74be6e8cd2b2ba30479d96bd9af1b23a5e9b58735dcc7b77fe5a6714bc5f7d6b

Analysis

max time kernel
137s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 18:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

752d651ba0a3b7967258bbb55102ad26.html
Size

3KB
MD5

752d651ba0a3b7967258bbb55102ad26
SHA1

cf2cc30ff3909f267f1ecaf28c309d3b4e119fea
SHA256

74be6e8cd2b2ba30479d96bd9af1b23a5e9b58735dcc7b77fe5a6714bc5f7d6b
SHA512

e34081cc99d91b76055bcaca1e5f09f5757d24acb787fa307fd82ff0c463f465b5155d4c471a6a5e16e7d51f816ae8639cb346dec0c1f8e6fd71edbdc6b9a304

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e917866400000000020000000000106600000001000020000000b9b88a55192c21002a71331b1832ac4762ce6b91a26c2e7bcdb1cd165f82756b000000000e8000000002000020000000e11372e8f6a993affcfcb8e398185bcad6c8ebdf64171efbc5e2e9a63a476d842000000036198f38e02dcff07102dc48a2501af73cb81639971f4c89595c5144df94f0b240000000dc0ef8a95af278e946a0288cc78ef7f0323cadf3f61164dc3447530adc15b3724499e14763f81151c27c2d855d898a00227dcbb9df6d45185a908460efd95069	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1AE9C3C1-BBAD-11EE-96B2-5E688C03EF37} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412368133"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 805ac8efb94fda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b0720b1d8642c344adb870a2e91786640000000002000000000010660000000100002000000086230d65fd733529b942409435eaff1d9d57d731136e6373c0899eeaeadbe2f8000000000e8000000002000020000000224c6538600bb22b7599e1f8ef037c8170f79ca98d27eb2644ae7b10f8c03d0f90000000df4537ef0d1207bf8f93c68b6af1699913633f84f0c8bafe88883d8931db473c15653ca60cfa26a1c08db8dc7a5b3e03bdcfa503d82c8ffba4e2b350e9955334fb4273073e7057717a084c139a1160a24380c2ceafb086cccf1f2612de765bb6b755343a5fdd6ba1165fec8ca19289b3708db1c76e7d0ad2d6df7399bd6405039e96f926240b35b0835dbe398791f421400000007a018a5d516215bd519e5829a57ce60c91c382b25b20e6afe1a5c65fe45939567f823f0c6220168657a0c6213d4524d2734edaad820935628e96175e356090e5	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2232	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2232	iexplore.exe
2232	iexplore.exe
2488	IEXPLORE.EXE
2488	IEXPLORE.EXE
2488	IEXPLORE.EXE
2488	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2488	2232	iexplore.exe	28
PID 2232 wrote to memory of 2488	2232	iexplore.exe	28
PID 2232 wrote to memory of 2488	2232	iexplore.exe	28
PID 2232 wrote to memory of 2488	2232	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\752d651ba0a3b7967258bbb55102ad26.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea6af5bf1301fe212a93cf6b17b92eb6

SHA1
f39f53f73e6b49212a17fd4429aa8bb12f66da81

SHA256
df21d1d1c46f25add50e6ecdcc09a3e9505f18f788157e74ef2b91081b07ad26

SHA512
0189b4f63854bf84d29a59d253e5045430349c71dce38916b5299651f99385685397888d5cbb7bd976197c714f8546433b73feda66016fe88ea849d31224bf75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
931a4c85197a2a263448e76935f8fa19

SHA1
b61c914a39e5298faa8388cc06df4dff29ca6a83

SHA256
dd54454b824153c3108eb90f609d0ce2fa98256143b97d2b79492479a95d5b1a

SHA512
5ed3ecfbff39fd3f3caf96213e2685697755be3c2e67429565c65f8614dae24122bc5aab2c1ae4e89979fda00c98899b115c869d0b42641fe0446372ca20f0f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
babe4f30e24880ee5dd67f3d7a5e2c2b

SHA1
5be521e1d2020871c185fedd3c0db31a10e8fec0

SHA256
f8e188482d321edad4e0ff7399f11980384472154c4b31017b31f313b6db6499

SHA512
743596c94e4ab53ab27593b4d97325c5641b87669cce75d3ab3527331309c4625af80eb367792c19b1112fca8309c4ae0a65be4f507bbc30516e486f55641e59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d2f15af068a32b0cacfff6ea48854c3

SHA1
f45c490e404c544607feddbef7fcc7fe9a1fd219

SHA256
44cc3ec0afcf27a49890fe4979d5bb5ed4ae5c30a0a434ef333edcad52690973

SHA512
c801e5ee2022585f0dcce138fa04bd7070df3539e4d91b162c32e555978e8e2e6fea11db20680eb182e98fdc9a62457dbdcfcc42e22e4999e55d452128cf7405

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e86608aa9d8efb9b20a626fe1df04383

SHA1
a9b4794f472065e32c4972b4514a66e7a860efb9

SHA256
9c8f0d2d491d72dd080d270b3ad40d0023f1bde2735b14bd89fcdfd1901818bb

SHA512
51afcb6ebec5c80f8fa3236e92757fb8b7d890e070ff4d612637475a0c83f94dc140c901182febafa56ed3d7e21d8dec3816b87eca6fd81e0ab4b7932e5af53a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc2e1b71a33bfd446c20bbe9e8b02911

SHA1
cfed654155458caa94f9cd09d1842c3791ddfa10

SHA256
45d87f0818a0dc79e5deb7bb75c8ff6806e0c20f32acbaba369ba45227b7c507

SHA512
673ef9e20229257c3ad75672af6f31b3e6fd6c3355fa1af4309395a854940f861de143b83a1f2f00658a354cb9f77be9772f4a34a7d4a78803247dc8beb94fe6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f18b2751a8d95f7334ab8b3138a0fe85

SHA1
21e5ef46c2005d8fb95d91acf09dbbce4361b048

SHA256
3d407fe8e0c57015a83983073884ed974613ba00a8e4ebf2bec9fa02bde519c0

SHA512
615a13cd70e8b524cda1f8386e395593bfe68a9b870a8ea743cc11a255b6629cef11fe2f970ebedc719341f7c342991ba3196db7f614afedff41f384044a133e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4be562cbb2845e4df503a3bdbff7bbdb

SHA1
b2d8d0d2fcae0519c8b1d6d41b9968b754a64ffb

SHA256
60ab1039a746aa392fad75b924976479decc0e32c81f4eceac153c13256bbeb5

SHA512
d93c0bef619b8bf3abe4d9f1746ce6e794ee3e1ae569716a1d5b4b320bcea1c453a380a1e2ebe92064062d6710114d0cc98d6abdf222205b964c45c99c6d4386

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b0051cd48ebaf43a45284180efbd9ff0

SHA1
35f8b3fcc3fa2927392ca153127519e5d758bc76

SHA256
6b0b6218571e1943891659a083097ae47f26b316d89a5b0fa9b3d5d1535d958e

SHA512
3dad54995c6135944be5f41da1cdd6302aea16215cde683f4159ae6b0135d5dab5dd2f6c7b70e140780164086ccd08e70b9741e0ad673fe134f5d5391494c5c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
89d9039879f7f9281a17209b46e44802

SHA1
9397abf128f6af60129d290923c7f5b766914192

SHA256
fabb1b908e78d7dacdaa18e9e61718ba63192c04777dbe4b2af260f5eeb3bb92

SHA512
8ffee637bb3edfffc80191fa0ddc237bdc768522dc32d8e8f43c034eda3349b94e7d20f4783ec94bcadd2f93d6d1fe3bc54870cc79eee1aa3d56b6b640ae4ad6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc6abd51c4114a1435e9acf6df35bf44

SHA1
2734b7aa5eaf861708bacf026a42266644483058

SHA256
e8150d6ec80227e4a71fc4a4f041ff95f06673e861743dda8b3e05acf47e6485

SHA512
0de51a6c92dbf8533788a5b86d0e4764ed0e3c35c74ecb85d1cc1d1902c8486adcc18a6929c4cf78744ba1ff955df00707c4edbf9f6c83004af91b365ad2a33f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
978c904a7767b6be588ecdf898509929

SHA1
f6a1d8442b2e74a57e37547fc0a8f7bf602effd0

SHA256
c1f4d840275346609c2d8343e1bab4ab481663a0a0f7e545d0d7e9d55013f8ef

SHA512
90f84685a1ef69932c5d764848bba85cfb22700970c30ea2f1298809d345b4ec999d24e44eaf0210ede458bf404fe1ad4f37a5970729ddced6b0c7c37bec9eee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d4b66c96851bbd475d2f20e514fc7e6e

SHA1
1aacdd81d07309cc0e97187b683ca8ad9614c8b4

SHA256
e45502ebffab44395c0f08d1823896437dd5f48b66b7ae2bda57f11fd79e0dde

SHA512
68e7f62903dc465320f30370326f5d382710582dafd2eff92b5f5bfdda4190e28b3a38d1db74c596e4d1cc6c7f2e01323b71219f39a44d90df12b6ed50874fa3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7292e7f5a4d2b42ee047ea0f9fdf28f4

SHA1
ac093344aa53a2dc5a81e5a401052a0e3a142090

SHA256
400687b63e8dc2fe1e0f85360589df0f251741fdaa4f7f2eff578fd9b223d0e3

SHA512
f5d8e7a547da087d2384fcd23109c13d7a8ba982049517069d71c674adde353d2356c5dccde99fdf94fad201152f8b8adcc0fcb03a0f6c20f192139fe855c6d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2de45036a3cfb356f543a51c560c7c54

SHA1
e2deb5a60cbc9af64668d3daf927ec589b8103db

SHA256
678da21d7f9c8d897432ac5b34e2686edc1441dded8eb673da726328e3229692

SHA512
0838bc7b3757e2c753e693c0fe7581ec3e7883ca6478efa4650c1fb0b34d1aa61f0211861eda398b94aca3dab597f6474e5f0ed0b55eb5bf9b1b08cdef0ace98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ff1f48ee6e03ae4874ad1dc3c2cc032

SHA1
aca893143c4517dbf76975b2ee4be88925ab6170

SHA256
e4241bb25c9227ad40df6b0500de52d17f335c866fedcc9bb0aa601fd3af3ac4

SHA512
6533bd7dc88104144cac2ab138b056a5a0cf7e8ebcf3e46ada2890ec0c893de0990156981f0b55c56734ad9bd777fc8828021488d44afa70c9482d398ab762e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
30c5e025f4079886fe9b5d1967678f61

SHA1
e33d6cbbafefb2c20b404402a595a2b809f2bd0c

SHA256
4312fb1e810256c9aff881dc3a8438bb23199df493e6cbca23432499c5e717bf

SHA512
266cc41c45fbe0574e201ebd58102982f139db4aed4bbe1df19be8518f4437ae0a5947ff5f7bd818957d91406f1aa6a50ebdba9b8e867138c2906000970814be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab53EC.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar548C.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit