d6ba2fbc823cdd3191758411a8d204fb65ca1f83ae2bb517bc4a7f6536d7f029

Analysis

max time kernel
120s
max time network
135s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/02/2024, 12:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a1df78ca1b711ad0dd3536a6e633dc5e.html
Size

2KB
MD5

a1df78ca1b711ad0dd3536a6e633dc5e
SHA1

4e0eade4e4baeaf8353172610237f1968a0a683a
SHA256

d6ba2fbc823cdd3191758411a8d204fb65ca1f83ae2bb517bc4a7f6536d7f029
SHA512

d952cce74bbad00c56a957889c90ee2f2ba54f63e6cd75f865cc9e7494e942bdd0b050f55156bdb23ddd64114609ff4497e84ec53dfa025b685ebf4dc80a2b9e

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 202d9c881d67da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B3D41431-D310-11EE-922B-6E6327E9C5D7} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000537174a4837ab3c072d73b67febf7dda8552835a5f661ccbf0f78e8e85ecfaf8000000000e8000000002000020000000ee3b5774cd2730cb78b99d3911c6e970ba95ed56d3e4bb9a996f064f18fd052e90000000ab9ad8e0116a6e9050ef21d927f1f1237ed113ae04db48d9b86a8807006fca13b833d4435540fe4f4d67ea1796507f7ddf58cff147aabb8e73399d85f2f99447e39ae04cec894241b8edef40eaed6426e30e4650cdf03cd060393d61cd70175036283aacce231adf69bc3e4b922216b248fea81a7c0e31fd498e3d76a33a39d22f2d23b4d851c7ae9e3cae6267f51c7140000000014e550eaf862d8a535a0ccae1c964405a154def1202bc34a50fdd3184a74fb9fdf1fefeaa6049236300c3494073fbe69f426bc5cede38efe65dab7b4671d40c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a70000000000200000000001066000000010000200000000a6c2d4602a60de64dd7777b2b9f685cdd58b550e33b99243d4edd5dcaa01ccf000000000e8000000002000020000000ad054e19f86ec510c66b9a4edae66a690b80f2a06b3a7ecfd3ddf1ca00b382f720000000c1b5d696b75b43213bd6dfd188a92da0a757e412d550e5210ec287cfbef4943840000000a5cc0c66a45e61a1b3ceb328056b2633a75ea548de7119f892dfe42a41fa121352458f9a32ee8bc074f80145034673e068a7c1b816cc96ebaae819c1bbb95b9b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "414939786"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2248	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2248	iexplore.exe
2248	iexplore.exe
3064	IEXPLORE.EXE
3064	IEXPLORE.EXE
3064	IEXPLORE.EXE
3064	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 3064	2248	iexplore.exe	28
PID 2248 wrote to memory of 3064	2248	iexplore.exe	28
PID 2248 wrote to memory of 3064	2248	iexplore.exe	28
PID 2248 wrote to memory of 3064	2248	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1df78ca1b711ad0dd3536a6e633dc5e.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2248 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d1cf1807b6ec3b74c0a0ad65cd28dbf

SHA1
06d98c3a2b568263533c1ba69f671cd736add8c5

SHA256
ab182f339e492c112731af6aa1b45758005f3aa28ebdd491c4e2d7d72d5344e7

SHA512
73a3caba092d3175bbb94a524fed8ef3978179143a51d1589fd00beead62eb6c35c9e9110e4b0f71b0bbbdad7a99744549d9a296018857abbef98b069e8fd1fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a9b96c69a8fd910d6796b4114e78e3d6

SHA1
4414bcc0b4bb9b751eaba830d5a4ed7603eb4007

SHA256
a8a36b9227bde493b81a3184f5a9a0c7c2f6de319d121d3e3dbcbe2bc4a75356

SHA512
091dd86edf9b87a542bf6b0968b4ef681c79afe6eecf9ed5eccb5f80b47e472edc306def9694dcbd63a26b0834bac97cab0ea4555fbc2ea0b08b42c7b0176870

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
746d15cd8213f636c204a15b69490e46

SHA1
428d5d5484fa9bfdd078d2d458ab1c24586d6383

SHA256
81ba804898c552260bc37eabbbce35731cf9d584515b01615e675c722468eedd

SHA512
0d8dce7be385bffb1b4302ae3e843299e66d21045c1227507bdd05cf08efecc07dff8ddd8681d3a99fc539359802625f0db620bbb0f73dd9458d3a87995e6320

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a755b267e49311140e4cdc62cd38a083

SHA1
f45b71c85d449520b37c32fa89b4213abcd8abdf

SHA256
cd1c09282b86bb150299560ac8a75024f45784e45c1ffc513c4fd66a000b1e5d

SHA512
033292597085e10b9c0bcbfcfd9e8fe3838b04ba69d2722fcd691247d38c4ba10fbac8c1daec2589f2599e703be7cdb16e6e61b27c970862142a9c88d7d56998

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
381e758629f9ae0b4348d79c57073721

SHA1
dec4439243d88e3bafd83e579275fe9e2e60f782

SHA256
8105da874790fc33b27b9237b001398051536b58e44cb0c9529fbbcd17d6fe35

SHA512
d46bc9f6377863faf5dc12ee6049e8c0200cb7bc13a647dfd38faec6e25d224b6e5a47f0811b3e0379eed3f4a387cfceea9fb4f8cca41e584647f9b510e5a4de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
15a7f1f528a01352ddeb75275099973a

SHA1
5e75e8e129d3778b26c81c7f935cb3ac2471310b

SHA256
0d141a0aa087c9fbd7b896c3d47c6d8454a4050fdc690f6b8e150d1d33f81d3b

SHA512
29e45a03930471431d7ab0305554ab58cbd515bcf0e9131b6c7a89409291b692537e7b86334ab480fd4d800cb92cce20270520bcf0038395292f818068853b62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dcb5441ad5e4a065806aa2d9cc7f0f30

SHA1
e8e49c68e50dad9dc273d663fcc7e8afe656b0f0

SHA256
fc81d8543e5512a41dc365a6370f1b828329181c0d6bbc1ddd7309b712c300a3

SHA512
f07ed9080cc9b179d4c0d7d7aeb4987c1d6afa83f13812d538d19460559e2e57cb6e8c0b5bca618fe433f41c9d2bc6b12b0824d85819aab6197851a7adfbf380

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8cda151c4764f80bc0135f398b3ce69a

SHA1
2dea6b0a76eec1eade071893fb4aa96d00d9853a

SHA256
b204070efa6eaf842bba3bb2907607dfe323e7d8ef3e2da4ee956f2262e8ef47

SHA512
a6a0e00c2e57a7de38f9b258d9b40ae99d800551c0c1231b9f53208106997d997aa68bf5d1a1866e1391ff4a2caf7e5c31062d553a84751ab13891ae43804875

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
363c4adf02c0d548557e82b095d61b99

SHA1
2d0708b211f0138637b87de52112bdc7b88245f0

SHA256
de8dc904e27c6bd60c9c4c4b23347b88efbb947db769d560eb99f05c58309e64

SHA512
55fd5360b81b8be4918f1be365514234e2bb6b7891ad14caf75316bd71e9cd32d2f56ca9d53743af7985aaa57668c872c1a2f948dec3b244b5cf337bfa76fb11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
449fff8733425c408f80f8878efc6da3

SHA1
8c726f986e7289eb826aec9d468891b4cd6e822a

SHA256
f7e80b32bc6985ae9eca579f4ac3659ed5c99dd9c125afa2b454851f0c50000e

SHA512
0061182d8c862ce2b5fc3f3ef51ca7d34fdb00b0007ee1a01e5e79ec9bfe4dedd54587440f9ef869db0cb8e05a165e69543c73d33b7d29845c3f38282309bfb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fa625a8a361a9ce03acb3d4b5201872d

SHA1
097c964d00dd947cd2a14dd8ab21e25451b038e0

SHA256
71642e5ce6078fab9b0eaaf449ae3fdd06ec828b52c044c52a3a4b21a9a4cf8d

SHA512
cf7c7a54d54268c367076de476f3f53c2f2d9a9ef6d7960a9286752a8fe3ed492f2f7e138d131dddf7a55dc77e523f4366f87c9c49d8c610173ed32be1c5cac6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f0a5e4b84117e225bd653de15123b60

SHA1
e5e10a803493802a8a6faf09d99b81018628c113

SHA256
a0d1f5814c1333561ed3c402c796cf6fef573669142071a60234423174b837af

SHA512
0f1458064b94e5121a241a6aabeabd401c104f19b7f4b37a993b79990c86627568621d2e0e5b18caed8594e3258171530bb91a9fa6c3642f8d4eaf73388476bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e52b4f8f749939a2720e5d708bab63d8

SHA1
0ed9b67a61f6cb1e419555a38d26d417679a8aba

SHA256
acd0f76536282ce9118243290ec9c3c2107dec06133eb5fb3fd1041ef570a084

SHA512
5e9f2049691faa6670bacb3b4aca6402a1ebdc4a0c59f5b8dc20dc0dcdde54cf1cd976e8dae103f90df1f4d61c7442912e553cb257f56e54e6912458ac0c29a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84497269b82135733bbc8c94977a53f5

SHA1
88afbb3759abdf046a333e270fb3d014f613290a

SHA256
c19e70202418f447cfd6e88443b025bd7d4366235ed73db47e9267fc6fb2922f

SHA512
69ef3e61ee0a4caf99795dada80afe421e9497a9969e78124d2e8400ca90aa66161e658b9300dafa36d848178ff9f02e75dec62dc09f64dd3271c745aa79d9b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9cf323e461610c0fdf0a4a15ad226d8b

SHA1
0883c51da495ea80ce4b7506e7e6b72959f82524

SHA256
08ee724f5f770618d9e24860b205b39a3f3c975fddc149ce253ca10a3699ab47

SHA512
b5ef8b08069e35415be1f880ed653a45a9912ec20cb0560f21eef9517323ee71153d4bf9860044dbf4e57513b0ef5123392a00728aa90efa4a3d52d1fe8e258d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d0cf0f53d8a48363f0f4f3b106e3800

SHA1
283c3dee99d4383807f89a22d64bd20401e67cab

SHA256
5a6041bad68fd2af471c192d8fe32be4d3a140cd3d926ad57624baf31eb7d2d9

SHA512
5bff6b1668885f14517cf2ec0d3eb350ef8301861a7f17d0d86f3aaa0be1954312eba078c6b223656c401dbae7b941b862804fd4b0df2cd7d4c6153a6101d595

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3fe095674a20965f59315d045589e087

SHA1
85949a872f3e53b0b23ad34938b650eee495dc84

SHA256
1a36f7509718521e427e2c6268005cf18d5944469734d7130e6fdbf5fd9ce8e4

SHA512
b610bb2691bcf97fc99faee824ee1764dddd91be5e1aa79e04ce56bc67b2fbdc6c4523ce958746f357b7db8a39d31b3bd68f18458ec891e287559c790107efd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
90951e308af508b287b6cb1a1fc602e3

SHA1
3e732fda6a06a88314feac6c57fff74f45524ca8

SHA256
ebd85047eacb726fe5bc343eeac766a71dd6df003d52067a8bf5d8bdde87eac5

SHA512
16217c5fc2fa3b58eb82fd04868299e35c163debba16d378cfc039ab0a3c9326a4fe5cad64ec850542604872ec588aa491044b142f720077c8f2ff8821d78e00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab22CE.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar23BC.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit