dce91a3d6c29b79661813b4c20c579e0db9d43fda076aa279ac58a9be9438ff0

Analysis

max time kernel
141s
max time network
149s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 15:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c6333eaf07cefa49f98ad65a6b4f7558.html
Size

90KB
MD5

c6333eaf07cefa49f98ad65a6b4f7558
SHA1

b0081c3230a9762dc1a106ec3643ba2526822393
SHA256

dce91a3d6c29b79661813b4c20c579e0db9d43fda076aa279ac58a9be9438ff0
SHA512

be93967fb614570a2891b4cbfa9ccd446088882d776aa292814b883a6ebee6e737f56d4e727b10afbd873c814a1283770e7b220b687fe15f84a024a99a91f1f2
SSDEEP

1536:gQZBCCOdK0IxCv9YJf60K1KL3hP64hbxunPCHPYG5mRG9bnpEHi6lWb+JQXYN4Tn:gk2c0IxoixPd

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70bbd45e5975da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc23300000000020000000000106600000001000020000000fdcf4eb6ca89e13d6fa64757e4b6bfdb40396ca60a769d8da12f37e5963e9a92000000000e8000000002000020000000654bb310f546caa0b1856d65a2d447b42280a869be15e671ac2ea611c06530d690000000069eb668d8ac3efac3e4e442be90f16cd57cd81a4d863a5619b91c8b58b351d19555ef7afb30f7fe5e63ee854dd94c10cd3e0ff261b4668819e8627b74915fe371688d7e9519fc072a8d242987ccc9b64358ccbb903dfc1aecf0762dcb01ac88caae433b9704da1f019d2b7377d770b77c146e3ed5a63a2714e11b8d4ed70c40a671072f23ea760d2ae330952eb21e5b400000002aaf65d9f3d8b12d91059dee74a1b20a3605d817b6379bd4ec7faaed238fa6d7356c8c5914f3c26b7589632231679471e0dd2f657ce2169a7c1b36e98a8a6466	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc233000000000200000000001066000000010000200000008722f84cc74be434f26a142042b471e02b0fd0cabd945b859f3ce369a90443d4000000000e80000000020000200000006703e56a5a7438291eb5688220d5b9b2c200684d8c9e639d67b624308eed8aa4200000004b782d4b3880ff22418142a3f8f447b6d821e4615c75e192d2a0f7190db309a64000000028d61be8d585e6dc2770d7e30a3c705391eefba098660c914760b32262a46fbd47799c6572a8afc34657e6365e238f877f777e3e56f9bed97c336dc56307ab05	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{88C03CC1-E14C-11EE-A296-4A24C526E2E4} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416504807"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2784	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2784	iexplore.exe
2784	iexplore.exe
1984	IEXPLORE.EXE
1984	IEXPLORE.EXE
1984	IEXPLORE.EXE
1984	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 1984	2784	iexplore.exe	28
PID 2784 wrote to memory of 1984	2784	iexplore.exe	28
PID 2784 wrote to memory of 1984	2784	iexplore.exe	28
PID 2784 wrote to memory of 1984	2784	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c6333eaf07cefa49f98ad65a6b4f7558.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d371ae499ce48206ec70da7484b66fa

SHA1
4929ee1676329c79a8b38899e6f29a3da7f4b4cf

SHA256
2b62ffb6cacf34d575d95441cb4a3ae219c739815dbe3cd5d50784d3ea3431e3

SHA512
0f0182551f4064d2e39368812f192daa6d528ad0653e93ffadb898281dd6e08e7ca392e0c98ee4703957de74574922a43027173f24ee89357f1d86ce5d011da4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
deb39c7c1332d235c3a3a3faa73896fd

SHA1
0f76432d800eeb98aefd7e95f3531043ce434943

SHA256
86b98646ab4d70681781509bbd2d533999833a977cb537922e17e0e2c7eab5e2

SHA512
a9a71e18334a58060b7ac694a602bd54221c590244d92e5c83b10206dc73855d693cff42ddfe29d461447780a4d133ed4b32be26d70e275869b2f5ca31cec648

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b3e739eceb30f967df8f1c359bd945b

SHA1
895baf5a3ebb71b1fb7ee3f9ec7e97e0e86be515

SHA256
111f4ad85d88d54068093a57ba5084a5b64db1982c6ebe0ddf02d67892f3aebc

SHA512
54d591540b2ab897a0974cf7943c90420386971a58a9d91fbda8efb834909a87ec1af7ea38eae4f664b5ed1624b4e2576c6dc3adf3005ecf74b298d5c303d946

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea7a5277bef36ccf344632512d9583e9

SHA1
31f8a65d759797e656845db47ebc0b3d2a30dbba

SHA256
d609ed34821f3e8f215ccf27a56b29e8727a3b002009076b6a648aad49292755

SHA512
ab9e1351f3ae7a14d0733ffcceb7dc75bc3e8c74c896a196f713db759e2469a9d0c6191734c605010eb8089e525d628ff40642610fa301169e800073f240aa85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
313726bafbf0aaa1451b16d85b73a2e6

SHA1
67c9ebebb14cba88dc65b3b204dd892493725c27

SHA256
d54289d4fcb1f88b9e1087cc156900228f66f7eed388d457b128b1bec4ec6cd0

SHA512
5d215a4401fb49757754b327f39049002ab6d37dcba90361d10fc19f5eb23bce9562d8915fc4dd4a304d3aae3e9cb56d6aa372c105ade71be89706aa7f746827

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ad1cf5e41332e6d41cf17710f37506c

SHA1
bdec177ce537f04cd3a4a1db110ac940a87a8bd3

SHA256
c736b28959da7080a646adeb1c09a061fe763aae58c4a6c7e4c7bae9c975324f

SHA512
4e37d5a344b8e2c786472f76df080334ad3828ed7b9952a1dad069464ee05f10e9f2469354b443c8d20757ecc9790e129e3623d78625ee9081dad92d09b88dfd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d2064ed8b5c7989050d8a687be8bc4b2

SHA1
e0a8d2e750f951b4e6b2373a35b881e0b2a728a8

SHA256
7ec022ddcae7255ff2b8187527574d941e6d7c68ec9563dacd8f40c0ceb5321f

SHA512
ff6f1dbe38b59f1630238490aa614b78a89576f711e20e6a0e1617ed2d9adacdcbbca6fc77f5878b0cb28e745dbc43880d1697f9581c8d4f70f5eb3cf1abf171

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4950c9ff8e2ef03035b0bca396972345

SHA1
e9bebc4c47f5887017e00fbf66622500e420b1a8

SHA256
48a56dcce7ed5d53e680dc8143fc25922333829d574a8978e42a4bdd681bd304

SHA512
be5703bc22860142ffa1f873813174649c3dfbdd961907a0594a0e5fff8d28a32ba6e949817d9739f20a11f806a5e1f9bef7fee0c1893c90419eddc772f7124e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b42bbc77eb6de0e58b8c1d7cf8e97aa1

SHA1
06096a8f919fa1626fa4bd6865127a8026788bd7

SHA256
3d0dcef6f05f98c3d2186831a7d83abb008df58c6334e993cf227e74afc997cb

SHA512
634a03230bfde87ef52fc6eb8845f809efe0230bc1c4ffb1c5fa6f90171eb1499f66dfe377bd43cc48213789ec2cf024e4ea0ba314059b211df240bf4a1da3a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a486bd8d165a021ea96c8876dbca693c

SHA1
c1d554e55a8a71388d1754070bb4e09d0ca91216

SHA256
db93436c4c8aee08f2e8ad4118714a182390776b041e4e3407c2c936f5b13a00

SHA512
617f99c05dd4c681b241683cc90d227588d4717e8ffce51323ae0ac654ee35533157a88f8f62d99eebb3d0ed37ca6ea72715b7a1aa5ccdb757a55b2c94fa3308

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1dc0ce0a32c63d12d40f1fd2b13d6698

SHA1
7a201d842727bc8433430f99c00a5ff6e1b4bcf3

SHA256
94eac9da625c179fe7818c971ce2e40c953e99d54b7010023a7036ac5b1e01d9

SHA512
4a25af0edb3a1b33736f9878dccf7f4a5ea15d0ea999eed094c435071cf1bac5eab4d345f1ee6260dce7342d59a4e8b867e1f8cd5a22aef3e1d4bf9790fdc675

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69613d11fdcf72729d4831a6867882e3

SHA1
47429f1c09ec4b95594c66e5810ffe34afcec7da

SHA256
a2767b7dc1fa8a93266d2ba52390022b5d27eb0da3d4e592533cb176f02f0716

SHA512
2eaa8c0a508508b4fe899284249e71af5b1b0ce2453c9e22422de7317d00e1db6fe104bf5c634bf97b82b761c241a707c52c3c6f61e38d418bcc34e203a5ef71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f171ba4d5cde5931c35928d298450124

SHA1
63b92e36eb6a7520ce8396f88e9fd7751fc37905

SHA256
1476bde1a8e828f2bfcfa771cb2079f1c6caee56c05d50ed231f5fc3793d9bd2

SHA512
ddc53435a3a80c9889171808ed97c6caa066449d8009a5842cafd794a7fc9a6f28761e183c501e63b039d51bf613aa4324ae97bf4be333d0cf549ca57b82e89d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad80b1c62d43814c2390f0f4c28d8ac4

SHA1
75b31493b3da2b6364e0e8bd09578d835991dd2e

SHA256
1616b994ef965bf5a90871023ca5c5bb8041e60776486357da83121c7ddb5d6d

SHA512
57f9fa535443dbd19e413c0ecdf676c44a486db826c4397305fb768ec4eca3a71c3921451caa44a980d6b06c46d12530c157bddffa1cba3196ee0d5c3b6d775b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1c5de2fc6e74d33123c8a8c68723cba8

SHA1
84034a88b79c96c95bc5634461a07b0cac17584d

SHA256
bb57b3abf315cca80a8a48c5c42dacc157be9e880c23a36f4893f4192d9100c9

SHA512
8c77187f90f14e25742017b2f7213a9c63f2a83757f33b026858f0b80ceb92ec1d48c263e943a24dd9b6750ea240ac7d3c3fb302f3de038039a6728ae160aeff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3850.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar39C0.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit