2f058bba2f195a3f70be6d8f60f065cbb328f25b5f05eefe43c39590208cd2f0

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 15:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c630f4a14d436fb967cae1cfb1f80c13.html
Size

75KB
MD5

c630f4a14d436fb967cae1cfb1f80c13
SHA1

46d76f754f4c6499e0ecbdbcb912ebccb5b91435
SHA256

2f058bba2f195a3f70be6d8f60f065cbb328f25b5f05eefe43c39590208cd2f0
SHA512

7355fa75ba1aea743557fb6a248934646e21f7c3605dd6c23720a4614a8f463bbe12472db866766a0401e036080d3c5f63822601d1b4bc4e08c33d0cab7c37cf
SSDEEP

1536:Im0QpYd/QnSK/OQFXWBFTFEFIUa60AVYtY9tQHAPqoI75vGhNRKuZ4NiN:cQpYd/QZ/OZBkb3NRKuZ4NiN

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc23300000000020000000000106600000001000020000000f812081937161d0a4c8a8e2fcd2d0e4ee4471cb40865404f7f11c4d066064f0b000000000e8000000002000020000000876c6ca92a8c5683b61b5a3aed5a855df80d30efc8b6f3d3f9c672b5cdeab83590000000a798ed876fbb449c8871da09189dbfcf19a696a17a32a108cda31368799b98e5313847ca02602d50eaefc242907291382315e9329999d9b165861910b7dbde0cd6600884d84b73005fdb9820070032baba36cffe97821ad15242fd550b21e89a6f7768a84ab4b76a5a74d0b28ded565f994c3b9b2938238ccd5aa3cd9c048bc5acd779996903a4fcc3e68243348691574000000004ba9f26e698f16e1be8bed779d115ef8b7e8d078b3d7bcfe4ce7ee4ef4408e8fd31cb4a8434e5529d8296d2d2ee62a55b9bc1d1fa7dba0b93a343f9e53bc4f3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CA9D18D1-E14B-11EE-A3F8-62949D229D16} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30b219c85875da01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc23300000000020000000000106600000001000020000000dfe4099ef66ae9daf36ffdd87325a9310715653ffc1d4b2cffb2b0945cd2016c000000000e8000000002000020000000ac6e7b105825691f702c9a00aee7fd3f3486243ed53a8c4ce90161e042bd49142000000067f3fd26c7e33c4e950a6bae7a717214630b00af368078a59970e8de2e93e36d4000000088643f4d43d5917d5d9bdd4c707226b6d1496346752d1b0d59d235cbcbf288eb5677330178b6d4d5d12423e3b1416fd0da58dba85fbef34dc68e44c7863df29a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416504483"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1992	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1992	iexplore.exe
1992	iexplore.exe
2556	IEXPLORE.EXE
2556	IEXPLORE.EXE
2556	IEXPLORE.EXE
2556	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 2556	1992	iexplore.exe	28
PID 1992 wrote to memory of 2556	1992	iexplore.exe	28
PID 1992 wrote to memory of 2556	1992	iexplore.exe	28
PID 1992 wrote to memory of 2556	1992	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c630f4a14d436fb967cae1cfb1f80c13.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1992 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f759ea3c631595a0c2bb98f81b714985

SHA1
6b1507d6f4f387fc38a623fadbcb69b4a267e7de

SHA256
120228a321b3b4af6dda2b257f17595be69a971acd0b978556d975833fb64926

SHA512
1adb48ee57f5444dab582b836c20ddc11bbb53b034df9d7c013bf0e4d726bc1b33c10efe1f4fd1dceab16060f1f297e05833b773821b2d2176a8c4287cb7dfd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da772151158ad8f3a60c77e9fde9b55d

SHA1
681dee108140fc24ad8d8dc8df369df287b90083

SHA256
eef2c48714be9cc6686e4188a240e1751a775c4852a75e6d5db63e964d9366fb

SHA512
358ec104ba8cfb836361adb44bc4b3585cba921474d568da5c4cac8517335d2a9567ee45cde56d6d5b77aea6df3ce5f904ab78cbee49a9befefbf34d9fa35761

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bb4b7cf3359cfe744412ae7d44cca106

SHA1
e983b112ecde82dbd3685ca5078118436237eea6

SHA256
dac33fd63cbf3fe20a5c912cd08ff8b9b8d3a76b9becbc471108f48ed891b90a

SHA512
f7603c6e4808e183f0c1be02733e240d569f1eecb47301ebbddc68b7d3189bbbe4791ccce2c3ed7c9e682a3700e3876f8ce1362c80b80c95d96a12fa40e55bdf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0633b3b31d7351d113306599956554d3

SHA1
fc35f18cfa346a0a78a0455bec8252693b14d284

SHA256
66f66ae1a7965cd4049e3f8339f5854d8160f735e13b21a052b52bcf3de075f5

SHA512
6ddf75a54d3585ae396d34438f5c8bf26ad0347d5b5c7f7cccbfd6e4d7fd775a762004748c88c19693140b4f0262de7640e3d98928ac518a9c491f546489b4da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a868e8acdee76111bf707484b6b0cc7

SHA1
4dd1cfcbd67aba3f3b136537924d02719521331f

SHA256
77c91ae82ed0e1d72e2857bc4bebd9839faad7482c6dd1d6d5455cfd68c60e7b

SHA512
048d8fc0567b582ca94e2eb20cbd07b52975e2b64807a0fb227353a5ea7eae7f52ad4f17943ef262ac8fb48f7a4d1f56a094addd1339723f009ccb3bbe51a512

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
70564be4d56232bde11f329825321c5c

SHA1
cccd12f27b6338533c887241c996a60783b0549a

SHA256
b55fecc22dd80bbd8298ed4170b966662e94fb4a26f55fba866ff36d8c424778

SHA512
16a270bbbafe90d9490d8f831f8f00d272d75aece8e5a9e2ade205482d98d818311fb48c004bb43041582d487214837111a9846c216f11873eee2cd8c3431628

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e6d9ae625e023c3f3887f36142e2ae0

SHA1
f08d51c41d29ee1aea69fe3a2e62b73ec527a837

SHA256
7b6d8c18e16c1a0f8073ed853db574419aee56a7a6fded92f701bc87b279d48d

SHA512
08e72c2977628ebdfd92e6c7b840196b1540d61881a456f0a6bceed59c70e799779bb7b4a40b53fe054b0395edefcf8f647d83ce4332a1335858e1234ff0ee96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d755149226bcf8904fa68d6ff428ba56

SHA1
4bab2608797b1bdd58574601816118a660c662dd

SHA256
7aab74e74f0743d953b1858229ef986e82c66f70ecdcd325d5744447d4d2da0c

SHA512
c866aab5da2da2515a7109a5035d42f617a527b24fdc2d720ebb5a7a4c9e8e797878ecacc48351a54c1a3fb59d4c1d30049ef875bc38f27c1a8896e448bee302

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c869ca551229c05b1f4383dbe4ca8f4

SHA1
076f8248aa812affcd25105f76d51af45a64e45d

SHA256
8d124c24091f8ef9ac8f6ef296a44e3534dd0ad59029fdaa5f93af2e89c4c3e0

SHA512
fdcaf6bec974db2a33982c11f4006e9f83682a088059a96525b7c84d94441d469f5718a7b7ac272641522bea4d539312457880ad22bee727346281f3adcaf491

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c6e52d4821f6f811786d1ca2bd3d96c2

SHA1
3e9368b788a168ebc86d579980a34a53ffee041a

SHA256
ff16486962125d38b9b2115e3e01b540302527ebda69765d39b4b6ca08ac729f

SHA512
d426375a8e9416eb07cf1615d6e2fe1fda12ca61d1d8b76f7b93e8ab94aa037fa37ea7d78f621a67e25ab5c0f29ea571e75ca5542219d6e2232f42ed7a2a53ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d142802bb3b5e70edc1572abf2ddd864

SHA1
1d988fc64439ec15f5a99be31f3946dacfd2433c

SHA256
ffe19d2e51bf9223d9461e567413390dc30b9be4ef89f413254e63a1aed87e20

SHA512
e6e4f5ed464356028e07191322a5402b6e6d24f9ecc9381c001d0303137d54948cb795519f3a887de3821f791d8b9506cb29d1877a7fbc531da144036308fa69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e9cbfe49bd9f6fb5260c29c4587e99d1

SHA1
465eab279564f5245f91b81d24779cad7d2e3db0

SHA256
fa665fb0bb841a48aeea80f15e0551ceac643f57c6a2f8c8548c43eb502fa451

SHA512
79f0351e6f18b27ea2210c02618936ecfd0e7adc99377e53804fa4f3fea1ae614a1003fccd60d3f46967be02e2c93f6661e791f68cba9a969b17a803b2b6d921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\recaptcha__en[1].js

Filesize
489KB

MD5
d52ac252287f3b65932054857f7c26a7

SHA1
940b62eae6fb008d6f15dfb7aaf6fb125dba1fec

SHA256
4c06e93049378bf0cdbbe5d3a1d0c302ac2d35faec13623ad812ee41495a2a57

SHA512
c08ff9d988aea4c318647c79ae8ca9413b6f226f0efbdab1cdd55ec04b6760812716ff27e0ee86941e8a654d39cddd56251d8392a0ac2c4c8839f27853556154

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFFB3.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar171.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFFC5.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit