dd6080f27bcd896924aa1f97f50d2649ea7926b73e029739f761d893e9b48ef8

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 13:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8f4542f9e251e199dfbc385c91384305.html
Size

2KB
MD5

8f4542f9e251e199dfbc385c91384305
SHA1

73a601bb670f45676993a4f94cb492026b757285
SHA256

dd6080f27bcd896924aa1f97f50d2649ea7926b73e029739f761d893e9b48ef8
SHA512

7461cba20a4317bb4a038e4106361535ed308a0461a60f4b6cac8d2f80df471120f878c4aed14644dadb52a0b527b3dbced883d35b62bb4ae128d905bd831e2b

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "413215231"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0022d3d6e57da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000e94ba66f5b8878e14ebf646d511858e6da3fae62b76894bf509997121d26f3b4000000000e8000000002000020000000daea403751b46d7e0ad2a619963f21af429090f216d9e4ae84af93c5a16282f8200000007f07e1f1a23fa209d1711829b7eabd2dae5fb0c68b3861ac16a027ba85ef1237400000009e371746c5597f6656ac5390f005708b364bb6e978bbc6ec6d901f3fca88af88e004eff7b35382d41a5e178f9c96de6d82261408cbd2833847bc19e2083e9d92	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d6000000000200000000001066000000010000200000004e3837e898ea496e926cdacbd55d32100b7dc862fceadff38043cab30e1c5a9b000000000e8000000002000020000000360239fd520df469b46f83b840bfb596b4a7b6ba55598bc792f4712f14ae82b490000000bf1b9e3ac1daea59c78f8d03361b0c30dac2f5ede8da8bd5f59f572800466656bbcea68eac7e75e1f529d271eb74a01616f33bb9c52492ceda24ad8d898edf39265f6aa3d28f7ce7ec990a39aa443c463b179ff43b59afafd0c2af2b3bd2df1a018c9bb07ccca98840e1a2409732be2c93d905efd77b8421d58a9e82c3667f4f579da8c10c953bbe91a4d8a4acc8ffb54000000097d648f0798bc670ad13a4b36eac738fb3c00cd63d41deaf8c30f4ade86b91198029460d6a2fc5b176febb65bae65988cf2365f6b8582859edb9714991b8ec84	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{68CE90A1-C361-11EE-B84A-D2016227024C} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2440	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2440	iexplore.exe
2440	iexplore.exe
2692	IEXPLORE.EXE
2692	IEXPLORE.EXE
2692	IEXPLORE.EXE
2692	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 2692	2440	iexplore.exe	28
PID 2440 wrote to memory of 2692	2440	iexplore.exe	28
PID 2440 wrote to memory of 2692	2440	iexplore.exe	28
PID 2440 wrote to memory of 2692	2440	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8f4542f9e251e199dfbc385c91384305.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc9483775f5fbffb660f9986d682c9f4

SHA1
9fc3bc37e84af6994578d34ac94a74b51f457889

SHA256
8d43fa321b9082c3f4ddba99ee0349b443b3e34c55732c9d86e0dfcf9ffbe13c

SHA512
736b0a4d6752a7340537beb980be7358a37e02f4a8f41b785b25ecfd2d20cc67c8f2cbd5fd9ec65eafe3f93176697350bdc4874b09a0825f4cbe558d1fe33250

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a1062d458ddcfaa2a42fccfd476024ff

SHA1
0900b10bb8e25a05673647c4338765116b104d5d

SHA256
7e77cef5f6050f8d7721118933cea46bad437d17674f971916307a685363ed41

SHA512
151041c54382f77580e4dadb69b338e49c0158526e634e826c10bab07119dd63b7f7bb054995f20079e13c501a1b8d3064f437e0c823b72f1a9e68e3ceff3373

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8d113b81e35094960158533f080cdc0

SHA1
2216fa546e6c54b48842f75e536de0c33cb771eb

SHA256
86cbf3c55ed67e00897cff9e61ac71f011b5f5f5f2e903275c07adf871bdfcc5

SHA512
93c2d6bb64d73eb30b1be7f27bbef5daa4ab9922983c6709cb33b7f86f6da32b9f57aa134158650b44e4d53bef6285bdf9788fae45dfd836e3e023732972742b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69994d108e0e275d8a81e50cd0ff33d7

SHA1
8a5a74a8c4bbda344affc9c361dd1ea863b9ed97

SHA256
82d7449f001939199a15a4b650e946005705c1701776f773d2056572e069a0d5

SHA512
abdcc65cac6d3a1b99e7250b3dbe74c863578de5f98d78fd13c40e7e057a5bf9ac45aefa6175bfe001e6f115fd0ca9947cca2c74bf10638feeb4d04574a78e15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
674c5189ef80b429091b590ced10cdf6

SHA1
582f52a8834358d42a350dfbfafe3f6909372734

SHA256
7e0b74f26ddef4309ec9ab93ca14e1caca8518cabfda4cbf0830c0c69b8ae924

SHA512
4a65007f9375ea6e7d1ae4350050eb49e89b245a939841a007c8c988e9ca33067173198dc5f7cd3cb50aef30a975912eba726681977268458d45eb22c968e4de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c3b8a0405d3a31d46ec839b668243a2

SHA1
f4bf7fb9bca3ce3be2f94dada234d191ad466524

SHA256
c8af29e10b5b4517585dfcaa536d0ad88b6c8d42484e2a69805d293ba1f4b061

SHA512
05eaefba8be8c585f0bdf39b82060b959998fab4578c41a4c36769bbe39634cf156b6f429cfda9733a7a516a26754faea069524d7d768be219ad578e9d14f959

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f83118c04a0b39fe2e0d9391b967547c

SHA1
2ade24d801c14d0336a918e43fd85e2e481aa0b6

SHA256
e500efbd20a80aab72db1371ca89c57f2ed40995b7e436b9740added1b73a8f5

SHA512
7c437d4d9446565ba6257fcf3893effbc7f5bd6e9ff13c05d8219f1cabd046de8919de9c27754743d88a05797f919f986fb79d827c32fe8f4aabb192a721387f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d23ac0d6ea27020866c9cdba86ea7ae

SHA1
53a9808b2fb443da515d9bbcaaa65b8d125305c2

SHA256
dbda523ce74dd82c67d3bba4d8dc5f87be94f53c815014ae3830cedd9ea17e6d

SHA512
8267e31ca24c85499c30d35e1b2057a5fc70ece2d93cfc51d80ab785b9b4f5cde5240e49a422bb078bc1b8f53102d753bf709e1f187e4e8416b5810b756c4ecf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1bf8840b110cd185fd766d520cbc853d

SHA1
cee2b34c78ea61fb8b0706ac13adfd7bde93b645

SHA256
ea26fde4f2a26ebb004cc3d13d6335c02489bfe93e81664be8fa64c4eb978062

SHA512
d6a55c5985438f5a39e0bbe7feaa3cc007b5aba25e5eca22815d1f22f7c8ac4f001b7127d543b7d8058ff458aaea819fdeafe0ad3dba5b110aab1df5c6c963d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2758d502aa53a9f6104a697e66e22a33

SHA1
609894cd9797e8e2675549cdaad275deb289eff3

SHA256
e613050c751a0f7adba6ee7408bcd6ea6cbc6e075510aadcda9afd9f5b051339

SHA512
2dad50564324957743bd111cdf5b5e8628ca2405a7941c30383e51d25949a9a83f9b3db5ed3e0434ea287497645051b434b108906df9f595bc08b75e1e9c52d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
01bae3c63e18d5bfc495822237eaf37e

SHA1
0f8e4969236720e58bdb7967f5ed26aaea5c2a07

SHA256
d5d512f5f247029031cef7f2fba21ae1ec8133d60db5d2c0c8616c4891a3412d

SHA512
0cf668b8cd3893c28691ff547e6bf0114478b2c215812d2a231ff3e4f199299e7302eae10c75f42a28b2448ed857ffbe32975db4041dfe713bb283d00add9ebc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
37cee603d07bd0612c244001734f23dc

SHA1
4b22360e1a9d26b9d252aa6182feebf005a4e5b5

SHA256
32dacbda896935b9a7c3b332121c732dd5683e9075912ad8a14b824f20841630

SHA512
2be5594600198f3e34ab2e5e630e47f91b2605134182ee4a803a4a8a6b1e028117c082e96afda6c65167dcc5999a6ed4716014028e6fd2aedf8e46c2f1533a61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
922c528bcb2e38df45635ef9df645be4

SHA1
3ab70ab94bc06dc930e2b610582790acfd5c8f49

SHA256
0ddaa403efaadf5a0ca25753511f94c443a633b8d9e12a513fded57081f46dc8

SHA512
637fec9c188c3089f7de58c0927b9670dd44c4f36a3964f67d7c7b25bb63533afdb91efcc1f291c006e3ade1f3a2d7e1a6bcb6324623224fa23192eb8c3ee903

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fa82d624bf30d606c50c5196c4d30d39

SHA1
6b6b10cd1fe8b69260daee903399f0501ad6c1ec

SHA256
0c6e2f97732deb37d458bb4289192386c1f347dc66278bdea96183b158914df4

SHA512
47a8eb92f8d0555e6e4644abc669470bd229b2147a47273a174db5a592ca6c14e5dc49e740851b4d6d0e068a289ff8c49e9fd210c80e77241db526806ec2f522

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
734fc2aaabea1ec73b905c9aa593252e

SHA1
b27bc78fc3fa777fa8194f665e71c99266823efa

SHA256
8c954ec5c219a53ed28e1a27298f1f1e9aefe1b82e5d1f2a7846262a1c1e20ca

SHA512
baa2f97465bcb72b9b43870041d60bd5486dda8003408ddf8fbc217d587c8fa00342585df4dc4ee5942fb04a51f4d2259591c38451cc6d8ceac54149ef4ab909

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60a9c8dd717416ed7b9ceabf78cf34f8

SHA1
340e5e14c76ce5df80cdd47a17c33707150945e5

SHA256
311e54685daf8a7b45acacb5abfac6ca57d207fb2658abf4b794f3a5da2e7d30

SHA512
7c98106ce31e80f4e82c434285e3b5a315e506655304f1cf5292d8104ca5af75ef95f2cbef1227c8d4ea2e70921f52be44dc6737ed0957a045168b39207ba68b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
08e606711d8fb05cb282705aaa858ca9

SHA1
63e16cb4936abc00f1d3a6b443afb04a913570e2

SHA256
9da70fde73cd761dcf84593979895c2d74a3454105cc16d1868a86cbcdc75aa1

SHA512
03748dda584440c135adc8397f93f3e9e7b3c66c02a21fcc9436cf0d5415e73f1e69c4ab254cae3b301ebe916e7b62c91d84e813bd74de593c6dfb31e33ef6af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62986a27f67fada0f8d3bd4511f8f325

SHA1
830722f183326a26076bc3a30966670cab79f021

SHA256
c879c8f8fb2a60d115e5b00c03dc6a22b85dd118dc34b1ce8b82166dbddb4ce1

SHA512
b86f1255a11bd87c24f717ff21d319e7f4038ef40c082c812eff9a883b490bd231b1806b671b2702df9a68259066d4e54d2d557044d6bd6a876606b69876dd5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab27AF.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar284E.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit