0362836f32e37ccedc53ca8d68762e5c323dc2170dac2a06afed6df6551dfa3b

Analysis

max time kernel
118s
max time network
135s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/03/2024, 23:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c1e73b64db4df2feb0a6f2434b541218.html
Size

10KB
MD5

c1e73b64db4df2feb0a6f2434b541218
SHA1

9cef5f0886a3a6c4ff2d9139d34b8ddea98ae1ac
SHA256

0362836f32e37ccedc53ca8d68762e5c323dc2170dac2a06afed6df6551dfa3b
SHA512

adc2d129cfa50f09e16046bf37bffa7cadd13d7f1e9eec0c98910312e4d32a39e57b045dbee94f6a182e1e5e09073943be9b1ca72fa5d20973c429f94fb94329
SSDEEP

192:SIIRO6VEGXA6bEU2Aa3VjZs8Ky67x2vptfAzeGnTW/Ah5ac1NbLHCfdfF4+F:SISO6VJhEU1alZs8eMptf23njNHCfE+F

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000a516d38134d0ab7ff4fbd208174fd8f4dd43094cea4516fd6c53fc8e046ddc8b000000000e8000000002000020000000f1ad7358908853ec559fb3df9e23a7840c37edebc7df5ef7875c31535234d2b1200000008afa257abb62a3f5ad317c7d3ec84cd7aac06e69670acfe9f0bc7875be0f89c9400000006ce70c2aa0d641373606489b9369bd45c76590b7b250212f0ca0220523c35cbaff62e1cf142ce76c3991e0e67966eb6fdd7c628c7f7f046a6be924d7f6877a79	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D86660D1-E000-11EE-9511-66DD11CD6629} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f08f29ad0d74da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b0000000002000000000010660000000100002000000015e13be851abbea33a0402ae829286e51d4c70e2fd2796d5b07863fc55d652e5000000000e8000000002000020000000c1a2d59e87644b2913d6d3901555046cb2cb9b33ed286bf782f0430317e569369000000048699e7bd427c08af0719758070f1d4a5cc109bc55e801a5dde8e4c2ce72402e861b7d9e8b71677bdd36e2779e6aa5b10ab0c47461a5c53dd5e44def2b3b3c152c905e3ce03eb8352830d1d7af214f4bb1a051f34cc77e79ef50237c3be30923956bb2671db0dd40c1b11c64321828ed849a61529f62014eb8636999bae1d9157b01ccaa464e11e76112fc11257f47ca4000000039c964a20f4e708ec291e8da01c85dc9335b8dbc8e2794ed7bb6d129f6d5c012f1bf165d30a039134b848fc11f320e8d17eb621cba32d16a4cf46cd1cf0caef1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416362344"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1152	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1152	iexplore.exe
1152	iexplore.exe
2192	IEXPLORE.EXE
2192	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 2192	1152	iexplore.exe	28
PID 1152 wrote to memory of 2192	1152	iexplore.exe	28
PID 1152 wrote to memory of 2192	1152	iexplore.exe	28
PID 1152 wrote to memory of 2192	1152	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c1e73b64db4df2feb0a6f2434b541218.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1152 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3b1f0f7ee12f6afd440d7aea43a71b2

SHA1
59b048114951297842e64edd3a7f5b2f445a51e9

SHA256
e603db25c1240e5a96d8d338b19402b4cfd89a99fd5f03849e12ef697d5f1891

SHA512
fa3d00cf518a75d78d48df169f87dcb70c8c5087e2d48cf258c143068209dc387646c41dd0ea0e1fa041ec1d07b7797f33a90ee094230fa113f8107774806e87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
08ee010221b8a365c35c9d87994efef8

SHA1
8ef7bf10d355947a4ed089a19e27b30236a5ddb1

SHA256
cd911d2f2ebe4f8da3f345ec62cd751014d344f98907ad2f7177cf513d2df677

SHA512
71b0a0af176febc404c065d27755c2666727208b86dbc17c445887f703a66ea29aea716b28ca1140b715783eff0701b0da66b8e1bc274c04ca930b87976e288b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7ec243bd6e82bc8481a6804ac431274

SHA1
ec849f60d53668115780ac9b3cfb2c468a529026

SHA256
f6bd46b4c6f3a32c8da589bf92faf39e3ca0e5520a33f875c764b65129bf34f6

SHA512
b49989f62ecb545049e2c2e714f66c0c6438039734ce6f85659386fee8dae800ba2182406932e92aeb4b266f3118e84d5c4d9052de434cdcb41f89fc3a64f056

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ce1deca1b325f9d929f66865d1bedd8

SHA1
7c2f3138d05c9585a043fff306849e4c38fbd15c

SHA256
a95f63aa9d28c12e4ec5870acf529689b7e98e363d1f02641174612963b02c00

SHA512
5c0015f15d99529e74a07f71d0e24cdbec355e5a6512a6963359b1ded80876f71ba28dfee6ea686fb5d079d4791c1fc0713b6db7d6bec4d438200015ad1904c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f0b342a98632343d148088ae1483a9a7

SHA1
dd951a417ea13288de236dda0cfe92b730a20a46

SHA256
ddc710f9f55682f2c01a0f847fc29786e90dc3d0de4432fe05f64df99cc18c08

SHA512
e4a0bba76a59251fcbdad422e7a788393d355f514b2f183209970dd79164b58e1d1460770468a55741f86e6c5443ba007df5c1a4664d811731c8661e12af7ed5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bee3fa27add5b3856d268ed216e2e871

SHA1
32c9a51e9c19a4644fa214ff17157f2f0c3a4897

SHA256
d52c612ea87a713622150cb56ddab58dbff2b73d34c2fdc99b70bcaccc715e0f

SHA512
e5b44dfc5a84b8764fa2ee6be93caa11d1efcc5307e23e823f3389634242e47a35053515035296cecedc54b91b219be14f46b5912eac4656a6a0b6b6e6f65490

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e53340cd266c0e77a8209ef76321220c

SHA1
304cbb7992179984ab25a80bfff2883f29ef0b1a

SHA256
1238a97740a235cc43e9d3d2600cc62cd33f073cb1e12e4448c13f206b465a08

SHA512
2936b8b9d7f07a0a19b86b6b07c80104e7d0f6bf15bdda97e9c9c37175a37002afe2f004ff812484c5c21db55da57b0de5cf8b5716e438b84453d7cd91f487d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b3bcdd72869545e2977bf37a0f63a6d0

SHA1
0d7e20c8503200ac8447664efc423d02cdc9f078

SHA256
849b48a72f479cdd5a196833f5ae5df1473dea8963fa049daeb888a53f17ab42

SHA512
77eacf8325a863927afd32c98e4be920bb137e0e3574934735a670bca08e94b2becc073b7028e1bd6cd1dbbbcbbd8b86ff0604656073aa22ff28c8bacec36ef8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e42a837ffa61d3706e7a85b386b15c6e

SHA1
ff17019aa0ec01402b4e10990dc24b85c1c0b2a1

SHA256
7fd4f2544e81c48f0bfe7fc97765b4be98e115b0ae2cb6ed500c63741d49527a

SHA512
3cc1a60b0e579e602dc88848b3b44da1427474fd8e9e7d81c575917c5a1262991595535c425ecde98f47e75e8f82754da4bd8fc7072f44db3b16de30430b266a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a11a8bb24846f1152d7e130b3c5f51ca

SHA1
65b18455aa3b2e687999194f5a69281633b2b617

SHA256
438ee6a268d176738eab4fb5a975b6174a7091f0330f582dafa4eccaa54e5d1a

SHA512
54ad1f158a6eb257ba07c9db7bf336b9ca0ed17d589111b30f4daff9cc10dcda9ad994635a785a582c94015b7e8f35a12f8fc4195ad728ba10deaf6f4e3fbc69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f53090ea7b62f465cabb22ab9a2db74a

SHA1
81003d1927fd1dc99297a56a631f7e8e235681dd

SHA256
e60b42c7a7052daaa02a2409e13fcc7e4d2cc6b7bf9e4216be53cdaf6e7b0530

SHA512
7aade340628442fe78b3912c17ce48d07b502da466b2426dbb664923d34f1e56343de98935b56d39810c11725c1143ac3e4564bc7e8e9397ba84c7c26db165fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
550ba486cd0bd0d3b9ce29a99908cdf7

SHA1
5ba92be3ed6c7e1a09c88f25548e5798a1d47527

SHA256
2c2fe136b24bf384e06391ec69e5850fd52a410dc3a7a8b3870dac8ca05fd08a

SHA512
6a453ccf0dcb047844e3046802a1e414503eaeaef5e08f379fe6715b7b3702c894f8c1d5d05ba3d8f1f40839c36e08e3e73dd350d32405d74b1da3895f640711

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5650d7fee15b0efafaef1e4054d17d7

SHA1
fc28c566107120ed145a1cb5798f4c5a8e74c04f

SHA256
bb89167617cb8208066dde29cd70eb0fe59679d25eef865505f2a65ac5216a8f

SHA512
e90c14b25a0eb91d163b3c511755b58b513da9ecb39acecef594d521e224ec7cf6ea73370283d6f55b4a9e12980721b5e028ea3233e342de8cbd666825b1a799

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3843c73131fa1b1305870c9ab0c7c851

SHA1
8aa407b331ef2d02c718e50edaae0f572b687fc3

SHA256
3e21f3fca793bfcda4a9698204d06d4f13eaa8df3d017c77bd1072fe7edb3f71

SHA512
fc80390aea0d26795125d9bd10a838529db6fcefad5479a6cbfaacf25a9f525b19741afd21f472ec052e99a92b6d89abd33c7faf423f44e2affa7177e17904e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b8245ac27c38ef30b02e8d7da22041d7

SHA1
691799514730fa79e399b8d33d498fe4870abc54

SHA256
853a9bda3711e51d12ec7ecbc28eb6cdd7fb0c21e9ef12aff97e681c9c4a84a7

SHA512
2fad668f5f6cbcc0c087aa21a56b5814b2a5b36d7ae5f783923c26e61a819e7c732279784fbe01a6e6007905b96f009b42b6abf8a178f31370ae4f2fc1e02578

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dfc3c6091b9f159bbc78e72d884ca714

SHA1
f83aa9a73b7a50875b9bc39a2a047ec2cc359866

SHA256
b5c3ebac580453bbb5cfe853ab284d46affabdf9d15f40236692858c5886c1e2

SHA512
eda63fcda40f58b88c743857a48fc6c77a5813bb0d1eaa8e633d1d1e9c4518ace22fed56895ffc2f593a1b886fb540abcce8ca2bb7eb7da13865e9eb83fcb041

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC4F6.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC730.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit