d9f502f25fcaa5a43d7e67c04b440386acb3af977b7568cd37c435b4ea6af6c1

Analysis

max time kernel
143s
max time network
150s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03-02-2024 07:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8bb717c6205eb20cf310a70ef3f0347a.html
Size

51KB
MD5

8bb717c6205eb20cf310a70ef3f0347a
SHA1

48658161f424c8528a962068c215dfa68bb608d4
SHA256

d9f502f25fcaa5a43d7e67c04b440386acb3af977b7568cd37c435b4ea6af6c1
SHA512

e947fc617dfad593072c0914534c064b7e417efa429ec0bd5e92dd6438cef7e1d5a255b53836ebb708f90e0622f7f2c62b4354460ac7a5e71f8565835b6e78ce
SSDEEP

768:qxpHvvCIoQhvEaB0TtR0mClqc35nxmamWrJUXKbwxM2SylXy2:qzHv7oQhvEaB0TtRBAqcJnxmEJbwxfXz

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "413106132"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{640F2101-C263-11EE-9B21-FA7D6BB1EAA3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
760	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
760	iexplore.exe
760	iexplore.exe
2204	IEXPLORE.EXE
2204	IEXPLORE.EXE
2204	IEXPLORE.EXE
2204	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 760 wrote to memory of 2204	760	iexplore.exe	28
PID 760 wrote to memory of 2204	760	iexplore.exe	28
PID 760 wrote to memory of 2204	760	iexplore.exe	28
PID 760 wrote to memory of 2204	760	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8bb717c6205eb20cf310a70ef3f0347a.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:760
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:760 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
1bbb371e5b58e821c7c239f40a10cc5e

SHA1
74ca4fbef0f31bd932d3f7d5872ccece0d9fc91f

SHA256
3844ea7761e37af16dc8f7f04d11285768fafb1bc4dd48ec9b647a7fbc566e32

SHA512
6070969fe52dbaa8c95dd1f14a12a16acce9d4cc48dc1ef2462d54c474955976056cfae46e2b0aa69a38740ac3369edb9558377bf7704d3082c10ba4b3ff72f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_31F76613FE0A74A21C6F79AA5922B05C

Filesize
471B

MD5
c139764cccd7c8c8d20d8e5072b45f4b

SHA1
26a83dac32af80c875a9a4859d1aa693f8e1246f

SHA256
72f4aa1dbab168337d28aed837969e3abbd040b3af27b003639d9e12e110bfb5

SHA512
cec146c2cc258b6e5e829998f03d74777cd310d0727d7821710d0c182fe3d8a9d155180846ab5cf80cd0a7f892ca93791c75ceba9fc3a71f1cebd0385fd6e584

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
b4b1d25b5cc11af5a71bc0757cb7235a

SHA1
c7c1623eeb2ac1c2549000eb9a2dec43232302e9

SHA256
c3cf65d337acbab5b3149400eb03f1a57ff7f137ebd698579c397e89cd62bcc5

SHA512
29d44a81fc413c8c4facb19c542f02f677989e7b88f0db69a3668e25317e3239ed1cbd372246dd8c7f89e45730eddbd0c3d4e2643ad45bd7c3c3de6aaff317a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_31F76613FE0A74A21C6F79AA5922B05C

Filesize
410B

MD5
396a4c7622b5a4e3b0405dd8fdb12a52

SHA1
61d5952fa8a89f8edf25c5dfef2c1eb67650757f

SHA256
879744f5055057be174785b0a58241b7796b4b6c71ad7d563e3d260100aa0701

SHA512
094788f6739c80efda8a10ffb7940291f86d739770c223e1062feec9725396bbb2d09b43ae0c4df274b2f6b70a19450e7a400ab9c926ed74f3ae63da180e4c5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
decd39428bf079a0f7d46167acb06729

SHA1
e08d7929978dec3a29fe453c2bf16d88584345f9

SHA256
876408adb13c9ac4bd6d33a8b3458b880068e1ee0617b7a53fb8474e40924b50

SHA512
b09ff88969e69c4d9176b223376a5b23e2e58381877dd2b87373d944bd7f64753393a6b868b873ba8673843590bb97af34825a7ae3f3cc938a9126364c235085

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b3ad82119314310b031411fa5437eb17

SHA1
7c6b331724b612a1eed3811ef71013e5e2ba7916

SHA256
23131374ff4b7d8bd4dd7f24bd42afed86b87aa4c335cb3b2782a67db159e5ba

SHA512
3153dec91ec3656cb45a69e434180877ac59c5bed3fa283282878bfb5650efeb106383baac1e6cd9eec7f9196ad210c13945957611ae02f48f0ad47d0dd11bdf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d1f55dc7e0864e69ee4a4a3dcabf557

SHA1
0f3d2da461a26acd88d913e38521c9915e9be9da

SHA256
e73cded9e7ebf3564aa33040ae83234450b096eeb5e8f1f755fcd5c6553e4abd

SHA512
8ffcb16a30f2491fcdd22c03ca1025ddf1db38063a01d094e2a0acda841988ad331b12e61812663adbfe88d042d5f857b9c623a5eb68a8bde29929c4b288e0e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d21757df2ac73798ff2cfcfc9c49dca7

SHA1
c5f90140c97e90ad5dd92a84410befdd5886b5c6

SHA256
960de3735270c8dd4fc4f98759532a856edfb52af9bbfe1c98329dacb8abc3e1

SHA512
83f8a926fc6cc27b6a66990632acb3ab3241305641fc9cd168f60e08c76389a0d4021ba8e8b63f235f477b34562bb70cb58556f26edccad3f0e12384387d12ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
491a4254297270dd6b8734bb7ad8fee0

SHA1
e6bc461536d58f591de6cb066eff54e95727ac38

SHA256
454a209765ebec46a3b919735355d5146bea4ddc2b147802cef916ec2e07f6ac

SHA512
3a6b02d12da85a7c9d7fce64cd28eb9ffafaa807a78e78b6786aa467f8983a5b25ef8c9c97de1296c169812e752b7c5ac391658019995e4fb13dfbecb3360938

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e0d8f42d393b782a58dab90665d6efe5

SHA1
c9fd23e252acbdb50a604997a8c088845bfce615

SHA256
5655b041913f8e2b313695a70290013d5a92dff3e7d5ed44f3f4770f92a7d562

SHA512
a9491fbda837de75593201eb6867678528062d570f085fd6cf54f9401ee7beb61c6d519fa221b435a90a4d65b99e89ee06cc1e1e1cbad22afae46682dfc3d13a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d3d26479111530b03a59f9ca94891ce

SHA1
c29ac170814a98b850b05ffce01a249765248148

SHA256
8bc53523aef24dae6a147b390fdaf25cbf17bae4591f39e5181afe9377032bab

SHA512
1cdeb5f2ad23c1a31b198b5798b774cd2a7823b88d281e767517ffda3fe7bf0c0c2c28c6378da894b06985c7f9389cce14db96e50087340a0cfca02e18c5d1bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33bbe008f44a2aa6fbdab071ef23cddf

SHA1
043a1a2fc05a9c9ff73036d9768669b3c9527f9a

SHA256
b3a46ecf75656894d618704aacf53b4e47c0a106b0bdad4529a17f42ff902522

SHA512
78f473e7e47039c5973d7efc43b4287b2bb7efb5877b450b40c4ce85af0dae9db7cce922845a1aba92b3d906f4ebd1074b7309a4bd5e28a184938c92041a2c24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
947dea5d650059ae216f3e34254b3920

SHA1
fd22cf4840b615bc40e0ea843c0b2e02a3a2b830

SHA256
74e9237436d5ca4038af86c89d1ae99462815a57a91db0a91b39103e736d8b8a

SHA512
86e1dfbd384cdd9471d3f11307222016b0bea64347e2341f002863ca3d32170bd46f23248b5c7bd5c09158770054dc0c6ecec5632b99e5549a7dd3c409a209d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
27cc0beb2393e4cb69fe1ce2a4d4c125

SHA1
d09973f9eff4a7b1f39a4d08ab290c26f69e419c

SHA256
2aa3c21ec925cadfe2791ddd3fe62cb1b7a9d85a46614642f870d3f44584ed84

SHA512
b7612b59983815500a860f86b2b4aa5e4b178614b6520a6ee7f12ee83dafa6508f84d646145cf672e5d6b134a8072af64932030774505fa08931daa5ef2712c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee306a9a8c9b6f0f70e561ecaa002dea

SHA1
105eb9d44e02fc20e99dac58ca54d7752209188c

SHA256
58ba68520089b9e38211a4f6d2dd5fe9db93a3b80e550a544e5924a173ce75df

SHA512
d341f1f1aee62120d0e69447589e3ff5df047a53ecf6d5ee4eebc7cb207c3bccd81f6c12071910a54fb39b3efef9d7603a3444a5c4822ce3927d2687d158b904

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
205db226fb84a5133ff6f7117582474f

SHA1
c13dd0d7b13a2fed81bb8855f440fb5dc2f74532

SHA256
6ce4c723527dc5c37728d084ecd853120419ea804ea9f09f194231f2336daea8

SHA512
72904919770cf2626d17d223b1407df6d1f13f28bea6ef2d920f2e27aeb5c39ca853d66265bdb699a6503e0b37d7367ce256f7026ba943f6ed45c7de81c81f6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
06bbc013388ea07c310989c2891350bf

SHA1
235eb79ea3b52efe44b378578932724447cf8020

SHA256
af00910a662d66115cbb0c243219339726e6893209363ff634637c31e51c21ba

SHA512
4f182346fbb23d390c49f0a48a45c59956eb8f8245c6c5c6e3be315f4678b998d37b8558b2c907e19cff1f2543762987c4f9505e9514a089aae4a4c6be5002f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
b293ceb8d22a50caec4ceb4a03fa21c4

SHA1
12133ab3b8ba1c08e31fb196d957cfc5532f8348

SHA256
eb56c263b5ffb1eccf94f1ee7c469eeaa3533f8243fc0f4e1ece329791317712

SHA512
0e60c7737b8ac0335988fe099fcc8d65b170ff830279b3f1c1c51263712b89ad70d7af22db6f2b932178359af931d6827f3829ada3bb9537996be685333137bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
0cd52781642a29131f47744a113bd4df

SHA1
fc83a3e7e7c07f926f28d9e9a427b2215cd59685

SHA256
b4fdfc7f9664708eb7aaac91a9e2a471534c702552b21322fd68a8c83fb9c260

SHA512
39e2012c02d6af49efe06ce49103e10f42f2bb9a1ebc8d709d93a77134fe7ab613e1a6f015523a3c4810d4de8c0b1a36997eebd287e5c39cb257b1a57ff13022

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8852.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8980.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit