c2f19420145d084784694098da4cc1510ddc041fa687edde2a8c5d47226c95e8

Analysis

max time kernel
119s
max time network
149s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
11-03-2024 03:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bfc16809ab8b143b67baa1032f017ba6.html
Size

1KB
MD5

bfc16809ab8b143b67baa1032f017ba6
SHA1

94564307dd787d365c1308cf7b58461335fa63e4
SHA256

c2f19420145d084784694098da4cc1510ddc041fa687edde2a8c5d47226c95e8
SHA512

4a33b02bb8abf7355add6169ec9940519df65e1627e89b4cf67cceb21a6b95ba1dc289e2d9f1b5bac48fbbad984248ea39b5880bfad903a2ea258067ec4f5ddc

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6586DA61-DF59-11EE-8ECF-42D431E39B11} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416290422"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c005353b6673da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c60000000002000000000010660000000100002000000056ac0f4ab3ce1845d2dfddf95abce42044255dd978328d0e3e0cc1dce34fee8a000000000e800000000200002000000032929efb38e7926b085a18bb2c93ddf11e83cc092eeef17d5d24f1bf2c8687b090000000787c844dd321188939b0d34faac063ccef276752369b4606dfe88de5ca3c1250342b43ec51514e1dd018d922cef8c17a57471a7b66e79c45ecc8929fb0e0281aa8fdf05fea6c455cb19367c758725963667906980b2d40a8dd05a4ab12e37bf886bcd8e6d728618e6c52e728ecea5ce9827e1094fc74c5e443487bc0a792cb7fd9fcde773ceb7706238d0bb1d22cf8ba4000000029c26cdfdb63f71e8209114a031d8135a8dbc0215553f5caabc92e00be2838b9cf6fb8a1d9ab931c483650e5affa9ab8768a3236417177982963f07700d81d2a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c600000000020000000000106600000001000020000000c79b1b540a16214d64494d7a9213d047a2b11fb3a0a7b9d584570d3a42ae8035000000000e8000000002000020000000ab31d8dc9d30828a1c8dc2cf6e48dc4ff88d2c55a48bcdf653b4189618a9988e200000002bed11cb8c7f3caa02b17dcbe01b7722b26fe8ed0d41f8ff7515d6e55cecc6ce40000000b49ce040fcf067434a70c8507f0704dc763bc5920c70f3670830326df4c3da94e7607e8576459b1ba5acb5b522cbf78747110150a62b8861d292fb8811a512c7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1660	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1660	iexplore.exe
1660	iexplore.exe
2532	IEXPLORE.EXE
2532	IEXPLORE.EXE
2532	IEXPLORE.EXE
2532	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 2532	1660	iexplore.exe	28
PID 1660 wrote to memory of 2532	1660	iexplore.exe	28
PID 1660 wrote to memory of 2532	1660	iexplore.exe	28
PID 1660 wrote to memory of 2532	1660	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bfc16809ab8b143b67baa1032f017ba6.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c70bfdd041c43d949a71f413defcf464

SHA1
dd20bef9177ca31f7f7ec65acd92b053ced9af4c

SHA256
88edf6de82e0ba095cb7f2eec0fb1c50a0d9076d56bc19e7bcd187e061236dc5

SHA512
71de9098fa4970c803581e21767ca0a52a66d0b6c3fbfd24214b2afc00cdb8ab4686d74c677ee3113a75e567a57c5e258567a655f9fa6af613c1a6d3cca43f5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
1b2a48d0676d72e5b5eca7cb901e6a85

SHA1
16a6e333de69442de7ad3e6775cd9171c5765684

SHA256
6a70b440e1eca9cd05659600dc7cab296d6e291df8fc9f0d9dea52443978955b

SHA512
6b77fd5a0096ba718b6bfcc60f5eaff7bdb0ba5d3e1a24cc85a2794b1f887f711ba7f996dac26eda7ed62441c001c6804eced6211afa285083c61b133091215b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
6d09a70a0a8f543db869db93387b21e7

SHA1
32462002796c479ae53ef71baf9e7697f6ad58d6

SHA256
34f7d9bfceb213e93067aecdea3bc751e814db2d2171dc16e8f1c75debf772af

SHA512
b10639926f8ec9673ebb11c0ee53fccc33a512d0be54ce60eb54f4e830d04a500cad20bf3e83c35b8456b07c2e5a566601aa37e744f0197dc8f6073ce9793656

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f19da3c6992a78798bc674c2f6f2f9b4

SHA1
ffa3dac40b125dc0f424c59d8533462c4d107b72

SHA256
e729ea3df87fa74ea2df27dba6921202aeca8e1610b2a305c9a40ddbc42774dc

SHA512
d04d1b6ac0d9688bd7f15cf00dd49d0ecd496f5b7d92987f8126166b45190c11fd4018b70d8ca46261bc4a7581e78480b665b1f21772234a67ba3566e17c044e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
ec94fe69cd6b4c09d80332db5d32ac28

SHA1
2a42f26c5b6f345b60f8c86a3d332d9286318018

SHA256
1f7b866ca09503b8525885e773e008b77ea07c17f174e8e29e3cccd2b5a40c48

SHA512
0d9268d994d5b4bc6c55e0d1193a33de02a8d74e19b1c1ab959226f32487257e98183e730ff25212117aadc8cc2846fdb83765b5bac4675a7a996da41cb13524

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
63ec04237d3b5734ea60b4b801e62139

SHA1
a02a029a160d1ae6054e184183d38a98f8c9b39b

SHA256
5beed1624bf7a09c86d9830067e4d6b9867c1bbe143380b0b5c6ed798a05be81

SHA512
fb65127d4e5b632d8954e3d7ccbd7380514da9e8c5d8b86943fdc759b2920b307440c788fe4a17305fafee9401e3d3472f2cc583a696c1ff2117cd4f8839d609

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
ca1e20ed7b10825142128b570a4ea7e0

SHA1
e483663366acd7d3374eda61f989696f25f695d5

SHA256
140ba9159f34001bd97c1e936e8e5f96c2b56ff31b6ca8c06f132902dacf9b3e

SHA512
abc4082f421671202015a4207984b2b2e4e120b2d0519e3f6634278541576f466f363ff7a7bad46a5ccff1c248dd2b4d786e8e0bc4d08c7cf2f0746c7824de89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
1686979bea7e34d914cff4e4c3a296c8

SHA1
c529411aa8ff42b9c60c985c808645021bccaccd

SHA256
4997f5c9b3fb8648cc487df4d5ec0e9a57f400dc5ab1f89fede2afc815627866

SHA512
e33b4c6664ca871f4554a14c929c2aef3406ec90916e9302712afbe58285b49eb8a7d2a7e2ea728dade56fb32ca0590ffd7c0c62fd7e7e7e11c29082c03fbcfd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
2c2e88043c83bc2969fcb995e8a4e38f

SHA1
2415dd5c6432d5bfff4e0bd96e2adc59d476a5f1

SHA256
0423a336ee33d909e409c0317d6b8a16e540615c1ad1629c47dc6c2bb110a8b0

SHA512
8fe7e9953a9f3812e136f36504022ba79cba503a976a80afa3b93ebe403f010429ab2b3c7618a3e65bed4e983f708189c9aeb27d590b9bc47e4dcdc9dbfa778f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
6e3e3fa29ccfe181d51045dfa13af1c8

SHA1
095d300859ed0e0cdb69fb97c9936fb5db23e778

SHA256
dc5a536504935b0a8a0c36cb4c5d8e323baf6a42f6c7d06f6f7037d42ebe0604

SHA512
dcf2d2a55097558a22850842799bbffaa31e119433ba1c778538610828c335fd328d71108609e4d653aea33d9234be85def455aa1123bf6c9a69b8b257d52ded

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
8527575e425783a39a3665fda9674bda

SHA1
6111663bde02fef19a6b7c596a684564b916405c

SHA256
69b2565cccd5b5a73050a3f88eb806e010bf2a5dc45ac995cf61b538f41fceca

SHA512
13dba270e05128b89836124e11da2bed424e65958cd6317f7c15662208472e406d4cdf3c89ab62037a8d307535df8abc326ea7eaca579d598ea7bc1b827e20bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
4e7b3f21799d5b3b6341a980dc0e3a1b

SHA1
5bfd7bfebb8c2a09531aead880c8ac9675ffdd62

SHA256
9ae910553942ad39829c93ac3a3b71ba32eab9f7f412e3663f580344c25128e2

SHA512
1d4b487dc8d3e16b6207729920390327db0d632d2b59c76fa2166093e1455e9e683121bdcfdd7e575835b73a1af49396e869137121a0e994272ca93cdf268264

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
9ced20d9480732066b7132e5e2879b12

SHA1
ca0ecfe6c5461bcdf16e26240eb91ddaa38ee4ae

SHA256
b97bed9a111c0d5e4f81befdc398cf6dfaa36ef245acdf7a4282a0065bfa1507

SHA512
6ff189d13d5a0fac6434a53bb25228af3fbf6a8f2089a4cfdd1e06097dcc904947e434298c987541abe86e27f2a496d8101c8689dd92b5804766f5e4522ad8b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
e42ce616b170f156aa1e9b8f0ebe34e9

SHA1
b882cc9272a5d1914b19c42fb94f7363a41cffc1

SHA256
56f68fd8f1bf630145851323bbb307b39a53399f5af006c6710a3b9c0adda249

SHA512
13f7a759a9e353d90c85dcee168c8c4ee1c94e66fd54b42f0cf93e4a1be48a7f9a380bfcc218d18d27fa1ff38ce798770551ac7f35d52081e1f1e6879a64af3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
d2f67cfcebb05ee2232cb34be748bcee

SHA1
4231b2d1ba6689e9ed2be6dcef706cf57670167e

SHA256
fc679623a738a52b41df0ebfd53dbd56e7d336de13bdb7d4420726dfe11e46ec

SHA512
59510bf5612c408f95bf4df7bd63186898bea723df95470aed611c507e6635b8e6933c487ede4fae93563df6a095a3fa28515c97b2a7850a4c63a5ee53c0dbd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
384fdaef17a33c06bbe02556adf03d89

SHA1
b0220d39684682186319aeba8e8eb4d2ad5cb458

SHA256
c772423ce776d9918124288bd708ac1e1e43b33fd0433f4fbcd8b39ae9b8cae2

SHA512
d1634c50546271949b984f1457f3d42bc757f4334a58abb10a7a0a33910c81e468b300af163cfc5cc745d231ed35eb840ec1218d6cbe1d38ce7b6d71fe581629

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2B95.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2D42.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit