988e667e9e3a91d32a0a47c457a6d5747ff809976b771d58e8ffa0e39be7f27f

Analysis

max time kernel
122s
max time network
135s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/02/2024, 15:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a23661c93a1cc6b2a27a95b011bf1f4a.html
Size

25KB
MD5

a23661c93a1cc6b2a27a95b011bf1f4a
SHA1

c6e38fe932c5fff2d572fee4a64988758019cc7c
SHA256

988e667e9e3a91d32a0a47c457a6d5747ff809976b771d58e8ffa0e39be7f27f
SHA512

9199cc43edf1b03ea2f852753347ddf30b6a02b9ce40538bc5724b04cd74535ad1a176106d898a86c7a56b519ff89baef2632908a10b20b3e4076fac4681ede5
SSDEEP

384:/nA4ywYipFVKYztvukeKXXTuKwS7dvaGNLIWQQ/U4cR1LeeIYECdG55LkuxOk7gO:v1mStWkekZlZhN1k90t

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ffebb09deeb747419e902f1accea58f700000000020000000000106600000001000020000000d989861186811b89aeade8c79c3fb1d5d852af200e856010d776d9b584973565000000000e8000000002000020000000c8a57238e07a8817e4c2d49fb506fbf5e5236854989ef5e466953da1f4fdd1c02000000045449e2d5fa2db8c60240bfbdbb8e89d0c58afc317d764790f79f7466c3047f940000000ffe76078e65324fa5231db83b84b9335570c1511e4851e094b191766aec671bfb12358e6e1e50954cbe06e7c6843223d0e327537bd280dd03d5ec612b72cf04a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a06c3b463867da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ffebb09deeb747419e902f1accea58f700000000020000000000106600000001000020000000be7cfed1b0f40e1ffde37313acaa562164434911e6cb3644889c63db7c533088000000000e8000000002000020000000140398f4b20c0160af97b761ec0e72180b69ad4d381c7f51310dfc260e447450900000009452b232acce8485676c5263b4c3c8062f843b620e12500aadc1a1d2dd3b358dcbf3c2bf7ee00ca417ef774c356dda0a7a4fb946e87457c679f81fd0eb8cd4764afa2d28724805c35317fbc176af6158554233c08593c901b6785e1b86acf7262280cbde4312bdee62177c1d2ddd5f244b91d86fb2e717b612149448e8046c622a083a8d949677a95836a8b44ba64d65400000005595266e6cdcc165a2defe5d955524854a620d942bf92e4f5763f3754181f802b686fa49e68f613e984e2004675e5f469ff0af7b67c1fb1fb8ac9cc173ea240a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{71473AA1-D32B-11EE-8221-FA8378BF1C4A} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "414951272"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2840	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2840	iexplore.exe
2840	iexplore.exe
2780	IEXPLORE.EXE
2780	IEXPLORE.EXE
2780	IEXPLORE.EXE
2780	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 2780	2840	iexplore.exe	28
PID 2840 wrote to memory of 2780	2840	iexplore.exe	28
PID 2840 wrote to memory of 2780	2840	iexplore.exe	28
PID 2840 wrote to memory of 2780	2840	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a23661c93a1cc6b2a27a95b011bf1f4a.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2840 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cbc53093aa3156415af609fe1b52fc88

SHA1
99c324cf79d8d7f4d1ada321a4886a92ec53cd48

SHA256
f7d6317d50c1b145bcb5788845c6839bf9b610ece9151d34ed09fab7834af553

SHA512
57ef0192e4d8684961a4dbed6513b2ad5eeb599526417936e4b6aca00bfc6aaf0311b5ddbc23901f2d4348d31367b0ca588dc5f678bcbeaf6066e982909622d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8b4c5a3ea0064975436dc1ba14c5d56

SHA1
4350d8e34e6f2ca419fb7568715779c383fd41c6

SHA256
356f1fabb32362b20442fc6dba26ba6624563cc02932a82595cc0c7b55778152

SHA512
27a31ccf495af27974381fbb31edde2ef96e3d607d2d6b2e8ff84b496e9e79c89eac26fdff8c0f118fc50d4f030748880a439f3ee73efe7b678ff7bacaf6774e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff8c3acd3b278189846889c6b88fd98e

SHA1
e5a6fc3d0f7887c81fd8eb42f178e2c2dca09a5c

SHA256
8dca328b92a862e991312f28c784dc243a40f55805f235d62deaf00a53ac2466

SHA512
82e4074c6e66dbee1a0d3aba6b6cac67ec6b43fa0375c533e8691f9a1b18ca624fcb2a6dc56e386429c6d616f7732efae74aba7a8203cbb39aacb4fdc0b41330

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
348949c9dc169b6bc02235389718f623

SHA1
1ace5b7085c1240875df4530e2a6d830bcbd49b7

SHA256
6b7e37054e6b7829da58798d4383f3ccd0bcdd701eef87aeb2cc11d63374c581

SHA512
21e8541dbe057d8c8738acf6117966bd92c468dd305fda0960084d5ea8b1abd69ef7dd564af8d1a704e48c78915182f4fb08e2d9c317882731549cb499808ec9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb27a3800558137b38ab2fad2a0c8962

SHA1
a9dcbc935d069bb61f1b2a5307a009bb8b3754d5

SHA256
6d4284046ce2a2d393878af1fa876b86cd3f80b0ffcfc65f65850e84e17ef965

SHA512
9855d07b51bc6d6c55d21c7ce06f6fac6d245ae25c5df5fd04a46029cb7f142044aa52e2192ba784a611d465ba9dd19a329be2148df0df75763a7b5e69b9d4eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e62fde3e7175cf285daa5ab13a17927c

SHA1
552b2ea45f48ef74a398dee4358a471ca7d45fed

SHA256
dda0a8ee30eef9a7265711f9b84706b9f0827d8cb783ee2418a055d7aaeaa5b2

SHA512
3837bf6534338173146d14cc03a8dc77a6a12867978ac168f77457677edd7f6699a2b4ca7432398b6f58e9d0ec84efcc713504d30dfe915ae1092cae394d69e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d2ac0eb0ce325fc3d0e84e3088aa5b39

SHA1
8fee12f3383fca4b5b416831132ffbdddde08e45

SHA256
1a0aef77c39ae26082668fe359be356f4c9390448327a11558d3ce591a58f89a

SHA512
b532dc07bfcb0e06a05f657d7f14e1458169f0bac39dda6a948b5bb52a39ab77a353cbe90b05f525ef9e0a32e1945c2b9d3155795631c2b12cf5de0a41b70ef1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cfd3c8966af5818aa3e9c627eb260c4f

SHA1
e5287571b257a4ebf05ddce3691c4f0eb419ee68

SHA256
c5d794afd4fba93c229601147bfb9c02a11e3f3f136ae4a139a240ffd04c35bb

SHA512
a9ebe9a0f4b7968a2338089753ce525500598ac7bf8156fd1f2836fe1399b62fa058e0189ee65401c93b4181c073fa38131f625ef93327ed7eb1e9a8ec45714a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2368a38889b96284e0dcb64a258b406f

SHA1
ed6870b5272e90e5e0b4b1c7ec1ec27413c2bd92

SHA256
b58e243e7424f48624ae9b1626d920c1dda4d4d309d1336342b9e3968f321001

SHA512
ad65bba4f5f9c6f957dfecefc112b221ef2b23313b37fcf291061019863f95c740f82f99139d7db53d7486ec8f11680791e8ce8e23482c25b7f20ab73b7a4100

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
522de400a3a0d1b13c1f15f4659d540c

SHA1
45e5f91a0716328dba12683e6ba254d11658f3f3

SHA256
a7ce347ce17f43034c9ed7445d02710ee91cbfd4c39cd26b859357e3a9cc85da

SHA512
52aa05aafdd5e38224ab52c74784411a1f48e76f88809ea40ee851d7592b6ab9f3c0bf59068a885dc33fa0cc51b15f124384ac9cdf8d802efa889236f02222f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
00586642544e131f568dcf053d586471

SHA1
1c1cde728276aa421107fe76f8ff174f9cda9a9a

SHA256
c1a1dd74f909bae5ea8aac4ba88479277c6cbddd5ec62e06376a273fee06cbab

SHA512
4f379ef5f9534fb1ad479bdaa89a395321770d767227e364febd8685114351da95d89d78b6453b822a86156c5975cfe4ac974df10b59bfc5efb483a73ad3894d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
de755afafded6f273bb9224851cf50c8

SHA1
e1f05eb6b0f35df6f9fccd0900f665f85a17b51b

SHA256
070d11bccb9b5e0b7e24ac1c45743e1c3b7c206bc6ab7a69f1f2363c30b58036

SHA512
4aeed9d59669281f404e97b6729a6d5a03d0411fbd6b75fc3e2899f03e7bc40004c479636e95f042a266926a01f5bc020cd201ee4377dd06c694b0220b5f0a3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2aee5c0bd9d1b9d40fe1a49970b5d7c1

SHA1
a220c68086febb412e1984d6c1ef300ae3299ae0

SHA256
39cf1a9f4dd740a0b056c4fe1b231f2489f799b901d1293a9dd0fef05d0fe3f6

SHA512
465b62ff780758d8eb87c9a3f3835a47d79e8e853d94c7a7aae71d34802dd7c54e3fc9feb023d333574d0f7af7cbb89eab1852c1d4a3a2d5b950addb214f4473

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d73edd2114403a2f35de453ac3c37323

SHA1
ca7b0f02581b820d5c189af98c0e9c7a92fb892a

SHA256
bba0444bde92dfc35a6fceec099a5081aeb2ad8c8a03720b70ea57d33b2eb5e4

SHA512
572913fd3e5b7f7f8b9bc0b4e03c905fba9fe7658ff17528c6111f213b9a82be4fe8c24f9986c02927513ef53cbf30361fcaf73d2d9e2840ffd2b1a807ee02ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e2f965ee266790475cd07aa98224021

SHA1
876d6dac162158b8d724e9e002e6322794ba8f0b

SHA256
3e492433a1885be3a7d5e083cf834f2c72c84af7c5dcfa5dd4aaa472ef2b967b

SHA512
d194dcc7d2f0009a4eec23aa33a3100719c86946cb8afe2301aaa3fb6cf58c9e8470c222aa89734774efdde943f50a880956f47c4c99c4f671b9139f0dd9e432

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f0c8621778e183427d0585fd40739734

SHA1
f582143961327e13953249776530faa29d722358

SHA256
58d676a6df63cffee1fbe96cd41f88d9981c0e33f30fe1d11a3c3671c8929d5a

SHA512
c3b3ed3d512e4382e265a69f6c476bc0c429e6eba8e9b7d7f58de01e904d49d746f089fe4eb8e77b9ec84d3eb676f58e1d5277aa3dde0016213f5c4d4c0821a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
97886277953eeed92fb6b8da15ed552c

SHA1
cba6c00fab43e05b93ee2c0115d94f737c581f5c

SHA256
83338783edde7050e534e6fd03a53e3b2fd916243107f524e7caa0cd26bd65f1

SHA512
02ef6c1e7432a06b98debdeda1406d354b84db4e99e2ad891140ea191a7b0e12b40ba9a05bdb15aebf3453cce0b43e5a8c1e994d7dc659e685fe1fa2a1a89ba8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6A6A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6B09.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit