77993dd19bc4a55f4f5523109145fdf35326cd84a8f092993e15d83bd1b5825f

Analysis

max time kernel
164s
max time network
179s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12-03-2024 17:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c3f84e3893730406c3d0f4fa76e7494c.html
Size

334KB
MD5

c3f84e3893730406c3d0f4fa76e7494c
SHA1

363fb16915775aee0278188a837501be2530564b
SHA256

77993dd19bc4a55f4f5523109145fdf35326cd84a8f092993e15d83bd1b5825f
SHA512

8a5fab6da4b1e76f60cb82b5da002757db193b07d78a6199b46cb8c94c64a2082ef94a9a9a82aa9f2c997e94180159305df705bb3621b75c3ba724f88a2de612
SSDEEP

1536:GVlWZfQZJAc6DZmhj6iHHtPYl7+hfk6oQjYUl0f:GV4ZfqJAc6DcUEtQl7+hfPoQ/0f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416427387"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{48ADBAE1-E098-11EE-B779-E60682B688C9} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1996	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1996	iexplore.exe
1996	iexplore.exe
2756	IEXPLORE.EXE
2756	IEXPLORE.EXE
2756	IEXPLORE.EXE
2756	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 2756	1996	iexplore.exe	28
PID 1996 wrote to memory of 2756	1996	iexplore.exe	28
PID 1996 wrote to memory of 2756	1996	iexplore.exe	28
PID 1996 wrote to memory of 2756	1996	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c3f84e3893730406c3d0f4fa76e7494c.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1996 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54fb52d0137b1666339eca6a84a340da

SHA1
78ab61ac0af6f27593bbd2f98fe8f68b16d431ae

SHA256
7491607c693a54d803a63c0c767fa4c6a217d02f3243f2f54bcf7fa20a2ac5eb

SHA512
aa82998bb00f3b854bab3a85139539afec8bf3f76571f00a4bd5e2dbed0e4a9d08f78b0bf87b8547538a6784316202b70a169af1b9d69dc3af140a825dfd7b06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
538117975d95be6a48269e2912e40a80

SHA1
a23e0ffae5136be2e0e4cb1b2b45ec141c351709

SHA256
966fa3d19a30437066909841327e0b9712186019eccc932f5cff58095f1de4e1

SHA512
c5055588927fbfddba6750380a3fac8ee29cc9a5b4196f9b6091bc671483128a97c99fc16b232c0ef258ef121c481ea97824d7eb23af3b3769d957d01899399d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5777f678695aca448b318c15cd11d47c

SHA1
921ec847e2c987ec41582e5517b522f5190ea736

SHA256
9b7c71b5cf40421dfa4096efc0ca1ff90e687848c8e0105014a50b7e325d5600

SHA512
95f660bcca5b266f1b8a15884fbd03433bd81e76e772eb60d7ea2700b86820e5de06225859db291040c190f07f8f65d2c64388fbe8530595a95a460fe83e5ccc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f1cea2889811e6c81e9c376d0b4c9b47

SHA1
5121efaaabf3d10eaa93edcdd086e0cbb0fbd246

SHA256
452b0504ad96a308d10a651e4cb693dc7e19dd9271280e30c047ad2b6271a4eb

SHA512
6b525cd3d1e81616fac13e3f81bff50e28457a1104184c84a7c2634544fb86186df2a28308fb12c15bff74a0ea13be5095756223a0244848bfcd564fd6070a3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f39f4fd688d1e2567625251d281ceb44

SHA1
fcced1e0be5dc584493f16e322ac271d7aa535d4

SHA256
75767145e513b9816b519c4835c61e3236ec365bab0868783ec0136b03590c59

SHA512
13435b4aaa0e4eb2db8c881b160fe05d7c07a462709fa128e26d17b9d482108ef9fa668d579a94f00c3c44ab038fc7ecb27433f599bf415303fdabefeb918eeb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eaabd29c530f136c9d5ae52dc30d7bd8

SHA1
88ca482265dccef4e17a629d0d656eb9d84e49cb

SHA256
bf6072fafeb25f0c69f2846a53807f20bc05d2eb079fc8e0309190bb0603e953

SHA512
5f60fc16fb05cc6a9175f91ef4df3b3a8a38a5f6124919743b794fc9057156dcf16124512c4c973fdcb4b6f9fd09d2f8bbaea73ce1ea131e2a28127cced45d0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fbb198c6d1cdbc9be337cfc32a9b9c89

SHA1
8310e90eb846876d3a82463f5bc6b42cfa0ac46f

SHA256
7c53252ffc6f14bf41d2a5093de38beb171e3955fc96ac5348aa2db0e63e54e9

SHA512
7c741660554982ee07de9c58df792c038b1d17a7596ab17016ac48d74a0d775d86e59dea14c55a8f4ff5bc19ade774f3a1c69cb7b66a98a5f8d1403e2dcbc0e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b46ed3dc87412099fd3f863a65f7a695

SHA1
5f4266e30625be36c4c4d98b51b24546ca981d79

SHA256
6e04a9eaca6fd054cab29cc5def8286371824fdeb0b2377f8663b0a3265bb736

SHA512
283fc66361ea95d27a014d05c83329693167d358d2213aa2ac82d6b4149672911afa726f23c509e4743e461dc8ab27ecf5b83180cd5e3212bb013a5fd518fcb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
377e99cb170bc4d3feffcbdb0c7235ad

SHA1
2ef3c4930565c5f783fc58b056d493cd3c960ffd

SHA256
770ee39ed40879078c78630e504cdc0d3fc939fa4d78aae58fd79af487992416

SHA512
50d7d1298b109aebe3492fd1b5aaafe29189a26f00c00764eef6729d8259d535ead3600e966afc885834b887126af38fc7ed2d9e1d60f12f1b62957249488dac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e0b500357abf1fa48741237e875b7268

SHA1
693656a9896071a09657e171794b61bcc7a1cdc6

SHA256
acbf81484c7fb7585d505850148131d9b6b8911315f5974b2b069d206b24e719

SHA512
51b0961d3fe0338d436a34cc06e22caa0dc930eab9cf20cc9a97879c4f5ebd6a05c54c2efa401cb3082790b4dbb343bd9edb921d2d6aac00fc0a6118f9c4d786

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d2234d47e9c5531320b3a8f3b7bf1a2

SHA1
d5b16b3b5550dc4a96df953d64c26a364a6d44e3

SHA256
78420bcaedf2855941b5a9f31ef991ea3be6abd0f2256c509e9c18c642e1c3ba

SHA512
1d113cab2b5cc539ab1c13bb5d068f0048a8f7b33837fb8f6e43d0b36c6463825ac3a0ce70760c25ec8b0ff9efa475de22c4dc39ea43b48106f4b52a8fc924ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
18c0d4442a7b74255dd87d230f700c21

SHA1
5964eff2d60f353f2153a39a399300edc02902bb

SHA256
43845f4208f124d02729ee6e0848e03dc82193fe7113a07bdfafde7d0a135018

SHA512
6175b08f2b3a4f1c19aa1023389f326f12c0149f66e66beaf47af758f64886bdf2ee6bba171816f0894ea543ab27910a1c83c9661855475cf7319e8367debf6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e709c326cf6c59f058282e55d5d1933

SHA1
d552343cf9a576dd244171b0da22b124c47a8b26

SHA256
0b8af68282a870c04d5efe30ae70eed11221459aeb7efee03d9c3fa69cdc07c2

SHA512
3237d6c86a48b39a45509b7f51eef37545225a28405f0bd27dc0a3601a1dd7f1c53e6fc13b885bf1d8233f89842c07ccc6f190e334dfa077661deaa4a2037eab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7da9b33fcc0e7eed80867f453bf26101

SHA1
76def4d402191f53ac1fae418ab63596d12e2e23

SHA256
4b662ac86a4c70bea2cac78faf201b2bff6a3d36066fe88a9a913065e4a6db66

SHA512
5847bad411dda1758ccbb4a5fc9c33dd81af7a99231a545021125649a1258b9ad8f8b16825ae48694095fc2e08dfe57431c2ebe9a62a4c633ae2c180a25333e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
83181418e6653b8040c13306d399e8e8

SHA1
d4fbed0594f188013d839d36075a62281c20647f

SHA256
712d8f61598a43eb652924d0a1a87903b9aaf01c2087b17ae3b7592b5e959707

SHA512
d06d33d34666748c95ac0c89d350834975728ea61b1478ff4e0c08b46fd490efc1f4be6228c3572df3f4819154343d2162b63ec93f5895c957c5c7dc1a79d53b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96f6c0e5a8ce1c46347e711fdd2b4a25

SHA1
c65e4b987d07e94c55af415054b99b46d9b2e7fa

SHA256
ebf9c35083272c54671734b3b09575f1a04544c546c0000d62dcf7365234bab7

SHA512
5887d21325bbd6daaa9e68474292a58eb131821aee7745615747303f62284e9f96b393730a1f013890765a8a195fb9ce337a0a773897933149f68d33aacbc8b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
64c154e7776c607e6c5a164dd1c0dc23

SHA1
4241b37d291516f8b04f09cc91eaf7e34de8e1d2

SHA256
c7e1d7b3240590afd2e3e261d0778155573026e4797c2464ef99b729795388c6

SHA512
0952b38b29a0a8243994d5553a71f3ab0194db06d492f70df9478dbaee738ce00a4844294ffba10e7485c23a696a20e9ac5d84e8f25a4c55c0c6c7a42ed9144f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
200f77936132248f672139a9c97ef660

SHA1
3a0cacc1210fc1b197cdd82e1b3e60de1dc5b169

SHA256
5b2d0e0740079b58779e677b85892e8960ac30ca226990f7ffec9665f36dba43

SHA512
7e1c00b475f0dabb9c728e768a115ccede8acc56a1d475bbae2ea6c39964066a0e32167973ce1af3099b8e8e26599d4f92cc9d6b4c807b64583100ec4cddcc57

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBEAE.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC184.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit