cd478d0138c78e11be15b7a36f881bc7fddc0357600c36373dd6eea8cfd6b95d

Analysis

max time kernel
119s
max time network
131s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
07/03/2024, 23:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

public/index.html
Size

18KB
MD5

a4b74ff8d31cab6926c91159a9da5d07
SHA1

eed7545ba94e3b12908d5e2a28b82aeac7b5c741
SHA256

ba42b8eda56fc60469a4f3800b876ecaa795c063f62c52227fba7353a5c3b50b
SHA512

9b0fbbfa3aec0442e424ec2f2557b7d5aa3eba31c371a3cef02a4c9c198eaeebca05f853588b2626e25b8c35b2a7fa47e6138370c0cdf76e566820c009d3fce2
SSDEEP

384:vSdsPCdEw0DXOfp7mSvJ4tsPCdEw0DXOfp7mSvJEf4dF1Lt:+YCuxDM7mSh2YCuxDM7mShhp

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416017447"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c600000000020000000000106600000001000020000000f92502b5949c9cdfa97eaec4a2e606e186f09ea36c23a9e0fde783225dd9da0a000000000e8000000002000020000000a739815d6b1b4b5fe359042a7f10e8f44bdadf73716af2bf6b387761dc56e17920000000a7bad343f05bfd352d604122ed5b36e34709bdcb3017d08fcbdd04b6626e4c1d40000000043d825eada0704f613729ccf7b89fbf884c3c53e464a6cf742a95e460599d74435d77ecb4a5041bf31f674423a5a260fd13d9a3a102a80ba8b350e11e2cd61d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D21DB731-DCDD-11EE-A4A3-CE86F81DDAFE} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 505ce5a9ea70da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c600000000020000000000106600000001000020000000e1f3dec24b486f9d24a7ed55d28562838d6bacdcc8a3a6eb9c896a1ac206f764000000000e80000000020000200000005f7fe7070ee297182344206cb4895ec30a1e48191cb8b5bf4a2ed05f1f57059d90000000518bfd42a63df1b7ee73e64450c1eb9d26f1b11ace88d9ee5c922e2a565d1e2be5719b28c6195065b100af249cfa86a7eab55ce4c09a1846b22acde497cd7b0d19d8d5b0f6ec1fad10f88da6b7f810621eb1d8ca22928448802862cb52ea700be282eb7e1cc0765c5591ec4e00a5b0aed56b2d3876c2372a50241ca828ac12c65bea90ef6d85666534ea560c5504fc89400000000c34d330d88f51449da14301ee9cd7889faf5f58097589948e50c15ca15d45fa32da8bf9e7e353b95fd8063927afe27cce67b762a5d944fcbe1a282da9b45172	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1764	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1764	iexplore.exe
1764	iexplore.exe
1988	IEXPLORE.EXE
1988	IEXPLORE.EXE
1988	IEXPLORE.EXE
1988	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1764 wrote to memory of 1988	1764	iexplore.exe	28
PID 1764 wrote to memory of 1988	1764	iexplore.exe	28
PID 1764 wrote to memory of 1988	1764	iexplore.exe	28
PID 1764 wrote to memory of 1988	1764	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\public\index.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1764 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e8335113cad7ddb035d4ccb650065834

SHA1
64d5bc3efd098334955e3bfe62b7a1ef400503ad

SHA256
88a68e76c54ae57826afb354fb52d37401159ff6b565a9daa7f0b73daf2bdaa6

SHA512
c12dff53064317e2e9e927b04b135981207b89f48e2b5fda1b5599d4f5a314e8206c72a6ff4b6d2019457037ffa57c736b0a390e070b9475553656f75644d76e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5eb005a472678ecc4ecfd473dd46702

SHA1
dbcd675e7f37c8a2435d91561e11972e09f6a66e

SHA256
f385bb6e5d389732b5bb4c217d745ca1b62f572d149afef41bbab6dad9eb4933

SHA512
e2b0657cad5e59557e00fe694f404a0e8f9583d8b1d8fa396470b6699b0f385c2024f88e33006a8d1065b825894362b0a641f68493e7d6326b025e3533e7d87d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d8c30a0eee2a83aaa45e2fdae5fa7300

SHA1
4985574697f3f1026ba2e56a69be28d2d1e0372a

SHA256
b2168514b15221c2dfad8d371a3640c18d86e4e3cf19806e6367ae3edff95bf4

SHA512
8c81abf559fd4629157ab92e4891eb8660a3bba75d00f4427aff8c979bb01d00ee568215ba730dcc2ec7ffda284ebdb3fd88bfa6efdad735b732b934c053ec3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4fd283d70f831dd53cefcfd75c04e63a

SHA1
f04952d89024bcde67863730a00ed6ac901a798b

SHA256
95690ce9ad51ee5e2abfe11402388b2cbede8c8c31975b665faf67c91778229c

SHA512
1ffa4d3565420cf0181d59bd8b9f32d500cb8bbcbe7d2cdc36a0759d07ac83a423c05ff12bdcd541b209beede8aead3261caf0776c7842d575860e87e19c7a29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f59673c1387676137cf73e2d48d0b8e9

SHA1
f284c6e14f59af9820bf0cedbc4c0efeb4234686

SHA256
0336415179e8e67d1943c3b0adb7ebfbf28e220a71108f993f82c1a58c43aa3c

SHA512
404f1278337f3d01720d7b64d5f208bf68582742a493a1a5c066c114e5032aa3fd0fba9f9a6a9d0c62dbd7e3cfebee5a7c51e29a7e6ef9af43a1aa8dc12962aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7386b93081d80d335825b0aab14a76a7

SHA1
666a7eab5f95f54348525d43684b501d40008480

SHA256
070e99f9fac66bfc798972de20c145c9d44356c579f4bc3517629587361ba382

SHA512
81e2f39438f435d2b41251188809d3d7c76ef82c4c49c25e394e71962d819d34f6caded61965aa22ed0938eb6868b4c9b1334ad631455c54736fc31a03477ad4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d2a3834642b70ee4d542b48a8373cfb

SHA1
e8a3774261adbff8bc9bfc5159a219b994e248e7

SHA256
2bd808472bed009082bc0ff306a811c6bbd25ae212cf8a7661a2f4227267dfa2

SHA512
8f15aa9e703990abf53f22221a2a9c45e5a9d348899c71fa7fcb71efa7641e9dc029bfc2530ddc52ac5e0cc9d22f2e4961512f60d2b71e18897dcb8b0adfc71f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e881193779901b6b70b47862bed7851a

SHA1
388cfc0c0f3bca1cea64e42e394b0cd444d19882

SHA256
873de9a13f1e7b94621b27285db8690e1ba10b5b8ab9fd15c567d4d183958e4a

SHA512
b22a4774d09396037b14e1a07039f0c255ba9ceaed372ed54138ca5efe01f636850f6f042d234423a8962a914e60b0daadea5a2f69c6277c00be41cfe99e1395

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ad29bb75b8c51d5f88ff11472fd7931

SHA1
e63824ef89697ea0950c7b5022a7d3122c64eeba

SHA256
67ff9243c478636abb3cdcbdb35f723bf0654a765b75ee5a12d0a6708d816a37

SHA512
a6f35aa26c80c9e22237a453359012e321782972e1c8634738cb2675e2a7ce6118d76faa6c3b7c44aeac58385470dfca2c3d625e528eda958fb0f5b64f8428da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b74e4371a936d71e9989c5861f466db

SHA1
9059efe49f0019f5360e5e6e20a0e6a155f7bd85

SHA256
40554b3351b9ac24d291ef0c496299f1ea7af7e88a9a8b777e6b0ea7fe8597dc

SHA512
bf93614636248f226a260952af78e6fbfee7b7be05dd8e0e715638734113b5d509fdf21f9ec9abba8505a5b3d5567873aaa8697a9912c8a079132fb2cecd348a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a3e9c2df6fc8782eed5620a2e665481

SHA1
fadfeb450b60515977228b155b863ef8318ae207

SHA256
260e6b527fbdd9a46519425515d3c46f737c438aabfaa5d3c8ca6d1c3dfc25ce

SHA512
d27af84ef35a0d7f8efa398b103de2bf340bc722033c53e2f766a6bc6659ae1adf770be4213cbb584d403753147a135d42bb0ef550b8daa966b6a5908f2f6ddc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
900f31c4fc5bfcc4d7d9d3becce4360d

SHA1
b4a5fa71c6b689782e60fbc2366f768d1851004f

SHA256
0d07c57d0af854cc6ff5c298fba4e02a02501a47e5016257ab30fb568f41d79c

SHA512
62e2523e5e396f3adc5279068b4d8ead9531eabcc1ec91277eb38c4978886b1850675cf36288be6694e88c994bf6408a0c10bc4915321f6d80c78b1ac81e0d23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
958e402e6a09eb0613dd205b33acc7c9

SHA1
195bf6846a682252b5183b0f8d7124cc2e56b9fc

SHA256
39126a13de9919d45d0e361c4cf69c4c070925fd48990f83077cd53d4a722d94

SHA512
f660d999358e12b9cb2411c9e6904e98da0364e52f64cf1513a04fa24af1ddfeb14781f3434f2bb2bd363d9e664cd1a1e16b3ee0b751cac49ad73de103469adc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f76e59a3a2853ff2f5389dbd9b4feba

SHA1
25b8cfd4cf166f553730ec8274cdca57f7e0ad64

SHA256
f53649026a4553b28e97b5d93920433d3775fc67d53010e37e4d70e24cccbcd0

SHA512
aa6eb341f7ab1f56f722fb8e20740e5f0475d43a59dd16e88d34e009653d87d3903c4caadafb6d39949231bf615632e6dbe114e912def1ad8f974fb9cfc6c667

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
e204582cd3d704ef70c20b58269db1d5

SHA1
b2432e057c4fc4a3758741f9b9051c0f69f458ad

SHA256
3f104c292241e071c668a0adf32dbf113b3d2329a8385d0ac6e95e84a47c82a5

SHA512
fb438200d33a96e13ad8aa74b6a03ae308bfaa8933ef9c63774d62e571d039fb81705fbc4d3f97778e11f63b03127c6aa78c27d04c84fe5e30e145d70e920b64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar28DC.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit