136a0fa740715a6467d100d90b299dc31c661c21683f11f43e4dd04cd405e785

Analysis

max time kernel
121s
max time network
133s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/02/2024, 10:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9b707b78f2cf67380b73875f839c5553.html
Size

23KB
MD5

9b707b78f2cf67380b73875f839c5553
SHA1

67f7ad29e07eae66ece876f574974f0277e19fa0
SHA256

136a0fa740715a6467d100d90b299dc31c661c21683f11f43e4dd04cd405e785
SHA512

23b649cc6a5bdcc119afe4444d267cdc4017155b2162064167ebc2d14036f5c7a76fefdf9280e6edaa93ff2d16a5e098b77167a28602ceac9694990186ca2c3a
SSDEEP

384:FIn9RBlJJGJ8MI4frsjM4T+pWHCHbHNRZzP6x:an9Rr88MI4zeE/ro

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F9CAA7F1-CB23-11EE-99E5-4A7F2EE8F0A9} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10aac1d1305fda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c0000000002000000000010660000000100002000000091da282ce0f0cbb93bcb46166b64ff21a3225c98c990f15db812be76351ae8ce000000000e800000000200002000000069c57f5350f5ee1fe31a0fe5eebd53d3a345e98329c7b81dcf1f65b021ad189d20000000057c5dec62483c885a0e083883e0d3775a63a9f11bcb0dd046c50d0512b650bc400000001653c8b826bb709f654afa8ee07ce2df0388ee852b069687bbca19d1a939fe0f7f20cf588ec6bcd9acdf69e2857069283c47a760e5f8c51f848fac63de96a5fc	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "414068457"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000580e1c8c6faee54b80ab28599b83677c0000000002000000000010660000000100002000000066329eb8d55a41f6d7270a3b41d5e91ca256065f782147cb95073752be181f2b000000000e8000000002000020000000ac6eb60184c68f6e3df0eaa54711df57124c72999fc16428703d33a6ae9b8bfa9000000089659eda09304d16f24382a614315314be4c4d64c5bdf9c75b1ff3b8f4cf3cf259dab85b4663d2f0ebdb2f481befea696d2eca3eab417196416b5fa1ceabfdbc3001acdfae4cb68a8c7220e2f356a1155d6cdb3fbff63c3aae05e15f92eb248651d6cba37eb365f8dff54dc93397c6b23bdd4fff288927522069ac514aa5cc58a76865de92aa6799ebfc7fd0efaa9b6d4000000075b2345178a765c906ad43eed56d4fc446a0ea7f7940922efb14165d82b869f9090df79a5173532336d64364b173f143a498288bf0652104ea6ae3a38e3fdbab	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1044	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1044	iexplore.exe
1044	iexplore.exe
3016	IEXPLORE.EXE
3016	IEXPLORE.EXE
3016	IEXPLORE.EXE
3016	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 3016	1044	iexplore.exe	28
PID 1044 wrote to memory of 3016	1044	iexplore.exe	28
PID 1044 wrote to memory of 3016	1044	iexplore.exe	28
PID 1044 wrote to memory of 3016	1044	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9b707b78f2cf67380b73875f839c5553.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1044 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
25e68165a2183480cf0a2a5fa97d581b

SHA1
d3ac0c8cb23c28680b7abd52bd70f8774a4e37c0

SHA256
9cf44bb6a6deb8ef5911cb678b9a4571a9d6a60683a67e3fbc6e890341436bbf

SHA512
213c3aae3290c3f820ee9e86dbcd9f1d7001c80b550eba7baa98e087cf6e6502aca478f270ad11240c03ba250bfcf1a6f9c50837212adba34eb076c97791fc46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3418a9bea0e6d9d82bc36ccb30aa6a2e

SHA1
6b4aa127d6cd2bf2ff6f12c82ecd7ee77fe0f0ae

SHA256
57cf61d58a0a73ddb94002ba73048e86b719914401fe62c5aef9b1d1ed847367

SHA512
a5ae25efc2cb256a9499fefdd91cc9a13f26c5729afd88180123c96dab86aff7c479372ac7797b689bdaa3966948e0dc987f888a4cfc2642b8eacca7b8413859

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ceb9997e073d384de4dd96355e9b8ac

SHA1
c1cf3d39823982cdd9ae3d6701e3df51204ca292

SHA256
a7a845f505e6ad699b1c63a3d37fa010fecbcc73b3a974ab027675732f6d520c

SHA512
3da001f0b2f6527317315890d00459858a72b8775625a88bef7cb45b550c2b1b9c4493fa232956646de92dc615f2c45cd07c3044365cc4098b168c245ff0274b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4bef73517791dad62fcec59446d8def0

SHA1
aeea9459ef1d5874ff2d477047d02cdfda9f1f05

SHA256
2c05c93a94abc27bb360e20e176daffb9e792c0f8a4020813f7fc1a081f55331

SHA512
4f3863c187fda9833ab728ed0d4ae24779a7c62e9c1c182f70ffdcb20435cf911d4c810a3b8a027e6779b597de0a07dbf4891dd321d65c9006eb6031c6faba0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d3fa4b1265df7390f85ddff07acd340

SHA1
d129bad94855824fe97ce12e8a6f8260643e4044

SHA256
388feba6f611e8167e7a1505b660490e94f71f69672e6d5b4d2dfb8b4bce0299

SHA512
a5158626da8f408cb847862403f363c72fa3677f426827ae07e0a990e241b0fef0c39d387a04a5ccd8e873424572aab149faf25458523b45b42341e125212f6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a64d953da08d2316f78bc47e3a8bdb47

SHA1
5aec79fd1c1558016f3098818afe9b15d52082e6

SHA256
6bd9e073ef581e04c86e1a9056e67b8eda59f43713bc3db5a2cac497176d1cff

SHA512
738ec25299c13effb55e5948d2e15fae3e6f37ccf0ce35a447e2f4e3d9c22ab89304d206a2f1e01fb731bc4d64a02de25bae7fff16e20d0e7c34fb2cf3df451d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c2faa40e5051602d726db3a820fa7c2

SHA1
924f8c88f8aae2a04dbf7c670ebc7d7693692ed1

SHA256
31c573a082ee4ecb8555edfe1954da5e31995d203c5ee85945ceb455d1497eaa

SHA512
de8310505abe95af08f9db7355c5fd071fa34edb7749e455509fc8e48aa56f483d6961e351db31f103a80c4f17d2991fa368e5bc5a70f02ce8babfeabd606307

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c6da1d34bdcfeefa7a291e0f0180b200

SHA1
da102167892fa9eca2867c9160c5773190a10aab

SHA256
41a33fb40e4c4a24543e8d7bb6ea8373832173dec82a918c3d76273bd9d9af00

SHA512
21be59092d6d08e37eb296ce5e12c9ee24c427759ea92ca7a87f55a88a771b4edbab69bc812f7b3f935fb6d39065b9aa3b64a07cfd9b848fc6cbce1d875ec3eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9bac3fb7182af5e340522b1f3c79ad28

SHA1
0a13478ae0da93218ae6a254dcc486e331e793c8

SHA256
acf8a6f5a30583d1bd2efe8552a62d73281d2c744b094e77650d58e119e17bb7

SHA512
c5c58ae90d22b217e9f5ee056407f126e22d9375a6927769ec78d83076a4319b2163bc4b00100e974c770b141bd759b90684f3c38fc19c5f02e0df3777824bf4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9966249864b6f2645f66061dc0e37443

SHA1
24a4def420e7879be5f800cb19fee8105eb99742

SHA256
768b41772d409495764c4d124c563c6852550f23a0470007343ccfd474929e67

SHA512
032085ab957c90615116a71f1c4d8df0a7c1f6cd0ce73018dee05ee893376b66ac0330549f12b037804654510def9097d88e1d2a4d17b87199feabbf45b1ad0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fedb3741653c22ab72505c998afa9b2b

SHA1
76498541ad10738067aa8ea77886bf7284819e00

SHA256
3ab6ad33ecfbe4e1bb7dbb76fc9333a6ca0f90e2f7b7e7671382d2e427cf7ff7

SHA512
b0a391525f9fb32bfe5d84fa95dc0300ad76e43df361bfa02e110e6b160703d598e7ae24185f56608b71ce31121fc56e2241f1b4a403a0a24fdbd4678993004b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
770658918040ee009a249b26c9813f46

SHA1
96359857e5c7e4a6b33001a89ec4e03fe6c0a92a

SHA256
aae4204e704d91cede68a2e0e8c99e7ea87a27c4ca82ad024c65a92649c736c2

SHA512
c07ecc7b130cb1589d623731bedd52e9b2bf94a1ac4ca6749625a329c6684f8505c630c2f26d9611115fdc40e028c0ad80bb9cea0caaa67eb1867cbc7eb89803

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e60da6e052da43003989f9842cef139

SHA1
6897dc8b7467dc63f0d2bb70ed941be435ddbbb0

SHA256
2ca9d0825aaf824ff35a03063737f2daa6a4bf0d1e2d02c770645e96910a70e4

SHA512
85195a32f24a3fdaec6381bbaee46a692c7a6ebaed591ea4f406a46081116d516349c33176e88b41e7682a7f214aa2fc4673c198baaf1002f8b78953251ebfd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b7acb4fbe79b7b778053190234e9ca9f

SHA1
5f9063d55dde6cac3086bb94422b86dc1116ccb0

SHA256
d49e36def67b3f24cc067c5474351723eabc251b8f1067715944352cc000bbe5

SHA512
8f7f26b19af7907c5782059cb56c4501405aaed36ea5163b8ddf5289e73b34cd100159ce4210850b552d3dee5e7f58efd063bed7c2ea557533215e2761a085a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
43b6defb3f8a59925b904a4f1eec401a

SHA1
eb4c112dc995f3d6fe38267b0f661c67839b8024

SHA256
7137aa745a09066219224b51b3f1250e9ca8df3967ecb32f6239236cedbfd63f

SHA512
90fd387431fd3db4098408aad072e93ab527d0ec57776b5574eb3123c3a7282f429bf10730d239b8073ac5d0ae458d9e61b84ed2c318460192d04c65c8201cb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
de4335735483ad4cf81b0857ae53a355

SHA1
08b3a4a8118881097c17de81d96699ce5fb2a895

SHA256
c9a90c65e40f92f33a3b6c3cd3f4eb9782fa046e33af0e4938571d57749bf71b

SHA512
7718d4f345db13fd734fe144f4c8c1f9a471e7174f5644fa241ae5999d27c16f6204ab05871ae56b27abd4aa67d916189a8d596c0962701f3ac6d41a1d77ed3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2277979a417e945b34e2bf49b97c7827

SHA1
f241f67c95a645809c181d8e2cf5f24afad51d0e

SHA256
e79fc1e1b77b0ba2aa85311af4d567a6d786bd3a10c37ebf8523bc716010c2cc

SHA512
4e2b635cdc66e2ab6d4e3de822563620e6b90aadc4d35ab2850679d73f1bb87d78ca409b0c0fb425e8a80de584b463d79f2d6d11b45745d0611b2617b54e3163

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ca1caf39e17876e159b92c132c1bcaa

SHA1
b878f5ee5f416c30b0c727a76f10a3db61958112

SHA256
409074b9a16e31165dfe41414a36901241ae4f84ebf3f829ac3adaa36d270bfc

SHA512
16fc8b4411e57745eb34c94b137f8fce6235ed2a90d413d6409feccc269251df6da4fe0e970b8ebccbb8b145a4ecfef70baa8831cad7f412c11c51ec7a630111

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5736.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5843.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit