e1f992cc644fe626a9ef8a20964aea31405387cd3253d2128741035a52dee836

Analysis

max time kernel
137s
max time network
138s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03/02/2024, 03:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8b3e58ef14de167afd4488d453312cbd.html
Size

8KB
MD5

8b3e58ef14de167afd4488d453312cbd
SHA1

5265aefdb02255618efe0bb3b6d591a9f94ff9c2
SHA256

e1f992cc644fe626a9ef8a20964aea31405387cd3253d2128741035a52dee836
SHA512

26c498cf9bea77159693271ac621dc566e8ef01f27d065b67c1f8ce570b6960ef32ac29c79a732ea4269f10c0559fa230047ccde074fc5baee5192e2ed38def0
SSDEEP

96:uzVs+ux7SrXLLY1k9o84d12ef7CSTUkzf3DlSjoSiWUR0eJTnacEZ7ru7f:csz7SDAYS/TS8SZtb76f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C6797741-C241-11EE-9F1C-6E556AB52A45} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd7691733418900000000020000000000106600000001000020000000f058d02fc45da693b68565c7a56f86b1a82c9b550fe77cb065ba10f5d9607550000000000e8000000002000020000000a81743ede5094b8ab0ad30498c01b81c2c9f4832b60dc400bf53abc7565688a220000000982c900e4dfacbdef246b9e1c564ddcb21ac6d80d62c80ba265729d25f5d112a400000001d944639f0f2009c5b888536cf52791688a94937290572e973409ebc144be2f16042e63c7c50550aedefc9ffb7729dfdeef4ed36abc4d165a690270755acd90d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3020a79b4e56da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd76917334189000000000200000000001066000000010000200000009d50ea1aedd97cf96fdc0bc66301ef372e90700b70d227080072e9b1e8ea728a000000000e80000000020000200000003abda535039beb4eada4aa8abf5f5324ecfbc7d53104c65d9b93ae968d4808e7900000006f82775df756f9f1829a751ddfa2901a0bcb305e90329160dc65190c0b6b7011bbdbf10a5d3fac52cdda167fa3bacdce76824af742e26c7585f1a540014b3b6a9d2fd8c1ee94069cd8ae00e7330a33b87024820f143bba1d25f42b4690bbf2bf0625dd8b1eced1174f2977fa6527c8cae214ebdd49aea8b736f2d3396b838f72ef46efe3f05ea90d2af1bc619fc8f7024000000051fec8ac9ba368c466825688aa96c3a425222391d04035a73f3d1cf1d46aaa3eb42a5da998648cb2056977b98a08f795ce9151dddfff1f314a0d2d130db052c3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "413091694"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2056	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2056	iexplore.exe
2056	iexplore.exe
2524	IEXPLORE.EXE
2524	IEXPLORE.EXE
2524	IEXPLORE.EXE
2524	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 2524	2056	iexplore.exe	28
PID 2056 wrote to memory of 2524	2056	iexplore.exe	28
PID 2056 wrote to memory of 2524	2056	iexplore.exe	28
PID 2056 wrote to memory of 2524	2056	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8b3e58ef14de167afd4488d453312cbd.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2056 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3dc4bc8bc166b90f6487d2d5cf57151d

SHA1
3b277f3f65afb8fb84f84531a7bd9e4aea36ae78

SHA256
6f01b1561cee0fa42fc58f0c8f24417cd9e905c632672552a621404e198e54f4

SHA512
46670edfb2072492bdd6c7a704638083258104a33fc7ff9f4f6e023c7350f52a3645a7eef27b11bbbfdc5d3bf4de6ac80bd5221fdda274e9c1ad51de2d494f44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
89e60afe2bb6a3fe669e000aa81f67be

SHA1
2fde08af36f47f0e29494702aeb3f28d10aa32e8

SHA256
b3222b68de7d6c5b3e8ad142701c3e47334be1fb7becb88f9d1cbe93ee60d9b6

SHA512
9300c1350d2468b3dbb546d122ec7d75cfd0d44aa444f53eb1e1f9ea65bd8ba4267f559ea78715d94ca7c8cc4e6ea3646806e725eaa69742dd167f5c049f4b12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e83ee7ba258be7eb96dc5fc4769960c

SHA1
00c99c61471d5a8e612a8cbd3dfbee6ac4c9cd69

SHA256
9d8b736feb70c9717a0c757796120233e7206e8e4734554ea1ee8da90fc93892

SHA512
becfb2bc793ff17564c82d424af33466b40937a6b442ca693c3042858de6b3ac00d5ba2751412153fb0d3146d7a68178cf0040293c6667fb09aa10830d71da7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef59865856966f43df9dcf219dd78df5

SHA1
41d997936ee4ef5c403228faf165a1a809833fc6

SHA256
da6211d84365e2fdbd2ba88e0683bd1fa79195a2f43b4221a667679b30a34a6a

SHA512
2e615e1d3f4da7044af1900f499c983dbb819106b95f1257206a54313121fbaeba8e7fedb23c958a66cc5d1acd71a49a6d168edabeb18b9bf66f560a74557455

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2b7a7286b0218037036a527653902e2

SHA1
7e0c0f1e006b62466bdbf142074cdff124fa401f

SHA256
d6e20c4c51249723cc7d8a20a6754c25d1d64805c7aad3bfa80c6f0ac370c79f

SHA512
5e7d0280ae7068a20a31d3258c69b1397e36b15180fa6e75b5b9bf3ef123077753c40a027f43586556fddb35c804fa3a8335be8109b9e081b071410138676735

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f15e6c7980e26783013455f150648ff

SHA1
b6d8b5f202c064254a4445f20cb1016239f159d0

SHA256
5d5a35433cf986c9053765fc03a6cee2d99deaf7278d59166016f506e05cc3dc

SHA512
db5e45b28d930830c11431a7ac9d535690d5a7900ebb0d479db6cac7a9c95d7ef42b36110580e3379a3d590f0a31cdcb9b2d7213ee3b773cb2820f8019ec1683

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
65057cc97b186f2d51b58e1d5cb9bfad

SHA1
6e8353cb8dca5bda6c0bad5a980a2001aa53babc

SHA256
d6fee28ad193f68950581cc03650f151eb81caa3a0def16ee725d36d86f57265

SHA512
cd18ccdb0b4f52d3cc51ddc64c6346f6a7647724a3e599caf640c1eee6f5cf48c73c11e33566d9d32ab29e9d5aba35618480d283962783cf7e36777e180ab35e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e330f639632f71aa5ddfcf241564344b

SHA1
a9560a45d5681d2d413fc6387b4072870eba12e6

SHA256
eb5b4de10b3dcb29608d2dd604bb888b574a69bd8dd89016bbbfafb8672ef558

SHA512
fc0ef108d4efe8e3965bc301c80ebd94b300a6a254339560158a825b6ed54fdb2532e67f310b4932d2f1239e251414b484423a8bf4c685ac4aa0fa000a4bbecc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af6668240e8b7cfbac77640d78658bfc

SHA1
06b4ecce6d158804fdebda68fed48efeb59ddab0

SHA256
2d7f7bc1b05c15a0ca5f3702f4703dea86f53c87c8ce9ce2516e127e5f19cdba

SHA512
8b4ee051fd2b07d1d8ce30cd9150b73ddffd2cc64aa79becb65425f46b0ca6b4ae3e253d853167fcdb25b1dfe75cbc5e90471f5ba54a0c2c73fc81ffd4b21637

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8224fb93158115375b002611b7b907f0

SHA1
5bcc1f272fc8a6e3ef9ebd69fb3d7ac5dcf44f06

SHA256
088103f0de873f17de2ffcc10dc171817f412db61b8d020e586d5f32d628d238

SHA512
49a40e9ec43128f97cd0788869401651cf36d498ed47604308bd2c55f365ebbacbbac7dcf253fbcd39373c5043ad6760891bd1b2e565296100c39b5bbff33382

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c5ae4665530998070a8ab83f94cd506

SHA1
fbade046a9bcd046828b75d44dc932861f998e90

SHA256
5c9c842c0f845a974499e671d66ab2b62e38c5c8d6aeca1dd762f09ca32fbb9d

SHA512
f4a2d5d207e4507b3d52e459e83f1f0de5cd7661db90977c2e717adf95880bb90bb61234592c59a3a70120a45fd0063968e6d30e05256a16bf3724a86548c7b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
771638a2991a5cb76e4dd2871ffd8134

SHA1
44baad1a89867c23a51ecb086fe65f8cb170cbc4

SHA256
19b8e2b01f9902dcca0a5b22d495c0712e3e8efa89795e9e817bf6045551bfbf

SHA512
5acf47a61e413695b490e14578ca123436a11336d588dd1e98d478346a1ef1cb8330fef5d398e93ec626736b834437c3fbd8914361f6670c54fd2a38f205cc53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
707d59fccb8ef5fe5791189349333094

SHA1
28e3552134a23c650af6eee3b9fc91a5d5e6c211

SHA256
c5cb81b1cd428ebeef101ea39d08df4370d471db42ad01443b4ae0268d8da6a7

SHA512
39c87619c3da553a5619f6af8cbb81b4d37e83c7e15f7e9d02723f36b211e735bdfa8beace1a453b15a27e3ba523f5d528a38bc3d661ad833212724009a92602

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f8a6dbe20b450f173cf41fc48de9682

SHA1
39ae2a010889aa5373b7dcb2dcb005a0b9c96287

SHA256
a96261e9528fbad34e77b153e6635e49e8b0ccb5a0a0d9b8219e2300e37aa02a

SHA512
7eaedd947e15a4a4d3c3ec5c4c0ddac88a51fe970639c4bac3be94ab6d94f819f12e0002cf3ed67126af0ae01e7e5dbbb989ea53d97e4ee3e71c8c368b3228aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
39ed01c8f40cd5181e7389f13f4edb34

SHA1
99e8ed11d318b29c94ff64aac402a1a0f2b4883e

SHA256
71acdffd1a599cf1f7d0919f214ae0cc9f0e3756808d9600859b3cba21ad17b7

SHA512
192c20f5b850e4e43947b0510b151eb9e3e8a638d92bd99674959f28ca91ca87fa1e232cb788f914cb0f359901a99f158a7a5ca49cad7231879ed9ed613d056c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60a5c9140290931ca884bdf807371a2a

SHA1
69c40bb8941b1968eda5181126ce5499565a12fe

SHA256
8c389d14800850b70604acfeced1eaf3f01865a63b52c8025a1f7483e3e48fcd

SHA512
17c2fd70e227e3b8b31ef1757337ece92c949de087abfefe367fd787bf2fc7c3cb3950865a02c9bb22aeefc5f91283022a62e13325b5d518a47a1dc4b6a9456f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
306b25f13612025aa7594a997bc34be3

SHA1
d8a900c68ceb307a3265dfb1bc600c86b455bd12

SHA256
61c7c2b3fd340d05a64eec4529b1392e81b46c90dc6e77e9c62c1d3aac930dbf

SHA512
0dbc23309f402fc307b0a619157568aeb058bf2c61cfbfff1002bb0392e2d57fb8122742c863cc9ef7cf54217d97a427e029694e511f28f2faabae636524f2a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7977.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7A25.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit