6cccc5e1211c44a22775325b33fb64ec197ebee8c0be6340c10a600f84720c61

Analysis

max time kernel
142s
max time network
145s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 14:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c60f62110524e1aa95bbb59a3394085b.html
Size

15KB
MD5

c60f62110524e1aa95bbb59a3394085b
SHA1

ad9f7d131195ce194f7cfa44374b04bcbbab692a
SHA256

6cccc5e1211c44a22775325b33fb64ec197ebee8c0be6340c10a600f84720c61
SHA512

124d0b6fcb18268c82d669074a07387f82a0843029d7aa1f7f553e83d78d0992ed146d76dbaf3451b4b2e3a2152b69cfc22a3d0aaff80988441ba2a9d649c5f8
SSDEEP

384:SHc5quzYNbLXyp685jhh5JFh9tM8UkJC5MYK:SHc5quUGpXTWD5XK

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416500463"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{604A4FB1-E142-11EE-9DC0-D20227E6D795} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e00000000020000000000106600000001000020000000fe657f68e107c39ffa8ff743854f11abc0ec999030aec2d0d342fe82122a4234000000000e80000000020000200000003fbeace01e4faeed4a111ed5de5136394d12295ccc84787f6fe7bdf47696464d200000002c39ccf2f1c0d5b52905f91743d5f45b41b2a386710ca00fea4b09f1a0f2e7164000000044115952b7cf408c301762325c41ead2043f3e05a3c2673d90cab85c3430f65109f90dd0807108c0d46409d5cee4460562ebe3ac7da748f2d24c4e2960e895af	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d046163c4f75da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e0000000002000000000010660000000100002000000029fffb20867bf2f2b81e0ace04bbdfacc691567cc1beebabe5b1ee196eafeda7000000000e80000000020000200000003c9bb6286a7e472b5aba3322e4fe508d3e0b7d6a791dc2fd84c8c30b18ede72f900000005767e799d597d7a50cc2bfbf9061955e84d267df97295eb1ffd5b8ccffad3d236d211e5e7c25d03d1bdc9c5a31243d9f623aff8d87ed5a85bd710c3617d728440eb85e108562f70be5fee66548ca5983cb848faa2a35b83efb8a9bb913486148a6b38a2193ef8cf6302056a3d192d80a3fed4bf3273dc8fab24d9ed963c04a17b14e504a58c37e39c5d3a5ab61b6a2ba40000000570711940f5ba01778c71df60fcc6d9aa248055301950eb368ba4b9d854130cc251b328a80576643c36e405818df6391cd4e9acaedd3f2990171e54195a667a1	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2196	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2196	iexplore.exe
2196	iexplore.exe
2972	IEXPLORE.EXE
2972	IEXPLORE.EXE
2972	IEXPLORE.EXE
2972	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2972	2196	iexplore.exe	28
PID 2196 wrote to memory of 2972	2196	iexplore.exe	28
PID 2196 wrote to memory of 2972	2196	iexplore.exe	28
PID 2196 wrote to memory of 2972	2196	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c60f62110524e1aa95bbb59a3394085b.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2196 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b4a10d5f6929d164286b848356ce093

SHA1
4c17753f10e66591ff6972e5a5fe0a64096a8202

SHA256
2f8d0ae2aab1d9338718221571f0d19d7bebc70b6db0b61c72823abe90f8f9ec

SHA512
bd2ee9669017f5bbc0102da09e87be26162de0fbc68cb33951f3bf25f2ea476bb78842b7fac851ef209ed45a5c6f2e715f38878c8580c80245bfd88e9c184e8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
377a632409223c2e8c01b38e500853aa

SHA1
0efd1031ad79b062c068f6bc0ac3287b9b47940a

SHA256
67e0b371266082f8397d047b24a6409b305b708b1d525c9ea0cc9af2e9bf2e54

SHA512
4f602feb43fc76c1d31c02723577f42b0467de48069259da337acea2eaa92dce685e933a2223f0bd1e9b02942e324d363728f716f2aa9c5020f49654d3e08bc3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17efa743038af7b74070d91d20d75533

SHA1
31c843724c1166fbfcf2f9ea86b997fc60996bcc

SHA256
b92810a5657784e19e7c3f8cfa5d6e89857343609fefce7448774d6a9679007f

SHA512
53cd0272da52c5b41af4d412093a1f77fc42305159ab2cc57a311291821a23ff7ce376c6cbc1c9a2aea7d936826d02e1debe9c66a4dd8783cac96c44893e7e10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a082f57c2b0f5fecb5c752b484a35cb3

SHA1
9b7b8e9779903b11cc2f59c2cbfcfab6b370d488

SHA256
3524fa4431bc3a0f8c15863969b50d3cbe70284cd7d30101a06e1accdcaaf83e

SHA512
5b376ed1cc80004294adb00155a1a0f7c5ec8809956f5da75f0c463a448bb783c5618f6fc42086e9d390d21c09ce50210c3cb18670e48747a333a77ef27e1fc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c40551697eeaf140c937d089db58782

SHA1
9f6374a292b203eed7e4c41a90e4c7a2468bbc7d

SHA256
a4992f6696f4d3ba02d6834f68f6dbe52346a30d034a97a5f9f8b9ef83b75f42

SHA512
b178bb275e0cf39cedcbf1351149837e7104863e3b6a6c0c3eae1298cdd591b0544f01b512e8483bc2207087b9f47bb24881b9c7b9fba457f5668fcf390fdaa9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c4874964c47993cbcc3f76ffa0ce528

SHA1
2cfa7799ec398d57e97d219e03dbb37cb9ca1ee7

SHA256
8b37c19ad3984ab4deaa494f360be20aba17fa81034b2109023395ecca7dc1ae

SHA512
a7a3d702b1721ab9342036ec6e9fbc6055e764874d430f5142d23153127355bc38b507ba958cfd9c34d440b054838091582ae77afba5f4a270b06941b172a7a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e64148c1729aab731819173a36f47faf

SHA1
ef1b946ba99df8692934784d3d998c9bd1203a44

SHA256
2cc5b16b08057e7a67cc27543c2761bbaf690ee180a281babf70edd2c59709aa

SHA512
d203b388719a6dd2439ec309be851c6e506de7655025840e26bcbf634a73fe26b6d0a705b85f86b8ba08cb1367b12f0b8cc7f1b45f26bb510572870867371dfc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a7176b1161caebfb76d8b22639dbbc2

SHA1
2894cd231620a755ae9793fbf28c67c12d404271

SHA256
2f1eacdc3d4ba27bd225ab1a9658c838e4127107ebc4e50e16f8efd404cdd540

SHA512
f1bfea1ecb78151051e4adeb4f5d3c4a88ca3be739d2145c612fd0f874fcd93f0b384cb0c476af4ce820ce7544c86a5d16510a576a9f24fae26c50a57ee4455b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2bf0b637a11721bf06f558da0ca58be5

SHA1
8078efcfbcb3264f077afd129c9bc5059e9d1f8f

SHA256
2813b843464696fe99ac2824236630c54e1175f702711f08ba8de807c1334d20

SHA512
d5aed0d9230d0eaa7b45c73ef842f16669ae8ff16307ef8dcab514c1289c848a349bf6972157e05e26faee9f831e39c2cab84b6773d708868788fcef7c733f71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c3f5bf358f89fc3801d7dac6dca6aa4e

SHA1
40f52268413b3b31e8fbae269d2ca826024413db

SHA256
5f7351325780763724883b850c9c17f76cb4ad93e62e486dd8f53ae743ce52d7

SHA512
8cf12985805b0d01a39670184849e1279bb01378e79ffdefe50d9dcf823929591aa01e201b1d45d32b02f13a03bb446d3a45e56f268756ec46409df748a90241

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1c9fd6493e8833dff6df285a702d7b0

SHA1
76d209767f8ca3dc43cab36d4ccfb6acfb01b226

SHA256
05effb49ca7e4749ec6242c53fe8544ab469915e4ded18f8852f8053bfbc19f2

SHA512
a0a13a89d5f249c94decf2ba99067a89b0901bed05520c78562fea2bc909eddeca162658e8ba47b558ec9c1f797dbfd3b8c735f788acafed430681b785584a4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
655118c37962124cfbe414d2fa9c350b

SHA1
5fb2262a7b3fb8c38a5d65858013a5c2ff1c4a73

SHA256
988559db3a90ff2dffeee6bf3b8ec259bf4061d8726f96a85e44254148b115b8

SHA512
9129db468370c883dac1cac996c7c8ca145034f9a38d7bb255f697b406ddf29a439f5b3560ca1933e0e3665ab28a9d1fdf67186cd5f5f120e54cb778884c13c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar48AB.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit