54da3070a575ef9b4e498ecba31516f5c133036bb25e6ba0491376b66d2b4167

Analysis

max time kernel
145s
max time network
149s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 15:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac45d66526cdd46c3514e9ae32d17918.html
Size

77KB
MD5

ac45d66526cdd46c3514e9ae32d17918
SHA1

59c86845f849a2ae8417c5f8adaac0cbe42aeb4c
SHA256

54da3070a575ef9b4e498ecba31516f5c133036bb25e6ba0491376b66d2b4167
SHA512

943fbab1d5008cbe7dfd7eb27f67d8a082ff2e7c5ece4627683188e544fee7cfc832cb12ae128ab3c8c931040be7b4d8dc48e44475605406b41ef10914346395
SSDEEP

1536:zabquklcMklc2klc7uG/bI+3zkcKklcPEijZeqhUEijZeqLyWf/UMVvLIWl7mEgw:sklcMklc2klc7uG/bI+3zkcKklcPEij0

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F8EE6C71-D651-11EE-9C59-EAAAC4CFEF2E} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "415297677"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1084	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1084	iexplore.exe
1084	iexplore.exe
2256	IEXPLORE.EXE
2256	IEXPLORE.EXE
2256	IEXPLORE.EXE
2256	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1084 wrote to memory of 2256	1084	iexplore.exe	28
PID 1084 wrote to memory of 2256	1084	iexplore.exe	28
PID 1084 wrote to memory of 2256	1084	iexplore.exe	28
PID 1084 wrote to memory of 2256	1084	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ac45d66526cdd46c3514e9ae32d17918.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1084
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1084 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
eaaca525ae92e3c833dcc8b6ef4cccc9

SHA1
e6fae036ecb8e932bfb5ecf0cb931f602066ad9c

SHA256
3ce5e1ef4c868acde6cb8ea1fca7a34b94e20b196d2c28cf9e042afc3371af25

SHA512
40c138e997886f2ff6fc0ee1adb70016567d332305ee677b94a51f20e547c72722e1293a8ad5e5335a5c021294ee90bbe0e8964dc71cbba7c028e3a2f5454a0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_C62530F37AD5C5022195EB4B959CB082

Filesize
472B

MD5
042c456780517daf7fc3d987bd997198

SHA1
7200ee42f784e2e92cf518a0d1a688b1022d893e

SHA256
ca875133fb5d81a78cbf65d5f6aedc90a2ce6a99e76be994eb42ceb839a375f8

SHA512
499122aebef48c2b057aa458eb61d66c853a1fe3659de8872444fdc04c0c30451e55a81f7fcf8c0b6b324d5bf0c3fa24682c18c8e3460fecadb7a719229ef7fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
049f7971c4a70f39597b837b01813f91

SHA1
f4cf4225159a969b059da25fb42b69fd099eef5a

SHA256
155a429fda9f6fbf7e86cabb13a341c0cca61ede1c79116fc76257805e140544

SHA512
21b18df4e484f66c41c48110ff11fc1c24677beead439f4924ae1fa3b57a479f08ff8c5e0078cf4d118af1f5f1afe837944594525c678c43cfd7eab3177be702

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e39cf1ad903b5449961664692a53f290

SHA1
c7d24f54dd474b86cb4ea81a14ae9ce861a8000f

SHA256
d1eca0834cd52039e3a178fa7feca6373fc69a3afebf363360d875e77142e1b3

SHA512
59c22114b4fc4d23b50a51f88f1c57d4f3cad7c726a9d765b143fffcd519d6c7a4b3f3a21e0d5dd7545ed29ee5f4aa78c17810125e31db2d62e31a5ec436e9ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7b984bf38f8e2014664fbe7248614e57

SHA1
fce52f8295023f88caa7d12ae9cfa00a5d0d3a9d

SHA256
37c50aa57d99ffd06058934be9dc7cf2f0e403ddd8ea2e796a3e62b72d0739b2

SHA512
c762e2962121a17e14fdf622183b803a8af1346fca0be3b4b4a5e3b25e52a1595f38c869c72f6f8fc71b44037c7c1a97725094f9eefb09f05b7ce3c85ba9cd84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58d13770067108d95f1e200e50f8973c

SHA1
8151c3814ffcd8528492465c10afafeab147dc78

SHA256
68bfe392e162f7b9c738b12d30b91b881d0c062329b6e605f64dd859edb9d44f

SHA512
d3e8a3fdc6cabf2cdbf71d3ecb6764305b7e8ec8fc0addb50f1d1f6e03c799a60d406e9d875422a06597b9e7e0de01b85a53a5b783c10b8c0cbd90ebfa17b6ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b3ca92f117e093a702416b86f7dd1a5b

SHA1
fc228486790d2d8e542c3059ec449ee07855fd9f

SHA256
1b0c256f1f19692905459e05ad9ffed974269c167a5d8d4f8cd5193c76565c50

SHA512
aed3bb75dab8e31e01f0e21f31ef663a293998a5d107020033f7bd315cdccb6c4d89940d753ad23ff5e2ea489c4b81c39adb04f73962e0a064a6116be901e95a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
574371618f370fd509243447440240ee

SHA1
ecabbc33d9f5a7e4d47294fc27e81980cd229d1b

SHA256
cc71fcc8566acf2e1d420062a100454a4821f1abe74bb944c7e4e4e877235c69

SHA512
ff27c7c82fd7ace5cc7f2afc9a26dc561f76077ba3c53c4ab7efd240be2106bf38c120a105e1a475f068a78a205cc875f70d5a2624a10dc90411733d857c231e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed10d57e1d396f79b0b6a744fdc26ec9

SHA1
363ea8dc3ec5074dfcd55b259cd5b43062e279ea

SHA256
de7940f418bc6edd9d415802cb91f8dcc1e06feaec134dbbc7bd0b20041f485f

SHA512
acdf21093e85d97a2a34e4159d05d305f46ecbfb1ba83e8e54793071cf638f428c7bdf47c1e6cb80ede4394a0216f23d33bdf22d4a9dc5ccd8208f9a2dd204ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58f7ceb3495b6a4224a5d71cf50e6d89

SHA1
75423306594b51bae948c4fa1f6e8dec442bd326

SHA256
d48b320ea9865a3ffd85fbcccdeefbb7c0bd4c60ecf6926739db81a22890ff33

SHA512
aef1999604fb3b6528d90047966334a06ebad32bbf0ee008816e43f53b1cce1609fe655664691b8c10a1e57ac041d713d93b2c96f3ecd9eb17014d524a3d8e04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
80df6c9eeee3e8d577abff8c82fb3616

SHA1
143080509118b64921ee90e57f76c80f72a2ac77

SHA256
2ff3ff4800edac301b8958b8fb36167bb6b4fb977a0a6689a2a2ef0a1235ec0c

SHA512
e106c4e20ffbf9f574fb2385247bda618db2f77f34d8aa3e9253b915e14c0ec554bf19d521ccac6c57501f3bb19db2c70d4b9fea2aa809e54cc931d2f0a0499d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
61ce17c279ba18f23e9060bf9e6d9f69

SHA1
1b8387c8625adef08f3f2c9b45dba3e5e3ffd1e2

SHA256
fde7320c07d12cd7ddbb621bc331acff6f2d684fc8a822aa9fd40cdd35929839

SHA512
e2b523439561036febdae6960f84643bd828db508e43a92bc9a91ea2d2dcff03592d40679c455fbd33b591d07c537b2cd7ef2af38145b8c37c7d7fe9981134ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ee140a4558c733b6830429c13f247fd

SHA1
625dd660ca1d40487c799975deb9963be8e5514e

SHA256
37a69c4eaa8794cafe6aa5a9dd51c84c4b9e0bc3506c35c0c4bc413ba796dc12

SHA512
989bf9e24e0708897dcf025ea02cbdbf6de954227b008da541d64c5ea9c5d7ca1aa517fc1c569b12ef0b6ed002bac3b60ec8efc55ad266d2d2235c648f71639d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d4a32e650a1a68dbced59d0ba90e38b0

SHA1
07bf15c5cfa4e0d57051aa491ed951f423d01182

SHA256
db3a1fad0271e89a9185626d0a0dbde9ebcccb438c93850c2d8d4df06b1e5f9a

SHA512
27dc67f87d447cdd4a740954761cbb9e14a328fdd0c15646d587c12e2b09658e00786982d621abb22db0bb1346c6fc584e3600bbc8ff14a0abc96475fadaa277

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
8bad3feea95a76c337d39ae1c3a67d95

SHA1
8ce07e528cb3fb9c720f69d2331634a7051e54f9

SHA256
2a49902fb21e443cf5de90c26274532205d7f19c1b739a0651a53255f424bd58

SHA512
eda063872ed50c2409dd9edd0f97eb4d9b72f4cf8d0d14cf344d0c0eb905084bc11d7d1e632e40c8aa9ed1cc2d1a4a9a130855243102cb789404145b65bccbe4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
1ed4f32c5a517f7b8087a08732a71590

SHA1
aa82ee338a8a07bb3e0c4766c8343d087fdf3721

SHA256
b30fe4c075689eacce8ff16fdf4e79ca548b1b7db4af2772e0373bc071b12557

SHA512
339e7d1579b819ad50051fc7401b92dfc2407604fa49c5f97722019b60505301a07d3896931f81bcbdd0ddb00629509325b52d55cc7b11d675ea4d33081af0e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab95AD.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9778.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit