e3386021f59bcb552e154f3ba4cd84985c6accac414c69b70ce548fb1914a472

Analysis

max time kernel
117s
max time network
133s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03/02/2024, 02:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b290037db138dd3388f46fcad63477d.html
Size

45KB
MD5

8b290037db138dd3388f46fcad63477d
SHA1

d571845c22ffd56c24bb2f4d3f7197c2e26a60e2
SHA256

e3386021f59bcb552e154f3ba4cd84985c6accac414c69b70ce548fb1914a472
SHA512

7dd49cafe588016abce9a040720e949aa527f2a51510d6f3cf9e4cf58d0fec6148558e06dace4801f1b1c03321178f423caa74b61e259f970d4052345f634ae7
SSDEEP

768:Cmjv7b+ifmvSz19zJrN6+zHTulPwZwcGJpUcYzgniJBKR67sja39MbQSWsJXKENU:rjOEaSz3xilG4pUckpg2STJZi

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DFFA9B51-C23B-11EE-88F9-76B33C18F4CF} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0f813b54856da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000014ffdc9407d38c2482b7f986ef266fe7a694ddcdd1cf285f5fe941828b506c5000000000e8000000002000020000000f476c2401a912d914c5006c470101eb67c68097d38fa2d2d5ff2d4d404be94cb90000000f4a74f785f92587e4959254b513f3578b5e5417e7fd685d67142c7676e1c4f7d1a3db84360d0debc309ba3abde8dbe89e2b6e6f03e22d53780526ff82131fa74afd7d5a83ec2c48f0e3d8a24f9029556eb911a29314de66a657af561bd107e6cab02bca96c2d1c5757b587486a7abdb1d23a4a1e983a79061f9e6e5e1932cf9411e7f1f93582c23043de4bf984ea810e40000000c121e9320c1fd531475b46363cc339c733806b1ce991123c63c87fb0aeb9659a06770e3b3123b46482d0a8f3e7be54b29c8b06fdf42fd2ed3995cfba22b62399	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "413089160"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb8000000000200000000001066000000010000200000004e6d61659140c91b805d34f827456f6534083d55bbf32d51235be6132eb8757f000000000e800000000200002000000055c880ddefe546340745220e76a914708c369614c809cec79213ac81a19b110f20000000d387154082030a578e80319fa7fae7aea9372edee8eb7ec4836f3fa7fc01ef9540000000f6cf214b874c1fdfae083585a51ea69fd1dfb5ab0ecf8d1e4a077dde92d08de59681c6484e1b79bc27a1002a9f3f0d5041392287620e1c32b05a2df13da2a458	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2220	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2220	iexplore.exe
2220	iexplore.exe
1372	IEXPLORE.EXE
1372	IEXPLORE.EXE
1372	IEXPLORE.EXE
1372	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 1372	2220	iexplore.exe	28
PID 2220 wrote to memory of 1372	2220	iexplore.exe	28
PID 2220 wrote to memory of 1372	2220	iexplore.exe	28
PID 2220 wrote to memory of 1372	2220	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8b290037db138dd3388f46fcad63477d.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d959d421217d1cbb9c840f6411fd0943

SHA1
48b5cd2e1ef610b931a1b33c360d48f765d7a5cd

SHA256
57c5f17a9907eca43c51f400e7e0ddba11a03491c2455595fec6dde4fb7dfd0c

SHA512
293066f295c21b3db6c5fc24f6117b8118170246de65f59e121742da3b943fdda989cefa95bf261de1abb8ca29ff566bfe3409b18e13bc3a96a480d4e832e069

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e0da1c8aecaff02c17f68b39a7e1c22b

SHA1
381c926a3cfbee5969ec6116e31f9920b542ba6d

SHA256
1e1fbdb283d6e8d5f250a6ceeaf184d40bc90dd234315dbf1f6809eca3da8c63

SHA512
a1936eabe8eaf1f65b21c6a2ca0f05fbac2274a68e3af6804041a204a35ae7d4fbfeaaf0c8f369a254fb9fb4250987d744c69c5b6335f14ea50705d61cdc8d41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee841752aecd3a50ee7fda2bfcb68695

SHA1
15a1c927c94bf3ae3a7141b4b2477221be2379a5

SHA256
352fc7e0d98657fdb197a856435b5786eaa6f1f73eb02400e38ef584f12d204f

SHA512
046291400d348438494465cae4c969f044077a059cd94da1aec188b6c8cfefc0f0f21401db891fd3954ffe8a9ae9baf1187f2c380aeb06a192b77561fbe77786

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff2a7f2e3cc4c297f0c653a49e849a9c

SHA1
9d0be429adfe099529f68282bba21841c27745c5

SHA256
a079e00820cd6734a3d38aa03351d680189bf8dcaa1aeaea875d5159244a18be

SHA512
ba1df8ad7f330100b4c4f619d655b2affcf308980a87eedc8653cbd756bfce33dfa1937466e8389886f6e86753f7f17130dd062064c52c15bb7c54f09440f272

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9588a9847cc8d43866e80056e427c816

SHA1
aa1e605f6b5e5f9149e77e74abec2829f8be58d5

SHA256
06a3394b8791f9c00637544fb703e9b370912153f6c0fb8bb08c3b057abb91e5

SHA512
96c0360cbd861b65c6188e9ba5f28cf99d240b02a04490d7b0e31b56f1dafb0b90c8d5b39ff4173571bf45e1fc9e18a21e68b5f4d3cf797b2525fc95a820943c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
742b8601ee8eb7299bc866e695aed8a8

SHA1
dc24ed23b19abbead015cfdcf3d04d19563ea8d6

SHA256
260ef69a723fb8c4a47a5f6488ff2011ebb034c295f643f9bf41bf6960509596

SHA512
6637d5c0794719768e53ac7697a863a146fde49613e9e141ef97b3b5ca6587f49e0e5321b20ba3cab425f3f2a0d0e666762dda798dda68c28f2fe442dbb8689d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
02391b909cbd7830fbce802b9b572781

SHA1
de6ccc7938147ce131c9831110dc106baf0689c3

SHA256
2078759f964101b91508f9582d918919a9c9befd4d0fdf851e86ee3b8b1fa558

SHA512
dfafa097361d6304f4b4b7f67d99055cb4c2082c3e4fff8c579aa71a361d7365e892fb693df80b07ac85aff81564e0191d8cde77cef3b34283b559d943037f68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
273a4fa03c2b64bb105233214f265b05

SHA1
5e50e7df78358f2957bb13c59eb1eef251b390d2

SHA256
56448d626b38e1b23d34cc53f26aa32d49b1fdb3437b005acb27762bbe0f33b2

SHA512
e297cf50683bbec8acbb0219e443f9d7a6c578b1eb42304651f2c42c71a5ac81313c21155b45c7439d3f7d35425ef6d8dcf737432156a25cabab9b4015cc6187

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9518d9d955e00f533e71b9bd22341d1a

SHA1
62ba06235af86fef680c45c6301425b69ba2cbab

SHA256
e4c2b33a9c024b4ef9621750297aa374fb2b243a76610ef571e8a5d536db9801

SHA512
699d4a902fb19c23ed6cc0b82875d5d10c1f649f865ac8436aac78d6052a90a440b9fa3ad120e5ad89ad55e2bce3db7d1b3e39ef2bf4099f5c57e010d5833fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b31b0c0df9ff3e2fb51973a4705f4338

SHA1
12822056060464d3a2c98484e4ef4cd850f8c5d5

SHA256
e742cdf5e072477e7da4c998f9ce1e4d3c054824fbeaa28f6d4f3b7d85562df4

SHA512
9ef2b3fe6b07517e76370bd0b555a7666639368958a3e6e04d674d0c43e5b6a0db97acea81c200402c2391475e2a9ca6cd179e2a05022e2409a4a95447adbfcd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe88ef984226cf13f6fbc423a75eced0

SHA1
3e8aab6300c08bc7f293707d617776ed337494e5

SHA256
e7bc42108023f665f288253445673f35256a76e943b274aefff32c564b1a1bdd

SHA512
d4a5f1b778a34d3bc3aefa7c09712c6f55d5a2365fa183794db585c182aad63ce9cb21f326d0a438705d330fdec48ea95a89529f826fd4516d7cd44721922282

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe2dfef4bb6702c461eb7c223f254a49

SHA1
767029a1845c1b335681d84f861178e002e5381d

SHA256
6483daad18022aaf3d02b91b96787451ddbabbf945ff29784b65b73ec46da644

SHA512
fb38043f5e9b6fbd898c6d5c1af83deba9f7059dda7cc45672f5b34dc5ec9c4bda7083466c3bc430c07952c7950a8b410e0f94a6fea7db6939d3db1276c2cb32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
00e03c0998b6bb77c141bea6c33e2aa8

SHA1
ac90798dcdba4d58fe28ad669af8977288cc0a37

SHA256
a94dc132c93cce51cfd48c885f39f083da2c1b877058eda7ae45304f60b26011

SHA512
b3f16febb4af02a83711c7dbc77db8c6cfce420619d752eb44d55ff97bb44a057014002f763903148b0bc38b93f8b471ca6e9e12f02c806f664d88c1445b2d23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c95c463fb97d0e630a4b0dbbbae1c66

SHA1
3524e2e629cb57f701720290dbd8accc6bd83946

SHA256
0aa7c529a72b856700c3d65e7548751724eb5711122029a00e191724cf163df4

SHA512
7c369953769b3e6604317a87498343cd74c0df970bb5814a2084e6cd52849879b328802e23099f08a18abb1361489a987524f47b7f3304e748b716e05a54f7b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a1b15ddfa476a378dadd1a66c02585d3

SHA1
1b2bf75be51dce38723feffc5ef815e6f5e3531b

SHA256
32ff674793bf6ee186ea2650bc6f71d891236617a0969b2394c3d6b7027469a1

SHA512
0b587e5bc08dfd15a3168bfa757e87eb81a7982906fef8aae5ef535d215c6204dcaa6ea3ea2ecbf0875f56722f8f3bbc9d4e374936686bc3b2bde4b66dfc776c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d9b489ee49aa339444ed5834d61f4d1

SHA1
d4502141b695f07472d2014f9b504102d563cf8f

SHA256
88c46b457bb90dc230682e1a73575458f1ce72eeeccb018b7da11cea8532ddda

SHA512
6804349a9ad5f25f86689e13ad0f44e9931a5d2557443178c76ce49f1467c1bcfa1bfd6f6978425b6e5264d4c8453e6fa7f36fdb0feb8ef96b33d61e0374bb61

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBB56.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBC15.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit