d0bb96d80b7592b6d9ea58c51c0fff6815765dcd4cbc39a34db8c46e644205e8

Analysis

max time kernel
118s
max time network
148s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 19:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b57397c68a89429f4099157661ed67bc.html
Size

42KB
MD5

b57397c68a89429f4099157661ed67bc
SHA1

8f39251857d80408beff31befb0403b3b43da937
SHA256

d0bb96d80b7592b6d9ea58c51c0fff6815765dcd4cbc39a34db8c46e644205e8
SHA512

fa03ff7533a137cdc7d544d5c2927a03393d23642014373f2c38aeb75c7108b228083c93ab7643928cf4b03f16becb6193d7ed790a993fe5fa9ff7c98b768dfd
SSDEEP

384:xQ60hakxPX8EpXqA6hscEtIqHY8a4pacp0SUeVEq0ryZP9YooS3wnDc+UT:xQLa8MyI8Facp0SUeVEq0ry59Jwn9A

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "415827524"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000e99c268276bbcb68c0ffb2dd44b74d5c868339d5473bcdf2bfc7eb70f556426c000000000e800000000200002000000045f1b44d250087c1c05aa17150f8280177b5a5d4f6db33b85f75a1b5cb7236c7900000003f41a75b0060f5a73933337f72fbe43ccd83cf36f252df0edd98387aab2c8d41e152caacc25aec90169046b5df01d6918f39f7ac378bb4bf69a7a3d3600b9b7da4131462d26ea58f7a701c9231091ec0b76557c3ace505eaf8e1caab55606cbde2d72c27e3da1ab1bc4f75128a4d0c9e0fa4d634bde78799475dfe8ef398d5f7afb4c91ff7e623cd1e505405a20d9e5b40000000a40a4642f751f5ae2abb8c8bdd0ec8cd99706dcc22c4d970fb6837194515c4f03192ed1c6a786eecadb66297764e398465444f709430bbe44d3648edb73bcae7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a70000000000200000000001066000000010000200000006e5a5efebb38ef9bbd021578a907f97108242bcceb3c2a31cc7f4713a5f1ffb3000000000e800000000200002000000042ca0796d520d6e71091386daaf27616215c710359062a37b183bda52847765e2000000077b5a85b9fa1600b61408083e94e0b3c54891d84b3caf8825bef845e9f7f09f740000000a0e41a68c40b2d58bbee584b44ae940173f58702e713bcfa40ef3e388d05e84109a70e6606253c93f2d468b0fcd4c74fcfed51691f84137b44d796fcd4d64e16	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9E6576A1-DB23-11EE-A7F1-FA5112F1BCBF} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 808ac789306fda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2352	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2352	iexplore.exe
2352	iexplore.exe
3020	IEXPLORE.EXE
3020	IEXPLORE.EXE
3020	IEXPLORE.EXE
3020	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 3020	2352	iexplore.exe	28
PID 2352 wrote to memory of 3020	2352	iexplore.exe	28
PID 2352 wrote to memory of 3020	2352	iexplore.exe	28
PID 2352 wrote to memory of 3020	2352	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b57397c68a89429f4099157661ed67bc.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2352 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bcef525574d5d274996a8524d569868a

SHA1
c9902f11bb2a82b5bc47e98172118aa159703320

SHA256
4c1fb3677f64f0ea7399ddf5abb6f21863180a3cdb4ca79ab15542d105271609

SHA512
2a52a778a8558d3ba1a25b39eeed7aabcb76392085fdb5b072d4b6d4ef302e17d3c9bd53220eb6f6d65e756803cbf1a3f7055368cb1a4f097ad9387a7d08c0ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a7376666356d5030c9d0b3f79076f4d3

SHA1
0e4c86b76725c59fb431b7080d127f470c3cfa6f

SHA256
d1ad29df0be9754463fca8e867745e51dad4efbb3a18c624ecd0bf6fc6b098a9

SHA512
03d57e2ef82239daf5c8c3c3f3fdbb26db6d94d361e0e2b9283e918049c8a74adbec1f90d45b75f3072520b816d5e2563751dd9ad02f2cc8bb9776c1f5674c3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e0af1b7233d765181e0df9eeddea487

SHA1
439a9a36f5998b22b6037a7f7a84af2b2137aaac

SHA256
ef009bddc489e5ce2073647e0ff2b906cdb19b9dc2653395b9144c4fcd98cf68

SHA512
fc71597c8c1c989958ff1b57391d226b704d68eff4dcd975cafbb37881cae4cd64d6da144039e4def88af41294040b83be5925ac04734fd0c9a04901200fb8d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
883fb9726d0b495d51d02e369e36417a

SHA1
107499f38c5c75d35962bee7a37a98c010a55c4d

SHA256
2af00e3357b254b2ec62482cdb08cfc0e5dbffdffbf69ac65d868b75f0167c0c

SHA512
dd6f80d821d256494809f7f26387436c5a8859316223b58f182785fff4d2d3ff0c0bbe088783d2c225892a6922459ee3fa90e2e3b578941b3df8f2490bd71f56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c05ba984d86fa4ed78640ee55fcead4

SHA1
0b63c919f08a94a4584190ed3f691f3e2fe21a0c

SHA256
76a0ce558ae7b3117e05addc575740ae08a80118d047c2cf19555b455d326312

SHA512
c33af2134ee783b016f721a0eb3e277008b1187dddb1486f0be94406889fe9bd4a24b11e15470b279fbe1302085e5acc1d3aa421696a3213aca18c76e847c410

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b7716e2876455b11d5cc02b3d3b0b0c

SHA1
be5eedbeba61b0e81f47a0fcfb7d3aa8f4382bb4

SHA256
06f0724952af1d4eacb96993eb0aec441d27b10b23e8b1e52c99bc68c5b9de89

SHA512
3745f981f2e466a6b93dc3160a46af6b8475acd36ef963904806829b48015e7c6d43690a4809c87e5adb467d2f2fa258e10654a0aff6461cc2ab3bc3dfeeb559

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8325cc69f6e608f0990ef7d46d97da7d

SHA1
54623d65f4ba3b1870931ada2e6ca6a3b14d7779

SHA256
a9c4acef37f5ee1d0ec51941028006301adb5886cfb3bbed47f61e3d14ab49f1

SHA512
38da6351369d8f40934f468b20d759a5b7ab8d008382669cda6c65801336951a24a42c14085859dbd73b9601555c6352a694252faf526535e4c79aa8fa35ecb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d80f0298fb821666818029d8aad495a

SHA1
ec8fdff9d0fe32f6f21c7ba8d4e40e199b2bf486

SHA256
319cd1f7b6953ddde1840175ea76d683396cd4158303f9780aa087cc384318d1

SHA512
2335c87ac710b47f7feac52030e42fdb5773da5c03141024eaf2bcb7678a8beb556dc9c7f178538bd68a865dd1efa80a322d4230d5af9a99cceb3b3649b39795

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da7841b7c430c74f65d9a3d32d7a3ae1

SHA1
4394e72146ea4c432705f72ce0b5074d5ad3392c

SHA256
6b41334920435762f409d2e3803cb9b14da90112d116e21c3de5dec66e677fb9

SHA512
52b229de92d857f4acf2e85b331bbf6ba528f6bccb559d4b48bb196920569ddd4393a68c0991ea48ed12323210e6962c75cff53d1cc6d9fa1806eb83bc83c083

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
166597923d4349b64a4b76c2457ad1d4

SHA1
2a7be498e68aa715fdec3efb4e9e72c240b57e37

SHA256
4e8ea88102c23efaf27bd53eead7ea8a5d07dcf635dadeb61f154b0a43123ffe

SHA512
9fcc945559ae90380955cd102d082fa2b71a1e0fdc978d560e90cb103032ca61913397ca3b255885fa494381c9ea1b0bb1d28b23633bd7b042654865e2b1c9c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5db5aaa81350460279df861cf420472c

SHA1
5aa25f592923d0c4616628633d31a98c64259ec6

SHA256
2ad5640538d8de160f15ddbef7bd5911226eb0d5773f7ce0ca39d9bca034bd8e

SHA512
e812a2f7f1dddcd1daf9bd08a6e596bb016f6bd845e92ecbae6e03dd5b0c92fc686ae935c1c3f3985388a2416b776607eb2ec99b415fe52957ec558bff6ac895

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff2afa0aadc63e790bad5153266f5b01

SHA1
5f25e7d99f8823cd7d3a59cabfb490602eff8409

SHA256
8562df519505400468de9030fe3ef17316e72a3354e2dbad3a667b8df398ea73

SHA512
d010acfabb4b45e7191c5997782b44eb68f090bac7eeac597ca448e69d4cdab265a89caea1ec7534f01020c8d83217e1ae1cc813865b5fa289e684f344051e21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e0bee3b84b2a47175b11e3198a8e4f12

SHA1
3d2a7d2c13187b639099295a7142682053b922e8

SHA256
c9d89c782039d84ee67c21f09eef4f2d42f2828baa1f8d7f70021b7492f2d968

SHA512
843ea16f35f01e9f8cc21580b0bc4d8a738740b43ac3ac3f4dcb1a8816a6edcbc56b23ceb0c39d1ad6f7748c255bde02fb821c566d05a0dc8015742dea6086ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b5ba468dce1a9cbf6385b8a9e4a6ddff

SHA1
b0e19441ea3117cfeca2ac3e84dd282348b52c59

SHA256
cd77ec6cbc8928ed9037af0f5cc3ee849a2f6fc34531bdc2ff0b7179968dfaaf

SHA512
e1952d77fa5fa9805e445e48016787864500c12c3226b3a344c70fef6d6ef4fc8522a002f7bfe09a68a18542e87fb97cd67ea6c3feaaaeebdbe4de77753aaebe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd57636fa58575f9785b0313ed68de81

SHA1
6f07fa2e79352e7dc9bbe48171be526723d124df

SHA256
e8ada334e320f18f357754c77f79d28e15bfdabfd635813951442fbc4349264d

SHA512
2a2bfac31fd5b37811743ac486c7eb337c220c56bea5781bfdd2b7d1da7ade9612becdd93f9a880aecfae7d8049990bc8ffe9b6687651c29ca0bb5a015057ad9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar12BD.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit