808d23ef442f334a8378f6d80744d1c88c12554b8ab14db54eef337a756517ca

Analysis

max time kernel
120s
max time network
136s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 15:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac3aeec8067764ff97255366ea9ee582.html
Size

14KB
MD5

ac3aeec8067764ff97255366ea9ee582
SHA1

1fb777e7d33e90ebf2b84655e25749673dc16754
SHA256

808d23ef442f334a8378f6d80744d1c88c12554b8ab14db54eef337a756517ca
SHA512

fd317166e983c26d8aa7c632a42e9dda024eb64e2d74dcee7e32af51bbd22ec170cd748851702d1430c0678401600475d4e14a43026a6687755652bb13edb594
SSDEEP

192:+yEioELD/ZmXg8oWllefMJkZQ3wf1vUmlKt6DvE:aioWD/ZmXg8SZQnmlXrE

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d182698a4727943a65bc6c9ecfd0fc50000000002000000000010660000000100002000000008dd260a5631f8b5936bfb555a8bb33d783676a9212aac84c7087cf8fa75da0a000000000e8000000002000020000000e5c5d3a87de074b7dc0018fa05cd707eb418aae56e2846d47905aa42992a37e820000000ca0238e011ecd1599fd69d6768011e67eea2140cb668fdadf7204a3f82f7732f400000009675fd7878bb9ef8912a08510ebf53838a37d1962b5258b74b41bc7f11fcc9498a363fbab7cbb9d8084f0fb7445ab1da16634bd87892d66c9ee669ad476aef2d	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e02958ec5b6ada01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d182698a4727943a65bc6c9ecfd0fc50000000002000000000010660000000100002000000071e7bfc6bbbeec71ea0db064f68a0a18a9f9bcaba1c08ac9fb6ea0c6376c7b30000000000e8000000002000020000000fbbccc469d8fc97fb9c42a08dd3f4cee7d976062c5055bffff250686953cbc0e900000001dd325f83f909a72480e78eaee854c64f73b21e5afc249dda73762a653d143f2b10dc2b8e0af5f92ecbf9b46ea3fb85cc215c874c4eedce5365a2795a54a88e8003f152fbda67b1e316b44a86537d6586bbff2f10eb6073fdfc3534f607c760fba46fce85d42bca6f152f8985496f78dfe043fa605b482e480704c157ade74770d26f72eda4f43976b671170674f70be400000000783e92fa649bc947ad13421cd2b9ec127cb2f98d65b411e5e609b4e466fd9f77204e98aa7f84ed25df28517b1b1a1113eea4fee6b11a782bc9da76be970cfac	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{178C86B1-D64F-11EE-9E6D-5E73522EB9B5} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "415296441"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
632	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
632	iexplore.exe
632	iexplore.exe
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE
2252	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 632 wrote to memory of 2252	632	iexplore.exe	28
PID 632 wrote to memory of 2252	632	iexplore.exe	28
PID 632 wrote to memory of 2252	632	iexplore.exe	28
PID 632 wrote to memory of 2252	632	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ac3aeec8067764ff97255366ea9ee582.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:632
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:632 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e1216f53662b28e74e99b16acc8679f3

SHA1
333579dc3ed14001f2493cb407f5b47b06ce906b

SHA256
c5391a49ddca2a1be28412c952d3956ba42f4b5b3333b0132340f55570ab3639

SHA512
057693118159335b773870a1dcc9fffdd802066b40074cf3880c4359628bbd5c0ce61946d697296cebffddd332363995dbe260b5c8f07645df19a9963e1fe7cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
501edc33194c4539eea65a5618bb98ab

SHA1
5a815c3089b2e0a8e3e5696c1250e794c7bbe16f

SHA256
9c561402f0b6b1434fbc8ccc2a2ff04bb49c8f228edd31cba093817efed200b4

SHA512
e3b8159e8e19649bb332916c630abcf2586605d5139e4fc9deca98db0f89939c497fad5e3e1e37b48ec3c3ea84f377cb58af85eee899883d890a9b49a8434bbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
83c8666df95a400bd781ccba8991ff65

SHA1
d735de61f2e2cff8930bccf87af07b2235565f68

SHA256
706095bbf91c019669b9d07ffd1c89af21150b06f9bda7be2d36007815a5bcbe

SHA512
3e2f68b1fd96c141c25d5b7cd4fc4074308923af6e7131f5d99fecf305f4ae98f688e5c643d2b414ab39d248944dda01ae12d7722288bb15305bbd20699b2912

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b4d28fe4b06a03d0519eff1edfc7d119

SHA1
a5af6dbd19e8cea44811b099f99fdaabfbb23f9f

SHA256
47252bbf88267de9045973333da41a1a23919190bdf28bf0ce5d7f3f976aba5f

SHA512
d85a6b06ff23cd0db47641f442a9da7c45e90b7fdfa981196a9fea1ffca4de78983ff8746946a00fb9996757663c91a915427c0f5de250750f1f11d09bb6b756

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33a4cc4307e0d155156f43c65a87b995

SHA1
f6d256f1119ff664e7b947735c46c574b2b4fc4f

SHA256
6a835a43a310e6f30017482bf3d9974ddecaf0439d1cda3dd8f4e072b312b1b6

SHA512
26ca460762e6433346b82e5ec2773b4b671f9b38d4f2b963c64b238be50d7ca4a61b0f2338fd1c220dd0779d5bee14fce38fade121956cb4f71698bc1bdd0742

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
256f8341e0824f19aa55965ff0e4e5be

SHA1
05dba292f3f0f528ff2578b57290273f4544646e

SHA256
f8d285b2c8ff50e4de178d8bb54a613b6b664ae3a266a3b91c0397f9dee00db0

SHA512
6d82477042fc3667db223c4a0ebc36e23e91f42453a7ded8ed1eb30107810fabc46af35e50ece9aae3a3bab611e99f386ffc9cc954a82813dcbf21f19c0f370b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e43182eb2d0331f4bf4691961022900

SHA1
c0951ece2db830e9417d9beeb86874c7bd874dc0

SHA256
2d3d8cef6f64da0ce734df13a3d3d8ee7399655414de198611ea8151df2fc777

SHA512
cfbe28dab43248c95dfb4436502c461d6aa233e1b5ea661fcb6bbe745470d8ea489fea13210d02b1869291ee69419cd285c606ccd1c255d6f8f868b43ed8b429

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0813d85f316abc1c9928fd5440e56707

SHA1
30d2d9362b64c0743b9e4f0024ca78206b45ea9d

SHA256
7984959c9b723ec84ee5b3894a585039fa275b36ef49a80b320b5e59034eaf3c

SHA512
edf05e95545e72bb7890b12530027c1fe94e2b01df7d07eeff316e00f89753cdf94d5669c3a68d056862be3381141ed9c8d749dd04c5be73024a3ec63046f343

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d0d222fec05c217ec78e270de3080bc

SHA1
11e5d7c59583c2fec43de0af876c02c4b2fa8d4e

SHA256
28f6a3f2d1ff40a4403563dd4b85566222d7e467d62c88c4e3d7df2382862d14

SHA512
599895e0894a9e8a77f2d71fb3543026801c552189e5d8c694101e3e0d2ab9eeb64b01c8f0caa5dc343cc56c0fa9a39debd5f9f9221ebfea7c55b3ef9953ad97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af4cf2d98db4de44aef479eafdf712a3

SHA1
932a4e449800d865b99a0b0c38f07d0ac116bfea

SHA256
be45e95007198c13d4f61f9ab9a1f08ae1521b4c43476385913cb0d665df72dc

SHA512
a5928f0f78449d5c9f34d0bd091def9a4c199c64997279fe41e60dc4aadf04e42b29a30956794068e1d5f92ec61e69aebbb43d554652bd1472d24f4e27e3314d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d53ace78b3ebc0d2e89cd1b5aa74658

SHA1
f9757ac9e8266e7531506dc70cbeb94ea3cd294a

SHA256
5294e38ab1ce8325f7c71e0ed04ebc79fbd546dc4678abe3b735f283c0ada541

SHA512
cc4fc1b68e6d6e81c9ca1bc40dd332415b98b40ef7b61e0bf5734bf009aff4f721cda9f83d19bcbac9abe24f37bbf966e096ef5f90a26508fd1c735ff2e0624a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9439fd174f6dd5141e6693030ac4cc94

SHA1
971f220ead3ae91545e8631be988974549ba0084

SHA256
44f5d026438afc9debcfa86a46b0e22713909223c9fb476243d9f389279d38dc

SHA512
5a4700b0e4d7c4b1283602bf5774c24bf38dd4774c4dd2181a23b1c0efb802c17abda6b9787017057d18321665b04cb450bef4750cd4c37a123dc64392ff549b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5eb643ed60194eb00795e206269da11

SHA1
da66add19a0a3c25dabc2fa156d89f44b6e1d0de

SHA256
344af9e4ecb0452f3e923a26831fd5e5b2267c2565807b6d8babc0d2c4e80a0d

SHA512
bda109821a71e9297eca894adc4af98d9478ceb7c06b7f7644ceea5e85549f51b1d43f7cdb1c93f8603a5ec95b769b1b8a64d93952b2283f5e63df3e7b036f95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1de0e14ab2780eb6a8dc7b2bf9883b3e

SHA1
5b7a98fc4c1f3a93aeb6428ca79f8599a21770f7

SHA256
3b3eaf2f11486a07dcf9dcd2211b830d6df8aa9bfb0727e4e3c1b211c6e8b23c

SHA512
7a6a7472c7f9f13445c9ff644aa38c269a98f7dcf6b80553a0e4ffe163e308c35c0e52beddc148386666f0f7fcf8cba1fd2fd61e5c815746ed23a359800e1a9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ee642a7f35d3b5ecd6c821ac973a47f

SHA1
4907dc3750208d5c0c30806618f5df3bddf40ce3

SHA256
8c1234b8b2b4ffed1791386c6c6227b89675bfba224ee421a2d1458127b95351

SHA512
375b2ea02e8d2bce029318e8744e9510ee69b9c5887d449d6ad37b4c1b96350ad3b66d113fb98b719cbb32983f821986147f351f0ce4ef715bb1547251f7cc72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c3aa5a245388bf639e7260a7d0b1815

SHA1
92aee01634d82e3015b4bff6df4df00c5ab7a08e

SHA256
e0f90595b74315a823f11734be3d6343844fdc175cdc50ffbc230818b5dd0890

SHA512
7e83e4df94d79eac9d54cb6fbae051c7cf880486027fa3fda95bfdede593e4c62ad61e844d2dc294b58043e25e5889e5fe6626a23e6ce222945809de2821377d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar635D.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit