e4b516f92e170a90f98b8ac585c42927024ae597d28475aebc94b64e80d4ff55

Analysis

max time kernel
144s
max time network
148s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 16:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

750805c42b5128cee6aabfa256f40862.html
Size

7KB
MD5

750805c42b5128cee6aabfa256f40862
SHA1

7bfb73edcfc25a39e3fbb07115f41840d9f49504
SHA256

e4b516f92e170a90f98b8ac585c42927024ae597d28475aebc94b64e80d4ff55
SHA512

dba7d19c23635eb4d2845ef51abe65bdf42708f68bfaf65026657d5afd2649a0b42a4118d4f7e27ce246a66f4e241eab7576ef55daebbfb0f814159bbf6f7056
SSDEEP

96:DCDiozQw0gW3fVhRgR726PYAmZK7b7i/r7JO5AZDZ4IXQDYnf0nbMgxzUg3r:W4LgWTgYAw2fiXJsAZV4E3fab/

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412363822"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{10145781-BBA3-11EE-943A-F6BE0C79E4FA} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80c1cfe5af4fda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000339c14ecc7c1604d5cdacda746f17b3330f94b177c8f78e21703601fc3327643000000000e8000000002000020000000c186be55ae029073cd2e2f4b418a6b2a34880c066a7e9f214bf92585967f285020000000dd7593fc4ac3cb52819be00c1cd7585347c50455e07a1410e3da0ae3eb9740f440000000251698bbe2bcb18701aec5b22c6b3807456f5f159e08ce81feff8ed04d80b2c4fde8f80ba0365551bc753b9a0f2192b561f72f73a5e72e37d340c857f411639d	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb80000000002000000000010660000000100002000000056735fea1ab6b3daf13820e72adb82483f50de34b8ee42d90e9ac0bf7923d5ab000000000e80000000020000200000003b70eee05699e1b38935e6aa898d227c82e0a342f6596d6a4975bf3f55d147c99000000018b8121959f70e3badba5fc43d862ca65084803910a53886b0f5b0012ca84bf57da065e33ada923f91e24b270c33fca8d2a064cc2423af50f161bad3c9d9b750dbf49a1d1b91d8f26b6995a6e32eb0a0c1f18ea2cdf674a59e09ac0c806116b350111efcf2938ab2f08ec45a15a4d159a3b31f403934db9f0e26debff3a4150eb6db68c1ac04e1c49a02330dfbaad9d04000000003671c03cfdd57c532770a3fbc7715e41d4cb0e36ea82fb4a2ae7a616202df1adfcfe4dd76fa56e8a9798e96b0cb0721c1fc5f465a1d4753e40f75ef1a0cbf2c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2780 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2780 iexplore.exe
2780 iexplore.exe
2804 IEXPLORE.EXE
2804 IEXPLORE.EXE
2804 IEXPLORE.EXE
2804 IEXPLORE.EXE

pid	process
2780	iexplore.exe

pid	process
2780	iexplore.exe
2780	iexplore.exe
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE
2804	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2780 wrote to memory of 2804	2780	iexplore.exe	IEXPLORE.EXE
PID 2780 wrote to memory of 2804	2780	iexplore.exe	IEXPLORE.EXE
PID 2780 wrote to memory of 2804	2780	iexplore.exe	IEXPLORE.EXE
PID 2780 wrote to memory of 2804	2780	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\750805c42b5128cee6aabfa256f40862.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2780

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2780 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ccc97e3b71b231d53be7b1e9efd74da1

SHA1
bf505523bc88f981d26d0557ba69361da8a97822

SHA256
3b7fc85f6990a3810aad644db986e5e7c9b22f96971ef9f9cdf6155276f3c43f

SHA512
138df0c3857bddd3616f23cca6a5482ec825faacbc71f72b29b4d09e10e680fdad74286bb7d4113e17f3b2a54450ccc7dd8ef0e5d4c4059eca27d54b061b404e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
9e2d7b0bc4f4bee65ab3da2d9f9e3dc4

SHA1
c594094633f9e76ed89192b08f3097ff7eb662fb

SHA256
19c5d50825e03b097fe231ca0ab019034d0ac763b3b94d083d92266c6455e114

SHA512
e17713671f8a003488d9a5ff71a84d1898d6dd25728e05ad7e4da3dd032c67727d3addd095370168878a8a7f8892d4dbb1d9fee6040887cd615946a013570ab8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
384a3a20a47385d15037761dd121fa7d

SHA1
4c0c269e4ce234900b70d03aeb4c0a06b3fd3cff

SHA256
4174e1cb5ba8dddf0ab737fbf9387f6de641e687df152c3e94f442581705e0b4

SHA512
75cac7273c5167f3233a699d4027cdbd5e47f21003b771b0cc447daf3ad8280e7bec08d500fe40637cdb1e533721a1e45ebdf95ff01ea8ac1df64c947cf2269b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ba72ed9fa1384575479d7eeb532cf1a3

SHA1
42b48ae67eac9542a9e80048e1206cca695426a9

SHA256
b7ebdee2387bdd122ab7747d3e899530776607ce5ebe91800c73b13d078b22b3

SHA512
921120822e3b9099d46ed0761000b724babb3ecd471b62d22f94f1d17bda4be5e665c29238a698003da32548a8682b4d1f2c2c13847f4978059e9989b1538073

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
e9189843292c418f7d3452781c597f72

SHA1
0b5e64a948fe1aa0faca1934c8393b9c3b67afc1

SHA256
71d9e46f834838728803d8f88163a9193230350bfb3cddf40cb085ac07ed3b3e

SHA512
b58d01da4f32e8668fed4173d889dc151ae641dab4d2c4cb0b3cd604df56c3653f97f0ed9d6e2e99d1a95fd46be3615533a0a7456f0dc37251785ec96fd79475

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
3bc1efaa83ba5fc92dd190e4283e8046

SHA1
c2c042d6b3dcc7d51503e531e2d1eb07217e600a

SHA256
8231ba91e7c4380becdc8331d002b2da1cceb78849c1840e906e71730ae18037

SHA512
2286ae45d66c7c756119232bc2c187cd265e2b73bc3674a2bb1901ad6459aa418a1b919f744977cfee8afdbac8a7ba0db9766965f6626348cdbe55184a7bd4db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
cecf35739d3ed035761dcbe26a04492a

SHA1
ffa66ef5ea9dc857bf8b82eab52a327a96c66a65

SHA256
022c03048fa559150aae4c1bc3460cb143dc5fb366642086d81c6fe8224ba8bf

SHA512
633c5e32164a62510cbcdfd9c11ff2b6fac7011d0e150f2900d9371d55e47dc5fadda79294f9e8ff2f662f063ffc0497631a675293465496b1caea8c235eecc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
31f0ecfce92cfbf9213292317c37b874

SHA1
170c1778e19419c1f6aa326dc1b23729cd422e1d

SHA256
5875c8631f0c31eea59dd7eace134ee1fb3fda7bd96675f75824ed08ed018efe

SHA512
60ae46e5db0a0ffade50dce05f1005b7862af514b2fc160894c47bf9cf00dfe14f5a6c05976fb89bce1a49375512337d88bcfaa8a52685f39ace291453dd0472

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0833a0fe408aae7c521263d00582435e

SHA1
40dde86da3e82bccbe932cf1a5afc1d33c03fd8b

SHA256
bb5d960802c47892a6590505e1f0f551407b22f9334975fd07de60b2070e5973

SHA512
aa86073ef26693d8b4b1f62a7275c9485f15d6d26b04c8f4bd94ba45331c270776465536e5ea6baf10aff7796f645bbb33604f83451253f470eb26de7f33f56b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
8a28dea9c35ad76aac605793070add7d

SHA1
33dd236b5645419ed7dd6d6db45365b8b9bb3b5c

SHA256
a5df7e795cd07effa3029852d6cd32431b0d033ec87057cd887288b4d50cf29e

SHA512
efcbc1eb4fcec96be8b837e53e5a446b3a7144e29b449ef65dcbc006bab64be7714f5d008fbd711850086f2aeb0b1e2cd95820929b2da3e1cd1cf808c59c2250

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
d9f288a81f08ed81903e68a4d3760cd3

SHA1
5ba91436be4f713adf3df5264dcdfc972dfce892

SHA256
d2b6e203ef142d5deed5533cf301291c453f9a1bb88a58fb36955a002e829147

SHA512
813dc80fc172e1e5e9d39cdda43328107cc31b40dc5f57eccd54efa5b435792276b8462d639c066a8aa4ca871498fe380bc9ed12d00cee284db9304182dca655

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ce41b8299f811736a4cdb1652ece4e31

SHA1
379c31698c908e8955163b302375f3780e7ff959

SHA256
99f48fdd5b242d1035482c15c3f5a6f8e95765a09a4ac91e854843f3d1d13f80

SHA512
98ef2a1e9bb724dda37e74dfd433e7b7a56d43159ed0188c17fa40c38435afe3d85daea7bded893bee402355080e42df668bcf1b2902e4072c1cf19f577bffba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
83f5f888571b7e290568869b22f85e8a

SHA1
df385c43bafec5d23fd01e3c19abdfa358324952

SHA256
3d0f6bf3e1db2010b2354c885ce4896642ebcc2a4708cc1ca98d308139328e2f

SHA512
b8e4098538e3f039085835c52affde762e6e9881aceffa22aef02a59ef7af61b5b46601291d64b47b09304c71a41b788a1fc997dcd0894b4bd36829cbbe13051

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ecfc7f389d72518749c4e06623b391f4

SHA1
2cdf03403854fc3e7515b29e9fc27ff991d1a508

SHA256
3c320e83978ecf579b8524df8cec2f7d3b5ce59c71a69e1b4ef1818d2a7dda6d

SHA512
ac5af0a4b62b4f2913f907d49704f87cddf9aa3883106e77eac82a2e9c72e7dc462cc34c153483a69dd46d6efba3e382a3a8ebcdc641cc0103f3de584b220f86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ff0f67186329d797cab97f49fbdf3bea

SHA1
48765eb33a1559b92e2a4089897594b0c821ab8a

SHA256
becb116e49337d3879d198de099dcaf9524dfa683b7014fc1f305d6c7afca682

SHA512
d7c5d50113298716cc0ba00a4e6adca7936f443b24e51e82484ebc0b92cfbe9b3f4b759ddb77ad43577cd7b873784b715781139bb1ced9f7a392384e7ea85a5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
460eccbc3ed79d73451e472ff23f373c

SHA1
e2f144dcd69bbd83efccc8d195ed58aa649ace04

SHA256
a92ad57c5b60348b8e6833726adc81ffefc907ed01ffde4cb5857955cfa3a84f

SHA512
290ee6ee0094ccf1e9751ecdfba30b0c36f172844e96044c8f5cc07543cabdc9abc3bd3d56bc8ae4b6d97ca9cc9b6514fa995b62e50543024adc814c72734da1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
6736351e26a281f68dd30f309689950a

SHA1
94b906cfdf756e809ea4e7b065cdd7406993fba2

SHA256
ebfa21f3d1d92d8a2546f6ceef4684333d7ec0e8d3a86e631e796e47c7f098f5

SHA512
a675e1796445b598b8e26e02fed25a0dd75c8b5c875c377e03ee631f1a12db73298fbe5729a50d92094d8722dbd72d42502907a80a2a0ef6dc5711d4c94ca360

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab844F.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar84FE.tmp
Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit