e057f2f94782a6073554735c67d13ff394fead651bb875ced310bfe269a2d369

Analysis

max time kernel
117s
max time network
130s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 04:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c274c2f8619d64aae8275e347ba6f208.html
Size

53KB
MD5

c274c2f8619d64aae8275e347ba6f208
SHA1

61e245676e6a44112b6dfa2f4b6ce2af0ece509b
SHA256

e057f2f94782a6073554735c67d13ff394fead651bb875ced310bfe269a2d369
SHA512

8002c8d75eb470f682d206c43865d193f6e28862b55713d70dbfc7c193655a00083190010c8aa3db7f2629a723d36c1cdf7f4c8acd018cc4f65572b354ee7a7d
SSDEEP

1536:CkgUiIakTqGivi+PyUGrunlY/63Nj+q5VyvR0w2AzTICbbPoo/t9M/dNwIUTDmDT:CkgUiIakTqGivi+PyUGrunlY/63Nj+qZ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416379833"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 200ae26c3674da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9182FDD1-E029-11EE-8A46-EA263619F6CB} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e0000000002000000000010660000000100002000000085ca11a42d7835adf48c1598505480548d2de25ed8d0cca6c80a1fc4928fe762000000000e800000000200002000000039dde05a430942c9bd438eea8bbf560ed86f9418a911552c45de2ca29fa44d22200000001af0c393910434a109aed537cc3dbc5eeec92b7a946ace3013815e6ebc3d2a394000000053c2cec04a83386839b8f8ea1763463e80d105a6077692bce19155874fb23f22a2c6781a020cb736bdf776d716c634d70ec9a6c841c7b2a0316e1e1643754444	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e00000000020000000000106600000001000020000000a83a9520a36313c5cd58d006d838aff5bc950ca8336bf2c141852955a20117d4000000000e8000000002000020000000e1121f7f0f82e120b7620559d892d46cb0bc3068196a21068f3abef3b13f3cbb900000000124189b2bea7d8afc73cb1c6dea030fddefbbfe160b77138237e77b195c7b038b5906384561c84a351d8c4b361de4bfe3f0ba3acd2c4424f0c339b7b3c3a291200f2a67844a13a7512eb0e26c43da547c08f32e1a13666c969612491d6a70f6459dcc324a75d86097e15f8ade52a6d4aea5d44406ec2b5bc5502c819810ecb2210c2e2f16a4302411b01301308d50da400000007af03580f89a342318c5cb6078b486240411f3ef44463b4ee8e634ed2b7f179b420b29eac9476012a55f82d2134c947e27ada900f351af8cccc8f6ae64950ff4	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1652	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1652	iexplore.exe
1652	iexplore.exe
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 2184	1652	iexplore.exe	28
PID 1652 wrote to memory of 2184	1652	iexplore.exe	28
PID 1652 wrote to memory of 2184	1652	iexplore.exe	28
PID 1652 wrote to memory of 2184	1652	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c274c2f8619d64aae8275e347ba6f208.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1652 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd6ef7e818a7d9736ea8890f3eb1c10d

SHA1
c97aa378b4baccc2ee6ec6f8671aa2163ffd5a7b

SHA256
f8245d08cc952306852487e47d2135b514b0bac7d05401b61a67a148fd6bf7a1

SHA512
7554ef3251d966ca80c8f301b4e21fb3921bfacd4acb21d7be427a2be2f8b2f414b8a043462ab14903965bec8b206c7299b36a66327ad4f362e44c625f80b0d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cfe916dd746a7d990effea5875d9456e

SHA1
3d38244d883f07319e9df4c10b7d181ae06a1fbd

SHA256
1122d56fb7c82d2b913f9366ca1165c0eb275af34dcd7c0ff2af153f6a060981

SHA512
2815e30fc81feab35c43f88db6eac6672f43567883afd3e4c55e365ba1285f116c979e96823d384ea7d7a70b246a4a30ccba871c101cda3958cce9db1ee6d968

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2f2c17939daa1b212ecabfe676b65a3a

SHA1
7066342cb9698f3bb9accd57198f6e778f31145c

SHA256
9326d6f089c1225568569c8c277614b2642a3a477087f32d65a4ce17b2f91810

SHA512
9a755452b9d4b162b4c7d4e04d44b4ddcdbc2406bff51e17920cf65094e102039db2fab8e84bfc58668b8af59b315b5a5cd1e7dadc6d2019c2207335de7f9532

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bebd08a1f2e84e69e390ebb236cbc959

SHA1
f447357c55039a0944b0802efc774bd7f517dd45

SHA256
0ef43d5c1fefee532f0ad91bb10567c8f629f5208f4e2ba70ec7e173f2385ae4

SHA512
2d9bbb18d2f3bf393688abc253755763a7cb3885d4dafc703f9ecec211bb6b5265332c110beedd7ed8169f60f4742d448223acfe6cb4a44d6120a1cf1c51ee22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
41984ed8b5a72d3431218b37631fe7ab

SHA1
027a1128e11c76c699623a488667798dd8c42a40

SHA256
0d8b19ce6b7db7db131fae5c9bd7957354826a81c5303a22698c29a74a2f15f8

SHA512
c505295a510ce583362879224a32f859b469c99855217fddbf66ed43cd38b086c2ef4b39ef01481e7c78aaf63eaa41929fee7165333cd3e2ff563a866ed1c52f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
74805b7a3adfcda51074ce1f5ec423c8

SHA1
3a39ba534c28c2bbc980c34971e4d65c66a305a6

SHA256
91eb44000b46685f7fdaabfa301439e174e2c5ac7631ff681fe2da5bac9195ea

SHA512
932af114284b89bbce89d2e76ad1ae4675c687dda98f36c39d26ff620db50370c446482ffa4f3678e8dcfe336dbc22742da38f2c5c3ab012bf2cdc3bfece164d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
49b4449c96322822d3d8712cf1db07aa

SHA1
67840c44ceb9525739710222730dcd2e25856fd1

SHA256
162a8a6cee5f1b54be37f7f1fe4557e5ee7a5142de0a72e01fcbf233ebc37767

SHA512
895344fee123ea71a2c2a494ea4e50d9bb8f16bc5dc4e7d272b03cb1bad0c22e6ff5ca385fb1dd495ec3d2e44d5f922cdf16c1e16f830f9ef0fb3fa41ab30e06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
462c4fd2498308c85b1fc1c027906c65

SHA1
1b52674e07d7177399827f1a5a980b9dd933f785

SHA256
7862cf6e5daff7bcedb2fb455a7fe1385a84aaeace2d4efbb48a48eaab8ddf2e

SHA512
8118a2c2aea8a88d4adaf7c6055f809d570667852993d66a8403a2c210c9350fbbdb3bf9c46a9394e0274ca2719f7188f0844095f6a27a2b9fd2c23bf2946e02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5638d75e397d4c24c0aeba225fdab04

SHA1
d8e6d740b9c6b8c2bd6a665e39875e97ca452767

SHA256
e4a6eb4278e03f823ea2539e3cd29934b5ab89c2bda4a1cd8ce4adcd79b8acf6

SHA512
d055cd348ec5b9e23d95cb71705dfd430c73ad4a8ff78ea9c41e7200eecf2cd0fca225e75fae49fc72a20a7dc5f0a4a23d0e2c59fb312b042fd01f14273790fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d92b2a4b011e514ccf02e167f82fa76f

SHA1
227744ee759d9999692f36bc08ff5da4a38648f1

SHA256
7d403564e62704d99a1fa9d81b066ff8696c8dad9e28a9d4804245951e6e310e

SHA512
88674f5837a74144a5d321662cec71b4c247a37a2c7f7789c32cdcae52e441cf85ca5270e18f1037e134da6b60a76dfaa30c6f8e241f3fbbfd0d75f0ba32dd67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5b0119bb7c1e43761f78bdea2700ecc

SHA1
f563259a6f275e00f480c426df581388664bc457

SHA256
af96696563ddbb0e511f83f7cabb4d9f4b5884a94bc3350eb9521291ce59acd7

SHA512
611a10f361330575ca63d4ceaa5411c3d37a67a0548d66ce70a2829d10338302b9f34044cdca921127a140ac4204d10ca4fc8e00ec88812ca0ad8cf66837aec0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f6206c931445cd0bd35d7887064200e

SHA1
aae3865357dba8f807e3f181369a4ed2f0c9f3ec

SHA256
4b9c7d44dcadda77629ec9fba347f77733d9d85bae26c6514dd0a6251f3d99f9

SHA512
e16bf9e2fb329e391c9065be42835ae4f0bcd961bde52081b292d08ff9673b3edfd77b97f7dc7e74a7548da0d776ba2a73dbf2329fdba23b1f938a607bcaea0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fec6608cbfc48694d0a0fcfd00543086

SHA1
80684cdeee1235a05ad192b3d6f25e69dc53a1a1

SHA256
7cb18868cf75c23d7d4c02a72339e7c064596bb9ca1d6ae875c0691e085bc087

SHA512
0e4e3d2d5283fb6a30e142f79b04bdf85103cca21b594d96d8804999b7d6b3b66cc88b42764ec3afa4a3fc1b41a0b6987a7748468e786abe5ece5bd65477240e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c77b3e9449f459dc0550b49b55ccc8c

SHA1
6d07dc93fe428c167aa614535eebdf3ffa57eaaa

SHA256
5f8a9afc8b5744991736c6b91044952731764bd482e1871289435dcced34e11d

SHA512
827bfaaac17f47a9ecb0308ef65b48eb55da986662d22366f1e0593c0f34daf0cb50b1b0f926b1dc58d816d73ea04e748add8d702786eb46e6788b021ed2fe2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e856f9a3cf4c7c3e7ded6a9193e64b2f

SHA1
1d081731101eb0ff65277941c4d88ee08b93c474

SHA256
64b95e691f43a481ddc7a92faf7149cfad115236c26e19643d27a332e92d3732

SHA512
d5d00f8a24ede43f9be555b43b87e14e8ea7745e8cd122bd183eca23c919d4c96cbaaf519e761c94db3c77915ff94921fa77c23974ec31ed09ff9385b4138327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\style[1].htm

Filesize
706B

MD5
67f3a5933c17b3ab044826d3927d0ba9

SHA1
5957076d09bacaa6db8ddc832b4fd87ed8f05f8a

SHA256
97e800f4836b7030dd58fe6296294b7ff5ef1b5eb0e88353f230ea1608d2bb64

SHA512
03ba224055ffdbf32b7eea30c764dc18d66cc6d8707dc5fafab74e155b0bb3d4d691c5788b033a68f05299547297125122778fa7e3252f93e7343d918936643e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6490.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab65EB.tmp

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6600.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit