17d395ffbff98d5f682ac668b311469cd102cd5368e9e678eca0ca0ff46a2aae

Analysis

max time kernel
119s
max time network
135s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 19:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b582589eaece6b0b6e2f7ff2966d93cf.html
Size

2KB
MD5

b582589eaece6b0b6e2f7ff2966d93cf
SHA1

a345782aeaf37af0415fcaabc72f49af9f2574dc
SHA256

17d395ffbff98d5f682ac668b311469cd102cd5368e9e678eca0ca0ff46a2aae
SHA512

89908016ee047ac59a39ccbda7d0b5e89015c3151055c765ff270ba1c613f20f6b36991127d9792ceceb583bbd41a7e937a714017bdb0869c7269af9af69a777

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000c12c25e2ddfb54dbf19c8710c230677000000000200000000001066000000010000200000002f90cc5a39f09580e088804ad71734f06b9711857669f734658bd685cbbb21e8000000000e800000000200002000000077b13ef5ab74bdfe4fea7eac467a866dfb34e960f2204191afaf8e32d464c85020000000ec7e514dcef0b8f74329d59cd67893dfdd4a2c05f2a1e7336c878a3a1665a92340000000f75ad219c60e1c805f59a82f02e40c1ef37ba153e4443d3e3f007fc59c27ada07d6e01cf64979f63f04a60a2d55ba03218c56a05b6fe4eb093a9adef35494882	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000c12c25e2ddfb54dbf19c8710c2306770000000002000000000010660000000100002000000009191bfa7afe93472fa5c8ddf911bdac2b48fb68fe3b64d7fcbd216cd2aa5476000000000e8000000002000020000000a7d62032d35a444ed41f907c3b4a469282acc845415a9bb3b27bd83ff1c31072900000005abf2b6384e46fc792ba3bcd07aea37def0386f3e3e4211661ac88b0611d5f36c36e4e6f71ebcbe9db64bb7762d630f6cfcc1e1dd86f27489a1f312c3a18fd5a910580608bea1ba673fc590d3cf486e6737cbcafea988d40c303bdfdbc2639fd47a80bf8e3d4f3368427a06a016f0dc9bed770592440bd5d5181e4d1d16b3cc3d1ea55ccb55be9c27e0a941b9fccf93040000000f4125e851af00cd1cea2faf896b08e3a14e29e3f4132b45d40d9ac8bddac7f0b950693b2ed5918d80664c05464141792a7b1ad6dc68f7ae19ea3c411dd45efd0	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "415829429"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0EF61881-DB28-11EE-B7CB-E61A8C993A67} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30cd07e4346fda01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2220	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2220	iexplore.exe
2220	iexplore.exe
2920	IEXPLORE.EXE
2920	IEXPLORE.EXE
2920	IEXPLORE.EXE
2920	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2920	2220	iexplore.exe	28
PID 2220 wrote to memory of 2920	2220	iexplore.exe	28
PID 2220 wrote to memory of 2920	2220	iexplore.exe	28
PID 2220 wrote to memory of 2920	2220	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b582589eaece6b0b6e2f7ff2966d93cf.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b337522f28fec20c7ba0b29911456dff

SHA1
2fea5c1462ae8a48e634aa24f1efc75e3bc3e5d1

SHA256
d81a828a9bbbb56a60f4bbe8c13b16ed6cd0a3fc9216c6e1c6a9f4aabc2cb8ab

SHA512
64709e6f884d39c6cce8ff7230ba5bf0b4798bcc79fa800db5d1591ea4be6786539c207171a4393c838a694c6d858401bd006e8fd84c131f204f5dca241693f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c6e2cfd8c5359010f9b1f615b3f4c5b5

SHA1
9c92b4b2104fc70fb93ca51d9913f573cf1edf23

SHA256
d8117fb6bf90dab75da715c9bd81e90cc6fb1c7ac512019e9a0e4c0e364a03d4

SHA512
7b5749c61156b582c25534680e773709eed3debbcde3530829c6c2ebce51de22d3dae7495fa9b45e2374d5becc764283a35dedbda14beb11945ebc31db9a34f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eaf661ea8e952c893d2bd63628e4d7fe

SHA1
d6ddedcfbb442c41829c0ad3baf19fe43183f790

SHA256
f2f870810daa80a447904701c3d65a0ce4eabf2d3dc4a450afdc102aede222a7

SHA512
a388779c636cb292db309f94546065a86b089db40f8b4fee879a46a0b86912e9a7f8a3db79a3da35cb063c4b1fb66776192d2ead1fa94c71dce47ba65c0588b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c256ac6751e2a9329e154938638c09c

SHA1
caf9ef016c52a910c2b83570601820f2a198464d

SHA256
a1e35c6db30e9798b11fe2bc2c49ae4cbf33f67856e56ddc267603e80a030f2f

SHA512
fbdca39cd7e109aee7b7ab29eb5f889c3cb44c850d6e5a7f5f110b1244565260b070fdb28bd2be4a9fb1e3cb9436778b9319de1ff80e9ec2f28e09dc146edbb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52b79d8377ea800d494863a1b8e009fa

SHA1
93467292a5772b6ea9c2963e64d46f308c43eda9

SHA256
ebfd819740e5ba497c04fcbfe9b241cd6fe360c1906f50fd70b3cb6d7f150b6e

SHA512
d9c39021f574fc484da475b995125d4d969df9608e3d5a77429a9d067f4bc1b464f8ffd24a3cb58d0c6983d9178e27ff96c564f0af3d0858fc23a09a8b72461f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b429f407ed17dfb0f9ea56876149a961

SHA1
38c38d5ad9c38a4daec14416d733513ebe3718e8

SHA256
49503d835fd3f4c13ae2e2af7a5f488f1db7b46a4355a9211735abaf1d751a19

SHA512
7037e5dfa93916d38ca3d85e8482bfbc623f63abc4be5fc32ed83f81e1a1361feb59443e52a4a44f4992046b933939bdc7beed6f8b0c21bc0efe468d8660f9fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6e6831f31253a7341c6a7d08bd88a03c

SHA1
4efec529cf8596c29243c4faa20c8740fe492762

SHA256
2f652bbfcb89be2c281e9da3c6674eaa6b136f7ca8b02c8db08999f56f8fcf79

SHA512
5a62398e0c5bd9e4c132cb009ecd34cada691a113b681aaf06ebc206b2ad9dcfdff1247789ece09870f1ed901ee24401f424ebbef858703bd45b749bcb41844c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db9b4cf6bab1b35b72d5047817047744

SHA1
fb5f787b5a62cc5551ef94f3449fd86b37d54a52

SHA256
d0abba9b10ba04c3cd58e293ea506b524597f13210fe896d00915d2533b4d812

SHA512
6377dcac698709101f4e8f54bcf700e7eb5684224857fe36e0609576142383aa611df7aa5c04ec9429ba58804af26fa066e24f0a263fb7328fe02c859d60a824

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2b53b16da820d0194179b895b4e24fa

SHA1
d2aeaf6d858c1330fec88647e43e61e1dd77fe9e

SHA256
3dd582c813cb8b63669cac13d903cbe693a1489e17a3d5b2a5ee4206b591365e

SHA512
819387ecb5edf724d66f1ca4c7efa26ce952e6abb9590c8356e919318f0f0582a47f689aaa93807c3922c3f21770633a7bf4983c542245d42682196c7f15e549

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f8470f9fa1961407c02e5af18278f9f

SHA1
1c53dfeccd2c53ecd136ab1883cfaa94afc12bcb

SHA256
585bb423e43594d22210c96b633d149c81314544768f350c95c19d64d77a86e8

SHA512
fe7cbdc6a68de28dbbd046a731d5c08f02cb481b6c5d5df9b1696c0fec68f98dd6ef801c9216c8f16eddebf822359b88ad16a33bab0bb28794c6ce934ee7c582

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2580d28d1e33875c6211aa8c44c5475

SHA1
87ad2883ab5f4a6f215c8a32e7fc2e75301bf9f9

SHA256
6704a344a074859f998f13dc102af003974ab58cb72f66fb3e3761df53389ac6

SHA512
a5130c700830e6d89689a4612ca9782c035f1a3cd9aee03651df9d3141a80a0f0efea41c3e5d54e7c3e49dfa1e85f0608a227b2b45b1b666997115f8ef41e041

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a6ee2f72ac4ccfe3b30f915631cf408

SHA1
1e59d9990afb342718df53feb0ee739513032bc1

SHA256
06dc4fe3652b5678423cf106f04443d347bb7a6f8127a8cb7336ad53e0bb5c39

SHA512
d0ff080dfa3b8a00fe76add6ef53da328333078ef0bba81118236282d4bcdbdd6976b7fccbe9f79d9afdb5823c7d54077421bbe936bdde6b404272792e51a9d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3a1c924f2c704bfaf9096321eff45db

SHA1
9ccd4d9cc7be494f780b4f74bc4326c7f4f9c921

SHA256
c6a2e1e8b88c5ca71083746b4e327a9e2c8d34f29fab02001e7a2bba36dfcfd8

SHA512
0b703769f21877d66e239bb85c283e8af53eeb9780910e01d4e3f93dd379af053d2da360bd49db700426a2feaa233e278cae1b6c18335aaebe372db5b7811c2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
de5e664356d51aa09a3cd5c0176c924c

SHA1
80d389ef552b58b2c519e4d833a899765aa74f48

SHA256
92a4f3a7ae26f3314e6759f531af22b8717482fcc86f4d143d640d755b23405e

SHA512
72fe44431c1c7a67f95c8539707b9f79903196f116cd06a9f42c194af7f5e3c2a91143216f1ecd5395d593e5f591f468107018acab978e491d98c01711843775

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
163ec4fef6ce70fe494dd8e3611cf051

SHA1
e95afe75ea536c589e679c8cada4a07446153566

SHA256
bfe9da9ba164a585b8f471bde46f3de1d26117dafdf0c96ba27802e0e3b62a2c

SHA512
37332e46cc7e400901a5c08d4d6a76dee95571ee4d0e33cb9b427f92ba1535ea08c7e88be6cc194748e2dc2c9f1944ef9a18c2f8cf8e79bf077a7a6b05e723da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e172a7c9ef825966b83fe2dec47178dd

SHA1
c7d8cb3473120b584887b894ac7725ba9f639084

SHA256
95deccfcf0d79e3df9fd39df962b792397e9bcb684dbb7c2f2828858c9765b07

SHA512
ab0c365113af2b8562f077d162b6c01429da3db6120b529517fe1f52fe7bc7c022c04faec5da07630b3ec6364656fae8812fbd3c6dc0fd2c0b967ecd5868f7b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7023.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar76C0.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit