88389df42217200e9fc62ff478ceae85c7bc6dc5ea9a6fdcb74a311a955d08c3

Analysis

max time kernel
122s
max time network
150s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03/02/2024, 18:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.htm
Size

3KB
MD5

044b3813e96c07b7fde29d4e0e2a5f05
SHA1

ae55d3889c726cae63464bf031ffcc2a5a524d37
SHA256

59b9eb2cd09a9e6fec659ec0ed92c98ef6637091bbdbfcea085e9a74804ffe09
SHA512

9d4a1ba3c0c255fde70901aca2494ec552228be87376828f7a74f15a4b124508ac7fd1daffb634560f82ad350cc0993883967e3c5091238f134ef305041ecb44

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "413147572"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c193000000000020000000000106600000001000020000000b6a1b77999d7d89f6f313cc7dea321b49d05e5e92626afcfcdfc725b360bf18e000000000e800000000200002000000099cc7533209eca52fdefd24cd8c236d8678848a1ea0a0c78cd865b0f0d3f2844900000006963cbd693108bcdac0ad2f82522063f022b1b7f15f5ef095b10d6bff0902c378713f31d5d890ff64bcd1809d123d75f1881f393b82c066991572e241b77c7fa45c271697da4ef163ad05b3dee4fe86b513f96bfc23e96fdc3287667ffe389ca55c5e617396507c50476cbd112cbb10cfc984635abe3926e6626555545eb49723fdba499739ee12ec3d288a1b8dfae6840000000fd48c670cc5891f01b38f4c15a5674d2e76e589f390abda808011daa761f67effbec6a5d792c6e94cf68ec9f71b390da0d821e21bb51b5dc120f6f28a81ccfd4	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a883829c536588438b4279b7bc6c193000000000020000000000106600000001000020000000c63629c6fa716205a3befe96a169dc8a0d80b9adc92606cf3cd37bdf542d63af000000000e80000000020000200000009699be0a2e4b897bf771e3acaa7e39b74215f4943bbffe256608c5a87fb912f2200000008c4183d49d1024267ce5f0750bde0da3fa572ae078d46ce91e172ba690fd6639400000008d45b04a22ef2e6a8cb9e6dac7f4a63db3cb379e9eec35aa23e5fc04404eee2e83c415dd8548088ebce89f62e81aef20b804abe95976feccf1f3fc3397064a84	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 708bebb5d056da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E040F221-C2C3-11EE-B160-56B3956C75C7} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2800	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2800	iexplore.exe
2800	iexplore.exe
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 2704	2800	iexplore.exe	28
PID 2800 wrote to memory of 2704	2800	iexplore.exe	28
PID 2800 wrote to memory of 2704	2800	iexplore.exe	28
PID 2800 wrote to memory of 2704	2800	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\.htm
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2800 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ae2b7fa2f09091b6850792058d3d792

SHA1
dbfecb8df84806978e8c34ce1ccb89748a8bd042

SHA256
47eb68ad355928eaf4408e835bde7241339d4f58a754bb4d078798d16cad09fa

SHA512
99e1bd2e47051bc516f4daee5d0de986f1498c5ae4129e2ec34ff3c6b89bc5667851de9f5cc57c8991582411ce4484c3455f3acd62a099b58cd5eecfcbb7bf03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
16d0de2649b1825603cfe49455fba030

SHA1
2437ade85c50648e6a3cfe13d6e552d1f856d05f

SHA256
4654979c57f50ba9933d346f437d58f4b33b1c68ab58b394054192a5ac32f431

SHA512
8a17794fcd24cc6fed72241a1ce1806de1bd7b446303ca06e3615c0d50c0299619b9c18ac5b18f000f3940ec0455847ed373b2f109de381cb702ff7415f55d20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f1e57de1384ed5db0bf7f4980e7652b

SHA1
f79f369473f7b0d8ac4dea74695c491d99065bb3

SHA256
de5680eb43450cedab7d8364bf79632a9464fa11cc7ddeaf3325a812b3bdc42a

SHA512
f44fd3a0c28b71927d7b18a557923b060971670174f102f51321b7a191e17932c62c586d2a6742a8de3f0d5bea4dd8a56ee4f7935272cf01eb76b957553914bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9db2b357c73c8da6b7cdbabe69685024

SHA1
270198668edf7a6c83976936f3b691a50debee3c

SHA256
2853818fdd3d033066321ded03142e74e5a4ee80c67c1e5650e13f06ff25cc63

SHA512
e85dee77da160aa99c7d4411fcddf0a89823c9f9ca38d086ff6110fac76afa65aa8b05f4ea9a02a4fcf731f91bed6970763efe1ab24126da0d827f26d9499444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
47c83920709c8b6ccd0b10b7f23b89d3

SHA1
7d2d66704bfc88609ec788197f6da9791500afde

SHA256
419375074519c6383a3cd6b477a62557efcd93579ce57a5fc8a80216973b12f2

SHA512
0071728595d2d1b9100219fa226e04701365f7f2eff9d35eb5e220626aa153364b4a0ded66ec595ab52df65a31cc17c1712730374353d749e7c5882adc8acad5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58e9ddcd96729952addbec016ce39e48

SHA1
3428de7f727e8bfdd63c4223de7ef426586c424b

SHA256
93ca9bc9950f1c52f2bf99da8eb562685bc79c6d62d418e4a203eeff762d3c5b

SHA512
9f1c00c8be46023249783fd361fc6694e42ee6a4b56500305bc1bea2f36710626d22b182799dd6ff4802d6d95d6ee5c677ce8c8ea8cc4ae70b944b21697f1bd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
129fddf8ced3b77079dd18d58470f814

SHA1
b3ed5b30b047a922accaf797c4fe4e44b5f005b3

SHA256
33abe37bede3592b2e5131aa5d53ff9d9a22b9962c86aaf3b6ad33ab22a4ff84

SHA512
44cdc317208fd48c12b34832dfe42ebf44f04c7f0c3a449e11ccd500083cfb4fc8816b7771b5e6e9103b61d7a6fee89c3510ad9e2bafdff96072c8f33bd26be6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c6bebd4626003f415637c4f07f523297

SHA1
d6a702912bc22191308bc385f5efe8945f9d56ba

SHA256
985fc2433a2ee7c169ecaf459eb14b87fef65201b4822490070ac8a6b2dc2e6d

SHA512
4a06c241c4900cce96d36ad2a4a27a6b36fd9e5d37ced61846c3dae7b605d48352da549c16ec869d3bfcee9f9b065254605948cd7ec8e632aa1da07471a340c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b470525de6eed4a8a02528643e83ad2

SHA1
2f16801d2fc345c3cd7c05f967d98283a39ce143

SHA256
80a869e9f4a0b42fa675b5811d16bd73f70021a665f7d9c7b8eb55a791488a5d

SHA512
4a1c42aaf963e56389c7cd5841f583e8da54b72c764761938813e6ecedc2ca2dbc9262430b2d798132f6f36733a1c128b2423dc613888b6fbd68a3eaa6a9d6e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
22b34a3c56a4dacb8cd96cdddcebfd9c

SHA1
64d9da3ab3504417138010b0a1adb5de67118fce

SHA256
d838e3e3a5fe094fc0e9333871675dadc3099cf653261f9290c680b233412d91

SHA512
f6c2705c492dd2255f796ab2512081efc9cb0677771ff585912e69741b909bdb7dccc48c39c77a048f9f68fbc84ce865f4cbd9ff3125514da618db0566f92034

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8678a122609d70812a3625e898e4cacd

SHA1
c35ec4ed7ffa29b9dca7ccdf74eb0a1d1b635aa7

SHA256
3f8f2b295fb3ca16c9d337f373995fca5b403a50286c65b2eec48f8a8901186c

SHA512
bf8013c05f7e83a5e5c1299aa3083dc17dfc01bbffecebe3e53d50c6f56970961b30cbdd42bc5762c2dadb9837c63e3a9c73a206934c2b91fb26607df2863673

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
50537f29c63cf4a7c4887a114af32297

SHA1
a443b9164d00b883ef05ad1217a199aa09d94dc2

SHA256
7622736397972b83653bce36a7d8b6e271230282bd4b5280fc751fec54b68d7a

SHA512
be4f2f1b7e90851d47ec969659892f2bb4c3202fef21461cc5133f7233c7cf857ee846a8b97da855c896387910b0b3a8dfe37f85dedca876e32f2aaa0197a24c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f69bd98863f7bd91574ab5db0021c454

SHA1
71f5870e5afa54eb5575fa80c02621c81b7a989c

SHA256
ae7d76f2f5d377dd5a54d99260ba425adc4c2d69847e7a691a13983dcc8a0b0f

SHA512
d87de490d394335567a913f83d79908f0a689c469c9185fab01204c136aea7ebf8665d15f434182e656a7893dff762fe7569d89bc9d614f657069aaef3cd5a31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d2b823f6a7290ac759449e3f02b9cf43

SHA1
f1efa9c0280b1a4d412fce7e565b32246c2d5f8c

SHA256
43dff6d4189e363de2e9b9d9719a4eaf84b34bbaeff74c1409bcff925eadaf54

SHA512
6ce429a66d561e0bfa2de0fe19906a127a12844bf8375a5cbbfa4ec866d1ddca5cf959fced894dc8678f8096b12820d2c2a83bc871bc34c0a61f09000ded8594

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1a07086c422ccef9bee999011b82373e

SHA1
0d984225d91e9a1c6b342f8a755765da68b84ead

SHA256
39e6771bb67fc1d7abd86bd2dc86da82ae245296d7433c252f1b0de399ecfe10

SHA512
383465dfb291739d0dd94860edd9f26618a7655ca63f2f0eeca1c7e0933339e7430f4716103040d67e565815734909030473bb75d022dfb2b28db5a95ea3f7ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe93c4cfd1316119639f6db464b1c719

SHA1
a0de75d9984c29607c29ab29d4df615b9fdaabc6

SHA256
5bed10d6abe04a52cc05e29ae10b3f15bc63b8c05fe7de8b300294e43aa70ff3

SHA512
679e06ca77685d92f5d7afc161448ef0022a24c408278b8c40c4980ef8fe134e4266b9123b99e52b62886d78e6524389731812c9c9ce58d2d47613179ef12661

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c29ff239e06ffbe6f8efa9a535b8fa2

SHA1
93ce668ac0bf27334bb0d7e0be7edf53102b20cf

SHA256
1594f351f287b42874808fe3671c2d60a2ae2d40697a93184348e8941ea99222

SHA512
800c6c6f0586051fddf6c164f6a8e786a021115e7ec932738e69c69be0bf62db0c3df6902b8c0ed1b5f3cd9e182e669be161f15fdae258307ebe4fe2e945479f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9A8C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA6A1.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit