1ab69e0538b08fd549da0fd373b71ddd16ed9007d9555559088e3ef18087cd34

Analysis

max time kernel
152s
max time network
165s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 14:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bb74b8eac6f35b133af78862c7f017ee.html
Size

12KB
MD5

bb74b8eac6f35b133af78862c7f017ee
SHA1

6e312c77c96fe6915f8297419a5e634476ffcf88
SHA256

1ab69e0538b08fd549da0fd373b71ddd16ed9007d9555559088e3ef18087cd34
SHA512

6c468515640dba3fcdcc0b1b1001dad4c157612dfe85b83f0dc5ccf1f53b19480e7628bebb4bf65dede64d6d07c403d0abddaf54ce751903f7bba1e7548a5e8b
SSDEEP

384:6BkqeQcuCHNH657AYa8t3T3qn3/BGwDQ3iJULninnw2LblkCFklCD6r0sBWBBPN+:GkqeQclHNH657AYa8t3T3qn3/BGwDQ35

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ffebb09deeb747419e902f1accea58f700000000020000000000106600000001000020000000a22f3f362569aa2eceb46676f26f41637ddb924349cf9e1e74ece1429b4f526a000000000e8000000002000020000000498771bf0bded536bc490e61f5ac486ac86c8a837a64e8a07558db994348a9fc9000000000c95f9e1081bc0600e41c704c73d978a429bf62d3fca6d2437ecfe585117622f9c1e2dcfdc68ac58c983a8968e163bae53bb80c6a41a87dec73ff95d6802403c47cda3e1a4750eac0fb74428f17a5eba87e029563f7092970d94bcc986ac46e4188a5c1ca1934f3f3161e30fa53e1afd214261f212d3ab34f74f32308100bb71d24a417e9c53e708996f03d411f8a71400000003ec8863b51529f0c835e8d2ff37c27f899b063916982b086e779a273c6f536a7dd56e2e0096906096e3d3f0f28f2d66db40360bb7eab4f43f641aa76266a0bef	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 303f24126271da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416068749"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3A1056A1-DD55-11EE-AC8A-E60682B688C9} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ffebb09deeb747419e902f1accea58f70000000002000000000010660000000100002000000044f16acd57ad40efba98a6e615c5a898c9762334b6b859e19cf159ac25f438fa000000000e80000000020000200000008e9325dfc26a7c5bd2215615d9c2f1bd20c31ca7a2db05c3205ec8ebc658b3da20000000e29346b6dcfc8b531f9fad955da16b7832c1ef0c46594cff92b2765348c61a6c4000000087bc0e1f10e26d34ec4d8692e75c62579cd64d8f6fe4fc24db6d5190ec094a2dd97c5e8e401f28d347cdb8922db0a87769df679f8051c14d05036b24a1fa48b4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
932	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
932	iexplore.exe
932	iexplore.exe
2540	IEXPLORE.EXE
2540	IEXPLORE.EXE
2540	IEXPLORE.EXE
2540	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 932 wrote to memory of 2540	932	iexplore.exe	28
PID 932 wrote to memory of 2540	932	iexplore.exe	28
PID 932 wrote to memory of 2540	932	iexplore.exe	28
PID 932 wrote to memory of 2540	932	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bb74b8eac6f35b133af78862c7f017ee.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:932
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:932 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
b05bc8b50ba895b9a4e252213ce4d29f

SHA1
5f5cc543cdebadadf7a4cf81d9a26e35fdc25d1a

SHA256
9b397a2d279b08835b5a8b723d8b722bf25f509c780ffd9c1764cac702b7ea2f

SHA512
b9834bbfd5925db023324fdadd72bb347251e68010dcd9f0cb5cdd5c9235c366dda5f494614fee605f66fd24969449ea6e57b1a01e6b92ec7b22f49f7d45eaba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5b613c5aa8117ce836e97bf402c6681

SHA1
5e5598a97223441572da09d46143c9ad7a7d21fe

SHA256
478d00575faa283731d6927f706ca43967d7c71b18e06da8398c4c1e476f1155

SHA512
b5310c22e48c6ce28dcbced768dbf4509b6ec7f391b67acac700a11573564636f53b726719b24e02fffd0d77da83a5d23e0a30e7de50d1369c4a85fe4e72ac7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
73d21c541671deae8723a2820f522480

SHA1
88ae700eec67b0f2a6970d9447f629b7a2cb6ba0

SHA256
cfde01fc00cfc2389a28a99b79c823713aff15bfcb704bbcbc86d24e994818a6

SHA512
3e7f610d45b4328513ce322dba9b8f03342651eff2aeffb0c13f2299275a5a9f5aa7c44e10af9d3f773d4cfd13f70e013818b06ddb5b3de9ae2b2c60ba8f97af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d72e19d0586f580c0977c61f57cf93a

SHA1
64c5e947d5cffe509fbd25c89cfdfc5c872abf7d

SHA256
b4566d118d0d2bf56b1509fd8d8a1c0b90e1dc4fc75f5d0b92ec12877ba76e09

SHA512
c73695997fe495014eff2f43600e1936b13b03c673f05ba8603a1c4f4e3011a8e9052a980b6f4b91a1369e984438093d8dd60ffd1f2a75d798a338c0db58a37b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
22c1130c59c4b8b1488a8d4fba5a245a

SHA1
22ee3fb71133516d6859cd8285133fa6b922abf7

SHA256
bc6fb69d791e9b1519f82836f5d8e8973228ff64540311cefb40969451af42f9

SHA512
9384c9ff3da155e903a210510ad9875ce7a04d1fa12b58270aa550958b8f2330ac37b5ed47f55cef213dedb39053955a96c5703a59fb34fa9d1240e4a03d4101

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d909becc16e6e88a8a7016542a8446af

SHA1
18e3c885a0fb134a552e14769c98d494dae50308

SHA256
66fbf898003522cbdd80d33e11962ebee919bd33819b8a9ff7175a0964e98b0a

SHA512
0aabc9be7e32e24c2c0ebc09944973cd41bfba85c545cf3009844613755e95839306efaf7233c52ac853405e0afeb1caba495e1a878792902366743cffd1530a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1aa2a75e02da383af46491753cb35cc7

SHA1
39b183ff604fcbd0ae4c2f6f99c585283b264161

SHA256
b753dcce9c896e8d32bb38ffd0a72f3c34ffe570c7229d102dddacc8240e5864

SHA512
fcc2eb4d08cf310b836de4a1bf82f8cfcaf69f18633c965c79aee9461e8cc3eb89bef7c5c2c842dac1c6fa8746c1d40b26c01daa5ce7b249284190515f39b427

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0675d97e55c6d745aae1edaf7863cb15

SHA1
f5b883a80339e379a24a308d4de77dccd13a0aa7

SHA256
5dd462eae8302f0f3a35c173235f24abdda68b84ea95f3d9e95d1f38a6dd19f9

SHA512
418f1613d6e50207b3d953c80a3d091e29119fd3f0791a9d35eb34b60c8f8be39b465fa921886dfb916a4d298ab91f9fdd2cbab6036690bd0a67039bbe2f62ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
885968b52c0526c013acae92665838b8

SHA1
ff7bb63c10162f8de5d0e64f8dc551b7da9bd945

SHA256
fd41b58c6456332afc50ef4e30eb9810b8ee2c426995310234326c3146706f95

SHA512
6b2a7afbb17f4ed975ac0135c60d76785225421762b192e05e42229f1e0e98850844769ba05e8cabe754f0c77faaf2ac46bd6345af30aacbc078386e399ea0b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60ef8d5a49b858239b8d145b8550de96

SHA1
bd3365264f22ce5ae65386ff7838ada9bab8e65b

SHA256
91659b802797428917081694504e503d169a7741fa227b05511c366536f9d531

SHA512
26bae8e1c7ff74231b61c4abb1d9825c7278a1ddbfa0f589eeece3cbcc74480ba59aaabe87fb51fd020f424184dd36a829c2f3f511ad37d46cc0a48f481f3f16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
07dfc82a47b43fdc92490a4515c0eb12

SHA1
a93315e8ef339f63c31b728b5b163ee41aefd794

SHA256
14a403f794ca69f14ea8c35b90059bea8991f508ed761e72bc5cf69a219eba2e

SHA512
344e587ea57852b15d03c97ee91e3df90418c6943046d9e97f42ad8faf1653e338bebf2b215dbb03b9695954f0781989ee29e85b36dddf8ba73de6b51036ce64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
964490a12763b29919d6a0d41d6bb1f5

SHA1
570df6740870ea3987cdb2a0c7210e0ea8e85cd0

SHA256
0c03c736ed532c8e946406e3824d154d9b7ec977f0b24b5720364500d1ea2b1d

SHA512
2dbd2f66ced9de950d9d5b8edc34aa2c136a5c2cae92d82777354625f88ba7aae198b10a2cf99ce82c2bae5feaa7ad906c154c53d2ef946ecd505e5a7290fa32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b5579b2983756af06d0c60e49a15713

SHA1
aa44cd129c9c862a17d7d41517674baf3fa2716c

SHA256
21cc752ad948ec5b7189867362f975075fb0ed2a5fcd1b42474b5cca0fd5cabb

SHA512
30e00cc58595d1e295370547e36cc8739cefacd6d0055d5f43417e32a5826c39b37d807c68299f8ef28598f737c4a1a94be4c1a27b8f7443a1aac0d26c89768d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BD3NDTTD\Slide14[1].htm

Filesize
243B

MD5
48c8fbef8bf09bf75573bada5e6824bb

SHA1
1a3a0a1c571c81b9d19a5eed61cc3ce60583b6aa

SHA256
995172c08a4b637cc8f3b8e25698bf6dea4498b4bfa261616c8381e0c5c85734

SHA512
25971d487d11bb14f54c2281a4d6ae531d7ca4019fde7594e4d5200029b7e3801f3503c2cd475d3a5ae73ba43cc92d80a2ea491d9ff907caf1e078be6cd18d1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC958.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD5CA.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD8FB.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit