11d1f25ce92c40b0634bfe07be57dc830db03689acb37ac14a03c395386fb2b6

Analysis

max time kernel
121s
max time network
132s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14-03-2024 22:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c9d5b5027c19df1110d5a685d665effa.html
Size

2KB
MD5

c9d5b5027c19df1110d5a685d665effa
SHA1

7ab7bb46881a6e20646e3b3e318e3c35204849ff
SHA256

11d1f25ce92c40b0634bfe07be57dc830db03689acb37ac14a03c395386fb2b6
SHA512

45967f17a980f0dcd503c2f472760c6417ba79f39c334f389b92d8c97eedcbd15fd2f633941413afef2f2d5bee8a57e4be0542245ee98b8d73cafc6751931cae

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EF61E5A1-E255-11EE-877D-D2EFD46A7D0E} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416618791"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fffacc0240230f40b575ac5982df49bd0000000002000000000010660000000100002000000056afabc03980a6f109b96b4cb7f10f4cfa55a42d7a40d09600409e8689af40bc000000000e8000000002000020000000b6ff30b2f8473f82fc5a28a64bffd478dbe20dd775176df8513c5f6328ef8f7420000000278cb658474c50329bb20bf3651b1c55d28757090303c5abda64dfa2da2ae14d40000000de80f0f08f97867876b497be4329b2c4756a484d62817efaaa1f70e7c7a03f1b68feb526d8fd104dbaf5d80ea637036cc8b421b13ee97399c2776c52803ac987	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fffacc0240230f40b575ac5982df49bd000000000200000000001066000000010000200000003fd255add3511eb53c0b82beb7c99ef4b44e79bb12c0420cb8577c94a1340c74000000000e8000000002000020000000a833023b345f9e3ede198c105c63e934094bab431bde81d263ffc57419618789900000007913a2955993de1dc2d293f79894a258ec2f1998b441d85d610be9a29e31224e4615d8eed36c139d385eb2e7e4a96fdf2a7959443a2dac246608bbd429896e8c8aeee01d7f1fc8f5ab186ac4e1d6e13053a6680f7b8bea90c7e46b909bc7d65038a6dc05bc916cfb1269837876af0d1c2bb20c394527614bcfbd65be163d707126b48ed1194e004ea7b3c15b4222903d40000000e261cca87cfccd14c913a8aa7d8e127295e94e47c9eb5d9b2f586f65d20d742d3896a89fe0a4a5a38d80233cfd499270df9763c9cc4f4aa76df828cdcd05cbf9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 104e3cc46276da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2604	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2604	iexplore.exe
2604	iexplore.exe
2548	IEXPLORE.EXE
2548	IEXPLORE.EXE
2548	IEXPLORE.EXE
2548	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2604 wrote to memory of 2548	2604	iexplore.exe	28
PID 2604 wrote to memory of 2548	2604	iexplore.exe	28
PID 2604 wrote to memory of 2548	2604	iexplore.exe	28
PID 2604 wrote to memory of 2548	2604	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c9d5b5027c19df1110d5a685d665effa.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2604
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
23ec75585e04bd5fc267c55f6524cdc9

SHA1
2d3fb402a2ef869337f8048a0ea4d9459cbdee62

SHA256
e90e14de39f0ed29179f049b6c2d57cf7014d4fe228be272fcd0b50d22b2ec5d

SHA512
d7eff5fd928275feb7af3926d5eb998dca06fd506f09040ff1d2b60342a6ce02d650a32817ed77cfb7674c6bc6a88ac26666f61ad64bf4d15103a9aa0061750e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c9a76d71ee9d4525780fb6b4dd92cde1

SHA1
65cf87ca731d925ed5c84405744bc9a2a2b918d6

SHA256
d3c9dcbc7e766a0af642c7892e8748d850a7f387ee7008230cbe635fd8bb4359

SHA512
a27d04d02c41b83c1d0614f30f2f45873459273bfe4738d3d4965abed667584301d25885d85902439d817cb1a326bfa6f922f6a9727fc4fe9aea0267c670d033

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34c0081b19ab1b12671a1bcca6d40245

SHA1
918de45cb6144cff00036a7b3adf8d166fd10f68

SHA256
93a47a069e3bc99b204c14a6dc8df2870b44847b0d8e92f5b7e70a1101d96414

SHA512
992278a68008bcdbef6623dee3823e9f013f94fc5e2a559163e6fd879c4b0d8a31a1cc2b49bc2ae1eb1f1f7d13f7e47750133866f92e63c12e8206fbeda7a4de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
edf298891f1a07e99708538703405ca9

SHA1
360d06ac52049fcd8246902770c4fc9ea74e7c72

SHA256
7d85e0e1e7e01a9713edd626d59d49dd38c9e889dad05618c9d85b10c8772424

SHA512
fe4c3b4e43278298f2aa6802971b5b27e495ef5eaec3c115390a7746e5c245cc0481c9735198d4e28fad06d088269d51dc61e00397f758557a09b65fdfa99c92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
61be8e764f08c3ce87b9912a29c533c7

SHA1
bd864d979375c97085da928152c1c6f5c1c678b8

SHA256
357138b99b583a363dd0a9d3c409c844d9e60b8e8f6401e634af1c92a603041d

SHA512
d9bf27d60c7d01c999b5ea6be9cfbcdac34350664dca62cfe3891d4865a1d4772bdd56d53e9b313b62647bd97873b86a5297407dae86935f34022468b6f6c47f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
18e03fb658ab8729ec6a74a3e39eb342

SHA1
050dbbc3f18d372ab910da035d38049acec5e749

SHA256
51fb6b78f9cf45aeefa6c77a2cbb56e061c4ef9082b2c359f47cd7cbd6b93d15

SHA512
c91e072825faaa5962fb1798151e50a0b775f0a4ab956caeb63af6915fb32965a6c6a78ba44f246e05bca864a3cca84a224a1be8c31a1b32c93f6f7b01102f4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a672a6a24e4471a5058577c0a2793904

SHA1
2494f4133f1325e7315176ec58bea0be9be72f3c

SHA256
4b3dcaee99898118931f50dae0211389da960f3c0e6ae40755d6f7de5dd96436

SHA512
5ac947d8a8e7c35efd75fdd5d8ae95b63a09ac575fdaabd9d6da5e5ea214df621eaf3618c3b4e3e715601a89a2dd31b6cfa91c37791c72fe82f0ee3af575df96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd6add6bde2b61edfb25094ad155c6c2

SHA1
7f7d28ab3d9db51f83b1b8c61b86a136ac839870

SHA256
09aa0eed608dee442c6c3e18ac7bfff7a75940e00721859ef10f6dec07c28589

SHA512
c5b0a99d3e0a81bcc45f20e42ed6075b1683aba6fdc0da49fd78568575f672c80270c3891398fc5efc4b3ad877e588dfde126b9ebdbd5f314e3a3db7227c0ea7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a330930ef9b30d14918ce2a9bab22057

SHA1
c30f38c1d3fd6525e35ed9811395d5c53b4d647b

SHA256
48cb99dd08e04b35861655ad7cebf695a18d9b2a5e400b72663beae5221df11f

SHA512
8370de9ac1bb3ece349fec954369950e6a0c4d5c1a0c6da666d265890d888a23b1cc7ff608d57e6232518bb05bea459f57d8665e91c7f2bd1d6ef4697bc947a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f9e0817eefabae3c5f49620bbd84fef

SHA1
b420fb2aa3451c17f22bc5097c50606267c2487b

SHA256
a9871fc712880f7d2c454c5321e494bd189199d573bc8faaae4ea68e8725ccc7

SHA512
89b93994fb6638c5c5e42a3671f7342f7931d26f22277578ce1b5f8ef45773243c8bea4d70d3b1f774cffb7fadd596817007bc92810b0c3365a14c21758706d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8505718a77c9162378f2ba268393cc26

SHA1
b505b4bf113976bddbf3029358a52eec0393af7a

SHA256
16e609b31c76441911e9a4a89a9cf1d35527a0d61e9e1c364a28b2d7714231ff

SHA512
7ba21a7886788f270275e220a281c6930d1fd2afc7a52989bd87c385f433280f7a940e75a5f857757aec44d1ebde8672c45287cd1652e100b0d3205ddd6efa36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d60742c2743d57416e6b1eb3b1bc9d7e

SHA1
97d88c98473e44b226adba75dafa4dfdcc67652f

SHA256
d0e95c3b6741715080414e3ef605430c60162a8a0d72d6eece4e30b7fe778cb3

SHA512
896617720ed93004d75a0120cd40842946a5953b89971d9718454a3c3deee25500152ee0bfa9e26ae86dbdf0d674263f57207ba4210804567d275d00a5c40340

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e51e399288c4a302c234736dd3ce9f8

SHA1
9dd79da816416f7135bc1f671d17dc5c9edb57fa

SHA256
2384703aa8abcb0f4db44773d511b3d314e4ba8e458974730e045f23bebf8390

SHA512
aee3ee82579f9bee04cc3fa8f5fb6968ff2fd579cf133de6954e10f89a8f2b0100eeec0c28b67ba5ad35e79db1e6472f21e7e68f67ac192ed53e2a94cc2e31e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
964ae830d71d2d9d09f369d1d174de19

SHA1
56b8a2a06b9b64020a0158087b7ae47ab0a4f6ea

SHA256
214612d5fba33c9080406f27b1cb33bf75298414cd774e251433b3b3329635fb

SHA512
9b25132956f0153b1c36eff9cb9e752af7c22c581666c78360ed81593d6a008469ea68db9f2fdb9a6942cd86ae18a3184620ca3f24de7d66ddf4e3c6c1ef0384

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab75DE.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar78F1.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit