60920e8b805832576d78a84eed85e1b8414d9042aac8bfd03be2e3ee39e91903

Analysis

max time kernel
146s
max time network
153s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 15:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c3bda96641f9a6758528c0f4c88029d6.html
Size

13KB
MD5

c3bda96641f9a6758528c0f4c88029d6
SHA1

f19d968bff02fb04cf4b0bafb74bb82aa0cf4e48
SHA256

60920e8b805832576d78a84eed85e1b8414d9042aac8bfd03be2e3ee39e91903
SHA512

cb4ae641467588855dd1f097de782d920651cdd10f4701e4f0f02ad905c584b275bf421b51be2964022a4f433e4de6b087a3887216e96b2b0d8f29515b3a3a8e
SSDEEP

384:Vf7JNixovAZe4iZsE1JtgHYwQ/udOwPSvuy23:F+Kvv4iZsEmSvV23

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000004d605cfe0612107368f0f4c60ca448de7315bb35b819b5369beb3104da88a625000000000e800000000200002000000069053002773e03e22a28fd8ee665d354c644908ad2ab4ee5d454017a2312d8b8200000003d0a10218949ff5a40941b860e065c48499faa3903d51cda8772b9600598fd5e400000008434d3de914b3aa46387d04421baddcd26c91081f33f7b5d40545c1ce98025747dcd11b1e0bd7a21e60f914bd16c4402db06e76809ef255ac9fe067cc33c5c85	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 808dac659474da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416420200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000e87d84ff75ad1b589e87e465452c6ac362def9bac4cabca67c55626633de7d00000000000e8000000002000020000000e8f728015ec3acc6db99ddfa1b93845d223af257e07a7f21ce9fd0011f3e4c7d90000000aebbf161c0e01e6bb9ebd90620075392f04e2977f88bec7c51e014f54844463697cded66ae208de8962976d72004235083ab7a1001e2b77748ef56433c5c55fe71ecaf761d83dbff6c2e87dca7843deb072c0699f0a9d7f5bb7f951c16ff2a7829b022ae9d187a53ced12aaefceb96e68d3f33b7d2ca31278f7e583fc487c9fdb526194544b6245281a8147d0d9c3fcc40000000e1a6d1a8f1d0aad4e5824a207b64c9c71d591bcc44a3ea7bbd9cf011e8fd5b67365b9c39d2c6146712526d0b28c358874376c833e9933d38bd74bacdb023bcb9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8DE92E21-E087-11EE-9511-66DD11CD6629} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2320	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2320	iexplore.exe
2320	iexplore.exe
2316	IEXPLORE.EXE
2316	IEXPLORE.EXE
2316	IEXPLORE.EXE
2316	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2316	2320	iexplore.exe	28
PID 2320 wrote to memory of 2316	2320	iexplore.exe	28
PID 2320 wrote to memory of 2316	2320	iexplore.exe	28
PID 2320 wrote to memory of 2316	2320	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c3bda96641f9a6758528c0f4c88029d6.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2320 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8af22b6faf457d6d092c0b00944477ce

SHA1
ec98a7597c3bc1e6c5b6c08570b529bcc4d18651

SHA256
8e0cc4a839bf1814039340dafea0c82cc04f39d2cbad90a16f580c8c2bc6a159

SHA512
f816a87de1c405364d5f0a2d726adeb61f5c7cc47d63df77ebc63fff5447a2cc1fdc4260672d82b68bb2e6f46cba11a0e2d7c437046c0dfdeb20bc34ffff6795

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d8b33814401fc64157cc17b311c432c

SHA1
97eb28d9a6301d57c0d975178e5c525846c65cd9

SHA256
1a1f97e1f0bf257c6337112c0d8889d7f1e4d0d0a4bd1bc8cf34f06f371caa69

SHA512
45f55d65712ff7d4a37b1960746f0149648f296d53cc310495bef6efe4744036ada3bdf90945b3110150c918d6c51a974efdb60e7b2e1deb479f959e399cb298

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8a177958d5af04298b62455392fbca76

SHA1
305f4abb3fb66d649cd14107c0da4c03f0f60b23

SHA256
7b788d96c986818075b9375e7499e09e4cf4cbdfe81fc9ac02d57c71e14b9cc9

SHA512
36f90ae808ce4453a4c325a8d62b0f07505e0ea8bb55a030a41f1d4b24e18c89b3289312768dcba04370dbf5fd8fb69e254b48d9706646257e1dd634d4a7a578

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2620cd3f80dcf8b2ab7e0cf6f153373

SHA1
b804ca89509e9375b42e435ea98df62b0e125208

SHA256
6b0205248b3a04e5ee2a2454695d18d6eaf409c671eb4af8d871c6c03dccc12e

SHA512
13c2f2f6771d1b5ecb271d97084693372526bd306e1938db1f56882ba1f0d4ad7d5d7e532059ab7493d1458d018897404347b2c059db693f1b88f2819d9efb1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a9fe0ee76e8e607de8afeb8cd145689

SHA1
15ada92d363a0989cf3ccb09d47958aeb1358c56

SHA256
983bb8fb3a07b9bf2b93c68e6fc2521cf6f83b82755b18f61b172468eda19360

SHA512
f9d4fbde5851b71cdf696d408b650d37c528edafc846f9a40725e455ce5033a1cceda658e5b6eaf41e415e859fa3dfcbb0e0044f98b2771b5e6d97ad34e57ac8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
820f47108868ae7ca69f913c1e03799f

SHA1
d3af4e2b41ca24f458b5a12a4bbd85baf139b72f

SHA256
cd8eca59f52b710c7e1f07a5950ff65aec646d6506045e9ca9cf718473f8f13c

SHA512
249fca42fdaabf5032012aa913963b020c9b55536da8ed740e4cc4b2aa4a4d277aa81885f0305c921c5d226c3cee6dba11475cd2e8aade868f5b872d114ce77c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3c660ce6a8612d269d080407f60e502

SHA1
131d922270e3d750a9ef8eb60eef2bd1885d7451

SHA256
59a5bca067c105b12d8bec0faa965323222a55ff65905b4dd436db1c1a0b4433

SHA512
e97447ff651afb959a45b50cdb93cb0c6d5af6321ea9144be2ec0b38e0b13b79a19ee73179df6888f85db4192a3c2b1a35290165095e5e8a900936dba9db4825

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
442c610840f858eee8eca6282f011f40

SHA1
38aaf34e687c9d030b8c9e592c05bec729e11047

SHA256
d709fefc55cfae34028463e72243a7b453f7c5e56fad3f70dafc901cfae3b048

SHA512
7eddca8b319fce8a739e6f16de4b5b4104cab4271005193c18ee909ba7fc9aac3f071f12aa56c463881c9d4daf991ea53aefd97f31289e858344fe190150b306

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
15c3b4b7ae2809f7ef76feab620fbc29

SHA1
58b968aebd5b90d89bd7a47e913e39ea7027e8ec

SHA256
665efebb12cf933a1b75f7335d6b6781bf39c0fb33813dd21c6eaac86bf5b775

SHA512
0b5aa8d44d006c9c608dddd0afa9f3660f2b752e540c67bda2ee45904615945820fb0b1eb5150df46cffb3749375890c3a60538923ab72c8308ee32bb6024485

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f72af29985df461c3e3560445c4edeb9

SHA1
6cf7a804a11ad9b27fd5044bd68ce1af37727b9d

SHA256
2d6923a2583701520e037a3e3df1922a4bf636327506f74763132d175371143c

SHA512
a7878ed33df92a5ac0b16e50fc7c42208be13a6d2127ae32c57e6eea91c24f5e34adc1929b3f06268a610f40c5764cfcdfaa06a0a9eb692c0401efe239ad4caa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
898af08da68a05292a2bfb4babe17e4c

SHA1
c613c2d59fb776134171f34931632a85f17107d5

SHA256
a049de51f9386f69c3e3774b1d9975092039874d4079b96e01e55b09ff9a0085

SHA512
f8d2cc25dac8bdb280295634c7a63cd849ea003b446428833436488fdee7ddadd49c5af7cd71ab9c9178f991cde1371891671e422d6b9a0ece30a915e8ccb47f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
524a4db6f599cfd07b223ba7a8372a2a

SHA1
dace4e069072538795044095ed8115689c387269

SHA256
4374ffd65f37fd1f2f0b45e50744ad06c7e2738109ca7a08c2ac3cfd11106029

SHA512
c0231a3b29fdca51ad3f4f8b9be1e5b7cd21ffabb3e0049fa2f6de29a18e3f2b3af29b9a392aa1c8e6d7c133829bc0e2deab41dfb7d563443a508387a3c0b662

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
18a14579cdbf6281f1b59d99920f0d9d

SHA1
4ad39884a923684e873e9d6f219e3be66f013152

SHA256
1b2d4e27be608fa75dffc908da7093be0cc0ce18d390be07b9f88350e7a11f39

SHA512
0d88c4fedef3d8e176295819da89859a2abbe36773b95ad4e08b7a0fc5dd250890382319d6bf68bcbe236d6773e61bdcfe77336dc0acbeb8fdbc88349f39fe42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b3de9fa0646f76a63e76527a569da815

SHA1
68f707f6562cb4f27ec6ccd848b9789556f29fd8

SHA256
08822d63749ed613ca7c1bf36d87e1c066e54cf824ce66bf7a23e1716c624793

SHA512
a4209901f00519e97ef4fe875add0ee77bab77dc40f75978853c222989cee421c3696b4d022aecaa2d3b3ca735b37e72d776fe3e454d0fa2e0b7c992f82f1f30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
65213e9385628618dee92a36dc5b241d

SHA1
2e8cd7cc27b967828ab85df1664dc6294c2b3755

SHA256
5cd8f30003b9059a11672c8362d470cc2ccd5ddd85d641b62264963ebe2662f4

SHA512
54d48ccb47741626d514aaae9b122b9eaf10b21cfe68c693498650edc5664a80b7e7f8a79d26a1cad2f1062580f8383a2d83f81092597ae4f62c6f00734afd01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7962b78f82020c941ab2a8ef6b92985e

SHA1
8dd1e7026b5d98452096bf1502806b880e8bf121

SHA256
10d54fb338afa29bdc6ecae986d016ca2994602defb6d4726bc1d2b737c5f4c8

SHA512
f015dcc6a00aeef69d8b920d551fdedbe0f09535ed811f1b6679bca7b4bddb0cc299398376c129a8c780cb0bd12c0ce99fa8f8fd4cc29a67fa0b939e04929856

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD971.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDD20.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit