ea85a1f16139a399eb077abbcea6a47a522ccb63671fab5b017950a1331ec1a7

Analysis

max time kernel
141s
max time network
148s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/02/2024, 09:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a1886bc04f6e41e0976a1bffe42e2938.html
Size

66KB
MD5

a1886bc04f6e41e0976a1bffe42e2938
SHA1

635b3e2223eeb596ed3047177710887c89b03225
SHA256

ea85a1f16139a399eb077abbcea6a47a522ccb63671fab5b017950a1331ec1a7
SHA512

c4680cb69df182f10ea3c6f40900eacf304cbd1eeda07e785e6cebf4ae4060390fcae6a8d0d0cc66d9969e4275aaa034ca834ee1f32a257248333f5c05fb3dbb
SSDEEP

1536:/3UVGUExdzsmKeTn1FXt8U9NjkKJ9CmEIsYZCzE8I6l7C:yydzsWD1FXt8KNYKJc2sYZCzE8I6l+

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FDE246A1-D2F7-11EE-8356-E61A8C993A67} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "414929173"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2964	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2964	iexplore.exe
2964	iexplore.exe
2112	IEXPLORE.EXE
2112	IEXPLORE.EXE
2112	IEXPLORE.EXE
2112	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 2112	2964	iexplore.exe	28
PID 2964 wrote to memory of 2112	2964	iexplore.exe	28
PID 2964 wrote to memory of 2112	2964	iexplore.exe	28
PID 2964 wrote to memory of 2112	2964	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1886bc04f6e41e0976a1bffe42e2938.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2964 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
ec595eead4c696d69cc7e54cf7427b8c

SHA1
e4dd427bbdc246a8a3db0cf7e3c2e33bff548532

SHA256
c209f113aeb88e5bd96679ce477df1d94d15ba8eec514a0a2959448cb5491ea8

SHA512
1f8b130ba089c8b95a5675b4efbca6418897c24ecb62344f8d2e68dc9c65f1a4c1a5fdfec430987e3584ec237a4511fb13e316e266b4e901e4fb64701e5de5fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_FA49E055122F4CD07E54AE9E838D66D1

Filesize
471B

MD5
682f7d4e13677551b0c1f3932d74b2fa

SHA1
7cdd70f6a571440a165a40a1a471d3bfae981468

SHA256
a380d3ca2e735caafc91ca249e678eeb0cded7ff5c5246eb11120692152e8287

SHA512
acf12f093e87e6cb3ab8067791a6222fb088bf5f8ec34fa0de0444891d5dbec26887f96f9d73a70b1310847c27bb581e2c7c86ce3151e9e4f94af94551095df8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
51840e1819100edfb50ce28830d128b1

SHA1
611ddcc7b4f9731020d5a2cc9c1729a35ab7e302

SHA256
ca43df2a25fd3ac5c08e74229cd130207ae975c0c20cdcde8d47d8426a5872e1

SHA512
7f666e0b065e24a190929e627a0bf4d7407ca8011dcb8d7fbf629671856ece09538b0e58766b22e971228c5d540c00316b15959933a3da953aa62bcbee6d185c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
a2edeba70d10c422ab7eb40c36e84ae3

SHA1
b365be1b1f0ed5aec8032ee1e527d3c397a5ea4b

SHA256
b17057c91e1d810f26aeff0c65f7af518f2ea627667b99697b9df51704c2ea57

SHA512
3fe64a85abed3fd62002e087b64c18ac46b530f7b86001d0e9a84caca975cf8bf3202ab598547161cf5940554c035a92e84cb4cfe54c8bdb2283d3d7a6218c78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
1e27dddd3705519f0f1485c4f2a45f72

SHA1
bae41e7c9180948c8d9c89be8de2a9370d2551b0

SHA256
1c05af2ba3729b7ec9b1f3e5d457bda29cdd2345ac96c66b4111c9056d09a7ac

SHA512
1656d5247239555ba92d4e0b1e51021e43d1de6669c6402f88c04f124f596085a5c000111b4b50380a042a95feebdd15b2cf803a4fe9883c8ce778cebcfd0060

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c2023ec42b44e93ca790109a73313de4

SHA1
11ca536d394f26794fe55b15f93a946c54f1e8a5

SHA256
f69897360297d3e9a66daccddc908803c5f9ef9ea305e3466944a3308687fbe7

SHA512
4b0590f5ca40474b04393d049d9557c0bcb755e497335fa535ef82d92171cb1861c03881eeb7ea12bf6a98a8700348ca15120e562f46511ca15d36022b57b87e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
83684c5900dbfed1215f6168fac5bb59

SHA1
c604ad3f1d9fc36d7c200f5413f37f5322cfa020

SHA256
b56a9902829f0c54801d38b8606886f04f815d5364f84fcb6fe6b6db41844c1b

SHA512
58ed78b79c025461bb172ac64a3546d992c63765b3172cd5aa36a0d5a7e51f23b9e1d014d408772a46bb56516ef7a891140bed2994a3a4cf11c65677aed3bab4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5bf2775352787a8b7969a55142756b0

SHA1
f1d1f8d5781e415000b8e7b15c627a66c3539b37

SHA256
e7d16c014b280204b9ce144c621604bbdcb23ba193ed6653253266ff73421c58

SHA512
a6b00e15c247ad85ac51dc91ffbb44691020a16b97731c208bffa56f3253029259c1c4426dd7757309dfa7877bdae88dcf26666bf8522add6b8a8d5cce581793

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc41b82a5ce1b577f9218f20425ff687

SHA1
57d9d0c7cc8910f6a584607e0fffcade7f2d9dde

SHA256
6957926095ef1bd6324b051a650ec2c118ccff814490233d0be03b02bc6cb04d

SHA512
bd16f3ad60a160f7105dc5f0e575d9cc8594289f30cdf857ec42bd771d707d4cb44695a4a5974f5b1d08505bce72fd3592b678adae8ee422bbf7abee29bcb25c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
80f7601ae5c94295a0d9a7a9e1e56c7b

SHA1
c5c17dc28c4d9699490a9addc0eda17f42deabc0

SHA256
c22ad62846253148a9adab17bdd820d9b2c271e4ef0b4235c84435a24627062e

SHA512
4aba990a20e6ccbc982d8bf763cece048999c06467ff398597dc33849eb8c06e50c30f6f6b206803648273fdd25825751c86e3d19a06004e76c58ea8e49bd2f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
200d63a9e721ad58098d8b105d12da51

SHA1
36ca65dbf32e2dbe85bf411bb6799536f0bad2a8

SHA256
608645aa8520737c9d067b6b6eaf7bc10d9958084c24563243c6f5b123a1571f

SHA512
17bfca3e4a3a18c9e98297fa6163d0196223bf2e19432ef2cc6383cda5fbbba448d953df4cdf57e22d53f4fb3b1a9efa969929928dff80f5faab84b472516637

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
48870554fb5acaa6bc9752ffbfaa48c0

SHA1
4f027d7121c4a6020040cefac573e2c7e5196d1d

SHA256
d222e471bdf7d91f972125445a0442eae06872b356e4e3a5742b952511e05a3c

SHA512
f5a35e8aaca93136d70fb9f43db80a02a96a0760cf813b209048bbb39ff730f6d17eaac6b7f3a06ae54bf0425d470e9dc09e33b9fe5a8d53aea21b1134cba767

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6e1e1f4450378f0a36eca1df947c154e

SHA1
52776f2801df9455fe37f161c5b5656ef58c3406

SHA256
a2fe2f238eb51e1626a645404ac73543946c08dc96ca7ad12e10d1db0d0c6f38

SHA512
12a48f75c91e43d0faf294f5e70d9b3cf43ccf69834dc2b49986e33a59a7089c276c2602bd08e72580344622658dd813cac4bfeb3591834bbb50719269f35ac7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a54d2eba35abbb19f95c6e31db312e06

SHA1
3a9f458cf36aa468142576202c660fa879edd028

SHA256
83b763df9188fc6894ee327e56d115aa616aa73d1ae49af73541b3888e4fee4d

SHA512
b01b13f54fa173b1013ce06a05e146d744265be2a716145e403bf23c09a8b2ca1d7045c9aa14fda29df7675eb299ee83eefb1a03fcdfc39df9c9e6a14694287f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
26f16544d793b867ce67af22882a49e8

SHA1
7e89ce477a5cc0ff0c52c2805575eed775da5168

SHA256
a22d577140820b545dae2a7ee785259f2ea9a14534c50c51380de7abb68aa992

SHA512
e04e1c8379711deebc7078bf2b3db9c49fb378f16180258497e2f87229a05eacfeb734c7c651cacc73a24d460340c573402ab64969c629229faad378ca0934de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf5cbabd924f66c5acc0b282269c2522

SHA1
88d5ff007e6f84f635895fe804bc136ec7dc36d1

SHA256
bdc2ad2cddcec5d0e871419fda75b0a08767345f66172717f2a7c9ec105ae3ac

SHA512
8714dde5e19d0063fdece34c1813ff192db4055bcf02cb9ba4d2e81046c6c6240c619db7b8498f0a19c0b06a3a7ccc3f47a371b06840ab4a357f86ab0cf370f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
4aea0d34a211b52fe99839b79c6eb281

SHA1
6535580c377b6892f5fd876fbf497fb41c9394cd

SHA256
7696447f4337b7b85431ab49eae226efe82e2e5bd0049a433b977f78c6ff280f

SHA512
61b8ad4d316cceea67d2bf415a1c7532cb541e5bbc221eeb93f330dc88e47af0d59824229e605696039e054a6b2b3912f320e22ae91ecc2fdf90d6934f674ab3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
c62e319085ece6609a829e184b5e6755

SHA1
48bceba814b9e4f936b65857edeae1f58329917d

SHA256
83e1b10eee5a0bd9b9dfc06794fa237b4d50c99ec84c15c1c76646b94c57f7f7

SHA512
d4688acead56934b542a1d4604ac4d90385b4522df78660e56f778c03058453a610af4148e4cf4310921b647a29f253fe83c46ba4435724b3cea4ca70793a391

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
4c03af9431ba9344467f2f58323fb515

SHA1
d1a43fe2e40d8335bb4ffa80e1bb294a88f10289

SHA256
be12d62953edb28401d4528470950abc66e97d0d85e19310303d491403454d46

SHA512
623d21c09e446de679f41b3d0ccfaee2a0a33972b623952da6f62f2afc9a604d4ed7757a3cc572cd7b70bf95b3b476108d69b7f14e3579a17dadffac7d5ca56c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_FA49E055122F4CD07E54AE9E838D66D1

Filesize
410B

MD5
d8e794de5898c907f14de461ad9a8165

SHA1
23e308add7916e55227e485b58cc85376d6b2c15

SHA256
6643e8c5bfdcd39391f8d55bade87f481c124d1f172d4178026eda515a6de815

SHA512
689bb8dca71011fa0b7da071f523d50e7d4c73362e03d57c73dc4d50130878efb8b7b9f0c6ed6620c20eba1183b0359c8d49889ce6ee6c969a7ca3d881bf2801

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_FA49E055122F4CD07E54AE9E838D66D1

Filesize
410B

MD5
f476e5abbef0dd4b58d21f0c18e61432

SHA1
27d7f3d6706c0d34b62c07f39d4f41c1f0f1b0d1

SHA256
1009c438e0d0f74a23b655e50eae31132f257f0dd52609c9bd745c13d8784d89

SHA512
461738ee65076214ba1bc016374009ece0d33684aa62999885fc8b6f07b0f2765aad20ce8346482fa450ccf8197a61ec381030a0839b4d011382566a3e435177

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1259.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar12AB.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit