663b5116870db9b882174beeee85ef4ded77067cd3a10d09a6dc8eff68618e0e

Analysis

max time kernel
122s
max time network
138s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27/01/2024, 05:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

796e9769248fb732f847c585890676b9.html
Size

23KB
MD5

796e9769248fb732f847c585890676b9
SHA1

2d2b801985c5de0760ab9065fdd5d3317ee9cf6f
SHA256

663b5116870db9b882174beeee85ef4ded77067cd3a10d09a6dc8eff68618e0e
SHA512

93a1c9f9107e855b4709a27ecd42754a4915ce0c74702afeaced8d1607ea634c9730a656e65e185c49e90bb6b17c33c013662dfd45e15f3bc0fa1ea50be780aa
SSDEEP

384:JnA4yw7i6piMKoztvukeKXXTudw1EbOyRKL24UTpNyOcn8tvG5nTDuU5esT8a:B1tiYtWkekC+CVKc7wV

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412496333"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c193000000000020000000000106600000001000020000000661a2bdbcdf513297011463f65cf4fd6f6a57621ca7dfcca2fec84743686424d000000000e800000000200002000000094d7e929fd8cc8b4bcb59c546dc677ef3a54ff5e846930c2483260f8dc852ba820000000ea53b4899b01e81ed6b4b4eaf75cf99a4f40e9291068b4500635dc7ceafc1c6440000000156a4b8253b19dcb149084053e12ce240ef7afeaa4ff5e8ba394d2148fa8a6d791cbdcb354e95b734638aeafed8af47c4f7ff9dd40cbe888103995e280178da4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{978FAC71-BCD7-11EE-A581-D2016227024C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c19300000000002000000000010660000000100002000000029a7ba2a3fb99a606a4cbcfd8e720e6322339a62c1365ef1fabdb76fb0714220000000000e8000000002000020000000ce1fed12dd853a86c7e0ca7c7e316fbf0ea2099f72c5964b6da615aed7275b5290000000a983747d3d1934559d7ab3e67292122985f2d06ac7d85d5cc98421f3157e60ca21b572b7877394c6a20136a041cd2725027b8de894d55fc9361e35970e4b02fc3dbeae36c99a88bcfe3cbc47ceac6962627aba9ef519cc182cdf9f1f1a1dfe6f10f86740961b7c1b37f8fcf40d21933aeefa7a1fb2c502cd6672b786428cb6b70114559f529768945e93a0cae2f6c750400000001945964c00a02b5d9065162b5c063f2049f90f8d5a0e157f30eba3cda365c81773003dd523cabf1dbbd339175968ba91ebf824d05dfa92211e5c6af5430810ec	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0296d6ce450da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2432	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2432	iexplore.exe
2432	iexplore.exe
2272	IEXPLORE.EXE
2272	IEXPLORE.EXE
2272	IEXPLORE.EXE
2272	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 2272	2432	iexplore.exe	28
PID 2432 wrote to memory of 2272	2432	iexplore.exe	28
PID 2432 wrote to memory of 2272	2432	iexplore.exe	28
PID 2432 wrote to memory of 2272	2432	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\796e9769248fb732f847c585890676b9.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2432 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33d9d51407cae9bc5d995cd92fcef0a8

SHA1
041c575fef04d2d477c981953c3948a6368a2228

SHA256
4ed85fd520b3d17ef1673d5c3a05cc949b0f16a937f36499c370e67c29750157

SHA512
230b3d5d8dc2e68e5514b1987258dd36d918fe18cfbcfb39eb1c0aa54ae2c6421e06b154a48ed2e207c3588232d89e849984c3e14705e064b678617bcbae9c3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
304de4a9e867b787ddfa5ae4946380b8

SHA1
b1f3ef6d9877fbb98a6108836580c6df8b8bed01

SHA256
2f344eb1077a342d72cb964430928f1964fe5fe9d43cdbbe7631113ac2337462

SHA512
e111b94459dfe95d9714c6c6732c280fc0fc325e06b9b415d63a989a19422dc10e0d3f6de345c328480142ff2f74d52649740249c2ddac7f64e81385953cc205

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1961325726ff8e97c31ca728dc737312

SHA1
4fa3141df5c55ced64657f399f591a21bf9b1050

SHA256
220e65cd412e697b3ce2534c9273c209d801c2f4ce347ee31856aa7ad71398dd

SHA512
adf8027edbebaf1cb073c5e9d115523afbad16d2170c7eccabc71ec1097f2526aed3579d94b5dccd7a900b8b976d056edea508d49609fd89c3c23b7a13097685

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b7aab0486648672ec8a4ea2ce195f6b

SHA1
e625a0d4444cc2ebfb71298799eefa03aaa917be

SHA256
775f269b57669b20281bd7be6aed6333fda211116e7a2d25c9400f60cf4e0938

SHA512
fc5e7d0e9be2e1a51d22a3261b0de435f0813ae05dbf8d24bc54eeaefe00d1318b51f4ae1b543170b698c45d3275d5dea48405f9ed5468dd890e4094c11a47c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
37f5fa607bc37bb5cb85475993cbb6a3

SHA1
bee236ecf4bb7d07fd1ab3a4895b4ab1b6d922a9

SHA256
888d40439449b05e5cabfed3e1fa81ad4508c562df09eecead0281cab995040b

SHA512
11e0d5d79e79c407d9dc3f351981c71ed66266210457f8c7b0e7597d52678ecc3595f84320d58b5f6b9b22b9fe386d6d77dd898910066c9f2dffe1e6ec2ae2fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6e175c49485a60e0f7f055951409eef2

SHA1
c8f66eeb8174871d6f7dcf8ab86f22ea3572e2eb

SHA256
c0c86a8bb530594023a68c4960f9dece61cc77dd4f38880ad079d763417b214a

SHA512
6ff827430a807826a8094604393676495d8b5aa151648b5cb6ce4f2cfdc2591d5b9cce5abb08533193bd0b96e7d37196cb09f6c3000bee8bc51fabf144e599fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
72ae3f69e134d59f47e4cfc33dfd4051

SHA1
ad3ad5c4571dd81cfa1dba553cc1a9285c5a06fb

SHA256
73d53ff9df76977896640bc437918c8ab4ef9569dc7c71baa19803687230eed5

SHA512
5644eb7edeb660023c82f28dbf88d9b39b767a8d66e8b9459609d0b9098c5c3e8370515c4bfcdb9149447de08ee2389163d840c0d9267ef51c311c99f37bba6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
41b5848162e0df57158ab5f797b34b90

SHA1
d05310c2a222bb8c59205b77d15c0cfb58cc4b9b

SHA256
86cb1f7340214bf218c69b6b15c5dd71ebb8a4060e0ecbe4203d2cdfb2c6d994

SHA512
7600335e1db09649eabdbcce52696c9078d3c840b6f2707227484e1c7212b4216cbcc1f2bfd9a2f49aba0337793e39f5810fa03a5b1bdc5dbc433497ca27390c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
01f8ee1fcf5254c7d8b70e718517f4e2

SHA1
e0ee467eaf3779abe0edd7d9155dd2197032452d

SHA256
979b7989c1d148f7115d8d60dc16014546b30becd1e33546cf1e56e251d36356

SHA512
e4e0e54df569c746e93f00fa8448031146596aedae4c55ba6e75c7113288eafff7914a26f06ffe2a08443d50cf897f1ff960ca1fc6a89306ee5404d3a2d9e59e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
633e4263c4731854bee330d68a0f3996

SHA1
4c3717ab5724f6be2b2a270766889db5a7ebd5eb

SHA256
7d59efc214fc8b04c3456ea8d5607390ed02d48eda77894c2cc0388e576a93e2

SHA512
80b8b18ca04de69f27854fb3d6039e56ef28837b070ceabde8a37c67d0af3eb9fbae83db8ded8b2780684d7ee424b7b728d01ff18e691b4b8a2a2fbb7f7b1186

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e3f35a8d45156170278b6f6d123fad2d

SHA1
e3144a5c89c63f6fdd6e37b5ef33054797cfd61e

SHA256
b04538b6369afefaa0772bc6bcb26137967e72af4ff9dabedbb8cbcc1b22e681

SHA512
b4b645be5ab4b93673a370f48ce9ecb0fecb634a1d5c26740440e38aa95799e5c331dcdc39677a7844e9ce1871c88ceeebf89cd165daf9eece8b9d16609275c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2cd2e39583d6b4fada332255f4250694

SHA1
6470ae4c40f702e604f663fa86c828566caad9dd

SHA256
341b29038f997efe56289aa88ec1b6b48bfe4fc15c2345a40dd9567dc14bb216

SHA512
06f90c159b51b3e7f427179dcb039e395e5884b22e4d779ba554e6aa367779564c6c11ea6d0b85c03b05a3a668806c27029e4b50b498c6f83fd343d7b45e35e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c9f8f454b5a399a99b0574fa8314a44

SHA1
ad40bbb3f5eae21c26ec821a79db296a7644a006

SHA256
18819b40539638d153abb035476ccca9509d83da30f0571101c953b16f39b8b3

SHA512
a67b4cb7fbd973635acfdb495fe73d0cef12cda093c2de5e986ca8efccafdb0d932769a4bc4e825d2a4413edc9dacd58de0df6a0fc7399617aab1f09b6040eb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d845ed2ec85950cc56b403ab3edef4b

SHA1
241c995c9f2739079415f1907d42fa93c314f661

SHA256
00d45bbe3cd2327073ea852a3d43047bdd4961db8485ab1efb8182ef0b5a17b6

SHA512
4811be807111722b9893b3954eada53996ba51cf39770882aa659a7aae0943f852801899c8c60014d11ab962888d97442b77d1fd6ea80494ea31ecb8704e7a1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
18aeeb6e4bffe6b96e56308b12f520cc

SHA1
1ebe70fb518126f9b7134e6858a9cec7e98dc7d3

SHA256
3729798aa9ff113ea604997eeea342a14474a9e98d93f4fbd23f6fe5461b001a

SHA512
0ed3b0e770b2fd7a19a143519cec37490d536d42da74164206ecb2e1cae19e8624a6c5cbceeb55fd46ab950bb901987be72008a656a641d87b880f6a783ed0ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
11881c944dc6064c9e1ae56f9bf5c491

SHA1
4d976adee378f02021b3ce31a6016cc2c519d479

SHA256
79844418ce1298f7119be348c87ae5dfb965f25cc6cb71cccd8f8a94bd4a1e46

SHA512
dd116338a4e9864d66e5092c73a4d964722c3be7b7579a6ef985565a5da498e3501e33f4bfb428fe53501b475c5c531cadbd66ee1422effbacff89e8bf78ab37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
77f1b01f0857f37c25757914c5bd0ef4

SHA1
682bd3607935294da7e86c3572452528a795d64e

SHA256
1255b1fbba5d84bd355584b2fa1d30c35cf3f193434cf7b62df559607a688eda

SHA512
fab762e6c7e8af961d517adae6e134b97ce9d62b12492611d5282fd6df2f202277128c4702ec2480840d761911cce12486f6797b714678f6657d8a7563563df7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5F51.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5FC2.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit