73d065019d80d912d6832f3235ab5e0928bacb6a500a53042fe06ab5cccc9873

Analysis

max time kernel
145s
max time network
152s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 16:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8f99c9715e060cc7b155e2c801436baf.html
Size

48KB
MD5

8f99c9715e060cc7b155e2c801436baf
SHA1

3776bc98813126be91633793d118f324c1fe01dc
SHA256

73d065019d80d912d6832f3235ab5e0928bacb6a500a53042fe06ab5cccc9873
SHA512

387feeabb6ad37224c17590965d70e5b34cb92b32283e232073682c75b3f472cd7113c95adf7a45eafdc6a1ded03394cdc77df1723b6b862e97c4bcb5c6fc671
SSDEEP

768:A9CJb5ZK5skKlCoAUhu6ES4tO0th1JBth5mamWrJA8lp81m2SIR:A9CJb58tWCF/EcHth1JBX5mEK8lp811

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E44D8711-C378-11EE-94C2-56B3956C75C7} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "413225321"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3004	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3004	iexplore.exe
3004	iexplore.exe
1784	IEXPLORE.EXE
1784	IEXPLORE.EXE
1784	IEXPLORE.EXE
1784	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 1784	3004	iexplore.exe	28
PID 3004 wrote to memory of 1784	3004	iexplore.exe	28
PID 3004 wrote to memory of 1784	3004	iexplore.exe	28
PID 3004 wrote to memory of 1784	3004	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8f99c9715e060cc7b155e2c801436baf.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3004 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
b68fe463c7ec10f2571f6b452b5195e1

SHA1
0a735214f8f38e3ff4de9fc072879cdd5b830836

SHA256
d416fa3f24102ef5802842473524183d7e4808ac0ef819703569fdeae2ec142f

SHA512
e4f4640d59050cab6e690b9c2d7973992be61a87a4110876700ea8cce644c1166301bea83a4a1b921325c34d39f0df9ed6c94981da9fa8eeb08a6cc62ba91001

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_31F76613FE0A74A21C6F79AA5922B05C

Filesize
471B

MD5
22036c2ed5b3fbfc1574c1028103c3ba

SHA1
0f00dbbe00922769951c2971291120150e254fd5

SHA256
f50265dde647550a2c9ee9be1a7e677a1ecadeb30adf7dfd8746fdea6d98c92d

SHA512
eb5cce8933406282b167000a4b18469fa7dd767cfeb0eda17679066d4d467c0ca22b482fadc992ab5e8e2ffc123c713683fb0eedd46a14b04c9b278e81230cb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
153d4c8bf3412569c06929f4980729fe

SHA1
960aec1074f6c5f9ffa958935f76355930711384

SHA256
c5fa99529d962ce2a5e52129e93503e789f89a2fee838b76fd6254a3a1542d11

SHA512
dde9db3610c8a7cfc55cf8bd62bce6785b55be3e2fefd81dec572baa6385261baa63f63502939a51991ba22743196c0d65f86221e7cab5598b892835229df116

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
23f0df6d38306c1b20ac31441c2431cd

SHA1
407c1840ee36f1f1e306541413eab91cd3f30088

SHA256
434ab7bef695563b246921b4648c98a3fa7e5e65c01e1b9fafba2ce857ebbd2c

SHA512
e5bd734f25eb6c9cd718997b408aaeea79136c887e52f483aee762340fbad2320f797cef69365321651448b90a1d8755796e92630f8e122010abace9775cf742

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_31F76613FE0A74A21C6F79AA5922B05C

Filesize
410B

MD5
5aa458209b76ad338ef527a9fbe8a908

SHA1
c56858a98ecec254ddaa834b8a4ac861db3ea071

SHA256
15ab603e5c6af8c356e44144ded6990e448daf82c2085af03bfc13bee4dec8dc

SHA512
37d4493f17844d312b0174adb31b710f20eb2ec0ece7551d28db18aa239fdc1ef847fea89c6e4c0393a0e0f3fb00be7cb0e6790dd4b61406ea2d45cd176b7713

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_31F76613FE0A74A21C6F79AA5922B05C

Filesize
410B

MD5
aca875cacdda15fb77a3880cf71a98cb

SHA1
c3dac3cf1ec0144e8c1d4de257afe84666bb3712

SHA256
761aee01df85609b65d8fbe14e5a4ed27ed58a04933e3ccbc7595935c82b6204

SHA512
31f483ef64d9a8d1865108cb5225536ea1568c228eb16d1bbf4883271f1dc150f3ba28fa629ea5859b805c22aded30ba9dbeacab4bb35fe592778a8f10fb1413

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
6474171c3a73b0bf8c8a444945c35487

SHA1
d348045651cbc1ca043fa7f5dc05b257c60aea62

SHA256
9f7ae56944e9b79996bffa73d532b4ce836167cc8b9627a2114691be0b00beef

SHA512
a57a3b42a91b6842dac9e66200ef04bcda89dba1bfa2ed96bfd77e45f84307ed3a005180221e9f82ce0561c05dd795e85daa4d8e9c65ddd09798b6bebf284e54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
afd3ea5abc6e1550aedefebf9c457657

SHA1
4dd969e14f992e0380f02ee97479aebe749a381c

SHA256
26ce18d392c1fdfe9e79f1086a3582f6b34b7baa5d97f442f14b02e97635d674

SHA512
59c0a38fa3d65693f107e19819adb9a2e8dc8638427e71e9ebb6ad21a3fea11bc33f17d87e0fae6eece5b1f0d45efbe293b7eccad1f08420490753ff7b513da6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8867b74aa818bb2fa11d977178c3d1a9

SHA1
29d697ce79826708054cff51df3f453f83e6ca70

SHA256
cefb2a2dc01aa40cdf562d4cc9dfdd0cf19a43076735d1d5744764a18b46763c

SHA512
36259b6843d57ac692b1cfaf2258f028668fa9eb48f315cb563c79bb436d5a404ff8714c84c97669eb2818ebd09dfaadf7975cc5a663094ee9f634b314c9c7e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2452a969625ff5a1be330ba6f65bcfb5

SHA1
e37c485ed8ccc8711503813563886ae779c2244a

SHA256
926c83db0f7dfa2c49faaef182a49928979b61c81d24443363a98b4fa3da33ba

SHA512
68cd45ad6daafb82f5bb0a6bf24018669bcf8d9ed4a93c64bcccb27a27b4e3b9cccc8fc4e2209f232bd39738a27c370aac2e7609a25a35a2c6f71a03a9f102a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81fce9373a25718a7cc4217f700449f0

SHA1
da1a06402c39f89f6c77b20db8c1a401a6012aac

SHA256
ce57fac2123c249992dbd2e3af2d59c01cf21d9212da3b4bb1f74129adddde67

SHA512
a522f24e158d6880e848446fc3983911cfeed233fab5b327d7b6b613345ef2e23d2911a71fc1cd27a5b594ed504e9f02b5bcab11031d6f0ff204add80afd8e7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29ac256049f5655f006167c0129a1948

SHA1
7bf800a0a091027cc38bf14066b7ad3a07d105ea

SHA256
38affc534330eb324c09460efd0f5527558284ac5af643a5b031d4f895c06b26

SHA512
ed0cd6c9415ddd6e4aabb89555780131247983b85b8bfc05a2df37a970f2d68e2ee695ce1fa12935217c42047fd1cab507ee20567efdfbeb6f72f9b8b3c06607

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f42e54918f0644f71b8c7184f0f2f5e

SHA1
4c4b818b1a5d04502f8162d57dc65593becf4538

SHA256
c84a97ced74e12e091cf2a38bc20880a6e7e9bbce623df35d0a7dbeaae81c222

SHA512
0d51846caa5e78fe08a72e717d48cdeacf0678bafcfafa40a04f0d1a65d8e55fc3d5a4b7f7ce3f065bb81aaeb1c101b57de7f7db93d6822db7bd5c8b5c1020eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f6fe090b389f2f27ea4a3ff53e8f43be

SHA1
4bfa08c226cb12c35b2127ae6a78cdeeb7766c4c

SHA256
42105ef3dc1a6178a9812347d18c66282c440a4dae99085ba0b416ef0342750c

SHA512
6fc588669f9d3c0ad72b77f34d96388300baa3e50d3bdc5369fc9fc5eb165251d5c086028127772089d602429952f0080356cd9c0dcd4c6771b515809885b125

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d6266d8a9a8ae482b57a81b5ac83abe6

SHA1
151f159633855567b7ea39569164bfaf66fd409a

SHA256
ef5af81fc3648abd4e339d9fda43368271fbb60e4024f62f74642a73e25f2e8e

SHA512
651fa4548110171e9904ff3b7310a9d060f2e408e599500b9a7c532003a570b3211706b3e861cd1fcec06e4830aa1e5f0f07a6c28e465ed6d7a1c0e482e32b81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c6f94f3a6d6673d12e5a79c2791df9e

SHA1
d864b77d45500d076214606de1c3bca92c1a65bc

SHA256
ac691a34bfc875d0f7f21008d0ffd09a6f320d5930c03131d15d90992f5a713b

SHA512
731fdb38f1646890491673ee9737bf16e18cd86ba09c6bae557e46571b2bf98983ed23f715c32eab509cde9221ae3ad15f65d0908562419360aa7ea7d79c032b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
2ff3c69e5dd4c3b09ddcb72b179134b6

SHA1
d4efeec3e538a6fac6bfde963229b85d23a6c8b7

SHA256
b3aa3082bf882b8367656acedd2b113ea0d9283d6b99e071a43df0334728ec1e

SHA512
274703c7cc58c06a1da05770c461607e3340db6d60292e1ccdd556ed76ffec01bfeb7c88168e3112c30438939d874960497744234a90ba4fd4e50442eedd0882

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
80ed7cafb00578ba7c28981cd0256dc4

SHA1
4feb4e1b8e14d7d3fa5e8b3e308236fadffa0f4a

SHA256
7612a2e40c468a2dc366590fc8905e2e8463d43447e49788a8dfe31e6f8c1343

SHA512
f901b6b9f33953bfbf02d7068b8738ba511ac3093609fc6088b8396397c101f887ad0978075865fc0ea58980c5adc3188798b97ea87dcf00010c32f3c8776312

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9F5B.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9F7D.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit