e8fcd4809aaf0173475bbcb9cc4242b27b81b6d643b9399aad2c6e7f50b4261e

Analysis

max time kernel
136s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 11:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

77376d0cba7a6c72e6e5e54cd709b745.html
Size

10KB
MD5

77376d0cba7a6c72e6e5e54cd709b745
SHA1

15fecb3efc8aa655ee9ca426a8a5191a46580ea3
SHA256

e8fcd4809aaf0173475bbcb9cc4242b27b81b6d643b9399aad2c6e7f50b4261e
SHA512

0ee98c0fc7220ecdc792bb6e774819e9d5a0b74cd347358f838a0b6eb7e4fe4e17adafb119f50adaf77382a5e9838c0678b053c97c9f74652b6e1f5014b50f29
SSDEEP

96:uzVs+ux793LLY1k9o84d12ef7CSTUezfym/Hl5mX1mtTBR8BqYEBV1BBBoB1aZBl:csz793AYS/qgaFlYqDlWN9okYBb76f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c193000000000020000000000106600000001000020000000b305b1ce29ac88e8a6a685e006ddb41d0ef1574d80066f678a807b181df576b4000000000e80000000020000200000007a402305583da59dd7d9aedac2a7b5463c46d7fcb18620e3bbaa9c2ebab236cc2000000026ad5cb8f45f3d7ca57dcb9e2b011934321ce17a213dc78ddf6ab6a6469ed0cc400000009422706c13818a8bd9627fec2c7a8625a05d2e9563ed726240ed90bad40089b7c42290a335e68e47c821c3996bd8e4459926cb46d5dfd5e808d905fa07a8a819	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c19300000000002000000000010660000000100002000000003b7e8c42b104bb6903c67438d06bf1f8c95fbf90c1ccc33c3a95a020e739058000000000e80000000020000200000000b17c81f5a892e54a483ff3200c7b3e9006a2c121b6060621fd6b3d7d1dd0b3c90000000a88243bd0207e1f9d71c632534df1aa2e99d494352bf78752a54081f95f0d2b8c75152e7297c079e9a8a5fa597ace9f5cc1676e941dc1fc4f8d480ed75aee54819993665b74187edd5dc2812a3a704414c6fd4c589087a47641f2f43e46e9ca07b7ffca93608e5dbc73a7227c19503ee89bdd05e2733747f95685bfa9c1adb561b9b60509e42af9b5610bf6dc860a2644000000058aa65bb7b97e438b184a543ddc464f0454e4782a54fb382607aee46e90d7920fe065fb45823eb2137d41e8db674d060e5ccfe6f4a6772f63f6ba744dc3b92a7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412429746"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8E919021-BC3C-11EE-80FA-EAAD54D9E991} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3046b5634950da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1780	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1780	iexplore.exe
1780	iexplore.exe
2380	IEXPLORE.EXE
2380	IEXPLORE.EXE
2380	IEXPLORE.EXE
2380	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1780 wrote to memory of 2380	1780	iexplore.exe	28
PID 1780 wrote to memory of 2380	1780	iexplore.exe	28
PID 1780 wrote to memory of 2380	1780	iexplore.exe	28
PID 1780 wrote to memory of 2380	1780	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\77376d0cba7a6c72e6e5e54cd709b745.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1780
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1780 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd8510c484ad1b0cef2d89382860c2d7

SHA1
4cd42720340129c951264207363afa5ec96de0d2

SHA256
fc17b26d608ba727d37c2f836bcae1fe4b6f0d02c40ac8b229f0a641499858e7

SHA512
98af322a9ba62c081805d44580c804b6bd4a6747911c97f5122a6b050a195a36a4065b35b0c4d65972938019f20710a3fc8f4c13963127583f97732115ec9dbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b332f029d4c46649718bbdb5186b0a65

SHA1
ee19a41447c2a89146bcd860e4a6422db9c099e2

SHA256
e9855b316ddbed3b483b30eda960ebe8296c391e17857e462149e690781594f7

SHA512
0929f0c2e8334ef80498af06adc46c72c0a685afe339fafaf743142808a14b484391397e1aeaf4fd9a82a8290fec340ff83d8f629d4ff3f57698759c7f8f4a18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
308520484663bac73752aab222944e00

SHA1
0d850a3ff9d854a39ca8d926ba2ea0ee081456dc

SHA256
269f7337b9371b031c2f2c82a00bab4a2d6a72334c5c28730164653cc8a3a899

SHA512
a6a527b6538c6d2f0b973859eba1589bd601c5d9cf5d4af63c46db5042409af586d72aecf3f659f8ec2c7c3d30879097cfd173cf2ed7fbcdcb44f87541907461

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9310495ce609ceff839568037418de85

SHA1
4833bd9eea2c13fbfb30bb904551ec7dbc3eb50d

SHA256
4b7939d127fbe3b8789a7da9605afab9c36788e7339c185c7f47d71887abd26d

SHA512
00ab31107beac25dfdba532b16d10d69b54d74993c799037c0e87fb4904db9681aa0a2c79430b894ad88fa4d3fa327bd9c28d65706981bfa01c0ec201efbdb44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d3535f9b60e9ab6dbef40bdf697eaab9

SHA1
1479383cbf69bea6805d15fc618cf746fd44c328

SHA256
bf9880a4a62fd0ba131b26cb886b817966ef70604bc1aa84c22986762a605dd4

SHA512
b813823ad3d1adb37bb46f928672a3d505e6f2773832142532fa475b6db87e6f4ebe4fc1b8013334f97078a4b6cb40376493cbdb9df39b8d95d7446de5e9ae08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
97a3da788397220f8e4393c8fd433e98

SHA1
37a057dc9f78e100dc8bb278855a6245cde58577

SHA256
11ae15b749f0eb13c11485a23cc2f734f1a25340c04b1e204156360549401a2a

SHA512
c235371fde05f38d5dbd7723b540f6076712496cca3a98d4d0db154c20b0a8950c09579cb0586910f2e1e0948b22b1e2625d9d72603b2c9d4e423cf266072693

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea6afe27d5ecb78c96bd642ac0c6666a

SHA1
e7fd14a8a55958939e7f8cc63e5a4890f0142591

SHA256
a88afb3a9cbff7ac8dedc7f428b4b7668099d01ddac073fdfaec611b983d6122

SHA512
02b7ed2eff7c5ff1eb6c316fdcc9a29a596f8d38cbffd3d6b5272153dce4e85dfa9a9362f73a9581f5f74498ebb9bf32596cb179b4155c8433053de470f5141a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f9406b5d915c9089a8dad575a0224b65

SHA1
62824e085cbe521b490da6a9fec2a73792b48e61

SHA256
36fd0401b2a0b88007aa60f584b29cf458d91a8ea765f302e6aebae46bb7e588

SHA512
02bf07bab2c705741106fd853d85bb1d7d048dc208bb034ed3b110d5dc715cb8c426d878f88b42531f996fb5d1b2ca919b0fbee99a874ae2ffc5192e323eb422

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d4611bb7532d66b2d58a732e4ebc115a

SHA1
411ca5c93a5da3a6e7555a8a9b35ad0dd0323895

SHA256
531c513a467497b44af9d47da2f26012085d21e8b8bda6283f77994a8575a4f8

SHA512
6f94f90e236ae583cd125074dc97691e5da601a13168c62b42b85048feb597bd99390d3a9c29010ee9f8abfe406d8e5996c0f7239e69711f32cdd28836581d6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c2f46310c0291de44922a4f8e1654b38

SHA1
7dac2669e6a06bb9d4773c0030f7b3ed182b1e23

SHA256
6f50bac8fc1d5c5d2d4722297388a6634c9d3a092fc4b205f20d8dbcc85d77a0

SHA512
bb3da58fdd4a43a6db77bbf2c6ec065c8d3d9a106991ccaf65c423dfcf359c8285cc8f2b7426853e3c3d73d3b90c1bdbf009d0e3629658aaab3d7a6edfc0d6d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76223e51a7dec10059833ad9311059ab

SHA1
7176dc4f6fb6adcca3043fa1fff8061fc370a4cc

SHA256
225e69bb82683cdad7639c8d2567c22d85358cbb68ec3c0434de0e754c6d1f81

SHA512
6b4aaddb60ab931f84d021288a8609574509eec2ba33bc8841a3be3fa6f7316a0b9b287de42e3ce85c621b0acf64cbb0828920f80b8f9ef108596d12ceb6d955

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
85a8c04b062b2695ea5fb5d8a0a72be8

SHA1
5d99c572a4bad125bc707752bd32931e7ca9dcaa

SHA256
39025578afd15deb853b524bf41943d22c35d449dbfd4bef433ad122a739372b

SHA512
8f2ef8d8c698c9be02668e60032e1a1d33afe10c71feb9cd2921103987b33729f95f0ac7e20cd7229864d3cbe5280af5372983bc6bb8895c9e8a76165b23ec35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5fce663583c7c021fcd83b9533e5a5d3

SHA1
bdb9eabaa305fd57b60a18fad8620fbe22ba6494

SHA256
6ed06cdfbe9ee1ab660e6e4d87f389563ba4b8583ab00b56046123faa9b79b76

SHA512
9d20ce8f829594efdb2833eba35fbb630da8903426475a5fec0203ce57fd72f1f61e03b5c6a9a08da393514af4185d77d77e5f2d86a66c34fcf83a7bb40cd5be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1eae52756388b0d8f57ccd13723d7195

SHA1
d9ba216d121015f906ab066a67fb0209acc50370

SHA256
9b09f91deb77ea103a30570d15818e20a58d2a5588b90de57252a00c658a809c

SHA512
97f82bc73f66465bfdbcbeb45a8d12175659c04fd97611a2f523d6bd4b2e3a4fb4a3b79b2826e6a276b756f87516a4bddc8fd7c398e88ab668140351e3ad83c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d954f285b9d9e9b57526411fa9a53ac

SHA1
1264ba8dead6f4e9d61a4e6205c7750947b79da7

SHA256
d93aa534ac65f199b025e5f199165fcc323c687cf5955ef02354e5a6cf438ccc

SHA512
1c370fad678588cf54d549ac3623a61113a5d62d65cc4aefb820bb0badf9234d8a3791bea05a2a5baaf82dc9dd679dacd329e05ac7fc470a9c61d439eb2e33f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a7f17ad63e12a378746dcbd95b63011c

SHA1
a991032851c6c8afa8d664f958e2581f9abf59b5

SHA256
9d0a4bad36510090d5076f1a2e5612aefee00b90cfde9e85edd30ae5972c04a6

SHA512
6d69099febc49ab45c4e3c6dfe28f1ba9984bdbdd5d9881d7db505f163f319497d4baf13099dee34d5a5e2adbd9db8ad03f819f957760947716aea6311814def

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71205871230529355aa85050524d16e9

SHA1
55c2be75ebd14e98a22f75ee8c69eff3301afecf

SHA256
fa1e3aef18bf96b42f682e448392f25c40795f96e94e62260a3a2d39cbff7f52

SHA512
f0b126304b83e235971be3c9126221e88a02d131fb5b3021b528dd7f95e45930956941fa42fcb0ae215c6c7076fcb35066c416d3dfd68cf6d765ec0899dbc52d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab695E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar69F0.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit