f6a8d6088ef9eff0b7f8cfd66560c4003628e4831698d5537830b5ed4d130e55

Analysis

max time kernel
144s
max time network
145s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 15:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c3b39d5d6cb87a19c50941eb5cd1325f.html
Size

17KB
MD5

c3b39d5d6cb87a19c50941eb5cd1325f
SHA1

3eddb335bc797c78f25234c5021f518ed1257ec8
SHA256

f6a8d6088ef9eff0b7f8cfd66560c4003628e4831698d5537830b5ed4d130e55
SHA512

7f27516e79efef314f599897efb439ad24671cd561756aedf960181c2ac0f28591afc609ebfc2217018293caf7bfab6b0ab6e41ded3a125991d47788c49f66c8
SSDEEP

192:SLHOvuqF+eTVnxGrI1eA+T1apCJtMPvGJRuiuZZ9m0p3A7p3Ae19Ep3Atp3AZItI:SLHOvuqF+e1xxeA+TE

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc233000000000200000000001066000000010000200000008429ad96959510b283296259e5b849dbf242f37c31014bb2e0bafd2d1513c5d4000000000e80000000020000200000000475b266c3c710e9b0d883f0733e7252e2de599d8cd4604d314eb746b9c992cf900000000f42a6a7c915adff383d8156071187e463ce714752dfa099f40a4bb90a0ef648ea8e84155a41a25ecc54b84b6fb99c37e5659aed828e993119fc8e02e7be9df149e2124945ac0a54acd2b2871de16563668549bf951b9e61bdfc0dd6bdbd39b6f8530d707ce5c5aef6b5c889746e8052bfd61ca51bf61a9b8174894c3f1e16e13e05542a2fb1b1c8dbaead88cb9b20b440000000e2e6b96247ad90d4af6b63018000cba1aa90f39473716332799b93026493a357f04e0a0c8d5a2cff0fdc89f6da34b92cce485f11ef068677619e1a452affe51f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B63A7F81-E084-11EE-BF93-66356D7B1278} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc23300000000020000000000106600000001000020000000aeea1a511dbdd8d918ab79c2d765eb795bfe603c7578dff9988bccb4831b8a77000000000e80000000020000200000008ecdcf424cbe8a1bedb2fc5c9fcdd2c1fb1295b359dc271219243e1182cbb11c200000005ac09aa2863b2aaceb32710414888995ed0eb5c488795429bf8ce8d0d7b17fcf400000003fc9630561ebfe5de87f66a23d8abcb03c1269f024d9587e9613f3758ba6512a90ac060c352437fd8fcbe191b6ac45d7ced50b1b1031a964d5041fab72473772	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80f82b8d9174da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416418981"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2040	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2040	iexplore.exe
2040	iexplore.exe
1332	IEXPLORE.EXE
1332	IEXPLORE.EXE
1332	IEXPLORE.EXE
1332	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 1332	2040	iexplore.exe	28
PID 2040 wrote to memory of 1332	2040	iexplore.exe	28
PID 2040 wrote to memory of 1332	2040	iexplore.exe	28
PID 2040 wrote to memory of 1332	2040	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c3b39d5d6cb87a19c50941eb5cd1325f.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c3d61e2db7097ed6407c0dc7ddfe1f6e

SHA1
9d281459db872771daadc871359b760c8a684b84

SHA256
65f4a819fed0a78314570ec73f5425b266da2fada8cc21b80f5f743cb7bc305a

SHA512
f437883d9938c59c582f2d86596305842dbd644ee6f77c965c8dbad074126aca2be736c7214c80706d3cc4d41a2eb8e655511a7f11a0367bf25f9e830f9e24aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
90dc29bea438ac4f49decc15c666d4a6

SHA1
3fece9f25377dbe4a7702a2aad2913e9895187f5

SHA256
da3a79155c8a4c34b0cf12fb1bd52cf61de424642453df123501e4618f4d52ee

SHA512
bbdbfacd5781407fdfa9816f889af5e70f15ee76bded39b1ec5e8180eda96b359bc2bae92ea12574a65cdd0a9a72410dcd7d1e24979bd4a04f85d6240426ca31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bbcca713dda0464ed61c87b05bb21c73

SHA1
25863d5580d6e5dd14ea2f53fa9442a31c25fe4f

SHA256
7d69eee9ab05fe478af2ca011f8472963a33088bb678d52b2833f444c8ed103e

SHA512
ec611becd79595b6576f12a500d34c6bc3fc337dd72b5688db0309deb418d407094fe1e0c9695f89ca5b460eb1dd6987256c5f2d291c5350c5ee0ed581670092

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d7bf18d313ff094198d07f8fdf329ab

SHA1
2e7e001ca451ef1966dd043f74a6da61f393536e

SHA256
16b837d7e5c41856a6cf17c2c1f9f6cb3b846d5df679a39233873a04f42a084d

SHA512
194895102108c077d5002bc8b38e9157eabad9b5ecf97f65f88f9faffc8ac531b5ab2c36ac670d87c2eca61620de37e2399c42c72f4a9407d2e10e1d049ee4f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8042bba45b5e81e7255ef3c1be465c0

SHA1
0fe0caf50821eff28efc40384d2af5b538761cd3

SHA256
61c7b1424fa4cab3dace2efbd11c8d7dfeb4507208e79d569d8f006550e7c4a0

SHA512
717edcf7ff19d9fe8aa070afeb587a83454c5a86381c733ef47fa0ac881ef43942ee51b4aa273b060bf65488855b39ff8bd1db57ac539debee0e7c71889d9ee9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
351bd9464c487f1519bed271b3ae60b1

SHA1
8db12b5c6acb238432be626e1d05a5918d9fbfab

SHA256
1f17071e76c1cf470237d6f78f03c7480df57e6424f18c9f048bdadfd7aab1b7

SHA512
8e5eca9f9d152c4b206a2ec9b7d18f93396555a85c5089e5d68ea185d93b5b476b8401e75752cfa580ed767ef25683174580fe7b4c95852c68c1a538b38b28f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
70e8a07da7cb9e372bdb79857e35f5f4

SHA1
3e3cffd6310c36f5c93a8188eee0d2fb9c83e517

SHA256
69f7167115e9a83271c6ae0d81b9349f09ae409a4e83ad5666d0ae153f8e343d

SHA512
cd35bf8a1329d3ff7a7e44b348aaff75355facbe2f9a295cab97ee89e8842df4a57a9516a7204e8651506143f3e6504862ca603e31d3aa1d5ecb3503bc6d0239

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d6ba9f167a74865081178812f0c4ec7c

SHA1
add60aac5f24359f715f39d30dcf16a1407a18c8

SHA256
398aba7fe3940fa46b3eaa7655aa5251228db9f4a5031a842d367703d3b0ed6b

SHA512
c02d3edd7189f526ce4d023670a087955971aa0921bf2791c57e78f31b5e21f6583e3ea1506293461f09f07e4da477a7d093b15c2fc65ce6fe577bc139a9ba1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a10b8ae1d8335fcbed5ea209fa6cdaf4

SHA1
818840c0618c7d7134763089c39220073b16aa2d

SHA256
373791f5d2e1365804c28f022d2d8d8819b693657b8844bd0ef6b267ed6c9a69

SHA512
deb8aa98285bc8e89905dea3425869a8d36f89939c2942161d2431406daa0c5a8433018a70816ae74da9e5691c3612a2eb24012d65a797e480bbcb9ca9f61588

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea12fa8d19094138aca7cc6de36c24f0

SHA1
041d9e9274defd7878ab2e583ff9da0a6651132b

SHA256
67d6e15239f238cdc942cd0348688c4009f1dc45328ac3187896b04d69bfeec6

SHA512
0608c3c9529403ca6f344c38bd5d705b7562251137d9eac6bfa5383a21bcd36135584f6c8ded2376c3ce02ab9462586faf158001443365fb75f42c0ce5a8d703

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
684d3ff4bcc1dd3fc203a60cc6668d9c

SHA1
a515b859af06a57371f999d2ff04d86fe67966a6

SHA256
42672cb574be65d7ffa87671f0b21f93f81292519e0482381c15b27c8d1e9b5d

SHA512
06c6a8c3bdaa57bbb59ddffc6b75f6d333f007b482abe681fded3309f19addcf69b660d1cb46ebebed439d4a574b7bfb312dee4ed23d429bf384628984104d66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5594fe6d0b37d35a56affefa18604d89

SHA1
1b9758df3ae1facae9daaf6dde997d11a36ff70c

SHA256
434245f1955fd77c1870b57544a8246d1cedd43dec8686a2225eaf5d54d5e794

SHA512
6fc8af2060fbbc8962f7611f2e1a0ead628dbb8a2fa63846b173e99332fbaf330c061e616143de948c5e807fb5fc2c9b3506d73b902d9573963b2a6c709ada05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a3dbc7d7f4c35cbf219c81ee7298ea11

SHA1
01fdba8c23751e167080bd3d4c2643b4356e6931

SHA256
a3501634023c40513e2bd5564ecabb41a4223c50feb8644e8cb116680c06df80

SHA512
eabf9aa96b9af5c8fbab0681c4a6650471d157c14793937f89a3a6debfb83cd2cf258b489f26af6f1907093d4ffb9f6d89afad59887f52ad89af21e7b781ea51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c05a4d10241405c4bddeb34a2c64b91b

SHA1
248c81b2f1d6a5350b2a13ab7246ff1b0749930a

SHA256
ffdb9aab65caedfbdc79d00198ae3cb7a9c1199c15093f96ef8188ff852cab8b

SHA512
02a8163a63f4e89069c378dabca2162febc9341b56b45b06386338b0597a3be54f19a0d660ce9dc73666aaced4a85cf86466f7ef9d5c4cd89d6ef6696012cb54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8b1217b808e91e69d4e1423824728e8

SHA1
44337dd1909df9b0958a7c02c021c7d6db838803

SHA256
6066754b9d8ee74d451e31f68e812763dabe2da841abb365fe74d299c34121dc

SHA512
afcd1c0d716b75a00bdd141bdbfe05da000892810668c8361caa45799b8513b0aca1a0169210b007165bda51a3aae3dd7e5008ba51d11d0be4a3301592543df6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b98225ae18983d5a937bbf5b7eb8ceb4

SHA1
71eaa8fe39c2f70c60e43f179708c68f142fd2f6

SHA256
731e36e352ebf630eda92b4fc4d0c658c6c983fdd69bba756ec6fab6f1a11c2a

SHA512
051f9db4e6eea72c298907b3ea6096b43dbcf9fef1800fe38512a31839a0ac51df04d3fe4d15e9518db1a391b1550b7fe26a862ff39c768e32dd5eabe181dd74

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab362E.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3631.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar379E.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit