e29f0e9979af5e8b6ddfa9a079db0a7e931ba452da5d430827e846b87009a3db

Analysis

max time kernel
9s
max time network
18s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/02/2024, 18:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

how-to-set-up.html
Size

162KB
MD5

17083d9b51011a3157e99db0d4cdda70
SHA1

21188c91c867539eab61fa72c1529fb86cd672c3
SHA256

e29f0e9979af5e8b6ddfa9a079db0a7e931ba452da5d430827e846b87009a3db
SHA512

c400e60837adf238d19390a623d7f86f0ceb8f5510f3abb7fb81e86166927556622b34b3f5818ef5a3a7132e0577048e6fdf984a99d1e0f3444daf9ca7408531
SSDEEP

3072:PH8yMMgYemoCaa3UjNBlH+JLp9xLXIB/xxFhbVNvnnq5EcQ0G/4cYsgKaXaO8JEb:v8yMMgYemoCaa3UjNBlH+JLp9xLXIB/2

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0BCA18D1-C90A-11EE-A031-F6BE0C79E4FA} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2996	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2996	iexplore.exe
2996	iexplore.exe
2368	IEXPLORE.EXE
2368	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 2368	2996	iexplore.exe	28
PID 2996 wrote to memory of 2368	2996	iexplore.exe	28
PID 2996 wrote to memory of 2368	2996	iexplore.exe	28
PID 2996 wrote to memory of 2368	2996	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\how-to-set-up.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2996 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
05f6aee9fca5d2880414d5d021ab39c7

SHA1
049d243d57857c894c9834fc556e2a40900cbc6b

SHA256
c28dbda5bf9629050f7cb09b9a0481fd295346b1bb869415d4fe62509a45f6bb

SHA512
b47492ae58f034c9f9d474693f7c2e6661305eef6159f6bce2003b405f3b613c3a26f7ae7000e60e376dd1e5835bc7449af2398882c6d52c4343abd5999ca4c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5322bb001520cc9c06c7c5ebfbf6e7ca

SHA1
62ce3c05dffc8e3476d629ac57ab413f53c794d7

SHA256
81b72302d562073df468d6de59c10ee6e2ec2ad9a00fb905b39cfe9a2ef10448

SHA512
6cd19de64219539d457cb40174974db326e1f78fe0b1ff9b0cd14e852283b5e0625b15ca677f43b708794f12f6531890468767e92a8df89b888c0f32dd34c730

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc68a67973b3070d9bbd21928df98322

SHA1
f38b72e18791c8a27f0e97aee4164211708f7132

SHA256
dc1c8b9d59565247260ce528c6edbf764fa676f17a0b1afe23168ce76313c8e8

SHA512
3785089958651eab3cdee0694f8997d433dd83dd559acead633f9db7ff03856c2dc5738185fdb7b00f79eeb42e33b8aa29298a33cea015e88b115b09958ddffe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc40f65e90df2ba3704d28bebc57f2e4

SHA1
9bd27546087bdc72e7bc161a309ae7b003b12f93

SHA256
df5822f0103ff7b826eff33a62d586f4718a81f650f0c26d0c5fbff7fbbf9e04

SHA512
bfcd2b0d12cbe0ad9678ddb5f3e9a512e5db12092dc426087148902aa74643d2f80eb5b2a2acfc14614ce1501db668aff233ba2f70e9cd7db852d2301c844397

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d89e4c201518be96401b8ba471b024c4

SHA1
2258f76c4e140b23b82179d77157b679d16b31ab

SHA256
2e829023dd43322e355299250d2f530f38264704e63bc3193b48e09069c7635e

SHA512
df2323668c98cf19fefdc89625e93fd8fd8a02ec409a3c691df1ed0acffc5e966c45f760a4404cb88dde8b64064d30de1a7f4adfb8804945dac49edb0e78244d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e5e3ab77330528f31446c1ccf390b4a

SHA1
25e9bb6495360803acf3ce5589b23babec1f6ed1

SHA256
4de8d53d6627e96a61c93754471403fb3b9c64f567a414a04fe6946dac1a2b48

SHA512
b7684986e351c745c0a1835ddc2d090ce9675e32f8f8010f942dae98730de46fcc2c4a83be1956e48deb49b7779efd090d3c09ac8edbafefacdfa345201c7dbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c52ef7a35138db8952201d299743e82

SHA1
930bf3f8e543e5d92ed5e0b7250dc6cb34aab905

SHA256
b85e04307924ddde8605759ff5a763050b38182821b1c3fc1b4a3dc20f7e3835

SHA512
180f6fa12a191eef6a3bf815b241e0f63172b025e29a97835219a06e61c8fb8edc90c09dea13207a6362457373a40b0cec4ae5b9d53d3ed279f358397333951c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ad284da2c1b4522730d6b3c1dae1043

SHA1
deda8bb1a8bfcb038441895f79d2b9e4b4f7cd4e

SHA256
4d8c25658f23399a1796fe8c1c9275f88fe0481964bdb7ff07c289789e02ee1b

SHA512
651b29e02b44098f4edf93121ab5fb35c3054117628e16eea6e317a72b8360cf815aaefbd8bf241f15a262e30fb01c09c5b6a098f7715bd81fbd83fe7e11db79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3790562267567ca7976425384b3aaebf

SHA1
f9d3dcbc98218ff72126dafefa279c4172fa50b4

SHA256
db4e2aa096a6e9a928dc990b801acb4b5c71fa80cb1ef1a0479b24a8efae2444

SHA512
bfe7029b9930e880f5ff172528687671d6852da4a92497b12c2a3389212608b07b96f5040d197359fd8f9dfabb032f0fc4271bff91df3c1f68c0638742cc4c37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c42efd2fd7ee2c0d997e20dadccacb0b

SHA1
4f8a837628b0e2b58abad2041469676d9f562a64

SHA256
b815a9db190aebb043607ffa613e498526947d2c36b8888da029f948a85e381a

SHA512
8b164324d7200d8e64df24ad5592e2c98d0d9a0a7e228e21094b0d198eb84d051373c74b87483ab79472bac6c75e2bd3706e3eb8e57044e266df094b240b0667

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0a45cb3d5837a903454991492ac9a94b

SHA1
2ed7927dca2507254f545a84684de0c8d8d328ee

SHA256
bc5054d9eab1bb8bbbff44bf916fa2d56fcffcdc7bd07ab7fe916355a9afd3da

SHA512
9a936f3387ecd5d5140413380122d7ceda24746878f41f5fb2519346f7abb914320f95b7bc83486c2902146fc546a4bfddfe74bb2302b5e601b921433f803d5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
895b4bc5cad7f78a0cc89e0862013909

SHA1
cd5704c76ba5b6f6520b6602e3a3a84dda5b2ccb

SHA256
e4e0a3bb7fd538fe4cb6c40c3d5c194fe44381ebc7566f0860c0d03984ced496

SHA512
16344ce7dc2dd189e9900cc4485e6e5e710c7d5d0fce483f230a925c2a06847e2d63777192750fd6514cce54a1ff97fea66d8ce2fbdf0da63adf475ce1751d57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e974fc2f7665bcefa612aecd24384288

SHA1
01a3c05e27d52771ca51246a8354ac821de8b142

SHA256
cff6c4949b17bdebf56f8674d32cfcd162b04a3d067628b094f1426fb1b7c4af

SHA512
1f91be2551dc7267b305739d3d597b0d0c10bfb8e1de437f13a9fe0baca69dcffdb3a4e99cd45360daec2988c76bd2be1e8de54baca2bdf1e846128f9d27d71c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
004ad922a8b5a9cec82bb9d81b856640

SHA1
b889748094aec964ddce4fde2f73945e017a57ca

SHA256
ffb1ea6c2db17acbd92dbc400bdb02c4dd296b5c2cf750600139eec1b6bd4623

SHA512
0894a6304bfd20cb6f96a34d9bdacb67dd66420184dc9f4e79026c4216d6bb90dbafe9d8f1b79fb5365f08c6868bda14c4eb691d5d152a6ca3232ea6bd7eea30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
329662ceeabeb921b2195963a1da7af0

SHA1
c0ceb955239b2b7e1150d4bd6ac937ddbe96ccac

SHA256
257cb668e0fec45adf080487590c26e1a9ea942239e8492cabf18063a1f3c907

SHA512
6964796c8d52324edf0b12919fcf252fb541289c473cf9308f660b8ebf4bb31774f97db725598d9258b8f2363589e30ec37d9b1881b0b6ca19ed8549e4d3f070

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7b88cea636a5acfa472eb433a6a42f8a

SHA1
b2646258a17456c64f46f729c3b4324b4c0077af

SHA256
c8f4f92173dea714658385a1ce0b3f27f53fc7152ba512643e9978d445285645

SHA512
fb63294aaa52136caaa066985f5eec456a5ac117275768212bb69dd4a9cc1d3633fb252665ae5a4fc9ba6a2687216efec522c33dadc03926493eb7b34fab95d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8a1f50744e8080e743928b7642c0abf3

SHA1
87ca5065bc5aa3642789eb161cb253d0a192f929

SHA256
59edf7e1a3440c2cf309366b410bc1341e3ca170b3dfefe4e2515d5cc807d440

SHA512
881f0b25ef2674a6c2570cfb92b0eee6c98ddfddd94b1af0f96fb029680732869f5360269596ab5f7f9eb6ccc2d471a6cb4af2f35cdc4098f60e01f28bddc4ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
deb08af3663dc8ed9d6ee74166567f6a

SHA1
5b2d6845b6b7468bc46363b84a0c8d2105d25c8e

SHA256
5aa4d61b3e6ac2dfe510269855c2a8c1dbab2ecebd9cad8005728e3378533622

SHA512
4d06f3a6bf05d8db6615b6f9479b197191abbeb67c86db34cef32dbec0a4c5cbf200c705e2bce2db21ae7cd221fb18dc0ce0841dcfcc658a4152634195e67e99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
040955badc6590efb24db2411794e7da

SHA1
2b3e6ac3ddc8feb6cf4aa9eea27d666aa0b1ba24

SHA256
5ec861de1e9528d289e8cc89158eda12027c4aeaf1c37917fcb1e4bfc04fc8b7

SHA512
fa23277bcaa08598bc43834c52ac2c108fc0eeadb435b2a07cda59b6553ee539d73770230197fafc2b3349666fd926f00647207d3501c8700130b3c8b0f2dc1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a49386e074ce6457a580eb38a0d27d0

SHA1
fdf3545740786be6a9b7782a661def97b1222704

SHA256
fc6494e6f98dfa05b03c00e3efcb542b57ab5394956e007516f0ff794aee0273

SHA512
9c7231687cf62b309ba9a057302db89d3f13bed026ec57543599317b783a6b8990226bf0e06014e30eede489db654da8161de0dca1e5039e6a2ed7298d1899b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
27f4d632fa118ba317b43900688a0b59

SHA1
dfb368d1cf39c1c3ac44fbe31861e61a0f911c7e

SHA256
05f117322247d29d8daa100a7c59e394a2def034ec331c636c234984e3695edf

SHA512
51bc0e5f7f7d26e9b772947cf3286a62f8ea7148438b50e47e21e70523c627f8b4e516c29782bdcdef26c0b0adf150291f0e946cfa752f4fac1a4a19b5530188

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee4c2d69472a973e1e9288495abdb759

SHA1
5281e017f9367b1876cc361deb79fedf47c980cd

SHA256
1c5e56674834a88e30481f4fb2e55a91bb7def51929406bf8f08d4d13f958ce4

SHA512
27df1d88c9d20d635c59a76729d3b1693b4c8d89ddcedd0fd0d72488833e577ea7e282879660f9654e8a04b9abcee455cabda33cd30d272d454346b82e56835c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6bfb4b82e99425711af872e29edbd5b1

SHA1
04348d051e92cff51e3bd476a0e07e2eb27ffe23

SHA256
e5589db314dfb2aa5e6045a8ffc75aed81566a6bcc784c9c23603f90e48f281b

SHA512
c983b42e544a105b4f6076a4c54c3e7e37416867f1dcb821fa4f69e5e3e225ed34a601ffcda3f68dc4cde62ab131a0a8ff21efcebc1c33e5e32445542423dfe9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3978.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar398C.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit