e070bba3db708ad09edbe7704706140214a559716ed8b08fc755dcc2ece7e3ad

Analysis

max time kernel
144s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-03-2024 15:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bc24f2b8bdd93a9e874b6337c9ee5f55.html
Size

48KB
MD5

bc24f2b8bdd93a9e874b6337c9ee5f55
SHA1

99ea793d666c7f397db8807a0bf1dd56ba0b7213
SHA256

e070bba3db708ad09edbe7704706140214a559716ed8b08fc755dcc2ece7e3ad
SHA512

02cdc1277dd5b15e087e5d5353ec15bbd064a0004b6c1d4538943e657aba1e0a2ecf5f609784e7f4089011c0b6ba5eb7840b006bfaf8a08a9d55c075178082bb
SSDEEP

1536:zRaOuUzB1MtFh3U2qKwudCSN+IcNHNrNemWafZ:FaxFh3U2qvudCSN+IlmWafZ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{181421B1-DE29-11EE-94DC-E299A69EE862} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416159736"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
932	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
932	iexplore.exe
932	iexplore.exe
2640	IEXPLORE.EXE
2640	IEXPLORE.EXE
2640	IEXPLORE.EXE
2640	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 932 wrote to memory of 2640	932	iexplore.exe	28
PID 932 wrote to memory of 2640	932	iexplore.exe	28
PID 932 wrote to memory of 2640	932	iexplore.exe	28
PID 932 wrote to memory of 2640	932	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bc24f2b8bdd93a9e874b6337c9ee5f55.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:932
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:932 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
c1f350b6d2f9db175ad87e8393ec58fe

SHA1
056af4c2920ea8f5744193ecb56e3c5a0769c261

SHA256
a2e7cf2ddac112499276d62261822688488b62b914aaf9ad063c09a21a0a2984

SHA512
2d35e835b0a0f750e20e98abbdaabb8e6c8d08c964900f1b9a60156c82a39479bd51f4b14026d70cfa08f24d69053c325b8763df712aeac24ec8baae63e29866

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
2978146ac20db933dc32d5b3679984b5

SHA1
e1dd93dc4d9d932eaf5d36a8c31ef03ea49656b3

SHA256
ea1712275e49e17530022f4dfa62da4fcdb126ab3d04395ab4fe5cad4547e10d

SHA512
40a210c62127f5121b8a454f6aa84739e5b6860a618bf5297e300fa133f2de797d78857fbcd32c918ca8a16a60567291057df665036463a1965f0966b8592734

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2df12e919b3e26c6967d7bcf91faaf3

SHA1
2f3dba38046604f695fc4a4c522a88423749e6f6

SHA256
d818b38445e9d82aa01031647d1786296e494727975235bf336432ee3e1cd2e5

SHA512
616a5a6d9a656c0a8cd89418d96020a00b6a2bf76ec8e2ec1233425c2178c5d08126b8273a1b99e4fc92d3e57e5172e119581089862f114dad81be3da1b4452d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
19feb7a8c1c7e27d7398c25ce613e0e9

SHA1
8dda39b1c73003fed8c10227557f8e847d40ac8f

SHA256
bec3d78f5759470556f5932e098afeb58880b8620ca1525a81505a7548400030

SHA512
5365509b66aa157f1ed60d842fd56d7a472ac16266bf0bb01ac9ac0c7c629716ecdc2b4d394d2eea9b72abe0d07a5c40ab553edfa4f1280b4b0388f0313c43b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0619989fbf6b32b5f5a4cf5b74ae636f

SHA1
1c5a64ed722cf166ba0e2c067b667983daa2b698

SHA256
cf2f8e13fdb5e9bdea6aa33ced08662671bcf425765f3bce3f85779fc16905cd

SHA512
fc8b400491371520d17877b814f02d52d908f44ae44ec2231ae8293275a662f803bc94c918687e589ff5a1b70022009e2ee476e75f98b73a2542bafc9fa5ff7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4bd6c56d9eae85f241f7389044abf28b

SHA1
91cc5db55f997a65d5e4185f4cf617b8999ac407

SHA256
27108830895383a861af4de05f0b5558888dcd0e9ba0ca330af392787aed3830

SHA512
02216360fc366e4de0b9992f0b5ce1f8028167f6b1ae98f3df3ba87aa5174a9ce34d1a754634badf9e15cdcf9692cb0dd2322cd070a3865e69fb42a974bf00cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2d91774f1239d54daba2a3b30663ad7

SHA1
6bac010df613059d3c722bbb224756ec0c210e20

SHA256
b337a2be7b65e081f52574ac6d004917263aa36837ba070e8c2d11d92a52b652

SHA512
67912c57da7612b354ed4590faeb60095f9d727757c89a7999f6ccd1ba2cb7cf3c9b9c57145c7ad0b05d9b2e47dd827f43dc34315309b2a00e25b752a5382304

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a59868dbf12306352f187939d1ca0a57

SHA1
1720602464a3c3fa3ff377c292007d232d1999e5

SHA256
bb38972825ba2d64fff4f2f1f9841bd2329416664b057599e078a0f971de6f4f

SHA512
921a0ff3785d13f7b81c8753b6759688622609b5db7dcb30cb24dd72b4ca2c8691c44c428c490912752b5abd814c4de5d63efdf3e6c622c5c9ce42ff9424fb1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
347b53b1d40ae72748537432254c4c68

SHA1
3ec2293776b95c9b33eb62ade9afb8ba2e27cb84

SHA256
69e7f5992c3a4d56dedb9da8b63126577adf0425d63015461e9d1406e43bd526

SHA512
a0693fb78b162596f9354fdd0533da09827d5f2b2f496e43d4dd4c1212531b8f55c1c05f31e30a8fca02f4eaecc4d5eb0d4404d370c589fd1640cb9bbf67ca3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d4c23ddf81b7c7c8043fca0d9c73b88

SHA1
1cb8d6e63a2c9b3d6bd604f47d3d6f7a091db91b

SHA256
eef998caaacc0e50ffc7568017955ef4b69315fd80ae92f91ee232f4ca59dce0

SHA512
6b53dee608e0250991d385fe1a10cfb7d5d0d6b95c4c0fdf8399461d3df391dfc11c9bf1271ab4d0cbe63596fc7566b88bbd4e5dc1285952821a22c973c66096

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
3d3ee29dfcb5ff2cac32d5a594a0880b

SHA1
a9bc0a0420eaadc18bae3a9adc4389661ef92735

SHA256
93d35f46ab98ee8e8bf688ceca30f7900d3ccabe7c207be49c25a8fa43b556b4

SHA512
a4e4056c48b078b58a45096c9c7b88c8ae40f4070e7a6c61b6671871f0107121ccb9797e376b6ff9ccf4817746ff1420848e3c3799714b52e609c5294d307083

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
3a7e3887e1d724a6b6c344ba9764fb81

SHA1
8a798732e60a97a93af348d42422fa7e1ccb5e8b

SHA256
aacaf6d283bb76f1d31c98812e6ba4ada6dba1ae18df5ff238264f05803d3e57

SHA512
edd2f2783c3df5cb77f462a870ab2306f334b9679d3bec77bef0ff5def338300c2e8bbf09f20d227e310669c7b9822025fc03f1203e3409e10d71de03bf7ba9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4HDT8MX\cookienotice[1].js

Filesize
6KB

MD5
a705132a2174f88e196ec3610d68faa8

SHA1
3bad57a48d973a678fec600d45933010f6edc659

SHA256
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568

SHA512
e947d33e0e9c5e6516f05e0ea696406e4e09b458f85021bc3a217071ae14879b2251e65aec5d1935ca9af2433d023356298321564e1a41119d41be7c2b2d36d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CTT6L9LH\55013136-widget_css_bundle[1].css

Filesize
29KB

MD5
e3f09df1bc175f411d1ec3dfb5afb17b

SHA1
3994ec3efe3c2447e7bbfdd97bb7e190dd1658f9

SHA256
1a2eca9e492e3a21e02dd77ad44d7af45c4091d35ede79e948b7a3f23e5b3617

SHA512
16164d66d452d7d343b1902fe5b864ffdee42811ee90952cbfe9efa9847c58c0403f944c8e29db2bc2384ccd516b629cb8765e5e51de37da6efd75962cf82530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CTT6L9LH\cb=gapi[1].js

Filesize
133KB

MD5
c8be3350843695958a33474aeb3ea8f1

SHA1
ad92694d9b189ee479c1be438636e39247b216af

SHA256
22494eb4f5fc2ef8c229b9df2e171990687e4837282655145cca0fa302af1278

SHA512
54ba5d4076fe9fe4c4ac22f45cd7d2ebb4e8027d8b8f82580436dccbcd60fa2adbb948ff1234d9912c663bf1fb33ac834007850f5a3f2abfb96a7a4feb110bc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2GIJQ9P\domain_profile[1].htm

Filesize
41KB

MD5
ab52956078104308247889ebcb8c415f

SHA1
5d12955f17b3bd281fa0ab58800770ace441a6ea

SHA256
5bddc00bd1f593f4cb10e59686e4d6743b0cf4caf22c076e955c933ffc31defc

SHA512
21bb3fc4cc91a26729e42adae449fe939ef1f257d861fc3d11644dece1eac913d52b6d67356d1204b1cddf7e3cc2ddd3e5c33e3c98c8ea88bde6832a3ce3011a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2GIJQ9P\platform_gapi.iframes.style.common[1].js

Filesize
56KB

MD5
bf78e91c4b8c660626008446d6d30703

SHA1
db09dae5dda987e24027a540e47650cb970e31bf

SHA256
f554260f317f497231227b9def0144f0bf370ae71cdd7a54ac60d0ae1a56e096

SHA512
15cf262865ed7a9aee617939501430586460eea04599e7c09f5b223ecbebf454450e9e6ba93b81e6e1a35b1039d0e80039bd4d4c768dc72ae5e3bb3ca1f70fdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5560.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5574.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar57D0.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit