32cf2b692e3ec197c97ddfe7d784aa06537ac8cfe70447a4e5a26a7108f2b304

Analysis

max time kernel
141s
max time network
149s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-03-2024 19:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c16c636bfc5783d5526a0b14394a4e9e.html
Size

1KB
MD5

c16c636bfc5783d5526a0b14394a4e9e
SHA1

4718ec5a0a37c7e1a0a0cb98285eee85dda95471
SHA256

32cf2b692e3ec197c97ddfe7d784aa06537ac8cfe70447a4e5a26a7108f2b304
SHA512

868c0235587e97170191b004f256b44759098b6cd6a74c4613e510afbda8860b5e2b2733079d253ce0e983c6852d39d66293ec5b5c940216c4ded46b275689d7

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000c12c25e2ddfb54dbf19c8710c230677000000000200000000001066000000010000200000003c18a4bd11401df6dc060f9375daa4cadc7eeba9787462f5a032fcfd26b6625c000000000e8000000002000020000000f622a1c9e1d053208ab786d9a1b33bcbbf5f8c8a23e8c3152c80b92e03ae95b8200000004ebe14276ee4658344ebc97b2e2e50dadf05360817e0e86819cb4fbee5c93627400000005a147944bbb7bdd2abfdbd30cd0405d3bb495017d7379325b210fe201a16747e91a4eeda1021281c61e85ac3eb42c47f4ea006d0822b6e4186ddec2e19c7d3a3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416347579"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7600BE31-DFDE-11EE-BC0B-5A791E92BC44} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60220f4ceb73da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000c12c25e2ddfb54dbf19c8710c2306770000000002000000000010660000000100002000000026a71ee298ed368ae0769d981b0fd1aa174bb52acaecd6749dffccc816d7612a000000000e80000000020000200000005660a3393ff291236794d78e7650ab1053e61346b75210ef60f2fc94d1be752c900000000e73107fd30b3244ec70483d2ddcf6ccce2ec49f291340eb27ec57b272b7062977da59a67a2266c68b5ad637b0cd939cfcbd2a3af91452c7df46b4d3880091a85d5dfa0699426a94af1908380976071a43cd776553898be7ace05d69e4f35328bc844a405e1a88b5db20a5b82e3a77ee8226beee475e7c56f1fdd7d0799643e51bce15d720fb0210503af2583078f68640000000586acb2b506252523b20c9c90f349d6f4129ef9d8ac704b4743a63d121f6e84efa684d808ce10e78a39a44416b4126866ed1a88d90b282da2d6bd02bfc0417db	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1708	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1708	iexplore.exe
1708	iexplore.exe
1956	IEXPLORE.EXE
1956	IEXPLORE.EXE
1956	IEXPLORE.EXE
1956	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 1956	1708	iexplore.exe	28
PID 1708 wrote to memory of 1956	1708	iexplore.exe	28
PID 1708 wrote to memory of 1956	1708	iexplore.exe	28
PID 1708 wrote to memory of 1956	1708	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c16c636bfc5783d5526a0b14394a4e9e.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1708 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
27c1f3508d2c825988ffe3c64bfaaf86

SHA1
3c5c3a473ceb2f61e5888607e9076db22850087f

SHA256
3b8be6b2e5f2309730c94d746b22903f36cd32e3b2cbbf770ad034bda620f4f4

SHA512
18c5cc0e2be0eee7b5aa579fd23b948af293e898a16c6af8eda8f55104142137ed8be07039b7fdb375cec1eab02064071e0f74c85bb0512aa0e41790e6511e3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9a22ae1503f577fe979a0c75e2ab71a

SHA1
3518a4d92aaa5419d5c4231722284fb90ae6dc71

SHA256
7f472f70fcb36d02f62dbc7935d1b2f190e278abcb0ec439e80d7a145e5f61a7

SHA512
850220bdd66cea56d5655c32dd3520d04d8beef0fb04124e7e6c8fd43dbfb3e7baf5a8974c570496e301ebd0cceb19d19d8c8dd14ca9f10fb00d4446557c22ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f57ecf254798695b9077ef2d7e902a1

SHA1
c43c17445dc9f019664a52c8dfbd2780ff119d59

SHA256
acc7afa2e2fa55607d4690fa2bd4792a02a80f2855c16f4e3425683e30a7c074

SHA512
fb28660a64058f2f93ee4ac20c6638a4612a1f6435c788a8d1a35a317d7fb494d5ca9da53a0e51d7064cc71c786100340063ec3d0e0b99dce089178669720b32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
407ea84b1531dc7ddb3dc5484941648d

SHA1
8acaad24c9030c5c0fb4f4b7eea219bb5bb411c9

SHA256
14603c125e4c77d8e75abfaf29bd56ed4d91c1d90b84a34c4ca14965d5261874

SHA512
24471326e15474e4da4567f89056d992fc8a4805254342dd168f6017764e37ae9bbd111067b5cc59a50d8b0b65a2e9b3a3701d7e9fc03cbc0ddb5ca91dfc3631

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ff0568bf494cb6de0a48d63efc4d2c5

SHA1
6576d0bc5a75bf3138df0fb751e9a894e2802b3a

SHA256
b9d2b5caa624444f22c8e3570cd32c901e300cf6c7d1a60c794719fa0130f2ed

SHA512
c20bb011ab018295f3e9c1bd44c8a9ce63e08dbf01137dcbdff5aaf2e3295b961cfe27142db41b33070187df4cbb5ea52bc94e980252743364367d919b507f54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f8f354d795c0378e15f53f9f845e48bd

SHA1
a3c90a32dc261cf74d1b81e16326de48e042c7c6

SHA256
4d3c03f481272293f104004e9287c9df669d0042d9027050a19ed2c822a04ac6

SHA512
aaf6a4837f6eacd52a536a989451416281c20f0c88a112af3529d7e1304fc8d989ffce1e60fb3e5b4fe8db1e12bd3795f78956b508b979ea84f3365fc3c9f1a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1a823e72a8925a09300cfb20d8b75d6a

SHA1
080b3356d310eac8736af28d2ae46ce19b5fc855

SHA256
37109702002ab0ee7e8b5000c828292003746ca8574c25e0d541b76f8ca41bc7

SHA512
6f94bcb71302b6110479cf744e1458f654659a4a87b501f8d2b257763b8da288c93c6a9b2274b184562785d3f06aa17caba99b6491b2b7e70bb48d192f07a222

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
694e4c3d6bf07b75ee5600a249e27cb0

SHA1
f0f35ac3ce66c644d9be0cae38a9dc3f2a8de51f

SHA256
8e7490072fc6f44aa55b30b6b303af4e3d1d8b3cfa90c00d6b57adab222ae76b

SHA512
ad00373a6685b837bb43eff604c0a0f694076d397fa9d5887c6b7a26747423648cdbab2b99896b8a901b16b2e7a7e0daf575efc38136bbc6a500aca5ba939586

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b8d9e8c7b2aad4545f3f1e05e21d8de

SHA1
e6aa3f2975cf6cd83fc9caf5da6402c6e710eeb7

SHA256
ed0f3063874b3eb53193a9ca8810fb6258ca762c3b7a27731effb296b5c7a9ed

SHA512
0c1accba5b26f27b4c210dd771cf642470cfdf29ef637d5c3eb5859a29b1ba1b3675f38c8a1b71ca13ecf522d1079cc7eb18d4c0764a54b603fd280c6a56826c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
337f28b7efa6438ff9fcefd148952d65

SHA1
a9c42b12074b9e0c3da3e483a43f5b11c1906f60

SHA256
82e07165569637263bc3612ee5d46c902db3b5f661957a501054f21e82a6dc03

SHA512
aff84fe0611854c647282240f7c914c3d44741b1bdced1ca99793b4d9e9c9e4e9a9a262a89aed0fb237ba6e353b063ee80f44d01404684fdce4c719badcb9239

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
332125eed1682aa58555cc1f111de221

SHA1
ad94cfa6d9b68324e71795a8bdc2ee998994424c

SHA256
5abfe06a99c7bd0982df7d517f0b7db2924b9b10c1a34efe88ef41852645cfc5

SHA512
c230ecc0da3f897369a792804f09a85510c5f7d9be3fd109af56537dfe40d929e1ad397f26f0c3f708afb8650e14ee147e1fd3bde14d1ee566519850b5a6ba21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8792d0436f6656e37c689d3e5b57d246

SHA1
29486637dad086b0431bc3a7348e2d8e9d6c9e98

SHA256
729ae9e47f165d452184dcc780744396ed47c81e9300ac9f8b6f67385ee3fceb

SHA512
100e2f6e06c70da1174bb045ce9e5c080e093ab26f4d122c897431da309e552c51b2ffdb0e9615b95be89f33d42f533c3ed31f1207cc9e437f865ed11e2a9002

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ae288ba409909e68d04d4beaf4e6bd8

SHA1
78679277d30cf026871ba6bfe5ffa77389251a22

SHA256
1960dfe7d7c1a97eee71ca5e01bde0533c44b4e3be2b71347a91e72def5271fa

SHA512
d0e751652975b768047e5604af1ef8c452b017d1673676a67f9a786288754d56f8531690728ab046f583a1a9b2ae922c0e4898a73409b9f623087648b6679f7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d917bea7c296fcaacf40ee9bf9ff8672

SHA1
1ba1c1908ebde7b71f484e22ba3840a5a2b171f3

SHA256
a1943d251c2592b8fdc5b5ce0fc723d21d5723a38a5de35cb43ad32062cf16c8

SHA512
59f3deac9e3605ea77e9244a3c38a4a993fb0e6c77ba20d98b86337a65313e0f5cf0718424bff4471beabaa23976104eb5405712be8bfa3b38d0b359b641f678

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
91159ef5c461e2e5869c37d4cfef5e8e

SHA1
5df108870031eb48469873d6eab323845496be7d

SHA256
2afb0f2e39890e0cb1327523363cd80aca1fa76506d9ecc372eb50412317536d

SHA512
8871e1a8abe43941a1205ed7caf8756968145f9a7faa1835f54d15968ccbafbd7db9499a54ab47183b41d88775ad1c407a789473b9c8b42e6841fbf0c35e2ff0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d01dd97bf7aabb829cb50129984f1edd

SHA1
8fc9a5b61d900c0ab41c553077f26477a8a4061a

SHA256
5fc2828e7ccb8fc5edb58617fadb62eb43c092245799ca4d2483bd4a1f9c41b1

SHA512
1760786b8ab88d41473512b3121e9396dfdf1b9d3c47ea4e04d402f3d91830419d27b3f20280cc3d311172c72fe2d5657221756ce6497f9e6e0d8ca610ecf602

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab821E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar88E9.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit