ddd8483ef6d80edaab070b02821373f0b95589070715ca61a17f74d071b27779

Analysis

max time kernel
137s
max time network
134s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 13:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bb650f6ba318929c6b9a6c2e8c8216d1.html
Size

1KB
MD5

bb650f6ba318929c6b9a6c2e8c8216d1
SHA1

c491a1496f1eb1b275e665408ba4d72dda5c6771
SHA256

ddd8483ef6d80edaab070b02821373f0b95589070715ca61a17f74d071b27779
SHA512

dd0d8a71f822d4701178b5baac94636e7a13711964e4815d91a429e13e0ec66cc7d6bf79b6764247e02c4668e9415bfa3dee426ccd5d0dc4930dc3574a86c8a5

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9055498a5d71da01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000625b73ca2e1db53087aa7d7742b181f0b785d2f43249c36b2bb05b65395939b1000000000e800000000200002000000084229d26e28d25caac31d1952a4c221d7719960648c36a31302f46081bcab2ba20000000a03eb12688290271803bf60ac6b14c10fe8e4e98297dba08918c1e16265f3837400000003ec98c46e2d9451b7e9cdb8ec0a3fd440f1925410c399fd1f8ad79cec4bf54e39b461ba4675a832ca50334a2a9a79663c1b1dc46da9c93ea5771efde380b2c43	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C1A3ED21-DD50-11EE-A7EB-E60682B688C9} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000006d7743776137bb5b3ee2e418ad89a6b28af8c1cac10addd2ef02b000282292fe000000000e80000000020000200000008bae87d12d4da6fd2c02af9187f306e567b710f00f4fdd7affa283873775125490000000f944d0a362dcaa79feb1eb51a5a3c58bf6e35d11e3707dbb8392b038e3b13fc415f3c1159e2228cb2bbdad0d351cbf269670a9ce6a1c2a220490623c82cd626c1c4adcaed604d3de54ea07ff0e6ba47636aeb8139f1899268d7273a51e0cc48b73af809bb3960dcc601c807b33487c3ffc8e2a4f145cf9ac448fedf035bbb2478be113a6f7ce45c2066c86f5466e7ced400000002dccc187b728b54d0b236d2ea46ef06fbf6fe30d9b82b809954f94db7b8d9baa2b35f14ded7c1fb02c11414e2cba25a5991ef76c9bcca94b7fece697d7506f34	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416066811"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1692	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1692	iexplore.exe
1692	iexplore.exe
2520	IEXPLORE.EXE
2520	IEXPLORE.EXE
2520	IEXPLORE.EXE
2520	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 2520	1692	iexplore.exe	28
PID 1692 wrote to memory of 2520	1692	iexplore.exe	28
PID 1692 wrote to memory of 2520	1692	iexplore.exe	28
PID 1692 wrote to memory of 2520	1692	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bb650f6ba318929c6b9a6c2e8c8216d1.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1692 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a94a0c527b722ba5106e574c710bc1b2

SHA1
624580f72c7472958602711121b0f64a3b391475

SHA256
c3bda9d6f940c231712b0c062dcfb9140c3f512c1e7e0fca26e75ec3c42bd514

SHA512
6f07c7e2c68d96320aa3c93a4bf923e7124698ce604404091f7c1014b73b949258bf01cd4c29a276e5c349cc5fb31894c6c46f7070ebfd2718dfa4aefcdc4406

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b114c86fdb41bc969ec5b7eb4234a857

SHA1
1fe1cf5213a8da9c6214ef95f4cbc0ca3b284e55

SHA256
f6d9adde9a62d8da71ea5b1d86b6dfae73f107b0f944112a9207d040fb237da4

SHA512
70e658f312da2ffe087d46375b7b26a226e1da7fd69986f414fb08251c15fc96baed227f6901bc8eae5c053cea8686ddd0aa4b1c8954c256b5d0625e4e979836

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cbdc9698697007f4926c2bd8e84e67a8

SHA1
74e2fc9a8ea97be29ba6ddaacfd613dfcd4428af

SHA256
c5e55f88f473afc6cf69d92f567f4fd4581e3f87d4292f254ca112fdf1c1ea45

SHA512
3c0a8633776ca470097265fad8eb60811cc345a85bbdd29b28478baa09265e1dccef80b1777e36753f1ba6fe483a986329f19908c064cf2d4a3398a4c8fc6e5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8b1a64cffa8616157bb264e945790d22

SHA1
4908b30a2608f3576f70828798e8d518d3dfae74

SHA256
6375221f39e83ef4043ccea6db6aa96a08d226167136d7293d41e32be5895e2e

SHA512
f96c6cff143d8d3576e4560a4502f261648a5a6ed9ce5ef3a2af35f2d4a7791cf9d25b8ddc4aaac1adf051543f2fa91609a006cdbacbaa8499f6304ae4af3214

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
886d9caa9215737528f6a4d9ec87e349

SHA1
0f8a8b327823aeb61bb53f9d81a2aac8a70fa3f7

SHA256
6371d934ac9a58aa74e9e8a9c1969523257065bd9a7840d83b3616b8199bf2b2

SHA512
ce48a5e18e0f1db69b01c88414cd12147ebc696cb0b52ace15aab58603427dad15af06108c464615f6851f92aab6100ba985b93da98867afa0f8fe07c911f68c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db40d28972eb25dbdfd8bba84498fcde

SHA1
aae1c6a0be4f7880b80130be9824f8dcf68fe168

SHA256
a696e71cca4f3f33a97dba1fc090842c7add0c5ea54cdc176c34ccb7e43fb394

SHA512
d1f1be52c14a0ef8e0043025279cc4d97a723fbeb4441e5d6b783643a68a70631ceda68629e12fdc2b822f23e46d547c3afe8862b74c62e5ad2ed77ac53b5c04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a1a2ba982f1dcd382466a646e8a54d2e

SHA1
409137e443cbd8c2682f02bbe38041fcd3e45707

SHA256
33938984f9a528326d6c7071e55a75e24cdc731d290d46235f20520463163dd1

SHA512
5bf9783a77c6c96cb6bfe33d9b1401ee53ec123008470b8ccc24511cb4a337cc4c9509e35facb6954014bd629cca226574995bd0dc8dd484d6d8f181cd863d17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
70f953d98f3c3f700c7a83d54610d0e6

SHA1
3809c6c2340a4f251c02b547a8996728a824ffae

SHA256
df9dbf2ba3f17083a38970cad7157db0ad688c1fc4dd86e5f2b2438c9e9d0923

SHA512
a36231425b108fea2d962657315469dd618c13d3dc316bed920eb6e37fc212a74b545421c2fb44e087b1a005e40b5f0710953db8e148003efe13ed40a936bcf4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
53f82004466f504b613a7fc3eb352c84

SHA1
53f6e31aaf4d610f829b0f494ba824fdde298c27

SHA256
b6d27c2f4bd6a5a4347fca457e33068679a769d4f0df7bac0dd8e5dbd4bd6d5f

SHA512
733e75f9cf6dae0f4e737b85954957fa30e3e07fd465bd656f0a24c01e63642faa9da9679d313050b07dc2de95615bdce622eb31644679cc97f8832d8cb865ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9fbe66ab2f262bcf4a93b033d19a8f8c

SHA1
5e104c4e33095172516982ad4318bcd4347d92dc

SHA256
73a480c58a2c3e1f05553a150e8a9bea13e3fbd4d4fcfbc9036cb981ca2dd268

SHA512
961cb9f991ff6337d133d83b23d6e4da0b163ba2ba86e66b872d0bb5822e4abc32801972f0c1c1f7b4e515dcccb06f3b5c4b8602685688bb0006004297afc1b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
64b785f762dabdd87f3a3a13e58cc7a4

SHA1
193d93d62dda4dc46a18b6e17108d40bbcfe6009

SHA256
61d2bb48104205c7979d391640c7320808b82800338d6f6f06c3eac1d175194c

SHA512
111e83e4ffa6a9b09344912b1a7f2bdf25342b81ae0ea14252657188deb28e85aeb6c7bf2a1b7e7a31c92a777575ba0e2f4ed0fe5fac2829f00045f3063f0a44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8324e98c02fa7fd75d12cd82501c3acd

SHA1
a8436440a4c92fd21bd148940c4b4fdea4a4b230

SHA256
f42c7de8a0a3814804ae5bde5fe4064bfda74b3d6447a81097b92735e9e1405d

SHA512
606a269d6799e997ce365662b993331f96e2c8b3f3d9771cd76b782eca26fe2fb7d15b06b6a48df9f0986eade3ad028dc501d792ff47e280093b1a19cb298355

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e4ae6a77e07966101bf850d675488751

SHA1
f84920780a1d9c62ae71fa1cc97c87090c356a8a

SHA256
56b984f942582a865fc03e6a54d287d1e820b487978833cf218471fd240bd94f

SHA512
32339338f711a28257d0a680567ce099ecaafc528a12ba371f3a1eccffc110c4546a2a571186b054eae3acee6c94b30cfa351c273f8f55ac736fabb7eaa094da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d8279af36f347d27f9c8dac5ed53fde

SHA1
6e8e6e960cf209b251912fa191c62182f8827ed9

SHA256
aa3a9b56c496772841cdf85c4d2329d317288341652665b651cdac0436ded321

SHA512
b3791705cf2ff0429bcc929131cc04d4ce1288b68c5851c928442dcf00b4e509280bfdccf8b98dea213c1d82f1e9bd34a1b50466af407f1328da9997910a3ff2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f13337ab5fef5b94dd9e6606629555d

SHA1
d6577f9a9c1febfd6f10fbd705366830bcb2d633

SHA256
26b7f27ce248d53575a13c0560d6671e94dfc635f3270bf16212c91033674a81

SHA512
bd3b78dffa73039547655a15b7cfc83718e41b0066adb8c050063cc0978b0e2f5ead5df229328d247451da49ff1357fb647fc9b92959f9e0a78e9df4388fd8f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
70df4ac7538e46c33791cb1a596a1a20

SHA1
135092f3e8406d4bfbc28eac8d1f051c2cf7235c

SHA256
cd877bdc6daae06cdbfaa449a17f05b33acefe4438ccfd2f1f2e4fa3c93b6b2b

SHA512
4d24cec429b86c4c171725d5af1b00c0e288ff5062e373047953d0e4f8a6694661339f15874ded019731bc0d8eefa5b9c73684595264ba3be51987a3da0e2d81

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB0CB.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit