f993fe6c0afaa77db64463300fbafb4de79f60d65893d0c2e7df2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
28a03ca8a52d9547288aef0d60bf6237

SHA1
27c16559e6e2cd9a6fcd4f30085cf52077c59160

SHA256
d4909ec1fa8a037128be03127f1e7444d862d916a00f5b28fffb7ac860c29801

SHA512
259afb1325cb33db988e1d9fb9a4e0a8bc2427ceb3a9ac8e4cb0fb73411e3eb62c4ae98f3983103ab7f6f733a676ce53ccb507d6ecd577dd758003f9ba9b7e86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7968ec3292f02d7f38ab60f848031dce

SHA1
668d311b15ad5d5b028076cfc43db9551de1d9ef

SHA256
9062a10e66e62a6483896770aaecf78741dce35b84ba2bc205b1e265bcfaea98

SHA512
ff93cff126760cce29ba96e3e48c22951129c22ff12d779447fa1afa8856b4995bb995189909690d9ff3e8a4816a6a0c3088b373d6cd7870e34c834cd0169fa5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e5571ee0976323b02196b0f212b76e3

SHA1
f9360b477ed03df4ffd5fe2146d659c8c59e93e9

SHA256
813a74a58e601d49e16942e30d99aec0b968390370ed4b10e872bd09a4b95ab2

SHA512
bd279f1729d5f34e9c85f391a5fa15a18241157d08e217a1e701756cbc79d992bb1c7df51abe7acb194835d454e8d75ec725fe27c3c2fb42c2d788bbac94b6fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29457795da6b3b414758de346ff24ca1

SHA1
f559191abf8bf6d1859fd952119ad09603a21c06

SHA256
6f410db8d8499deac9458ba9f2930c682e327f27f69489ee12b679e0045dbe66

SHA512
7fd654550157be9076953ce1c334890f8ae64894358139f2f700755ce28d987d33c262a03e8d5a4d4fae3322c442ad547e836726318f27e56f50ca21be4be03c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31f030d3e660efb869e6a933a639a087

SHA1
ce8e7de6f58b2478d85c296abf93e3fed219c0e8

SHA256
0ffa496fb238423353f9be5760a9c22c04961a9b592af21483a63ac8826cc411

SHA512
38eeddefb42178f6133daa2b9241b68a6dffdbe30b283aa3114e9986fcbbd2818fe32b450e92e3458de0fdda6856abc49c530656ac3d183cdddeaaabac5aa34d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5beafcfef9963c54d519a891f6499ef3

SHA1
05638e3aa68cbfa23854bf344d5b6c548b6a0768

SHA256
9b99f4763ba53c1f87bcbccfaa6362eeed68e8e9126603d81b81c9baf5e05dde

SHA512
75d44e9979d9c97263e876325abc2a62947a9ae1b6b2f7fc6af2f511eee5151b1dedf188d75c1dec8d54237e9659740926061820e2397977cd9bc5724631e641

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ccf952bad8ef32bb0d02125c7b702d9b

SHA1
dab6a8129be5c4535f8353d97470678d0b0ba007

SHA256
de89f7df56d580c31f85051159c62c9cbb4e95af3634fb88c8977f44c82ba4b7

SHA512
1e7685bb20ccbb97a63862ba7be0421d3f533862b80934470d2d606367a7078cedb18a8fca50e72c26f5473f90ea398abac4a887ceef54ea66487e26d1091a46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69a02eb03c54d9a08fb90c828890d917

SHA1
64e3fde660ddd37c3b979a151584912b650eedcc

SHA256
7bf45663c5f4d95991469abac0393b414e643160939975f4a3942dfc737c7f20

SHA512
67faca1f396d03fb62c7544223c6874b175a4e29d31e33e39f780ba80ca288942d4e65444b5afb081182a9477246936eac06463ff6c57361f1a37081fbeeaf6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0c2be23b04da0643aba717cefa3b07b

SHA1
2dc08035582f654989d22f48635b18d44259774f

SHA256
eaa79db056e92be0879c0e7b92c4e1e14758670ceb9b2cb102a298e2686c2eec

SHA512
4b895bfc7402a0a4824ff7997e711f04955fb9f33d5ef204399b13591b464d0d32eb16d786dfd391a5688d5666e2c9549ab071ce64ab2a8bae1f0ddf845b82f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
043abf6b3633b1b774921d45d7fea5f5

SHA1
b8a73cdf242c3024311a084024cc9903a50bcb46

SHA256
b6ab04dad513feafcb1bd3a556980c970b352bae0991240d3b106d01f030f32a

SHA512
0e2f2d018d00772114569549c241502a113d214031672c4fa23c3c888d7553a45c9be31a7bd797394a29560e57dfcbf86526026317df96b66d7b6feb97a2dfd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0cab80d37c017670ca2e1efade49a679

SHA1
6118cd8c6b012af2c45abab3a85c6f034be44c29

SHA256
ba41fa3f380f5a45030035a9ace10dd1095c2e5d412e3c3476ffcb148c330839

SHA512
b63469313f5197e70a32e15ce8c9815df88ccd481587d44850b678e77b199545309520b746cd1d36e74b1da1eca62c009a9eddee00f298243cb5806f0ce01564

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8f7748a8a1fa94924c3c54baa5edce8

SHA1
23ac6c5fb6312156452f9b17bdeccf456911d794

SHA256
0bee904542ab8373e025525744fe1ff38fb5dce438368fc381d6c023a2ff8bb7

SHA512
ffbc3289d593dc0530461898c0a9a3c6f95dd01bcac4b4066f02d856d4db2154e7dadbf7aa3c063ee29109dd93dbd439795b454e07b5fbcbc98fc5e87d50d594

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
43a674bb53fc31e4cb75437a8759667c

SHA1
9f65d3b804db9482d8e6362a57b59dd9621491fb

SHA256
a49beafb13e9547c0b86e035388c6be031ac858e6cd1d2f09e6a5da480368088

SHA512
ab6d1bb50dbe6dbd27e59b27366f66d9ac01d518dde9e01333884036770ee2808dba297d5cc44039748bfc9084f0d75bb0e785c21c14284192da03293cf27033

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
66c8a700956f8cba727288c27f24aab9

SHA1
972600f38d2ccec2b4d6ac720fd9c057f285a15f

SHA256
9780900cb72e2f60d097b338191bd0cdb6c254c161a6cf0c4d19ae685f334209

SHA512
5e147d1a0acd6fb46ce3b4cd1449711ec950b0f000c43d74b8acfd0e6fd75b0f68e8d636460ce28c977043f9b5dbf6ff0d3fad66f51973cb9a52c87fd1e498f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd6d532a4925ffa10810d8e45494fa8b

SHA1
f48a2b8d4e82c2be76aedb66c34ab8a439b5db00

SHA256
66b8bff0a74f8bb52a601d2d0438d576c63513b3253adc456a2d04aa90c86d80

SHA512
70f2384597185a53238b624f97375bd57745c1507177de78ac8e32b6d04d1593216fd207527d6f8616b078d90448b083d2d7a4e5f875d8116aaaa5645e951b86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8A38.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8AE7.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit