8b4f2c3f2ae5c2f55da78ed5c9dfec2afd24bf3b061e4dabebec2751a7148d92

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 13:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bec5bffe06153e773dacf44cfee7eee4.html
Size

188KB
MD5

bec5bffe06153e773dacf44cfee7eee4
SHA1

45339c66f8e0550db0c79ffdd1e7afe9eeb55e2e
SHA256

8b4f2c3f2ae5c2f55da78ed5c9dfec2afd24bf3b061e4dabebec2751a7148d92
SHA512

64819d4c35e8e19e6a2e5cadc3bf6f27118fa662fd5db08d1da6a1247cb5cfac75d1eb80b06d492091f054919780d80e4361b16af368d250bbf1f790f61fa1c1
SSDEEP

3072:KsCNiDa/AqbKq7ng4DDamIoNarGySEK8AQoLNfYdbEmYep0pugdpTYucufb8xz8G:KSzKUjhkzo2Dx5up

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{ABFDA561-DEE5-11EE-AC06-EEF45767FDFF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416240722"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1908	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1908	iexplore.exe
1908	iexplore.exe
2588	IEXPLORE.EXE
2588	IEXPLORE.EXE
2588	IEXPLORE.EXE
2588	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 2588	1908	iexplore.exe	28
PID 1908 wrote to memory of 2588	1908	iexplore.exe	28
PID 1908 wrote to memory of 2588	1908	iexplore.exe	28
PID 1908 wrote to memory of 2588	1908	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bec5bffe06153e773dacf44cfee7eee4.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1908 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
290f96e31631d8bd696403d9658bfac7

SHA1
eb7d791287a5fccd8f87005ce18117761de72a23

SHA256
fbf59ad53d6a2008a0c4879346a0a031c243054a1470771149550304aa91d278

SHA512
81d7097771dec1ad5534403b89c3b459abb4a0bbf7429361622cce1103f0e5f26d9f8719763ee27b4912319ee9c7a984745b705bdb0c5fd81d406358a2a60e96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5157e31559c2863fa29ecd241bcf4e7

SHA1
ce9259d5398ba1a00b62e6df5d899570cfa4e34d

SHA256
c64d891e1a71d124d96abdba14f67e577164ebbe56cddf0a76c5ddc7079efd55

SHA512
bba7dc552d9f8ab402e46314c9e9945b63fe594ef2e4eda714d80092609915322160853d2a410a9a21c75ffb5f2c75c81fed67e718b223ba9c38acb1f4ce2b52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
471e08e489725692464cf7c642bb6d5c

SHA1
b8fe86e63019f3b30f506db1eeb2a46877d1e83e

SHA256
53a2d7ca2e28fd3705066781918cc7645e66ed1a14e9847b6e450561320b9a17

SHA512
4844c7c036eda0ac6fc1b79529bfacf4a0e11fe3c791d037f3fa48c9031fef7716d01068eaa76c82c25d11b2f6463c3384433aa1b88ac967239df69f8ed38d65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d609afaa8df3f68db5df69510d8e44b4

SHA1
4dcc60b36a03c4654c8ec6bd4089b8c56c32a6bb

SHA256
e7336abe96f5d5a08e5e5d259efc9039ba21015d1e144133fbfa99fab8bd4c50

SHA512
acd45d63d9df8bb3c8573718c17a96159b7f4f9b72b76b405fa450e5ddd7cdbaccdb6c12a8fbe659f491981a91b695a3255a9a83551cfbd42c6254365994bd22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86dca2482cfb6c2526f660585459d1ed

SHA1
7331e91700dafd073528ac739906e6bc94d8f06d

SHA256
33cd512eb5ab9bede5b06e1b43f5c0c0fc2dff74e5b08be0dd619989a521f1c4

SHA512
f7f5f9b6e4b6382de7063b81fd435ab48146eda3040f7b15238a4f111ac034eb9e73d8cbf5dcf8f378d79d41a8a05ae743c1455f0e468308ab9aad09cedcca43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e7da5ed94be082f89d5f22dd9ce35fa

SHA1
e38b08ed891e0117db810ba522c54e0c5174ffb5

SHA256
bdb37fc9e7468aacdc67924224a104d135289a172c9d577184ad951e8101ec7b

SHA512
ed5281043c15db3bdf843e8d32e61ea2807aaf4fd33f1c8cde6a568c473b272a161bda5766d2f965f11841fe557a1abe359e66608d8ed0a7f5673d86ad7daa19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
484a0f9a2eccd073a97590eb2ea42ff1

SHA1
1ecc68cbdd38ce68b52431d2e4d9ea48c1dc5099

SHA256
a50a62f6c6dde8f71b7621fb3a2bb0d0fab9a9cfeb2568fec1858d60420afed1

SHA512
b1b0567ca70dbdb2eae9143e4db2b03269ac6475fd97b72a01edd33f2ed5d6892b5903355b8c09070c23f569a30176686ba5fe18ade437637c712746b3155e4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d2963d4f921c8299991ccd749a9b72b3

SHA1
367dcf26d76db67a04a62243fa384c5cb70888aa

SHA256
fdceb04e84da1e86a44e053e7ba8bdea89dad2b36ea3575b31df1d1ad1ecf97b

SHA512
e2f278b5bf50ad74761398905b5f9e475bd791b8a5d6d9999a64ee91294dfa9ff1757d512844176a7d28e6b725c768b767576857c1450f000f4471fb0b58d2e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d43199a15332dcff23925b581682977d

SHA1
bdefac3449af5e2eae94e2d6d32e9df3ecd54c95

SHA256
c1522790ec140a777e72678ca9baea4b02bbd04e008106e8e8510765022f7e94

SHA512
4955c4db21560246e79848353375e03736520e3b70dfb5ce6f332c4e806dbb5079dc5a66e9aac813f723c600f6c4bfa9bcaaaa12e5da1081b8584fa3499b7464

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
89942ca7cfb5064162d36a0d9ca268d8

SHA1
166963a343a08db1dbf1f15e5174b1210bfec8eb

SHA256
747f488ac9f2c808e12389098a3e95a9ca378a671816395faa9e29be52c914fe

SHA512
8812321da689fd4b06cd9b8301d26b1129f6e6610730c15ebb4d08fbcc49dcb32a842a7ff1fb4a0f9f30de9636e3f0236263ca580b86cdffa6936cacbc525b7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a3d99fb1032e743a3c1947bd2fd036e8

SHA1
41df8b9e71d837473e7ee7e040d64ca2cac36bf3

SHA256
a214e3ce88ee75542a5657f389f11a21bf483d6f21976ad6f919812467788803

SHA512
bbeda8bf956dc9f91fc884453901a381aae9e79ea4198d914bc650f55ac5a3a228ec75ca62351f3c74c6ffa2dcae5093d950f2dd43c80e49500616a0f62d062d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ab5f14df383e3d43a522831bdcff2f2

SHA1
b28eb1158abf2aadb844a8f23a35ce966033acb8

SHA256
d8a0330717c78fcf22fae809a677079443d6ad4045e6bc5e8bf68eb4ccb851ee

SHA512
b1deecaffb3534318877111bcb051e5ff97f844b00513fe512773b90d191e926cb44e4b1c63bf7a32c28db095b8cbedc6c21b6ab9024db8a276c3166dc2c799d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb42b86fecbcfc1ae0c041e842090a65

SHA1
243830bafd2e180d34aa1ccc61f92b162b3eab06

SHA256
02a6fb539ef7fc117d281f4885beb66f5060c169817778afe4869d4cc1f47905

SHA512
60a916512e912320c785cecf626d8b716408c0377bab6ff9977d6e22d70ec6d7b0047d47f74c38c5c39ec96d30d3370081fb4bf2b354bfae32dcfcd87371d030

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9cfb8ae869e2fe775f4f0c1b9be69e3c

SHA1
96c28cb42018005394a901e6b5a66c79c1e48846

SHA256
3a212af958c224566fbf489e696657730a3fb08f73f59696ff49ec4dea1088cf

SHA512
3013aeafc3ed2825ac8fa75af7005182177a9128aaed9b80e8876e802dcb50e4ac1b43f6051a43e56d345732c0fdcd825f450cb85f9e5cbdaec5b26d7b58b1bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
70fca9a9d68fd4019da24d8381a899ca

SHA1
e506e9c3a1e76512361c17357cada35329100f14

SHA256
f951778fd64783b30b4c87de9bfe8789f412ebc5505fbb30fb8e70845372627b

SHA512
302d29d71ca85d9776356602a9a16c7aabc19702d843b51721d0a8f5eb12719b42d2e046b30d5f21b54e2b450da3e44bf33b2ba63a97d166f82bc148648f8c61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
867a3e665c30f6e1c40d08d4e0fa375d

SHA1
5acee75bbaa5691d7ed9fd97d895085ca9533e98

SHA256
4acaa3ce4f0dcd9248c67fa3b92a5baeb96cfae7f280a07a8c9d0b483bf268d6

SHA512
6557aac8ad79d02ac8065be10457b9194468b89147755f53ea06307a4948aae033fd19a81b30847aea509457ea3c92e6fea00078cdcd7be3b5c7a54d7b39454a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7636e9dbb391849f5a043b2b2377346d

SHA1
1efdb17f5ff6919c05ea9b4921cfa9d155e5d43d

SHA256
f728653e7247c37cf1ed454ed494c419016b54ddd1361f13f255a4b1f0f5c099

SHA512
e310f9977e25aa2688a3949f31ad05e78e43db08f0579736621b43a3005d8cd21557ee32e00bd48651a78a9d7ef45c2077d6b53e153a96734e3eabf73687bf22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33a51d97aca4bfe49e38ecd1b877b3af

SHA1
16f9d2565a26ae47f356a0b3da418cf581f17455

SHA256
968853d68169f291303c1e4f26e158ac626d21ce35ccffa1b9d167401a0ed18c

SHA512
4e363a25d33d2af8c6fd0019d24c61c6b71fa89b99ffb10e50b7bb1b54c145ccf752a964c67a9852209cdd5a4043b84744a065a88f869891e53d7f233a93bb47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
3627eff76c49f4b1af09669fd7c9eabe

SHA1
e0a37df75b0f9cc41be264fbb1f4e4c566dfe7d1

SHA256
952e97b5e7bc19161dc81f73c37d96feec8eceae232b4067f380abb8741f09ef

SHA512
177e88faf251fde6598efb8eacb7b5113faa170505a762ddc6489a4da7624e6691d074dde03411a5e117af2a1190da95f7751d61db289b46902040c30cc7f0b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\fbevents[1].js

Filesize
214KB

MD5
4358bcfb91cf686e83ee56bfdb956461

SHA1
e9bbde7e677111e8093c0eb4fe4bcc53fd8867ec

SHA256
50b6e67cfcfe4ac8fe9cee705b681f696065306ee42bcd4e6b37a17dba333ac5

SHA512
c226d7cb78f8a99d9c96b384412f36c0f4a3d009e8629183f918ef41d7a3b47b3b22cbdfd1b5eaa1f8da556b0b1c6a04342af850e5c12242f34c4d59958bdc66

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9D1A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9F0D.tmp

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9D2E.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9F60.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit