aa95b1593151c2c580c16c57e379556b184940fe8d4209984ceacecbb66ade2f

Analysis

max time kernel
138s
max time network
144s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/03/2024, 09:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b70b555d552ba7a6369e7c0a286854c7.html
Size

3.5MB
MD5

b70b555d552ba7a6369e7c0a286854c7
SHA1

aa192296a1003469742b876e5178a7e70884593d
SHA256

aa95b1593151c2c580c16c57e379556b184940fe8d4209984ceacecbb66ade2f
SHA512

2bf22775f97426b4651c6ed98b6de3e4a00f0299f73ff4d0aed2111cbdcebb83ac51c93d025ed7a382c3b9b48754d6e0a789beb5337feee4c30c0c0a85d10965
SSDEEP

12288:jLZhBE6ffVfitmg11tmg1P16bf7axluxOT6NAW:jvQjte4tT62W

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d94d2d3723739f48802cd6414eea5c7e000000000200000000001066000000010000200000005e7a084556144f3870ee7e6144e62c38d9424bda5457615390515272d8ae0dfc000000000e80000000020000200000006557740948b76bf7c9049f32c7a833dbd01291942cf48efbd5f15e17bb299b08900000004e7d0a1f1b93692619b68a31c670cc7f8780471cee79984e0fa9ec42d4535a8dba25e8a60cd8627a4dd44c4e250252190887f625ec955d7855ee07a2d28f72aa955600ead3af8e75763fd2792f89740498d9a23ed51b1f95963e6ec693d8213713bcd7f5b529d841ea501618de667387fd9be174e52ee6c41c9e3e3720ba2eedab200e0ecf553d697065e6edf80a68f4400000001e01651ac2ccefe903b847c5da5b6d8f517508b9b4553c30569582e3e40e3c3e2e8de28e664bcb094718424344ac682173fd86a8cb0501817c262b74cb664524	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d94d2d3723739f48802cd6414eea5c7e000000000200000000001066000000010000200000009149edbfbbd2be199a175b7a8f6cad0e9cdd808cab8d4792f27923b81007a5c7000000000e8000000002000020000000ecd12fd37ce34b12019b48331a802623aa82e0ec8f09db0f6cf913a30da8e7b320000000b7637199eff9af8a228a37825438457a9585ed8adf32cb3b6f3079f0e8177d434000000090871a2b37ea74c6bb9213e374e4ecd1a2e8d2f64f327b7eef169bff5803b52d1c676a82edfba4094e76ef673c710e3865b807c6401431c580118ef59763a5a6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D0831EB1-DB98-11EE-866F-4AADDC6219DF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "415877862"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 006e39ada56fda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2200	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2200	iexplore.exe
2200	iexplore.exe
1808	IEXPLORE.EXE
1808	IEXPLORE.EXE
1808	IEXPLORE.EXE
1808	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 1808	2200	iexplore.exe	28
PID 2200 wrote to memory of 1808	2200	iexplore.exe	28
PID 2200 wrote to memory of 1808	2200	iexplore.exe	28
PID 2200 wrote to memory of 1808	2200	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b70b555d552ba7a6369e7c0a286854c7.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2200 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f70ba74a26971202840c14ac3dbc5a15

SHA1
ac2454e4c7bff3ffa4ee3c10e24cf6e0c5d32dec

SHA256
f35c107ab8cd14fe469f663fc8b223806a6c80f2e4eb8ccd5b8cd471cc89bb97

SHA512
2106c131b5f360952ec4340a239de9aeb08266b8d56db8ed17a15b599d60f19f6fa6aa529f206594340ca0ebbe8c2cc6d31ea08b6ff888c7637339864b790a5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
7fc76569575e59f5b5f1598caf6a273c

SHA1
45931f621a4b584923565f1e1c5a2faf62d7fd38

SHA256
a6e0940b2cccb688379c9d046a432ca1e68daba47c52d286d6a02b99781d2128

SHA512
1a50c84f8a6650949050ba51c182e986ebe01f4e414ef331412b182166cc96e5b7e18338ed1c954d45f29cdf6cde150eaccc72e2f45ac6626007d1019e088591

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
e1080ca31401f6875e28fa7bae41e264

SHA1
50c0af5e06059b11dd6945ac0db42c73c3731ac2

SHA256
32a08725610cd59a797d8abb4699bd1d333a40c667a75e3f05d54a67463cfda9

SHA512
4e6ea0958a6ee4ec53ad8fa5f118550664cc4f0915b8f854bf49e9242a61e9078d85c6c54595c9fb19efd94f2b1ff920a1f6dae0d95562336d4a82a98c664b66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
192d3581439c9d5edd2824e35cfcfd36

SHA1
0d7ca113544365cf057d91e965eaaa0d6affefb2

SHA256
f1d752472a8a131f31d051f69142b8a72989f4b62ea0823bb9f6be854ca41dfd

SHA512
5b24a9c9401b5ce404a444e79b1301869b4342ef953983149ef987c41ecd09c736404232783a87bcb38074202364fbec7fed5da0490392b878e789f8e9cc545f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
46603f130b634fc2145fe69fd927796d

SHA1
2b87965095942968b7e61f02505f260b73e7dbce

SHA256
dc213367159c393c8fedc39d2d7ecfb6849f3d7ac17bf16d9865b0974a22a5c6

SHA512
9ee8c480bfdd752b7e8566662f3285fd9807101d6418774d064d1fe6fdbeb05447342435d3ee7c1c39f71847b85666b02b190abf9a3f90b827fb98a954d8cb3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
35a88f2053570448a10a57a6ca5cb41b

SHA1
3abfa6f0c24b8d17f30fb431ab7d1f25a1aafcfa

SHA256
2505f1d0ba63a095960a27edaac526c69a055840feeb1a42f0516f2cab547d23

SHA512
7ab9a7bfb44f6ffdd5185428002ea9a67957ca2fe59a8de82be037da5d731604ce64fccde2b02942eb00a6f9eed169b7d84fe8d2b0e9724e09f97e014ce68dc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
77f1e0f93275613de7d0d2ec76cfafa4

SHA1
f73a90a41e5de9e22915d86047b064926670244c

SHA256
dfe3af9e5507ecd862e63ea43546df942deb5f3080ef1610b3d07e7a83f9f813

SHA512
e7295c229c8fd7ba456905e988e5e8b486a03957688ad75dd040ce87d067969b255af3d92d8538a6d7f7387db95d66e7cac16210be5c20f7fae80b4e3bc4acc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
356b5111dfe7f746d41373a3d9c4dd48

SHA1
d21339aada3c6cf136e905db795d385a0474c6c5

SHA256
df130a286f30fd28cdd18e46d7cffb7056503ec3d06658b8123d40e9b00805c9

SHA512
24d3dece850427d5b59bc602ce61baf2919e557e3da779b5ce1dc7810bc9ce5fd015281d3dcc2f0d3446e663b1573624e2defd5200a757b7c57ccaad17ca18cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
1043bde68dd2089b80b0c5876838afe9

SHA1
f8a90e81dcb17a0738e31cb29cb22c37cfde092f

SHA256
dc8eeb7f6419f9f063d5cbd878bdb6b9fbed282dc1f7514612a9783cc489a83a

SHA512
29feeb94e703d522ca6ae4bafb38a8994460f2d194f09e1d0f3ff28a30ec98275222c229b9caeb5297a085e4b7cddc20d78b5fa19afc29880a89e559f759b819

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
0a21dd5b1dc59e67029f33fbbaf69c40

SHA1
1096da1003b7f2fbb5509cd24a08c542a5659d8a

SHA256
5ac0dfe84bb2795376ee9a7b1b6459cdb87d696177ef006e34aa81f6d31a7ca1

SHA512
600ff205324a493b9701c3a6ec6bfed50cc977e5e5182bd4cd0db8e256ed42625f36bb4952b310fa137807d5419df8ebeab4d6e63f450e1e091d6a11c0549fd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b5f67c0c593fb3a77cf13e0c3fa0f761

SHA1
2847fb1322db8264b61d34d9f65cdc71f426c67c

SHA256
ad640eb17e9fafa8a8f1cda2b5566ec67e57bc634cd32b116ff86f0960423b78

SHA512
487b3f04af59569e84ee106d4c57b5371e3656aa54fa4c2b0b9dd150facf9be893c0702a876f7f95fe72f64ec31a16924f70ee45b4fe21812e7598fe57db7390

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75OMIGJ7\jquery-3.1.1.min[1].js

Filesize
84KB

MD5
e071abda8fe61194711cfc2ab99fe104

SHA1
f647a6d37dc4ca055ced3cf64bbc1f490070acba

SHA256
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

SHA512
53a2b560b20551672fbb0e6e72632d4fd1c7e2dd2ecf7337ebaaab179cb8be7c87e9d803ce7765706bc7fcbcf993c34587cd1237de5a279aea19911d69067b65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4HDT8MX\beacon.min[1].js

Filesize
19KB

MD5
dd1d068fdb5fe90b6c05a5b3940e088c

SHA1
0d96f9df8772633a9df4c81cf323a4ef8998ba59

SHA256
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

SHA512
7aea051a8c2195a2ea5ec3d6438f2a4a4052085b370cf4728b056edc58d1f7a70c3f1f85afe82959184869f707c2ac02a964b8d9166122e74ebc423e0a47fa30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CTT6L9LH\jquery.min[1].js

Filesize
83KB

MD5
2f6b11a7e914718e0290410e85366fe9

SHA1
69bb69e25ca7d5ef0935317584e6153f3fd9a88c

SHA256
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

SHA512
0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6B22.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6C63.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit