b503f12952ea7781ebcf16d99d263dd057aa5ad0bdabf0978ca82f549ebf42d8

Analysis

max time kernel
150s
max time network
145s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 22:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b5c95f75bb22daf7872f0577d1d21ee3.html
Size

31KB
MD5

b5c95f75bb22daf7872f0577d1d21ee3
SHA1

f673238b45fe7dfb3a3b23fc391f1dba994409e3
SHA256

b503f12952ea7781ebcf16d99d263dd057aa5ad0bdabf0978ca82f549ebf42d8
SHA512

a40e7daa0808b803344568ca98afad6a74a72da2eff1460c854de6b5ec537cda8bce5343d3cc435607feb202c46c2251ecc23e932554f1d34b1cf24c2b009f68
SSDEEP

768:t57lJOorwcKhs7nsrzJBGAF2E/34LcD4C0yiWht46HQVh7kMCu:PprwcKhs7nsrfGRE/34LcD4C0yiWhtlU

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "415838706"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A873FDF1-DB3D-11EE-A336-7EEA931DE775} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2248	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2248	iexplore.exe
2248	iexplore.exe
2472	IEXPLORE.EXE
2472	IEXPLORE.EXE
2472	IEXPLORE.EXE
2472	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2472	2248	iexplore.exe	28
PID 2248 wrote to memory of 2472	2248	iexplore.exe	28
PID 2248 wrote to memory of 2472	2248	iexplore.exe	28
PID 2248 wrote to memory of 2472	2248	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b5c95f75bb22daf7872f0577d1d21ee3.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2248 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
152c1a94ac4c9e618ffce7fbd579f4cf

SHA1
9313caf35961e1db5315831c28c5389ae839b669

SHA256
bf8926d5f3ed13682622438968380feebe56f79a93279fac5566d937b2a9b1df

SHA512
58cdbd0227cc3a15aa6ac3b444b5b4bf751420538d8ee733b9032c374ebb75a601a5de9327efb547c6c7015b3d75e5e9126cfdef61b4b0caa0d373b2e040d307

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d8d249f65b6c33a463c8679513ead12

SHA1
6a7eb266f2aa94ad17641ed2ba5721d7fb108d9d

SHA256
def3c062474eb5f142610c406a77866c7aec852748137b5f9248fa5aabeecdfe

SHA512
69ee821ef36a929dacde8b4040a80b7cbd68e4af34210fc341b5a58c6addc6e52e30dd58263e2f78daf6d2fa8dbe8602fbe227279364fcee3349029df0236345

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9638c7eb6fa5291bece97e9755cba3af

SHA1
a8a192479c25d04a94d997e36304384e6a19a5cd

SHA256
e0da8abcd16e3d6edf51916122ddcb75129783eba52fd6e59971f90c297b35c3

SHA512
5baffe7f67bdc5c9e360aeab6448675dfa263c6a13da652fb507636876243fad4ec229cedc238e02958595adcd75832b83e8cbcb1343be52a4b0e3c90983e386

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e89f6fd6cd19b389df1335621740b4c

SHA1
38f07d3c28c2eee5a014efd6ea90b6883a912ff8

SHA256
d695ddc794977d22a2ecadda9c0cfce734b73a20dd54c429f1ad44d60099398a

SHA512
879f2b3bee5d7b61bfeb1889900dca99609292869043db678c7ed2d6b0b3d67d9945494bc6a8bf6affb5231fc59fb290bf400fd832b26d1506478ef8d44fb153

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1baec2a6b34444d320995ef453dd6543

SHA1
4bd61a75fa050576d05bf3635ee1bc162f4bd059

SHA256
23a2db3ad7965163c2dbae6a07d59044925f50dc092f94122657899fa6a3680a

SHA512
5e6e9ac0bcd62a153f5ee06408669166b036dea5f12597646016ab2496888f23236bede0313ec1a44294faebbf7d8cfd6e84b953b18b98f176ecc893bdbd015e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ecceca44320728be8dd4a93865ee3b0e

SHA1
f2d2f3f9cda2bf34a2d2430079b821317bc4f0b8

SHA256
ac20c79c3897bf8604b2f920b7d3e927918af2147ab83504fe5929b4aea0a068

SHA512
fa9b489cda6122794e42be70a557ddf73d2eb0657deed27cbe0edbdbdd9966b53f9cf86fe9808ed6fe9f1fe8fe143cc6dc6d9e1412df8579a38f64acc0acb533

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db666158c195861567d90c4f66bfd3ab

SHA1
e6a9069f3367f234219c94f45627fe6d1820f52d

SHA256
997fef94b2c38504e5b59b4be06b2d776c8d064cda310ca78b1a0d38bb7a5e53

SHA512
db51996b8c70287b71af1882d58870898d91b56c03475dd8969576c922b38c66d85c45d6f8036e464d4aad677f1a17fd6e82ffec8a932c61786838378d8d42ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
658c32b0bcb3cb43158310b70e8983fa

SHA1
12b5b0275ced0086fcec3e675f80542a3efd4f81

SHA256
6756b5c3be1eab56d99fd90d37c39c0bea2e1afb7382e59cd6cb24f774993b3b

SHA512
4109de46c0da363c4a01db1df8697c66db6394da638f8e837dfa5fe4bde8849b2da424a33e7125577d64fb84525eab6cd5f461562491e30da2fbc482214361d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9551486e6f46069e151784d0b2f2bced

SHA1
b635560f9706abe88a374278ba18b0617114e600

SHA256
c81a023e390728c586ea8900d2ddc63acb4dbb1134969c0f569acb6dcc01ea81

SHA512
5f2087fa8a65659511e31cbf2a33731bef7ff179f597d4e6f149ab6a22b1f3968b83d121f971e7406fd53b6309bb25b515b1f56debd895b695bc933a88001ac9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5dcd7dd7150806212c1a2b3a9899a5a1

SHA1
eab4b351de3a12ab694ee00be45d251dc846bb69

SHA256
952c0dd83580b60905fee2d79879a7e8fbe9ae5ad753451b7ecda216f8eb9dd9

SHA512
016b4339e6802f4a26d2bdd0eef024730673598179ce9451a9f6875e8f053f860cf7631cc00cd4471100a2746ed5c5e31d9780d640cffa32048ce00b8f6653f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb68cb00440a55a794189a7553f058f9

SHA1
7b3a9a5380d794824ab70a9165f4ed15a0632f25

SHA256
0ba63a25b84182560683e71e9c2ab0f1ad1deb6fd33c3544aad7ad6455489dc3

SHA512
288c0373c50ebb82fe46e531a82917be9df7c7115d71d6a3b5585275b1dee73b1fac1c6393367c6f0de6aab101260b5fe4ecaefeaa0d26e5d3d34f33987bd64b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB57C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBB4D.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit