20e6b5d82fac6339331bddba006710f32689edf6acb25910b3b3f2fc355485e5

Analysis

max time kernel
135s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 00:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ba1e46abe404c562d425e890bffd3eb8.html
Size

2KB
MD5

ba1e46abe404c562d425e890bffd3eb8
SHA1

0d75b612266888513daa4eda83622b2f318efd52
SHA256

20e6b5d82fac6339331bddba006710f32689edf6acb25910b3b3f2fc355485e5
SHA512

8f56cf7845f380c68f2f856d471c30459c3dba9d73e018c3ba4776ad2dfc45626e6d465b40fc7372c75de4f525c2a642e01d4e41f06fa0015386dbc9729aac53

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416021395"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a700000000002000000000010660000000100002000000098a91bf39b7c6f8439826c0ef82614a39df7da568465be4912abe331fb96448b000000000e80000000020000200000009136aaa5ae5497b58e724a9630396a5d3eb9946ae3e34e3365f20edac8e22937200000004481c2dcf55c9c41ef31929c5e8fa24f6f7d8f475c8214e8e9480d8fc923ca6c40000000f479f57ada933029c4c1aa2899ebca427117174db27acacff3a025f04f5907a691d24f4d1971f869a0f71c3bab57d912784528721440a9a04f7c44c0d2340b51	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000a25ed2342e9e6d83f110648b8c936d21cb52b48456c74a28606ee4b041cd8b15000000000e8000000002000020000000d481f3068f21f0285f5375700d3c9fe21108a8ed65f1326e6cb3e03402dd39f990000000225b2bc12bc4ec16a2e85842c575fcd5b037a1f9434eafaa2f8f5a780b0e50cf246124d0d7040c443836acc4ec87ef4a1a83ec5aedf954a3f07f584ad8499e311facb4cb4c53083595460c78a04ad638b2792d941b4b75bb09ba27a6c49bffd8f42a7e2e5a9d059b35d038d172076c656f4a2040717a662fd6ca0172a04f32d1198c9ee05e54d2a9f32ce4452a05b91b4000000052c9244511e68cf0c16c172ca162b13a8ef2985e81185a5d352a3bafaa4bf92cd55ce85629ce645ea68376143b99f21fbe322318cfcebcc33c5d8d470b193513	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0f8c0d8f370da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{044F8361-DCE7-11EE-B826-EA483E0BCDAF} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2956	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2956	iexplore.exe
2956	iexplore.exe
2800	IEXPLORE.EXE
2800	IEXPLORE.EXE
2800	IEXPLORE.EXE
2800	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 2800	2956	iexplore.exe	28
PID 2956 wrote to memory of 2800	2956	iexplore.exe	28
PID 2956 wrote to memory of 2800	2956	iexplore.exe	28
PID 2956 wrote to memory of 2800	2956	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ba1e46abe404c562d425e890bffd3eb8.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2956 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a20be193c58e82e89846a583dd8856bc

SHA1
eb05c7144b11c59ca1a74da2cc9f8ecb074027d8

SHA256
35692e9020acebf35ccc162f1236af21432f1b929c9b45ccda1fcf5243afae22

SHA512
f821e3624b9e083ad726bb80c977c538300a1f388bde8aad98ae39cd9fcb42792f49f4d8ef1411f7bd36f8213690c41d079358a8196217068e351d3c37915094

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f0fdbd8b653f7ed2c53b4343394f994

SHA1
b4def8c3713b017ef25e5a104030bdeae13a444e

SHA256
a50f81a660723607ed6ac8676c854a59387ef8d6e7b4fd348c9dbc640326e1d1

SHA512
fa3a3f6e26b69ea2c216d38b0d83075a7b8a662d1371f418f5470a5de35bbecb514a284ce11380be6be78955317d6ea5f2b3136811a80587009ad575f546dbb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3db829a63361dacc117e5ca57d721af

SHA1
34a12a8dd919d8be5ced05e993c291d7c3409433

SHA256
4570ffa669eb5c7095f407c8477610e3fbf4f2d2377cec77eacd8a32cc748678

SHA512
a74842de05fcdb8089bb957901c5ba2c5822e2a6b5117e2678b5572f2c34e7a7af204bc9bad34e8a43b5e76bc981728994e099894fe7bf504f0733f89305d5b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1da86363226d6fe215d197131b56288d

SHA1
9892b1a7aeb7dab474b6cf143eebfd90bed0d01e

SHA256
6dd959e2e77b622a7e1693c2f60b125bc41ba83ed89f43995f76b2fdfe183702

SHA512
6057fdd8119050629c08d2b9c0560212d05eb11520cf229c7e1389a311a1c5990bc4f638112974234cebf8727d9a6f55e4889f86f0ce70a4d61e1e0ad25cdf7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
083be3259b8250d6ee16c0a6fd376e93

SHA1
8e344f2080b824962a968eafd4d193ee7b6b0211

SHA256
e9e8bd852459c72d93fd6cc1d2dc51cceedc2d40d5eabc486786cdbb98954f8e

SHA512
a3b0f74f42b212a3b7b8b2ee791b25e6a66a620d3f191858bd0bd156830a18533915fed3108c645a6186a3a01b03bbfe16743848b0bda38980068bbe11914f09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
690423d8da63c41814af1e1e85ef9afe

SHA1
b93b1c11a1ddfb1db53efb24e7598f52b0e1604a

SHA256
c2f7add017122a001ce701f4cdb1fc5f8c1e652a236b5bee5c9a670530e79f04

SHA512
f476424fe45128172d1c80a7b92f5ce7e10c6541ada94d563bc6880111753d64bac8cc6b5d66bbde58d6826c2d0695721ef7aebbc2d7a06af047da4be8ac443d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bdb4c3d9976b91f30f6566cad65e9bab

SHA1
f104b6183c937c7f58ce8359e4e2716ef9522e78

SHA256
abd5837c85f51df6843eb87738dfe1af3af40ca3f9eaf26de3a34e0dbfdc2fe5

SHA512
0885a8ebbf36d549cf8c0f5340a2a9e37592e1884f8905b50fb47631d530f890e22dd2f32a30ac5abd989873f98b6dce61e7f519f3c18590be8d80284cc320eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33fd95c019616181c5bbde1f836de886

SHA1
82e1d84ad029cf1d0bea3281925906cec75d80aa

SHA256
ed7e2f5ec09b9537e2746929b91587390d058c8e7ff23726844277e51a7ce079

SHA512
2441d7906afb3e9b0016e29df086eb48db2fc9ac61cc2fefeb668c57abe8ca0951665bbd430c57df0e5405a3ddb62e1d3b5f43ecf5499ba566b13516e224c880

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e49703f26ab25e3c1529789aaaab887

SHA1
15025bb163d937dd964c7019c3e07e421d307728

SHA256
71841768e32d8ed10753573b77f582431952903906e439a902e5983462ccb951

SHA512
0456fde209ca5d570457526d2ec939896518f66efe49d5caf01067b2023f059dac1ad3af7f205d151fca68d0ab956da9655fcae97cf815d6a588ecb1e7e0dd80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
240806170d810b3acd2614746606e05d

SHA1
23ea61f821279fb59da51c4c550adf03620cfa09

SHA256
b848649eea43cc5ed42244e326a1c67e41bac282f481b2a0c1a1fb0f47d68058

SHA512
5cc79342761e424f8de74c77152412ca6dfdb1c565784cb097b5925b37e0f6369551b049cdcf97c9d442e3e76b726b48ae2c1efcbee871fce413021180e2333d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
282eebf14903c780e5fc8059811d99cc

SHA1
f315b8037c75b443c82973f9c8eb63a06e9fd296

SHA256
f646b062ab63925e103afec2425d69fce9524697790bfe7d601852cc80a3777c

SHA512
c1f659acc119747e85cce9813f46584ae736197c193f95ee831682b8bd61218aac8c6972785560b2c8bef3508de544cf1e79ba59833637683532158fdd131215

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
38ff1b5d79143782718790adcb59589e

SHA1
cd8aa789ebf5f48f04e409422e89c0982fdeadee

SHA256
963017926ba440680cd04833d491c615d25860e260c4db85c6ec3bd64ee2ea2f

SHA512
9e932d80fa4cc4167f7c8fbbd200cbd8d4e3647052eaa9ecd75511decdff12115950012122595000a648775d6900e15f2c5adee14725e1f28b7a07d1253edc04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58262f5a890f187da2f3a702a6a0456c

SHA1
ba1292d5318a29a902798470949774b44ffc8636

SHA256
b0734c1f5de8b9dec451f50f049998bb85da60f521b236a09fffbb595eae1d3d

SHA512
5d5a91bc2f9380ef9c26acd5a78960733396da3054bc4c02fe409e05cc3862c8ce4715297f9dbb8df925104cf3a3d72941f7211ac9cb3b9e59e721138af27dfb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce8002d102536d681d9356711b3bfe46

SHA1
3dacf885e10e3dce6992f0407018ed2669b74f58

SHA256
b436bfffd851ccf3ba2007b48123c9614697e499d789974b99648b57efa78272

SHA512
6ccdd0b61916016b3af1424ed3e7f65832c70719e3c6a13215fd01e3bdc53cf313131c8b918c277cea8ee1acaa51c0e52771a49d4eae3fe5cd17a22959d8cb4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fce5e19753f727b8ffad678c51dcc3b5

SHA1
d1e02cf58021d9ab7f043913c957144b034db186

SHA256
c7dc522019da2651e16ff55deb1a5c5df2309815d012735d7a5019506bf4b7c1

SHA512
b7a8431be18bae0e3e787dc7c962c9b8f7ced0e4a966623ddb392a0c590031508f778fe2aef36acd4b21fddc30ec01bb0c79db8aec22a215ee8ff82aec461083

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9711d56ab211d923501a1c74ad233253

SHA1
0961ee6f2d3652f2a812ab93a75781085f5e36c0

SHA256
0db7443e9bf011fd6b906a01cb4ade9e658cd29d8b1e2a81bde14066b2611d4e

SHA512
c22ef07403b2741592483bb5756e9e8e03e39f6a844c68d4fc82b5f6a993b2b2f78d37accf098e16e8c93ec85bbec7f852e38264762d445faf55c53e5036f268

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b8152503aad2eaed50ee22a7801b2a11

SHA1
dcdcb72b1dd381e624be471b1ba8bfabbce9e1c5

SHA256
f279ef98f1fb963f4a42ea3e2a77ff63a80113b5132168641d3b95170f71065f

SHA512
52c0790d90f1e03591569c66185d056cd62550dab02b41d1735426cb6268c377d0613e8545dafbde127d5f23817eca25a100666c64aa456c9758fa9729a4ba9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab363E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar377F.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit