e8ccc41c6ce4f57700813010ff34a09479c3d35d75558777dba6686b7e469ea6

Analysis

max time kernel
136s
max time network
130s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/03/2024, 13:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b77a0134161426f3ca22095c72c3b9ad.html
Size

8KB
MD5

b77a0134161426f3ca22095c72c3b9ad
SHA1

53b0f3bb4ee0c1080e99c61c2f90d262e86fa147
SHA256

e8ccc41c6ce4f57700813010ff34a09479c3d35d75558777dba6686b7e469ea6
SHA512

606fd86cae4cc51ac29024c2c72ad02355c377a747a16a1acf0abce8fc0fd4c083c755d8f25f5a8a2eaf8ad1155641c115330ef1dd42d87e5926aa93f85fecce
SSDEEP

192:C6q0pSPozcW3R6uNpx8ikiuNphVa6eyS8:xNzpehVa668

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BFC93291-DBBA-11EE-9371-CAFA5A0A62FD} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a700000000002000000000010660000000100002000000018593017d42f79bdf9044b3ee69ac31bb8336bbea8ee6915f6bf9c4bd2d2f566000000000e8000000002000020000000d966acb9835e8ea0220ff762802bc939e3d7b1a09afb3f40d2fdecbe76f0a45390000000f5890e9d582b579781bf8aabb2b9465684717afeed09c0a0676b6edabb9f11f502d5913b32c32ff1d8d8e0fbecc4beeab895a784a719df3163bdc2304600390847774812206e8a249162a088f27a1ff428807cc1d70cf41951023047c22501266bb763c6bec53aba1c4fed780836e42fc750b7e964ec5ed227f02e7d8e0a990f22332f43241722b5618043ff5cc1ef4740000000a8da694dd22157a80000a6255d3261108c3d9477910571e84a7a9d89fe98a123b16e9d293e3c3a01e8e61bf71272f0b8f03b36c0f5a00d0561828a79c7321c25	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 603e82adc76fda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "415892432"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a70000000000200000000001066000000010000200000003216322d535ed748b34d0cca261d4da1f99aeacb8d1f352b192659b157a2c878000000000e80000000020000200000007f55cc780746d2bbe48d9cf82d24626b011dac6efda1d3a090218e19d1664366200000009f63b843c09edaacb3737319407e690c16c4646e493de9b5e68854da172ff4a04000000058c2d815109d2380d621e646ab71ade1e316f280fbfbcb7ced12972578f46c504494c9621c650d192497ce3e5b4cec8513c333ae8ea0e38c391b1c8b885aa8ca	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2512	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2088	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2088	iexplore.exe
2088	iexplore.exe
2512	IEXPLORE.EXE
2512	IEXPLORE.EXE
2512	IEXPLORE.EXE
2512	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2512	2088	iexplore.exe	28
PID 2088 wrote to memory of 2512	2088	iexplore.exe	28
PID 2088 wrote to memory of 2512	2088	iexplore.exe	28
PID 2088 wrote to memory of 2512	2088	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b77a0134161426f3ca22095c72c3b9ad.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2088 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3228edbad9b27c54462e497b9d99eaf4

SHA1
75febade99bcd6e90652fee451eecb9a7ed45e4b

SHA256
010ae40a1a2da64a15c8631f31a0936be4e74fe72d8f42a2278d5ce1c20d2f0f

SHA512
44b55c58c2e431f89a61d13eb09dfd148bbb67e7703902f037b18b2ebcd359dd36bd7b7ad997e54109e880eebe75fa78e0f1ec6230f652ee4b2ddb2fedcf14a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
44f3c825a803832705c66ecd446aec22

SHA1
2358b34d48bb67ae09fc22e40094ad82966c0c98

SHA256
1b69b63f99357d84d0c09da3bc3a38a8dc716d2ba14cf57d645c8627e6ca4842

SHA512
056c9af824d10aef22fe3e70aaeed3a3f6432cab572e36f97c8c21953aeb364346346ff962578926e3c153348a72673075e053eec7473cc2b57a6a2527806518

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
27005575b2f3e0a0374d7fb25d08c1ea

SHA1
ac0092bd62e0eb9d59eeed5a7202aa2cd5456542

SHA256
01d0f92222fb2e7c037e50c4e289c5a9b3b8a1a5d1a62a1e32dba90498b8435d

SHA512
aa9b668ab09c9135e0346a9642e075a27abeb847cd0171f27b19ff96d2db66eca3c258d01bf1b0c62f29588d6e5e6d9f3a23baeb059be876c108e20c0d96b1dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7361c90cb52ab218d45137fb1e06fd83

SHA1
385e499daec576b6bad42624e73ca97883e0a1b1

SHA256
e7dd3260437848fc9c578f4c6236d6ae1cab8067177d3777a7946ee0bbd4e9b7

SHA512
4e870dc9a4bbff6d936773ad848de9cca07ae9185b869bae783803c23e3641624a9d6b33e6d152f8acdb26c46c433c9ce1f0ec2e3b1c519457eda04fab00461b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c151a941c1c6ed808a997dbd8d66aead

SHA1
30c8604713a8f757b8b9ad9c9f106153c8660553

SHA256
c0d7a033da383da245aeb0f79ded4e43932e7d1c5488f739eec033ebbf76ec4d

SHA512
f541d7ee63bc05feac54781ec00a08071bff5f618acea7304c499e8725eb057b1aca92aeaabe744e25e9381c2d3a81ad96f13c04d28d9852c50bbd755cc6a97c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2037b174412f3ab1a0b4a2390e253a0

SHA1
b4ce35c3c8355d65a7ed82aa5b8d450bce72d195

SHA256
9a46a99e0cd6e084bef8071f495d0020206e3d2468534bdfeeffa2fa44a257b2

SHA512
075e203396133a445f8ea08962347c36c535b7a0f1695df519414568486daee2873eac190974d1d42eeabcb92638e94db5193143f4bc6cd2ac9d7165e15bd534

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
365aa7200a81a7da89569a16398ca044

SHA1
30cea0fc1e358bfd01a2c8e201a592de0ad618fb

SHA256
5a00febd46c9755d1cfcb63c39bb374bcc299b16ab2e000861c9bde32e58c5b4

SHA512
77d49af0e3e235ca4a51ef605b40e5e1ab8d437d3aadb3cd0a242100ab98db096aae9c85164f9ffb54a1b768e80b4a9b9e792ee8a9c5c861c4f5183e90826fd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2f8643d4165c1689f2dcac90a450a4f

SHA1
d2505936679377ff127c70c46ae2aaf63cd33e66

SHA256
35aacd29a56ab7d760b90cf0dd90dfcbf3977c2f776ab578d2e5a16cee7e0501

SHA512
a646e227a71fe4cba6b44db196ce1397d21fefcbc0d161765820cfd6c86f72e1fadb9adfaa35a356518bed03cd7e010fbbd30bf4ae693949e6d0138d7a99cadd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c14efd0bcdae59f56f1f65a6f395c5f

SHA1
436ba89c90dcbdaaad88f508d744a210749e19cc

SHA256
c15bb3cb5667fde947144d7915e0417900b8b2fe60f9620c1c9b31cd357bd54f

SHA512
145c3c341e8b94aa20cfc457706730f7b93bcdcef94dfc4cbe6e0a93ebf964c33ef2e070831b36b5a1acea4b36cf01c70ea2b07233fe7b56979c007a49b74d2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
30678ce799565063214d807fa5bc3dda

SHA1
b5a5268dd3f35874926d6aec0bf1b43e8338bf95

SHA256
515dcea7ad2cefa7efea621f8155e94962ac39bfb277e061b0a2c187211f3979

SHA512
33dc5f95df881221459128c9f6ecbfdb061b54f4251bf9a09910e47a51158dd50affb58ac0c0aa002dbfd657dc2c5e9b50bdf1ed502729ebc4dc786ca1e54004

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df08cb89a62c9cd41c23b62bbcc377d7

SHA1
7101ecd642c89d10008783def488d25cd874e6ff

SHA256
89b36ed57cbba9786de5afe65f56d85e228416f41c332c3e8cb4490d2488ffad

SHA512
e2865fd027c2b7a85bc397a66399e64649c28c3e854a062a11900bc43d2a205d832463714284590f88f0ad72a0a0714dfa5e8182dbffb8f29ef49692f7c626f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd22f0b6baa40ec469362b7342516d8d

SHA1
8ed1c5c413bd3a9bcd8ebcca66bec6992bb33111

SHA256
3513752e599c68e5db8c65d913dd8036118eb1b4efdef906a665d810a312b93e

SHA512
574ccf5d4d4eb1b82e9d73f01323e0b69bcbbd161cac9387e5e0f275e7c003987b18f11699a4d51892fd7db89858a4fd1361535929f1f4c090a001c79d9dcdc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7d9f4af58f727636955aafb3c0c47cd

SHA1
533d56801fb35d5ecdad31292f9f64b5135c794f

SHA256
de7ca84addeca4ce0896038bd084d74eab514e51ca18f68153f1e937a70da6ab

SHA512
4155b4dbe40d152248379fc2fd71f0fee8330af91aaecdd50c50db949889dadf13b82e91a1005a4e45382d56329fb10dc2a429ccb05439f92ca1b057827af644

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1d762342d7446d602d8a5b711789ce0

SHA1
1f5aa4930a67856d5ab96d5403279adb097796d0

SHA256
18b6b951f2745092efbf57c645b981b05b60170b557dda7d4a0a363374251b51

SHA512
f16b069d47cbcd498a3f469706b0712a66f14e72739eeba462caca0cd0b9bb1b58c5937a72e53c5a872b12ee1bb9c0fd83b09e59eb8df7b2526abb9e14a5de07

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCF24.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD063.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit