3181edc953afe4b912e752b806c2b35461608c379f2cbc175e9da65d35bfd6c0

Analysis

max time kernel
140s
max time network
141s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
06/03/2024, 21:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b846a1c0480d6cc3d734464c1b756d25.html
Size

141KB
MD5

b846a1c0480d6cc3d734464c1b756d25
SHA1

2eab3df7330f9d05b56cefef52239fb6c7526306
SHA256

3181edc953afe4b912e752b806c2b35461608c379f2cbc175e9da65d35bfd6c0
SHA512

0f9601879a0d38eb9ffc5721d7eaf558e02c09dfc99dee76096c05abc6a0bef7e0aba982fc090aad09606610c793bdec8c52c06976a1d9b448423208ff80ab8a
SSDEEP

1536:S326O1dD2NL3e3f/bVgtHtVg7k9bCewnAOaZbRuR:S326Ofi3C/b97wGnAOaZbRuR

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "415923580"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4572BCC1-DC03-11EE-A41C-62A1B34EBED1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2372	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2372	iexplore.exe
2372	iexplore.exe
1204	IEXPLORE.EXE
1204	IEXPLORE.EXE
1204	IEXPLORE.EXE
1204	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 1204	2372	iexplore.exe	28
PID 2372 wrote to memory of 1204	2372	iexplore.exe	28
PID 2372 wrote to memory of 1204	2372	iexplore.exe	28
PID 2372 wrote to memory of 1204	2372	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b846a1c0480d6cc3d734464c1b756d25.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2372 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5d9ebed0a058867cafcf33a9a52139ff

SHA1
397ff83fda80535635e5d62b78ee0b86378833d6

SHA256
23bb22f2a84480cd2ac3a4aaa340ba2a53cc5c4adc4003fb06e9a0341d026b93

SHA512
5a4eb728cd0e527ad468047c697c7906acf1994af48aee12ec7a252908221eae2eb658a994e2485a4cfc2324bf38605e0c116b42147610c7490f3d3c2de4a78e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
899c9218c79bafe80911e31046b90dba

SHA1
5f335d506c29881d563864e86fd7f66a5648a374

SHA256
d3a206aea6c7d002a65221243ef95b6d911f99f37bae2f6fd89db7b60fd835d9

SHA512
760234e118817544dca20ffbf8e0d5dc7fc484fd87664c41653db96a2ce90b2d93e40fc86927b8bb7b4c16d789e63fd696af963018e7f9e93a3e08a1cfb41dbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
336ddf0364cc9d7001e0b04a39977185

SHA1
7695662c35754fa3fded583ada3332da2c046a68

SHA256
ccae30b95e7ddf7b584038e808ce0eace2ff83964a8f994434c4d38a315367e6

SHA512
5c54719602c122e07511b19304afcae7655076414e599f0e09238d009b0cb7e824e6a0bb3ebb16c623cd07e8345027e5b5198acca101c893e353ff7ecfe0993a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a473d4a9996b611bc4a5ffc4cd0f21c9

SHA1
c85b79301f269bf6cfc4bc3d4a584195e9261b36

SHA256
647171a47d92bdcc00a4b1d7997b6421bab37140a9a5db6379e480ab3829cda0

SHA512
d52a5087477a693a89dee07a0936e28e9841a0bc47f76d47a0b75431606279ea5a552f7606c6484de213a6da49aee7647345a4a1dbab3fc05e99ac0bc4d84c40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
28af5f07c8ee9c1ba3b5bc55199064d2

SHA1
dbeb7aa87b040706e96371d79fa7ea785f3338c0

SHA256
10642476e97d31c2ea0066c3c58009397f8ca17607b0618a65a07a649a53ea8c

SHA512
64eba369783c58dea4d675bf8ab736969dcf9331c6138e07927f1291ac113444ab3cc1756b07900a526aac8aaeb9c21b669effbe9df552b0de2bc5d36bbab84a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b3cae3d7eec35b470645f8d033fb4b24

SHA1
131575d2a73d492c3c524f759c66051a87312b42

SHA256
8adbe9c299e40da5c69fbd770ef66def145942fc76284770f8192d4f6ac9758f

SHA512
70850e8e78878984ff899dbc6c56af6b1ccd0e4cd0bce554b444dff86f1badb9e3c73df554fab37a3ea43ae58a9928944a7bccdf632de56fe30076f53c7911ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c47305be456e6493f4fc9fb2941bf734

SHA1
1d2f4abbfd96efb2afdeb298019d03ceb2acc23e

SHA256
1973f3e7384fc198c95cfaf080b2a9bfd2eff0a2fa29f419b1bcd57a5fdf99b1

SHA512
9d2da6ef9e5131cfca87cb84a898bcf8023d02bd2913ab186e915e4b8976ba1005fb51470ea9051e85cbbaeecdc868597ec8cb19829a6cae33b1b35207fc3221

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6b9452144fca83287546e8b722e4e4e

SHA1
99b8438832fdf2818eb98d12c80e0b296b4e2126

SHA256
334bd8e1f4c6d03cbf0216fba487587ba120cb0ee07d6d91e07e1fbcef5a70a5

SHA512
b22b67d6da76fb52ddde3b4b96816ea9b0ecd3c9b5b03a1eb6177cfae180f55ac5066f2fef604430bbcb1494ccb4a6057d95fad32901656e5c61a9810cba6ec5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c6f077ce1457559cbe690b97a02c1924

SHA1
5942bf3898777e770ba7a114240d942f2f340ff0

SHA256
451d34964ad904d5ed010ed57cf4a098662bc7aa3490329e73298ead72f0b055

SHA512
2dcee054a9a6c0dcc41f0e0fe40c49e41c75f461efb05e4d0296e7d72089eb1a6ac151437fc41f29497cc533168a76bca0fa6e0a475b1df6a69d12d355e354b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1b09887962ad403d31448ad93a2f92e

SHA1
96018259b5d19f058be1bf701e482a5d886c3c6c

SHA256
413d456b8a569a2994a74139c28c0313da6661e5f504fb8c6f45df2e3d9788af

SHA512
416bc0414270e7b0deca4eb2fb942081969fc82548db01917a012d014ebeeb07e317329f5a15992cfde335f0e27e26ee5b9267d65803ae99b567b8ddef9c02a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3589eb4a9851e6073ac0293cff502a59

SHA1
ba1448a08ed9bd73a3712376e91d2dcced4561e9

SHA256
0f8074c6216908e59048313709c732ee7d62d9f29bc279c9313979b4e5fa4be4

SHA512
3c2fc64d7324f7002a422924b6adbdf2a56bbe5d60381a5e3c6a1f884bd11aac485500f99ac55294fe6572061291ac15984cbc628dc4ef9c7dce4f69ba5707a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\673IEUYT\cb=gapi[1].js

Filesize
133KB

MD5
c8be3350843695958a33474aeb3ea8f1

SHA1
ad92694d9b189ee479c1be438636e39247b216af

SHA256
22494eb4f5fc2ef8c229b9df2e171990687e4837282655145cca0fa302af1278

SHA512
54ba5d4076fe9fe4c4ac22f45cd7d2ebb4e8027d8b8f82580436dccbcd60fa2adbb948ff1234d9912c663bf1fb33ac834007850f5a3f2abfb96a7a4feb110bc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\plusone[1].js

Filesize
56KB

MD5
b9dd4bc0c774f6e47fc7f6f84318d3bd

SHA1
71e659af69facf4538bde88422c6ac7574c3bb5c

SHA256
e0f79422a5e14ac8ca345540ab58da18651216e375c4fe02143496bd9dc046dd

SHA512
419b21dd145dab3ab4b543c87fad7fed6281c2300ac7f1cfef1119703e5ee97930f1c07353b2a1274d4879b481bb673ce3566306c9b0b91b1e573ee43486b342

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab230D.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab246C.tmp

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar233F.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2481.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit