336ea70a4988854e670db7558b45fcb05e4041a1f9684601a9916e490ba849e7

Analysis

max time kernel
133s
max time network
134s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-03-2024 10:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bafdcb5582c8c9eecd52c5975b0c0849.html
Size

47KB
MD5

bafdcb5582c8c9eecd52c5975b0c0849
SHA1

9797ca1c08ef18ddd5ae0370fd370d5693ab9bf7
SHA256

336ea70a4988854e670db7558b45fcb05e4041a1f9684601a9916e490ba849e7
SHA512

57d7b8062f293cdc0c0d0e3ca3cfa2c9a1c4a9c2c207838a9393f5f34d297cea28edfce612d8dd6189f7c54858f4ed11173a660cced31d3d3cf210e827297988
SSDEEP

768:NiFk6QMiyD3bAKncEzt/lrrJXtK1Ld8brAAkEa:NiFkWtr7qZ8nNkEa

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DBA7D501-DD33-11EE-BAF4-4AADDC6219DF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416054400"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2860	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2860	iexplore.exe
2860	iexplore.exe
2796	IEXPLORE.EXE
2796	IEXPLORE.EXE
2796	IEXPLORE.EXE
2796	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 2796	2860	iexplore.exe	28
PID 2860 wrote to memory of 2796	2860	iexplore.exe	28
PID 2860 wrote to memory of 2796	2860	iexplore.exe	28
PID 2860 wrote to memory of 2796	2860	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bafdcb5582c8c9eecd52c5975b0c0849.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
822c53c7a13991ee515b3e73f679e20a

SHA1
7ce7271acd6e582f5535b1c973868eb730845d4f

SHA256
df624ae53f0fdecc91951c3a032ab63d8ed7c7bf232b4e983acea0e472e67a10

SHA512
eaa82401b54fa64a9c7f2bf20b3425ceb28904a9556f9887dc6c19179478bde0e528e33501c96cb67ec01b292497677eeb70e4fd2e4feef149fbe356a5f6d752

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e5f6fcdc3fbcd5b486d937f25a9ef32

SHA1
b73437bf4f5c472b4bd7e6e8dcebc76f7039c5d6

SHA256
5a6c68bef391aee50818770cd7af2be1342e51068039026582d79497f3d32bd6

SHA512
459585da6389023da041f0702695f5f985df2f005254dc4abcf1f317eeb2f7722215b7928cfa51b34d4111a7f60def1a42a5a3770868008c78580635da86b1b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a89d13bc48cf9f0d73442f7f3f62d1d

SHA1
e6bdcc3b47d833c12c7804c97e8001178418b067

SHA256
76ac6f4d9daea4658dbc9c2cd1ef6db88bfa24c4e8cad49ee3959864f296f7d5

SHA512
19433ad69d684768386d67073f10dbe1b7f711fb606c70cb4f3cd12af262ac10b6b6f201469abe24d25a3cfb31fce273c2497a80a75c4bd6f882c3c6de9851d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4a9c63036aef1227fe459db656d425c7

SHA1
850f951142de3a0231ff17e1acaa3e42f9e87325

SHA256
905f5a17ec646c0837600c724d59502dc5bfe9b637c9ae404358ded4f8047938

SHA512
5d19e6b48ff63affd418d6661582881ce756d815ab4e075ad4b1337f164b77dc5834e1466a8c6ea1c00583145d4f5b6222df901240a71bda514eb853fa5a5988

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fb9038b197ec6e5f8c3d3a677eaa00f5

SHA1
1520a7c347bc779058178abcb84d5391cc4c0175

SHA256
05d0e7e7a72c9df4bf06a50b3a461319cc2e24efb90b485fc2e7de35395694b8

SHA512
fc03b0c54c7d208021b97fd7ea972a0d75915e065c0df28e099478c36513bec3276dc6bed12525dc6f4153e5d109ced631266fe8cd85a25fdd90e168b0778c48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ebbae21df28394e93f5f734c3d51041

SHA1
ad15a8d0c75a0a41896e4ffee80b3776f710d5b7

SHA256
03f376aa0dd0034c28f00432a4c6d501445a40408a33441fae8b0326173f2afe

SHA512
072a9995faca416922fc7e93fb6f36a3280205f602bbdbd33967effc5394b0f42da97a483dafa3dc430bc6d3d1ad6c5d0f442c2eae77e68263209a8a6ab409fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3de9bae8eaae9ec9f5b0cc014219cb5b

SHA1
ea16d14d6734d83e5d82276a124401d55d2bb2fb

SHA256
78d08d7727de64a02122c86d43fc8144318335e089bd17e86906337d4b3ccb26

SHA512
fd5ba2c8d44cf4ffec451db8dcbab5819ce5f47b33ca486fa3f994ef7d047f7a99838e180722536f133c440a6bce88fb9daed71751a96cb06fc816b21bcd5c5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d27dc3f9288cf5273bb1b5095246ca15

SHA1
33d9f6f502352c09d57e190623175c19b31526ae

SHA256
95f729b5bc263f8c30765546d08f329d56e73b003df7ca4d5ea8c8d61bd943e5

SHA512
5ebf2c986ad6d0d821d1791865614392bc4d9b7699919dca4c48a3e415c456351d9247480a27b093fd1517c9691690d04aec27e6aa783a907e89b75825109e02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ebbdf166d02ed17de16598eb8b10bec

SHA1
9a0d8f47e668a4ef5984739078a686c2ea423cd2

SHA256
66e38782843f72b853a541b1ef0758043c1caeedbf3abf3a8990e7a4b380feb8

SHA512
bb2b6ef644dd37effe9822cca24cfb6352fc96acf3387522f818b25382bfb3f85d08079343ffc846a1c72e5715ad0bb42b58528c6b864f9e28fa3eb485e40982

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
93a53252318134ef4006f2b1e65cf54b

SHA1
10a8047babf9f8481f48d3420c487325270f05d1

SHA256
89623bc49700261c95ba5af16eacedf4b15e741250a0c111bf8984d7d39187e2

SHA512
ab2dd9f04d9729a0e1d204fa8cff9cf0dbd6462bac158fbca8f5bd61415b929c0b8a2d1debe9301b84f966e0b2657174f00985d228b2be9b1f59664442ee8029

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a8acf9c7e0d59620cab97890084b2d7

SHA1
69dfb612f425d87b31b211de96f185f49b9c724f

SHA256
7b2df0d2c9c023c30b3a6dbb04c85ec52c784e2268d2b7e56e93d5f1cf36797b

SHA512
5eff1f72fdfffa563e0503b622039592f3fed09a5d0868de8f7c2eaf5122a8e6aa5d448fb4f9b76984ba6d850f1d35c08e9b5370788edb6f99fe341f05ec935f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d052f3e8a023ff19edc62e739f9e468c

SHA1
1d4897504c97977ed36f7996a733bda1bc94f39f

SHA256
4a09712a1374db9627225df95677d6b0668288cf3ebd105cba186bcda14bd5bc

SHA512
fae7627428d6e002d9e953a4ab7e9a9347ad6d038c0923a68cf6552bcd9745ac7baafbb4020ec4fdfbad2df7c34ab0820d806cfc642cf47b71b8c6a2faad1e93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f803c6daed766e279e84d161e6a195c1

SHA1
dfe11d6221a99fcf4b253ddf32eec32837a45216

SHA256
007c0b232555bdd6a0dcd6348cd34d5674875913a90cd648198146cd1928c7a0

SHA512
42b8cf0f992c70fbffce2e23e0a14fd692bcb9d2f98fb977ff5634151a6a58af667a40725a76fcec00d9679007d25e5939b4cb90545677623f46eff3a6285430

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8d78852b0b4b3ce2e79f6dda88e6b7e

SHA1
685e6a9e07ac2e931fc40e0b7d9d27ebad611190

SHA256
797946a333d0312bf8c7bf08c5d56f4e5d2144a8a60a98b61589ef1c2cc6d534

SHA512
53a7fa323bf9f9469b73f5555015e09f01fba06d1ea6a055c6c6da7ef4d9a25881b579775a6af0da39fab45b4dd0754bbaa203f4d60bf92b0fd5e90669fe0e70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2525f7b31a241083ee6c11c3a5cda8f

SHA1
e2472a9706166dac2d2de8c0282a8b3cd2f2c097

SHA256
6e3c1b430fdff4d24ec8bae1e6d8437f8dfc93a3648c06cfc0ac28ae81efb8cf

SHA512
6dc42bde241095feadec6d251b403f4c5dd6205c97af9aeddd01684e73837fe04491e9d6b2065f3013db02f93fb01ca91ed88ddd2b5de47cd850451d84d61e83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f88a264cacf87e9707c9f71341b769f0

SHA1
01d67c35dc3709f4c381430ac019645680e4a52c

SHA256
3c3d4bc9f0163588e15ed21c4dade6f943aceac4a4ba3f38a76b97c1e44ec453

SHA512
395ddebd7cbb8a5bf9e6e4afc23b25632c960498a75f1fa244c4b6d194d1a282cfc22b11118908abe02408c5eb55d5d70c58af778f1ecf17d11c98e0de34198b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2996f80a35f6db7360200e01dcaaeb75

SHA1
7c9349181fe462d3218d0ac1ebc83e120c59914d

SHA256
6f4c949bb0ceb2af05ffbb7705462f8c9fdd20fe936a5fe0bbc68c0638616540

SHA512
711fb4e0d532423838e4f242d5993ec66701b3d0336bc69269f9d587586cd2a44ade618645a5444a4e5456e53a94e24cb724a6687e1ac576b90eadc106e6a02f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e3ff6269d2fd522d353a2e14180bec6b

SHA1
bc40dab9281bcc5dcb246b8842fc6ef7594e5cdb

SHA256
080309923c1044f6b1cf9af5eef77a3cb22382d25383c6ee76a1b0b69fb6cc58

SHA512
27721c1f6b8faef662efbfaa4817e60b4ebc66283e6e451387da8b694fa38a64e6c8275b200dbb78c2919b9495141776470ad17ce90b7098f46a61dc69e27097

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c984bd34614f9ddbe73fbe30ce279a2d

SHA1
5a711f9e09d199dcbec95842fe10ef9a8e6e6914

SHA256
61142ce19efaff34b2b9e056555e4f610561a9dde9d7bab3198e925cf232c3da

SHA512
d978c9a556c1bf4d6f4fb36f11ca196602a1079ebf61dd456349a14f7975d03a569668597ded55b6bb733e98709dbc10bdbd485644c86d8c35d872012a5394c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
90952435bae518efc49c6489654d1488

SHA1
56361095269e45aa0221513d832119baa0cbbd47

SHA256
11c1f1443c37138f21e07cca1bb7c54890f8ea250a79359603fab6d2c2caf628

SHA512
56e033fbd17574e745c809ea9ba4aba6875212cabe6bfaa5645b03d086a7247c69a47eeea6af486719eab7ee202cd8e562fd27559352cae0d37a3b1733e2d19d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
01bf7b543ad121b3a5ccbb4ac8a0d625

SHA1
4e5f315e91f4a90b27292544374ddcef368261fe

SHA256
8373914bf561dde4156dd07ed6810beddafab3306e3af2e844ec783bf2e76fe7

SHA512
8da6dd251dc572f373d3e10562d3c8d5bb09c82096495ad7615b7bc9ff84f541a5d15c8714ecb91c3bc5de165af8455e505fd4d280adebe90b31b7868a4a287a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3362.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3374.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3485.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit