d6b38f74bf44f355093975a4ed69803b4156469bcbecde34142b80c002fcaed9

Analysis

max time kernel
121s
max time network
131s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/03/2024, 09:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b72103ef245e7136d58ff1837ce7fd77.html
Size

152KB
MD5

b72103ef245e7136d58ff1837ce7fd77
SHA1

afba7f5f0a576e3bf3b9dda9b00791ca1c48b50a
SHA256

d6b38f74bf44f355093975a4ed69803b4156469bcbecde34142b80c002fcaed9
SHA512

184ca60aa16a03b8f0dce46497c179057a8ba8c163846b46b3fb4054803acae9a10b01097f396bb92b0d95e532b5dbd79b24171ac5c8fa72306bb720fe503ee6
SSDEEP

3072:79yfkMY+BES09JXAnyrZalZEI+YKhR3Z7Wcj:7IsMYod+X30ZEI+Yukcj

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e0000000002000000000010660000000100002000000086e90aac184ad2522a8e1c8a46017ee1a2b3835e8a872f9722f6ba61e275a053000000000e8000000002000020000000016f012e3a2877d711a9ccf360edda8d87b1a2bdc2a32ea908d5d76610dc7bd52000000033c4e71bb344d4bcc07068feed80daa60b72ba083d52d58122dc498fc2f4f97c40000000295b0b390b1ac9e71024e2558cfa263f3a1f75f6ce0e13b20885156fb65087ec0094c2ef186b1933ebb077d0f773719ad33f5d4bbb557f2b6c8fba3e0abd590a	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e0000000002000000000010660000000100002000000010aadd3f49e3cfb5b72ed3977a96a862903fa479e120e6cf26654ac9eaa7c65d000000000e800000000200002000000027ed8cd12fe5ae62f0d14058c4641aed9445c51b71924b3545f2cb00c0cb13ec90000000ec24b12b1166f6b950961fcff6214fe2b28c4dc92c1b20cca086c5c879327170b152572d0974713eec2e1a6899dc809e86360c54ac198e78f6aeec9ece742c8669e555b4dfc33cd3c4c54271b47a86936825b8df020acc05b19fa70052e42c3838b392248a424e3ec740f71ed53cf5fa9349330ce2013e9a78743e113072510791f8f01cd720f57e252756011f87821b40000000404aa27a283e1f3cd2c20e963a4bc8af3f736378fee72a67a1db3939a1b9edd9c344f51c2a4f25f1fc769ece02661a71c0f116aa4e692ee0da6559b759e53cbc	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9040831dac6fda01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "415880637"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{48DA8EB1-DB9F-11EE-A34E-5E73522EB9B5} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2012	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2012	iexplore.exe
2012	iexplore.exe
2928	IEXPLORE.EXE
2928	IEXPLORE.EXE
2928	IEXPLORE.EXE
2928	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 2928	2012	iexplore.exe	28
PID 2012 wrote to memory of 2928	2012	iexplore.exe	28
PID 2012 wrote to memory of 2928	2012	iexplore.exe	28
PID 2012 wrote to memory of 2928	2012	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b72103ef245e7136d58ff1837ce7fd77.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
91dce806388b9f4fa76187a129bf4550

SHA1
58317597286c5b37d501c451870b005276ed7cc4

SHA256
98bfbe8ab056f71a4589dfb8a26bf01dbbc9c6ec0b7e1f5a676ebff9b314d73d

SHA512
dcfd619cee4d6e76f9ea44d4c20ae3d9880613dae2ca9cad29f77d0cd7d3ea4bc3f09d41853fcdb26874f40828f4325b3e2b782e50cd12faeb501d24233350b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e0e06f03d83b2824fde0212baa58677

SHA1
b834ad53159b333bd07d2384d446d8cc3386c3b9

SHA256
d21a9ccc6203f3985b5526f9b8735c46b92271d7cdbd7c56a9868349ed652a50

SHA512
9192fe65eed6f6e0ea8f3f2d3d2fd219309487bd6f94a382334b328296e41cbe7c6d03e928db45cc7e83fcb197ae2de98766768e0e524046ab3f3386abd64e33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c985f0b62a2d0c9dd97e8a05c44e201

SHA1
cf36088d2f524c97725c608167b6759564fc8dd3

SHA256
4d8ba6bd8fdc39b568f033b2850830fcc1eb20aa4aa9545923cab59cdfa79d80

SHA512
d0d5816ad0827d5b128f32151d6b8081ff48c6883c1c32728fbe5e30e515ce1f859b168f646cd5882cd0bb2bbb68e17997d19fa947c43297f5cdb591e37f795b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
43bff16ea846cf630715011d4f53fcec

SHA1
71a5874297531b996a83bf3325c6ad7b904d54ec

SHA256
35569baa6dab5339905f9032ab00b884d32609839150758924c7390e9418be3f

SHA512
46b91ea7014d54a4a0dad91b449637f072a97088e5932d314969f8d4f2a3a72250576d77c47d710e59c69e5898ad94bcdc4f834fb3a4d5e2f8b745aa66ea9188

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eabfbfd9aa8a4bceaa0eba35af7363ef

SHA1
04fa7b83a8e685f821254fee52a6e638500d86f8

SHA256
cbf66774634acc6aa840238730be953b84fdfe1f93e7fd5c811a0f23cb08b6ce

SHA512
a5c6131839a215139afa5124971fe80528ff76321a3be443fb78a54c81853169f7dc76c0d689cbadb0e446dc1e66d9096defe5cab0607b929759e67fc433a81e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
250eb5f85fb7afaa6d87ee058492b162

SHA1
18a93b68afb6b0c8a99dd207e49a74b1a4b21c9b

SHA256
ef5454db3759697da0266c3ff7737f595c0e1fba71a8dcee68eb9a76e74d38d8

SHA512
97ad627751ffe508425c4b48270f15e4a42f31bd491bf12c9a0bd65d4bfd8568348f3326c97480a63b2dbed667b847f872f6c7843b14f974220fce61fbb9224b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6aac27202cf584ca7b858084a6b3a175

SHA1
074b15deb3f8a3f836ca8fdd4c9edd2cd787a742

SHA256
38b2b67d9e881e8b2311ff8aad8973b2ce949950ad17171a335b7e4bf5e047aa

SHA512
a799758308c5c8461c8a12a258443fa3b651485be50b28afc45cc3be2cca409421f28cd1fc8ea638c4111e7bcaadf5d90c0fe477aa0b07d85612ec04d6c8a008

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f8cea9bad78c494a63fcc01b71aa50ab

SHA1
a304dcae3f77713baab42f5890fdbc535386f47d

SHA256
82ad6571092e5c47a45d1b38ce7a2a0c9941f9a774919f276f7cdf81c4725567

SHA512
433edf1d3c0055090b023ff95eb3881ead931b4dd9e697747392153a3656d4ac022c64e9a56b57c4417d5efdadffb72bde7658d75162214194c34326fa963269

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7fd7aa6186d585f29a134070d6f0a9a3

SHA1
097bbc310fbf23ee1d6b25c8331bf706efc7ef5a

SHA256
588b4c0cc3606435364aa9d74ce309efbebfec5ff6e710b62acfece97d80d9fa

SHA512
49636593239b7371677fe1c88ba0885b5c9deecb400f50b478c7272f5883e90dbd24394cc7af666e6351b1f567ca2108439586cbfe896a1d49e5a6ec7679da6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
67abe827fca71a31b1afcba06768fbca

SHA1
254a7edab5cf7267a48468c8911a5b7251c21ef5

SHA256
ad0088a58849bfe22ae758e4fffa90b76056c9d13a0c1f5e5a5e959dc0ade3ec

SHA512
39f722531739d1147f16ac1df89e45433cf8709936ad3243062f2d039f5d1c372062389aa01c929d87ba26c848456d5267da2a6bce3dfe9525784196724c5f20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24e220c91ab0777cc44f74dd25261e62

SHA1
8773807f064b71356dbb13687fe627a1914c33c0

SHA256
cd1ad0db5867a616f25d5ff350a3bee9de47df859e4045a5872aa8ea4f9120f9

SHA512
92c9a0c55a652a87e5cbfc2c99158a447e74dc071403d5e7d7deaac9af3a13aa1b18a2785c3ce4be21ab3697d6b934b37fb7b0a42d0e522132c5fe3fa3646c24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f12a947ccdda0139356fc90ed90e9d72

SHA1
ea988696ef6dac1a771604fe716905f67f347ea4

SHA256
fd46e0b98f7fe2cc2b6bff92e7ad3fd58a7bc89ec3d8fb5412787d9375944dd3

SHA512
d4112ac5a5b0d72141eab29fa20d63197af4b2afbc9eadafd515113e6ff5f6ce8357f21e28fe13719e1f68935e2a84133e985febdbf28d24969d9dafb879d37d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
758fdf2b69153be1951dae4e3436330a

SHA1
758db5f621b8d34959ca78f9e3c4752c627369a8

SHA256
17f3a3f4a728e988d1902de3898a7d113b9a15e5c3c96cb919029614947becc2

SHA512
0b2c60c7a763ff94a9bff52109531536aeb02d236971c1b6367516376786a361a569ecf7183ea3e22ee2cb3cbede1d81d2f28ff7cd60a243cfe35da1b5de8bf9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4dd187ee8d07c0387e48b01838ca41dc

SHA1
9c9d8311c0797929f724af174c0b240a2f1767a8

SHA256
3a69d80ed1d4165113db0f8299be9dc24e95e0915849ecf5c94f2e96e0c00baa

SHA512
67a49953ca838dd9434a1eecae28624e2cff0662b079a3a80e74d5d293a442f073f8b974b38f519281361ecaca78de05bc839111cbbed48e51e2417dfabeb576

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab457B.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar47F3.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit