56f785f6d2430eccab3d1f7d66210602a620ddae8870dc0db84725a9c906f75e

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 08:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c5641b58c139fbdc50edf4778b101b79.html
Size

2KB
MD5

c5641b58c139fbdc50edf4778b101b79
SHA1

de635fa425179992feda1f0a790270cbb4a78009
SHA256

56f785f6d2430eccab3d1f7d66210602a620ddae8870dc0db84725a9c906f75e
SHA512

369591ad9072daa4cf158a758da26d2d187df17f0d85779ac6f4e214b3bde94735f399837cde0682f55cc4af1b352b669bf95de59624d3f53303ac090973d973

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 909454ef1d75da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416479275"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000d1260b5e62a917a07e79c99b64a77d3f66d9b5291235e1d83b3f6ca8439a0730000000000e8000000002000020000000507db0de00da681a6f262cd7a9013cf4c6c1b6f7a5f4c54c4089570ae30773c0200000007795d6143b91083b47629c38cb3fece163aa0256ded493fbaa4d72e55f3cf60140000000ee137f969aed88169e0986a213c4efd8c0af6efdcd652aade9baa3649f45c3c29cb88f00a22158faa60f86d8183dfb7e714a337dcf5b5b405859dffd06679fd3	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a700000000002000000000010660000000100002000000058869d426e9b3ae6c66575166c8a2612f95c73c3405d656415278b19c8a6d144000000000e80000000020000200000009af78ab17b48cf2c81417268d42b231a0f4b88edc34c5334beba2fb80ad738b9900000006cdab262d4a332d539fbb35b816d193ee664a39004547d8064e0557aafdeaa6ad9a21c4a4bdefea704bbefc151a9741b0ca0f28e9ad5d6abfac9158d72744f8d61d6d697a27a7281f39176fcce04958d430df8882a1e5af3ad1ff59e1d15f86b39706a39252be144d8d244a47800ef8b8783ce8381646dd040334c6de7f4b6347ece363d92aca682e6ef66b7e47ef7c540000000c817bfcdd4a2cf489a68b7168b1b5d9826e4453629d447db0577983069de4b517a07d83fc7b8986331a60dd79855b10ef5fa39f3911d413c3990d96b9840c1ee	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1AAB8CC1-E111-11EE-BD10-4A4F109F65B0} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2084	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2084	iexplore.exe
2084	iexplore.exe
2928	IEXPLORE.EXE
2928	IEXPLORE.EXE
2928	IEXPLORE.EXE
2928	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 2928	2084	iexplore.exe	28
PID 2084 wrote to memory of 2928	2084	iexplore.exe	28
PID 2084 wrote to memory of 2928	2084	iexplore.exe	28
PID 2084 wrote to memory of 2928	2084	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c5641b58c139fbdc50edf4778b101b79.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2084 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7b7b8bac04b795cff8cfcc43c692be93

SHA1
4c51d2bc025528939e0d3d32a3e19c887e8154f6

SHA256
16e56a14fffcffcd79cc6a73a8e8274eb8eccaf82b155d1bda091d29015f9326

SHA512
86cfa3d27e114f925728707522c5600ac3f01638a8a861e2165ef479743ca7e95825b07a362ef3e9a8f7e9e1474cbcfc3e5fd5126f8225eae83329caf4f6e174

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef00fa31572abdc4ae92bb1c831c1bfb

SHA1
3faa8f9d735d2b6378af9590a5e26a0a06affd55

SHA256
b956847e118a94b8ff858d055de8f237564ff22bfe7e4bf86b67e1619940826b

SHA512
e20a41496601edb267f4dbeb829a46adffae7952ff77ce9f84e2f5675a6bf1e4262202ffc7fb2a660e54931e6799b7bcea41da6cb6d4c3f513d707c4d1e6851e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
090ff6e37c2d3c4538f09762676f654b

SHA1
5ccb14790cc4df6869c69b8b5b397a115876bdbc

SHA256
1f3f2b7c7d0324be96c2ff8ee51d2639c412f18d5e42d8f08feac693ea55c266

SHA512
a99e930b49716a198647b5eb07a9cea3221dbd2cd09eadf15b77861e0a7db6aba0ecee389142a77c6cb7606abebc6a3183d252c4f0da97d7e4a2428fca61e8f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5955eb7efc64b435193e3584fe150f8

SHA1
de6ef76ecf78948a13552a6299046013600dab60

SHA256
604e4ce2b16fffc790eb63c878dea5fd67fbd90bfbda2f12c48376967845a28d

SHA512
458337da16716922cca8407cd13f5d6d94ed20fdbc033ff9c124fecefd0f322089ba48f1ded2a9cdf84fb88b5c77d8404f8087de63e7bda29c77523f2b86653c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1551c1586ce02094754cc9b3d9162976

SHA1
fdc64ce5434fce3c345afb8249e3f3be589caf48

SHA256
a07f9a23dceb34da68a6f001b13d981f76cadcaf76bf1f037134d311ff0369de

SHA512
d52d179c1d168bf5e6dbf00a120f8fc331f8e748eaebc769fea6478efce75bb941f2196bc4db1599e095a582893c6392ca967d50647b20c23d501973a853c5a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
963a0405e1b6b0f24e97c97b69fbe53a

SHA1
01083692146f1a05d4a776bfd56c025ba3a89cf7

SHA256
29572c9b8cbaee157fb833597f725a21d833be75b08b9dcd08c82f1876535bbc

SHA512
a47996509ce2b62aafb38e2a586625ab7d0d07742b185ce8d7276eb02fa7f83cc45938597b448dd12ea40f0de72a925ba758e30ad5e378a9cb5864e8586f16a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b682de1e9c0e166efa59b73646721041

SHA1
7b9daa227afd50feb8f340c00e939f7aa8224241

SHA256
ea44d76d510433481d9144b87ec8878998258de519a1fe6e65900554799fe64b

SHA512
c9b0d0988f02478063b0ee6dd4c04ec81e05b6e2bb6637f9a671bfe9489e9acfa5c571e115ca3ef7cb90934b54c06c967956e528287fcc363e4cfdd4104d15b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54e768c703f306f9a1a238859d4980ee

SHA1
09a6eeb792203648649786d1ae8698bb7335eec8

SHA256
e23bc5f5a175c4590f435024fadda3b5dc796b5e67ccdf440b60b125cfe4f6be

SHA512
1c603e06585d92f859fda4c42e5227be95c0c1cbc8da748fcdab96d8226fdff41114b7661c27b94230c11ecb38e2f94a952c9166c2b2fc78d7b4349be713a011

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8db531535227a73a19fdb290c627c708

SHA1
0e7203a2eeeeca8b571892ab6de72a8f049c1b4a

SHA256
aef89bb0702b4ca4021c6345c52b6ee2d0c7807787c021838c45876dd5ad8d39

SHA512
11ab207d3682ce619af7eb43d33be0dd3ee9e8813819a5e5696703abbae6f1116955ef9f1cda925b2f7db65556a2f35228c13ddb154a12d891d8144ab3bb005c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
caa26d2b5f7db9a7721b2e9e7cb9e12a

SHA1
061100cfcfcb307e917c6e495cc1ccf6e3765d84

SHA256
2df086463d1e13d18a2fadc09d20ed4408c7846304e9be751689f0a2419033e1

SHA512
4dee0d53555578e920184068ff399047aef1c54cf66f6583f133d32c74f8c7e4135e0a1d746cdd6bfebe24c5a7d45bcc1f69bf72d999cb4ca91b2fca4ce44501

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd3b0cf01deb8e8dfd79d985f5edaae4

SHA1
17586f7c7c215cd86e7470e4165747769b1e78e9

SHA256
804632870aae9743b3ab2b34eb40708d6d9b87b6f0a896a8251e1bba77941ec8

SHA512
9fd968deaeefe95fe0aa08ff3d5abe38fab1b1fc9610f9146eb5cdcb0f91e9abd9493705d2231ed6b42539eec3d10b693fcb6bd38800261158ae01a66b2a7223

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
770a44dd2863396ae6800471b391cde3

SHA1
732d10596025694223b6e489ab0762882c90c4f9

SHA256
3c08c2a358e0b3e8b2207434dc2cc0d9de8f312b6d3bc37f471cac4826bd52cb

SHA512
2aa7fdca5275388a4cad813109d1a2f0e0066a7f2b2773dae6e3233b2c687295949fa984c518b545ba44d91ad72ebdcc0ea53097f60e6ef181a024ec15a196db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
02394fe59e00680b1f046419c32c2055

SHA1
59983527d09ba498d8d70ca85db24bb611d111f4

SHA256
11d26f8018c677a800c63b49607d14403bdf05d7f411971ba3ca565fa56ef27f

SHA512
eab6c287ba43fe160a82c7a4c22cc3cae2f86263a4cd622ae4ee6a70f47b2d42b1ef8bd955908873339d699971fedcf63786fe5e16c932ac0324d9597c4bfdbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c39dd4872850b0accddad5a40ee003c2

SHA1
d4f3cb0ffc8c494e330ee0ff36237b6f9344327c

SHA256
0fb7fa8be802a531c9c3f49ed24fa185d74f945748d4fe7290a168d5f6c3ab27

SHA512
56d2f7f5cd177d6b9a0e565cf32e5041d5173742fa3d2d295f074e06479ff3b459444d59ea3df55de4098cd2952acba59656c89804f884c6d2278cf258f74602

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1a87abd13e8eb3d776128ad5271f7e50

SHA1
7c0eedc658ad643b2867580123f94cbc3eeda10a

SHA256
f0c685bbfe09744ebdd8e180aebc5ffcab03b1b4c9b6064ca10d676e38e802a0

SHA512
bcda8d815f96dc956bd550a0966b62a9732cfc3e6ba348741c85a41aa19588530f44e1512c8aa5ad74f11f1ccbf895f7d77e83bd27b297e8046841b72ebe3a85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f3cb8f1cf5494631105c6272c203240

SHA1
9362fcc416a7af5b0c91531e8fd56496bbb7a056

SHA256
4e89723aab704937103e275999ca7284d87ec0064df6fae06d5564dbc6af7477

SHA512
62206f52c7c1d420aeb1c2228501f4b86135a37c18221beae9d77941ad205068d0c66010eceadaf566bad9c31653a8bc68c2d05fc3f9f9121e0372612911df9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2A2F.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2B5E.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit