15287f4bb11b692dfd6d02e9e2c05e9acead0fbe145f4e28ba1b90eb92bd9ba4

Analysis

max time kernel
136s
max time network
151s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/01/2024, 13:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7fed392a6b71ee6d8b5afd4a3d8342aa.html
Size

49KB
MD5

7fed392a6b71ee6d8b5afd4a3d8342aa
SHA1

39cb704e1ac51bc1bcd97eb5134e61e1e10de7cf
SHA256

15287f4bb11b692dfd6d02e9e2c05e9acead0fbe145f4e28ba1b90eb92bd9ba4
SHA512

900f24fa33b0fa5b62e075204f6ddd3eb91c24cffb4ebcd3efec4f136b543c25278a398312f1de27e7be5e2c5bc0f77fb2e7b53e2738dee96281318b2ef43d14
SSDEEP

768:DBWzDtRuxS4cissaa0Yf5KGWd5Hv9lpalKHpui//IWWUind:DczDtQxFKGWd5Hv9lpalKHF//IWWU6d

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{876F7D71-BEA8-11EE-B8EF-46FAA8558A22} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80840b66b552da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c000000000200000000001066000000010000200000007d196adf11f22937ab17b04d930ff353aa91ca4aa377a049c2703b4ec89ffdcf000000000e80000000020000200000007f42726945444ad3839d091603a48369e58ca59616f0505ab4ce2a76aa04ee6120000000c1abe0347452de100309a14234fcedd5ab16102ba7d5b154e5545023a94329e740000000d4a33fd7a7cd03bd76f6651eb13e0b3d2a977190adc0f05a5b77a217cfc6126d26d9138756c50ce296c04e760b2f9d29687702c4fe97efc451adc639daca736a	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412696022"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c000000000200000000001066000000010000200000005a2cb1403e7ddc275bf268614b382750a24aaa9f35003c80e5d16c2d3d49ba15000000000e80000000020000200000005bddee9b49560f9b7e60313d37ef93453630d36473e15c6cff57b75f7211d3a990000000d07fd65cf9ad6f3cfc8cb1d3cf5b06751d6d2d0ebed27118516128aa46fa144ec95ff04c57f9ae944beb3ea18dbc1b32d753fa583d6e8b373432b0fe4cdc96d17bd7f6233416b6308b24333f292bda060766874d184a2549c400a2326e7cb59a714aed9480cb14cc82a402bfc21a2a78cdce88618e34a05fd74908f66519d6be6bb5a42f9a3656d7e50616c12dba8b33400000007d28bbb1cc8622703a4ea209f408a42d30914d0dc40504efee0d1e2fb35d607ef9dfe899a05e823a8405729b89219a6e6e4c6ce89527f82ca9b3df7adeb15f1a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2224	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2224	iexplore.exe
2224	iexplore.exe
1424	IEXPLORE.EXE
1424	IEXPLORE.EXE
1424	IEXPLORE.EXE
1424	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 1424	2224	iexplore.exe	28
PID 2224 wrote to memory of 1424	2224	iexplore.exe	28
PID 2224 wrote to memory of 1424	2224	iexplore.exe	28
PID 2224 wrote to memory of 1424	2224	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7fed392a6b71ee6d8b5afd4a3d8342aa.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2224 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a99c0bc3d617020b3d0e38b24f7d11e1

SHA1
d420ec99d9dc4b9773db1702aa34358e70e981bd

SHA256
49724d0eedb99389e6117f3f5a423f5bd050e3acf143aab859ab0112ed48eacc

SHA512
2d0cf5d70e80a88f73c06a67772ed4adda4409e4fc49dd749a7d7c91e157b02916a74e0e4d7affcf10bd47b2343088936aad4b662db40a04926afa3ddb2027f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5250b2565af26b5b5f301b26223b98b

SHA1
db78493bbbf50406086a3a71be7d9c8b69b69d5f

SHA256
0305ec1203992bddbdb8f8da2697e07a01bf471e570f745c6c75cffd4fa63ff4

SHA512
7015edd97b77edb6a9c30aeec54087afd95e4fee9425f369ad5cfe76d4579c46d625aedcc010449066d645474078cf18e91201b6c63a65e8b22754a8bf825b54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a5cf7b4b43974e3a6d8fbf05b4b430a9

SHA1
45d80fc9642f4b24d20289b6af052a6ff410fe2d

SHA256
0e1e34888ea607084e6e6b04e1ee4a87115b232d274f8a517a04fd71b8f1f8f4

SHA512
84633cca7af784d91189589388c265714588198a5fe7aebeb3f0a69ae905f4706df0b114660b78c2e463224614b66a12f32550d9600799e04bb3ac4943121ddb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
38fb7639ef1d5f310239fd71b0944510

SHA1
f5d7771f93026e571ca67dbb24c908d9c64a16df

SHA256
81c5e1f47ed8e6c07db17101bffada5bfdb473da3b69606346262a5da00796c9

SHA512
d48013066b99d4d200b5e5db5616a81fb3117f86a7ebdd0ec88af2fa635bea210e55674ea2a89aaf5fd73b1eab566584be5df2e3f4f62175fb174a89b494d08e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d1eea6ab1e94f3719190b5bade59664f

SHA1
069931e8d457040e19384bed5ec435e4b53048f7

SHA256
5c87129762076dbfff92a1c8322afc74796ec45bef8ba8003ef781227f454e50

SHA512
8cb7a7f2bd241547b6c9b0fe652b64282611ca1d3b8fc080ea366d656ca070c135a426eac33dd8700885606810cac314604309f46c1158d4864411499adf48c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d229e9b0e58c7dafa8203a14304ed84

SHA1
a81c146ee3f7d9baec07f03db4593236f0967278

SHA256
b855f865988806b42a69f864c7cdaa5ef91faff658ec2bf32c401eeac31d0165

SHA512
a32fda62d233af47717c234dd0bf715a631a540485c2656aa719cc2af305fdb03dc3ebb25ccd69124c60b096d74e05330b22ce565d6ee959aed7cd4a924b06b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a2a9cf3a04c5efb57dacc7e82742cfea

SHA1
28ce0279ede2c3ba28214447b2ea3efa7de25509

SHA256
1a3d50e8eff8ce3ecdb6c6ee852d75a5c20ed820a635d48be2a3c4c761ba7639

SHA512
dac253e7ca36c4063b90b20ff2edfce929b6eeab6303fab86bd522bce45648a66897398a17d201bb3f6ea82a5c6621649a209eed14631347b4814c8015da5f67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a1b9989a54069deed728cf2a7b870d2

SHA1
126dca812d7bccc034a8b3275fdc74b3443c4148

SHA256
8be159883206cc8232c186ef76140c49f56c7f0c657a05603f8278791778a0b5

SHA512
4f7bf28cc51b895db008f377fe5e4667d32a292186f9147c82d68230d6bfc875e7a11f0b8002a3ae2edc6205b3d8c9628a72c013ebf769bd4ce6d54375158815

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ad530251a0020ea5ddcca55562fdbd0

SHA1
4f75541904d126b11ad449af65f6880d24c38f37

SHA256
d2e09a4fb157f97e3d824a7e859a6a4519cc79923e1ab42ab14e687cd05c3ec9

SHA512
9a76ce55a456467bf65ed21391e76b5169f257ff24753c4d74b466dec3346bd7b433ce318ec74a86e9c45d40e57f23539999bbcdcd55bd6f829f17ca69d2c85a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d02854e4cb4352dc2bdb3ff41751bd3

SHA1
8f190c699cd886c1c1ef2b954a7048f111639be7

SHA256
d132357ba9ef0d6bba9a0a83ded8b0255e71e8118739f606dc1fceebc71c9921

SHA512
8b3e2e33718106a958798ef215870b770ce7f5bf230c4261a31edb16203fd151b21e67de0190899da9765963350231b6efc1f062c87ef50def83726b5bbc3e6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86b4a1f883c41fe5635cbd1c46c2e31b

SHA1
185d12187c29b980c8952c8bef1a644dc4851df9

SHA256
cbe1ccd15768f0bf6f0da43ebf98a1461e3c22b05ed8e514e674d7f298d4a604

SHA512
2045cc3911cfba7f822756a3da97d75f35f4e2adc4077f6ad6de7f066a5d0e63b6836781b97588a654b0b8cbc5d2bcb8364295be07f03206492aa89d7eca32fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f8608eb35d19abdc236fe12fefd3177

SHA1
43d9fa155fa80ad3bf60dfd212961f6e271dd0da

SHA256
3bdb2a6dfcad5c59db058d35438ab078dd4ee5a40a82b1f12fcc2976a58494c7

SHA512
18d42c809e6daad32b220cf15d7cb9bd0720d5151cfd65e68c493de71e9033d6b56e51bdcf8c31be6bd7193061e005bf5a19fcd28f6bf42813556245599b53ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2070836610139234dadb6e40ec27311e

SHA1
fade8d4e2b91eca65c00bf33a414843597c44442

SHA256
da0312926e8b57ef6d3d4d3468ec556cde7a9a81760d0117b1dbf41454eafc69

SHA512
4f03e9f443228e15d27c7f70ccad82c16c7f8a18ab101da077d67748d34daf03765bdd71ebb43d1a0091058accc01b4c6053ee7f25ccbc82dc8c1a1032a6953a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20dc506927be23a7647c6fb9bd0b9df0

SHA1
fdcddaafea44b2ec6527e698da13e6c2e87a15e7

SHA256
c731b19611fec66952d80d327d6feb5749c1177039b5d32d1a249ad9676af201

SHA512
cba4a4d2e313a03447579ca7df69837ac3abfbf386281e8a016cdca520314517f7843efda6b326186ebb157ec606bba96f9b69e85cee04b90f76b4f3d9089970

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
adce3287b6540b4866bcb1e9291d6c05

SHA1
f0d1fd24d624dcdfd2e5030af76a5a2e48eea74f

SHA256
88400c4d67bfe59b471e5d444932bab12b73a9d91e218bed255281b8213224f3

SHA512
6f1526f19317fa2fabe96d8606769a0b8c9718b6d7d0bb5881ba47241c77123c08e958aac67901e82d5aeecc84a55d8e3b59f62cbda39bd35eb446c7f2230c17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
362c0d4d8014abb6717c84c5d37154fa

SHA1
43096b4e98c6046b032e36e38f8ca5ddbb60d930

SHA256
d24ea5f95c249386e8025da5b7d609f28401771aefd045d3de148184a0f844e5

SHA512
dbeb2c714927eabd77fccb10d0846b71c7e9ea73d617ffbf4e46e109913ee4c0849dfc38252bc1095e1f4e75363f3a849acddf3341e91502e600e8c6ad547542

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
02034b4267a8f162db0317b6f1fc6c72

SHA1
ba3e5e8a3e17674ec364ff6fecf3655f99747980

SHA256
f0ff1a2e0b391de59b65c774defd9f7b4273cd0d7ab9ae3326f4395f5f299753

SHA512
be5ed6a58d09cca26a630114d35bc0465eb49989a2dd46562127c74c73612f66a22bb5cde83bb5be1ef207ff8361e68ae1357eee70d8a34ad1692527cdae4997

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab97BF.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar98AD.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit