e9eb5e57e37a32d892a2990de66057d86030548563f3376579803983cddba780

Analysis

max time kernel
120s
max time network
145s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 22:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ad1005b8187649e271d3be5622093d00.html
Size

6KB
MD5

ad1005b8187649e271d3be5622093d00
SHA1

508cdc7c288098cc6ac922b923d07b6a2d2cfab6
SHA256

e9eb5e57e37a32d892a2990de66057d86030548563f3376579803983cddba780
SHA512

2282716231f119b5ea035c815aeddf706fe6675b1a26793e3e135c81ce646b1ec7c1c33265f8e2bb7529f12e2c1f0b5e980aadea905799d318cb9f92c69e906e
SSDEEP

96:uzVs+ux7BFLLY1k9o84d12ef7CSTUeN/6/NcEZ7ru7f:csz7BFAYS/d4Nb76f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "415322634"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d182698a4727943a65bc6c9ecfd0fc500000000020000000000106600000001000020000000eb9dd20ed6019e7757b22d9cc626875dd8a1efbbda6c6de6f4f4acd8d379ca5e000000000e80000000020000200000000195b9bf45641d941dcb37e3208b62fca6592ad849b4aca2edd3ca77ca459545200000001be2f717817a31796e3fe14ff617d3ec6700fdae3504efe9b41c7a18a19091f4400000001bad6594d4174ec6323d898c9db181fe76b484f79f83d6aa082e4cf2c9ccfaa8c64906fe42a83bcb12a9c82d78b465e4693ecca1433a967e86d34e8b1275d42d	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e012ed03996ada01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d182698a4727943a65bc6c9ecfd0fc5000000000200000000001066000000010000200000003c3da487cbb5fd363b40e4cf8b9bb61990714cf7e5ea17e9ea00db73ee5317c3000000000e80000000020000200000003885bc6545cafa7644e74e606071a21eabf4d1d702f7899089e2f36d0285c9b690000000c905eb52be17abac037dfb20ce98841a1e6c3535de2779c0e93b0e30eb406358319258449c5997d459f6248804a0b4eab2c63831d549ee32d58a459017bb61e9988feeb51e3bb9874b1e373d046aba264c174dd646f4f8dc11332d84980dcda163295ba3cb5aa01c2931188e6210201a1719b8f7567d8038491897e46dfc0726d87499a8c232f73512fc3d4644266320400000005731160d1214f2bb9dcba821a7dd2b8b0253e1b73e51b60a53844c5a34fe0228d54a4ccb38b9162c83e3a35807fd689e1bfc798d559571e72cab952c39e75766	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{15F26A31-D68C-11EE-B52F-56D57A935C49} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1712	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1712	iexplore.exe
1712	iexplore.exe
1872	IEXPLORE.EXE
1872	IEXPLORE.EXE
1872	IEXPLORE.EXE
1872	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 1872	1712	iexplore.exe	28
PID 1712 wrote to memory of 1872	1712	iexplore.exe	28
PID 1712 wrote to memory of 1872	1712	iexplore.exe	28
PID 1712 wrote to memory of 1872	1712	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ad1005b8187649e271d3be5622093d00.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1712 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c2526ff2aa22e1dd8e9b5c7e67c808b

SHA1
c10d30cb40fef17d8c93c289e1dfcc019df678da

SHA256
61fa6bcdb23b7c21f5bfccfc7b394838bc5d7b53de30ec9db826c5e8d718d59a

SHA512
54e9fed78960cc12564eb4cdf446b7cc0c6d754b34b251bb39030a7ea05412243afd7d32489141ac28667445439201ae872817bd1be5977e220b5eaaa59ec49e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
845b26aaac30a6a6923cc840a6cd9972

SHA1
f20242dfc15bd3710da1e81fb8556006210c1cbd

SHA256
d25c3ad1b9aa0c307646705e2e9bbec5dff88b5616707cf79e2d1a74260f93f0

SHA512
7b131e6b0b6a87652fb9ff50f5d994f0dc4e56b0946ca2ef794d92b15c5c2bb69229eefc586fdf2f7bf9e56b2da2ac8b8cb384e137314e19ea0f5defd62acc85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c405bd69340cf592e89bda42d6d08f1

SHA1
a0ad18c689883004d405a439fed8baa738ae2081

SHA256
c06affa1b9b495be5665d9078a67adb26e8abfb6c1961609194f459386e95218

SHA512
2ba09962bc57ad783c023e3d4e74f69ec175e9fc07e56a74e0b88a29727ebb2201f3ee70ea16ee8f0e9f6f3d4bfa77803e40860f4897b0b5ca980babb19b828b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c21d7466364f814ba935b8c81494d3ec

SHA1
e9683224ef5b9cdd1557be1d3d81a9a558f2c95b

SHA256
af43d6d495053098b751bb67dda6f4cf4f616e1be12a0111b8a0a6eff6805d6b

SHA512
d1c9e9875f93cb785d9d0aa6b909a67698411543a88e5dea03f9df64c217a522c86733e3070ea2f4ce60f7dce8028035d0d52556f21f1c50a7cbf95c4be61215

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
185cf42e1d9faf93c0508a0f47779aca

SHA1
2bdffac6e87b66abfe0cb4d505fdd76525f29527

SHA256
bfa6e035ecfc246e83d6adfeb7a41278981e8eec3345ea2935d7ad3d2457eb1f

SHA512
b19c3852570d690140601bd0ba322de972c7b1596bab71fd440108a34802639d722df0cd944f1d41a32719de19efdbf979706aba7c42d1d6492267c73d91ea42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f4471c044c369795546e290f2c286fb

SHA1
2c88146a4686b3bf40282150acb29687f0c87438

SHA256
09232653a049ed844ea2e04d421aed442d118fb130d6b6b02f9e0d433adb1377

SHA512
39c06346694fad717f577e0bf3fbdff5ec27fac0037cb83facf326bcde7d34f1f02500a787fbc8ab4a0e2d4233cacd76ebbfdca40ab9aa4b03dca21a3178a77d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
055751b56229f88c39d72f857096c4e2

SHA1
b9b06a246f474c339c35b4e7f22acd93900a2340

SHA256
62f19caec0f6439e92977d58fd8db0a094003b05b30cbea92be64a77e7cdde0d

SHA512
d25100c97c89c46ce908b7e0e658078d4e758f8230da89485c150eccc6935c050e48f371eff4b4bcd3fb30f6351499080578c28fd02961e54e211ca6e9f47cd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3fc9264586e3e2d0027bf89b279fd941

SHA1
1e18570a5f968078d294bc64af3edd1777807abd

SHA256
80313f7b0ff23287517938da24e2c86caf6db1f0fcfd16e31c6821c3219a92b2

SHA512
8e0eb5a92bcf44843838ff99c73744f5c3ccbdbd2fe676d6dbd6b41f26a1ffbf8dadf9dab210ffe523bf1406b64a894d9c652e4b9b2fcc9f85fcfc690dc6348d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a96d5d11f4200bc5e1d921bd2091ee76

SHA1
25bbde151e5da95374a62030c11dd108e68699af

SHA256
11eb338c78b3d3d226778891db064eff924ffa52439bd1c444979334ad982c89

SHA512
71ba53dbbcd8bc36ffc646df39a7a337b36a3e4ced6bdd0df81c816510ba2c441b76e1f1aba53feb6c7e98c4af5c419a786a7f23f185e46174311f853d1a2a66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d131d9a435dbd07bfa4d7bbb0cc616b

SHA1
f47cd14c7f2f5b15e358dd0ad5652a5453502e08

SHA256
ed9870797fe0476e9d907d79b5b8d456dd9bb6b95818977a4b11de9efb61a6a6

SHA512
2701814a83d25a791b40d26445a2def094df731be38d19d784dc1c0082e1424246da3d675325a16bb9e5379695f2df443ce406495ce7569493dbc22eb4b9a394

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9dbf5f073a8199237034c7670bb0f1f6

SHA1
3acb7774fdcbb0fd1d5db6f00a78ebe19ce540e8

SHA256
1c9b904a3c479b52d9af43e28a5d42988c414772dd6eb8125e43750ee0750b3e

SHA512
b23751cfa24d4c89ce29e8b390651a46aedac9f99c76da82e6768320828fac10a797d6dfe7cb65efb39455dd088aa357f08159c5cb4ab02862cef74ebf6406d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8a966eb08d138fbce0e0bd75f8a7a1cf

SHA1
3d7c7d8ff4fc86e414639d5ef8f8fd7a0566c5b1

SHA256
2828343f1030d1aa019cf3937f14e75eee903c5509ecdf6bacb1ec76eb271d5d

SHA512
45faea592a0443951d7d6fd9106d537af7de3b58f14990edf2c127db46c0d772ec2d92a3808fd53082a072a2c21cea71658855f15242ebf04fc779a319e05ab2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
01bb0fb10d93c3452c1fff987175b053

SHA1
8a27d2cc1f2a0aa6628f17df428bd4160ff71fa8

SHA256
51f5799133fade07635c7cac10c73022ff25d5d38fc4b43bd6faa120c60fd08d

SHA512
140a2441443ac1d646174920c3ab5047e77c77431797efc128c64978cff493bc698c8e0b0cc7c5583e6d0c9fa64635920ac375c6ae7bcb0abfee32dba5958b95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc2d35f63a18b8dd0a5ccce10bf20da3

SHA1
b6ecad7cbc2c188e4cad645c9d3043f321557b80

SHA256
3878ca7ff76947c3e0140fc31cf03ab4df5e9df17365ce4bc0f71bb55d1e4906

SHA512
5cc77ebcf8ada46e72cb7c5542acd4bc25c667fdc0da4a35c3d722bbf0957730daf50f523db46fed57f8c26ad53189ba0027dd48a74a74a92c7c7580e1ecdd74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aed24d1588881e5777a957681d621562

SHA1
62b37d84f6b0a3c54bbd2a236bb4fd8b32b842c0

SHA256
4a03bccced1024f6a4f9b721b3c8c74ad5d1b5e673428c58244d483bd3773920

SHA512
e3fa7c4cb887b27f954504e250ab3383b742dfedc10a119dd5898fe1a539c184bcff85460d7b4d3923de269e9e7104ceefbfa6e55df4d1e9921ad9f7ac33a2df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e3b724e008718b93b037f11f2e5c2038

SHA1
6acc19aea3572c0cd883d4f588af16959bb6b9e0

SHA256
8da7ca97a1362c0ea9d07b7456ebc889eb6cfc757724fc6e0ddf611eca2668ca

SHA512
dfc35b1b629e906a382e05c8b1c6843dd803a495308f75d2bc74314505282c35ea210571354d11546e28dc118934e249831b9f7d70fb334839978ab0d16202b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2675.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2816.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit