7d4720e26aa4aa43d35c11ac68b3f7224f350345206c552f97ec19c5197fdbf5

Analysis

max time kernel
118s
max time network
133s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 16:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

tracking.html
Size

245B
MD5

711683d61126d8451010c30239c95192
SHA1

4c8c1b3547db05e5daa43f5a3a94a80832806f80
SHA256

7d4720e26aa4aa43d35c11ac68b3f7224f350345206c552f97ec19c5197fdbf5
SHA512

93d26afdbb0920d463384f155cbd8f6fc2373d55aaaad0f75c5a3de13cafba9095372ac68c43eb30477e58910d06c371d8d8964906117e57cbfd5b2bb63b3420

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AA721C01-E159-11EE-972F-E61A8C993A67} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3062f6826675da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416510446"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a700000000002000000000010660000000100002000000089297b0c68dc4c72aa36462cc8377a9233846901abd1b8ac51d1261664e4e16f000000000e8000000002000020000000323b30a61cc2894064ae6c530c9e58c5820316554894b0416d1888c2c9e6a5ef900000006747b738a2acc7b108643c3ad7eca1871e02222f77d5657157595170ea46027469cf3518231d2f7ebc255e7015df4fe4d4bd87842634edce32afd36c94f2efc65546cd5afb0ff7e8c38dd61145de26d0b5040835bf1590c66a04fe22ae73e09f5a9a25a50e518d64c6332393544a74b7186b24081da451e66f80e4646dc9c5d47df56315fb3222c7ecae4ecc5abc2dcb4000000020a5022099f2ed450146c65a453c9944c425094c82d67028d51c27918ce82481e975449cb68e1a8fc6b084c1798f03cca1eec13fbe5eb83682cc3833d3b43bb1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000071c834f68b8ed044a0afda50fbc58a7000000000020000000000106600000001000020000000075e66da04e09e8ec1888f294de93b39d2d807e13b85b80cb0c4617d748a75d1000000000e80000000020000200000006b6f102d78e8d501abfa7aa3c83e1cbf0f6ff512314de8355a28b7267fdaed8d2000000041d7b9b085dd59dacbf52c151085fd51bcea412aad2d35f25df2ff31ad37c942400000005ada6438c6237c59a7655a759fdc465839a652ae82643d9b47d2995aa31f7935dfff3ad9623dcc10a9bc14e78def071416d14f6170b62749c6f29a671a19dc19	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1940	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1940	iexplore.exe
1940	iexplore.exe
2368	IEXPLORE.EXE
2368	IEXPLORE.EXE
2368	IEXPLORE.EXE
2368	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 2368	1940	iexplore.exe	28
PID 1940 wrote to memory of 2368	1940	iexplore.exe	28
PID 1940 wrote to memory of 2368	1940	iexplore.exe	28
PID 1940 wrote to memory of 2368	1940	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\tracking.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1940 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
960b8f476331b3aab17079d3db2d71cc

SHA1
d30649e26d4b1d206840d89dc57905f47dc916bd

SHA256
c53d04e3771ebdff0ca36214cc6ac1dccd8b662b7a85d2f130f2009221a5fea6

SHA512
48f87a3bb3629836c919c9ff4c107f843d950ba8f33e7504bbf998c508e7a97d4d956fb34fb090d8f5f2315d6605c64a2d98add314c76b7dea5ab0c71c0a3c0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c7f49a6bb6b03784377e687f8fdf2f0

SHA1
51771d911f48e8824dca6fb9bdfb804492f64714

SHA256
9fb5413a785505ab5ff2f44735c256f0c00802e2d31f3a1ca46321aacf78647c

SHA512
f526054d5188cd5fe6bbd182b168c8e9cc81ae1f0c503e8800d8830051f4c3d77d015328bece2668cab336c143043b82ba330b62a6006791607cafd585f48b69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fb405abe3bb3c5478da957b7eca06aab

SHA1
e4b089b64cf7a545957057da2913175bb9251850

SHA256
3feb50cde8dbfb7c6bbd22bf09cb3018c6d6eae18d27453caa825aab407149a1

SHA512
1a134e898bebe467042a0e50d58a225f23e3e4de3cfcd0ded50055f00034c9773ed6b542a2c50e9be9627fca163750ab61bb548d922ac73555b76291dbaa4db1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
39489ceeff03d8cfbae2a892ba7e56e3

SHA1
5f0a9f2c5ff5961734f970864ad56ad77ba34a95

SHA256
6760b9bb7d4ff7255c43ddb5dc5c72a67457fe3869ea46f2f051de9fce979c91

SHA512
3d6be8c1719406301bed06677a40d8151f0ecc919719f87c57a8b8c9eeaa3ca90ff3d15f4131fdc7299b22cc2f5a9477c6fa36f28d9bb9b5b7c7f42d5dda4e2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5debc6ed1698b59d84ef4546b5695135

SHA1
358ad8b2a0290999f108e47ea4e78e69463d17a3

SHA256
51d42ced320d09f72b5540906e533d04c0c500a693cc4ff49a3ebebb8e54e156

SHA512
a76d1cb2016d8c9a1fedfc92c8821a94cb233437b9e6b147cf6d0ca72ac28d63a6ef0f09750d7af25afb28e9d33877e6477fe30e9ab5dc084e213406757cf6b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c7140113349c1b88b59b688ee065ce4

SHA1
e973f143163f5f562ed1dcbbe223a594bbf66490

SHA256
1472ec96c4a7d679bb63b4a0a53ba154d8832bd5947734eeae70255f246266d6

SHA512
39395721a0755c36af14365a144599a6d6bd0df45bca079e712204d1c3dcd6910c9034f1f863aacd84f0005d294522d867c980f0bb1059e3201b128dbf20be0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d41e399a8b32a4d4bec380751f08303

SHA1
ce5311109704685f945fe42030199d86a1f99baf

SHA256
e92c73df2a9c2f2d9e3394afa6d9efa0a6d6bcff423dad075bd04eb0193b01b3

SHA512
57d55d9c58a48164e572a2fe2a720cf5874d33adc5b93b54da3af7916aec85177da8ee0242da96595f19136c488a8de53df80e6b5b3387cae7bad3ce40532d39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e8b7dfe6d55270fecc4b7e6b9f08f863

SHA1
6b7a2c99ee3a4954391953796cbba06758faa658

SHA256
d99708fa9cf911de058292593694ee49ec2594d3dddbc9a73907e98c605ef5e9

SHA512
fd72e784618e6848b4b7814275277cf52e7b12621314287666365d5ed83827a931b2781abafdd4fd37a3537f813f6cb04cbe4612766b7e3bac55b360305d72e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
160091901fb531d09ce2f2c2db182238

SHA1
5348d6aa564ce8379aa2d653143817f80efe3d50

SHA256
801507ac00268ed26bc634d0b1c87c25bb8d0f6553595f9a88a4c5499aae7b8f

SHA512
2566843688aac570f90385796935a3ffc2819867d0d7d0c455dad3fe5c104c4eedb6510e6a80669a144143b3ad7b50af0c43a9ae492aa3962711ea46a6f48cfc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2f458310da40a0c4b672d2b75043e8d

SHA1
08feed6409fadbd3f81b76f0ba41825f8d840650

SHA256
03b68befb162167e9f22e7c7ce04e87414a17bdc0957635cc6e36f5bd01c5498

SHA512
923f259ed2f4779c12e850da0e549ab4dcab59c8b520d30720f2705625f888c2168a9c95aa5f5a374772feecfe0f9d906d81ae319b27db54c4829f69dd3b29d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8815cf89888ee5b72a5ab7e81ea257c2

SHA1
f7f495d90b27e762ea1420a1f204034671450ee1

SHA256
a276a0a7011bc32cc295ce8843d9157a2704f06605dbcf6c30773a74f4c1ce3a

SHA512
afa835b3accac0ca6ff7e9f1667903ef19560e4c5b747d19cb5c2da20388555b13407de5afea65f6283090e437198196bfd3d3866656498f60ce45e61a330a9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5252fbbf390d75b7d7e1af25ec9cf98

SHA1
f6f0004c4d7aa2a73e2a5a1377655f06735ca6b0

SHA256
70b2be23b8b8c905e4d5758c02dd7cbc1277f20e1325b73642f29df30a2a68cd

SHA512
e8551c79bf291d37e3b1f32725b1032526f2c08115249cb5a382a42ee2ddb49daa1b99b4495be6d8acdb11bca595cc29545847c7475b30c84be587c04ff0652e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a5e0bb507484140b469922c2422a59ff

SHA1
f4a5b520ab81e36e02e5bcacc8ffc829ae01a815

SHA256
0f77562d07c66eeedc930ed7bd6974d77be9d49a1db9504124549b54598eab08

SHA512
370747a9874840d3d275d86db9620ddfaa67444b008daa6f5661c09ef1a10f17f181bb19403f9b165775235e712435a35a617178311182c146532b10190ee568

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb60a79142b9b849a6434e2b4e175f5e

SHA1
e7312dccf5250773ac8f4640d42dbb0f798a96ca

SHA256
9b50de65bffed5ffa721c2f8e8e295e6cb728da943fcde27760b10396e46cbcc

SHA512
4ac57f3cc007ab975896d0770c496cb18a8e9cd76721efc97a799bcfb7e3ac539a04d2b33011cb1e73f32507b72aa057918a80e8b6b6f63a663a76111322b429

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
403b2cbd79a3f5e59e8690dd45c1b3d8

SHA1
5ab6c99306dae68f6cf1074de30ea19db9e70571

SHA256
d13096e73d9bcfaaa585e7cbc2ce44cc292017490ce37a8a4795f3fc2ec7d105

SHA512
9b90a1f87ad7697039db0e8c4fc1c8933398417eea307421088d538a423679f626eeb05ca931f74c9f60eb40e4b7490191751840ae8c9c5031b275a9b418677c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c8d65284ec37592d3b9f480dd7a2849

SHA1
85950a753e7ac017ba5317f87c96c54833e5cfad

SHA256
c1b8ecbd2f8a76eecc346376929026de3a6107823f7299ab22e6bd4279a59391

SHA512
5f048f7e22be63bc742a7210f9e05682b7e9f4e6907536af6f09f3f91350956b4dbc9b27bdf7a9e47a28f143df3662761509c0358547c3b065f63fd9b93c6706

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab44E0.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab45FB.tmp

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar460F.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit