12c59694fa733d3301c2eac17cfee20c656ff63ba5b6137b15b8259a82512a44

Analysis

max time kernel
137s
max time network
133s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27/01/2024, 12:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a323d974ffa3b203e2d5ff8db9ab1ce.html
Size

254B
MD5

7a323d974ffa3b203e2d5ff8db9ab1ce
SHA1

e197869d700856f09e3f1840a46010cd8147739b
SHA256

12c59694fa733d3301c2eac17cfee20c656ff63ba5b6137b15b8259a82512a44
SHA512

9c8b26a0f999526196ab4dacacba8cc8d2b4800b1e580c411ba03865b17b3cafc52267db3507865a2f02ac17eabea07972249e951dd155f96ac792e971d0c174

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c19300000000002000000000010660000000100002000000061eadfa9a28ef7ce7fe79b0a3b2f6ae75b6f436361c7e50d70d5bfd4aff2186a000000000e80000000020000200000006036b09a0a2951a9473edbbe1fe63162870bfed90060900e30fdd79c5995f633900000000135bf9e4c4d7b14947ae3680f9bd920c777fc07c8206d212bf960653f179cfb6d1881860aa63d016544d27da9b9402f8fc2723810578772c46c3c8a4de5b1f59c59b15459da05ea2811080c15f9b736335115168189c3ff57c730bcdd997f08be8b4f893262daee2fe4afe5581a1e8f70d4d484f930a76a4a1f284b754b408d7bb208d7178f5c60c303ff335f42aa354000000063759b129b8b10ffc3d27a6db3fc7797357f11b8c517bafa55799d96a3dcb21231dd77732386ca8731ca8f04e632f98f3c1b93726dd66cb1eccf65462d57ef2d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412518888"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c193000000000020000000000106600000001000020000000f79f168fafe6492d0d7ba46a7b0c150ffcb7bf8f50b653ff74f6cdb08e9ae4ab000000000e8000000002000020000000a73b38146eef68a98fbb9e02d55b5d0d8b1e02708c34051d6b8136085803a0bc20000000c3da3a108111c4a2807d80621513a7026a49d2319e716361241b70ee6e0a50a64000000086c94c994186480bf962d7a5386c38408782e89c1a521527e696b5d87d87bea54460e0664df53c7deea893972c92891662c985e3fe98d2bc41604803b929d653	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1B037261-BD0C-11EE-9208-EED0D7A1BF98} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 500cf5ef1851da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2216	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2216	iexplore.exe
2216	iexplore.exe
2096	IEXPLORE.EXE
2096	IEXPLORE.EXE
2096	IEXPLORE.EXE
2096	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2096	2216	iexplore.exe	28
PID 2216 wrote to memory of 2096	2216	iexplore.exe	28
PID 2216 wrote to memory of 2096	2216	iexplore.exe	28
PID 2216 wrote to memory of 2096	2216	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a323d974ffa3b203e2d5ff8db9ab1ce.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2216 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e9f2f584236d2374d473197d1f201ca

SHA1
0736809e9b6b57550314c03f0c1aa75735be5a41

SHA256
871f8a9d7aadfa7ae75e850042b0ac8e6c19ce5bd83a3632f7011f8d31c75c66

SHA512
3e76c2d6265a4cc7f71f49f17b16e6e2fe161e5710ad86b9116b7ed184edf05bd498566310f50f340670c42429bbc100dd510d84142be4e84170fd01f8e246fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96eaca619913996f2717a9f1ea117b26

SHA1
521a02b91762cef6740864404ce391879a84fed1

SHA256
b9dc6670be19c2357e63839adb5f06bc35952860a79f2d1868f33a5c02c44003

SHA512
3d710b445f70e0f2c68b52527e2fa72acc8419ef87786b4daeee41cfd69e022507b18c49cb990f7398b4c473f6cbe55a683a2e4744a727ce114f5b79c067bd6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2ba80be99fd471707599b6d10e3a958

SHA1
6bfac76e7fa48b8ae61ecb09225bfdf4754d384a

SHA256
73119cfcd6731f5522aed05bcb6de6ea3e5fb90bc912721a3eba44be5fec658f

SHA512
19aa0c09487348815b7b4343f29c86d8f3952c02fe86b35f7291c7ee84c5a6e0e7057fe4ed60010e636a4c3ab750f28811e4ee7e97f6e4fc7879f0ecd5dd4219

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0fe584887061a104f8b1546761aa90b0

SHA1
d49ee8f776ca7fdca29d05d53b97af5a65fc9ca7

SHA256
440b9c7244f74b7d4f80cf167655fac1b38bab7e72933588a982cbe25228f3d8

SHA512
e03ef321a8378119826eb637110819b477c94c9a419e816fa8dce05883367e16ed19b36ee7f8b2601879980b3ed2fdf1a2fbbf57148968ac786734e5cbb17720

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
57f7676871010ed2ace52b85dc450a5a

SHA1
86ec28d4d1917d762d6fd65e53c18f022d44707e

SHA256
cfb70cc52d88048839cb2c57e223afe9f740b0bc48172fb64c829a8606267f19

SHA512
ace097df069ab9810b0adfe3dc3c6d715778921d52c053d666b331a01c2d66c0537934e52f76295b07e736597a3f772afe1d5b862243b3da249bb05c1c251f2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d4aa225fe5e2ca93929edbff541eed6e

SHA1
51c37b835f95f86cca553716fbd6c7dcb944a0c6

SHA256
c5498e597fbf02cd1822c8cb63313504de400d04de00b08304bb76feaa56a011

SHA512
d4958a28e269d03e5ef9699608091d9a87fa0563efab1c0ee80d7fb3192c11e1fd697028e9b8a0d034cd9d880af77c47bd5434da22ba1854a79c86b0dcad5d19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9e070c441680ea611f7bdeb9d00b2d2

SHA1
bdf316c8e887122c60f844e169581021b323abde

SHA256
92267cd3bc1530e3d348c4757a36efc4fb35200b33e12aea3b6ab672cac03631

SHA512
5fc8c7dc1535e14bdca4b95dd15977911c7e33c420903604638c434a9bfad0aab681bae6268f588a11425a671080de863d36d6dc56dcd83c6b85c8da3bab4991

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd70261434b67949ae4367e10612f1d1

SHA1
f4235358d4412e6033b18ef3428fb0f920d1ee52

SHA256
3dab98f63d59b0167a3ac4c4f6b8ecb83ea0d66882a7f0dfa6370bfc95428da6

SHA512
6b019473690687d840a987bbad09a25402db13d33bbfe1cf1053cf9aa86d8c2ddbd918187e24f9343c8831dfd5702eee190af709af1e145a77848922a5ba0adc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
657a6b1c61be6c0528367ab7bbd076f0

SHA1
f3b0076b39cae1b15e8588e2fcf54618d5a41249

SHA256
df84588cd04d83eaa919918decde3f26e9fcade8039f027d48d854bb3eb46399

SHA512
073dbfd35c0847fa5c7b4b64f1573720e03a20620ca515766fd442b4574f6f16f4aaf445e866004616d7c8c7670d9efb78d06a77b42d8cd834a38fd6f2e7a333

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b4e9cecbd8d3779b9d0dd0d04ad9d5b7

SHA1
298ce3d70339aee7f5925a55f03ad7d536a32c68

SHA256
5c9805f2e318549030c6dee34da33759772398effa42ea0dd8230f93637e8651

SHA512
00aed80bd5c9707546efae67f30657f34fd6577caf7a3bb7387b09e2966d8588efe19d9f1d391c6c038f1080b32d390045cbb2b8f972e33c8fa4e6fc654db695

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8a0dd139e91aec102fea50f91463aeab

SHA1
82d22b67c2cec7233276e1df2f109c8a1cf3fc45

SHA256
9ded412c970ec833ec753fc45ddec5ce22ffa92d821d4e32a0da0cb01c7fc1d8

SHA512
8740241f15b574c02fcf5c52528735d73f33a5f5a3137274f6ea6ac12502bbf5d7ebb5a9b24ea9f7b091466fcab0879f4072de891994f708534d4c40b5969d14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
660210cab8247cb5ecf41c32c65dce8f

SHA1
fd4aa5ac58d2327819d314860b7c62bd00586f2c

SHA256
911b1edd96443e4c748a8778a46840b242baa1f045f94b38f0fe221330168b15

SHA512
d94c85b4565b4a20af2dda3732891d528d42ae3a46fe7439a91e378ffb93917e3ba83b28f7d52bc27dbfa2be1db36b54e263c552a97fd2f7f77c7a0f35decaec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
514cdf5cc899077dc736064c45727fe0

SHA1
5f226faeb4262a45e2f275059aa078a12700a39f

SHA256
5676006bfc3f8c7eebfccefb75c433b5c63b4f233ae2865507e4c10b5d69d951

SHA512
725f96c1d97cacd586a6a74d5142df2a6e7637a4dc04ab8564cc4c4ffb47e1b7da4e004c5de04a6b0ec1849360cc0816558d935ad0df2e3b5ea1d8ed03f1293c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f04db2c3f3790ada5e1d6ea4d2d3a08d

SHA1
852fc6b7ded8a077f93aafaeeb111a9e040f6f2e

SHA256
e497aa2f64222e796d60598dbfe9f2fa706dcc64cbc2d6d8c728c68cee1d2fb6

SHA512
2b780e252477205b6826cd51159b0c67b56b233fb35a6c781d4770c42967bd5b25fe91cd2722b4c23c1382d1e802e4a7dc1a15bda822dff78ad4e208c8959f42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
115bda26cf748dc9d31bf4c026e39034

SHA1
39d119e526fbba346b93b863ed9a4995954e2493

SHA256
b429a36b95a3b4f324b56db0d75fadd6f79593eaf373dcd39d894732ce2824e9

SHA512
59877555c3e89e43a959965d093161a8a6af44f501a95f9e2fd778fca73e46ba97c580346eb3464c50a438772be3a1731ab41f9357b319e074edb90d5d0b69af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
65ee8f40dbe25bee0032ddcae4f4bf55

SHA1
5d0ae6a3c1c0f6d072d93e3b89ad251711f00266

SHA256
966c96269dc10004cbf4d2ff720e197587e3981d59fe09e3340f081e3b4a2631

SHA512
d14edb10c203f3037082528da85e724853bb4b79e7e993eb1ab286b6e7d6e1c0d90883e88d1929f5f9de7c8eb0120d574cdd8fc774380d72bf09f5ef06737bf2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ad25b7c52eb7e4a578c88126f724d94

SHA1
bd3a84804cdd6f26c86882a85d00fb00d283d4cb

SHA256
5a9d17a6d664993aaa6a03bbf91ac0b7b59a4853f22bd8aeb41a558e04ad1132

SHA512
5705b7edbdd8311bc6f9dcbb3d723ccce0f1f7639778628cfc17a79e585c67e0cfb31badfc191c3f412c7d7725fdef42a12fc04c22a0d4df1416c3adc649a8ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0da8368eeea3404e4969748ac3af15a5

SHA1
7b99ade4098a704bfe1c642661dc651127f2fd6b

SHA256
53e5cdab84019ff71194c65c8441559b1e6828ee5b0480441801d1e3e4ffb173

SHA512
51f661d11d3a72567dddd3828e2af68f48a19b77221236b392c543a91f10d1d03cd5a11663a5806acb03491d7a0442cdf3f64ce791fa771f911c0268ff7ca303

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5DDC.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5E7B.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit