e397fac14f49d78e04a1f6b2bcebfeddb707b3b77e8a537667a209eea2e8dc98

Analysis

max time kernel
119s
max time network
136s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 00:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c73a4ae9b206801c7860039aca33bb66.html
Size

1004B
MD5

c73a4ae9b206801c7860039aca33bb66
SHA1

0f0ab3d0dd7b51af0c96df84d0e55ef31e85de07
SHA256

e397fac14f49d78e04a1f6b2bcebfeddb707b3b77e8a537667a209eea2e8dc98
SHA512

edbb339b830b7d7223c3b14322e101f51d566e2c5545a346ac312cddefddb24a7912a8033322d6edb90cf8492a07f8bca7a0beaf5013bbc0b66c35bd616e6653

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000000c489fd290fa4adbf522064a8bcca408a64bc7ea5ca4eb1e6fffd8c3d332d5b6000000000e8000000002000020000000e5c236a9861d76748a70ddb4f74a6aacbf3a3b54fa5365a861b3b48f4d135b16900000001bbe7e28c23ea91046516e55d54fd902c0e321da272c925c54a201e8b2567ee770f4ad1129ee2253f487955e0471beb18bc782cf73069d834129828e9c02ae4da6f4f5e78f181d976a90df6c0a5f1aac72b5ae2219b10dfb35c4cc570779d5bdc21a0db5a28875ce2ca8214312ec1bfc304bb639bd023b11066a38c6edd39b1f63cb99386b57d5a271b06b0542c7aed4400000009118ea04e7cd93abddfe1b02dfdecc50952aa31e36f34aaf36bcbee0f9a6565f79d7be4997759061ae50d4dd399034fc1b13b91c7fdfa96e791275182e776308	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416537894"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000d1817da6df6fb308249b2fa8df2444e1ec819491cf78a5fca7054e6e5be9c224000000000e8000000002000020000000b1c71a51ab423ff287003b332aa51398b9accc545cc9b02af3adb737b5c87d2d200000008d14fe859faa58bae8b15c9557fc642b44b7cce54da49d9efb92c3e36146276140000000bd6d8896385443a382b402825cb2146fd9c876faa89bf91742e9564fed595e642d747b52bc9e40eeb4516f38a9beb79cf018b8d980a2c9b9d80ceba32763a231	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 608feb68a675da01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{93E00CA1-E199-11EE-8859-DE62917EBCA6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2224	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2224	iexplore.exe
2224	iexplore.exe
2900	IEXPLORE.EXE
2900	IEXPLORE.EXE
2900	IEXPLORE.EXE
2900	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 2900	2224	iexplore.exe	28
PID 2224 wrote to memory of 2900	2224	iexplore.exe	28
PID 2224 wrote to memory of 2900	2224	iexplore.exe	28
PID 2224 wrote to memory of 2900	2224	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c73a4ae9b206801c7860039aca33bb66.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2224 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e9b264d4c4ad0fa106c3b62c2c07f188

SHA1
315ed89f19fe0f8523ed6067ee5c6977a6c338d3

SHA256
1f4210faf4560efb4303d61d60b6458162d7bbe35b6a9286507522884b3410fa

SHA512
15961b2b3e49bb4442d520714cfc238fdd2e3e679d07115e8e1d2e64670d9018e07ea76289ffb4bd2f344228d5cdc24971c0500c5912ccf47044651bdd7545fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1fa70663a31891717b4933ef99473c46

SHA1
0585df6fff088695af72a4114679ba02382868a4

SHA256
7650175efb6cda3a2807abbb48e6b99549316f38c26d0ef55d34d83a584f1b35

SHA512
fdf5f691ec50de85a78533a5919e359b7e7eaf32774b9a4779b9a9379a977fec9dc05c46e2c86dd9ffca40e9fb521556b00177d17b4e11b447d166bdbb845b00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4da7eeafd65d77a0358f6271d7207da

SHA1
0c9f1d478ee5caa5fa01a60800fcb2f498de248e

SHA256
65c169e1c92089ef932ba1c639aaca854c03915fa5e9204625711a95499b9d0a

SHA512
183437f4e57c2445f0922bdfc2bf2dc4e7900f095aabc94b50c879a59786ad82939643f9f976b423e4c5e864588b2de87739cbe3f4dffebaacd7ed0138f3ca77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8824a6b4a1c789b569814764cee24f81

SHA1
077c8e3505c7f5a5545556c2856ad24a86f02a9b

SHA256
c63fe27c039c2ecd4ff6728d767a778bcddcd1b82d9bcf46b7233d98dd299709

SHA512
0ea12f8ae3ccc20df01a06c144c38f91ea6923b04065f0e02beac78008cd793362b3e9877da220b451030612022744305ab28c3d99bacbb84d9bb7a5843dab7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a7bd8f5daae1ba4fd7beb67c1f87db68

SHA1
65e20109a44e84f3dc03908405d08711edaf697c

SHA256
e895d0402e4e5f781dcfdf73e30b4218625507af65100ee91eab993e39d06e2f

SHA512
8e622f97099eb37e6d5ef300bb605854c18d6f4a008b3bc837b570ea1dc90ff6ac8791341535a0355f4586ecc5001e0ad6fc4cf9008224be3ab0ead1dd7242b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1a28011296a54be1e9568d9e6979ed7

SHA1
25df30d6bd83b347a40043f8d4f7afc906c0f59c

SHA256
71735a82ca259d85812b0a5544ef1ed57cdb3f3cade6c6495dcdf800b349ab33

SHA512
8b124378b3142a19c50f2d6620a463099830b0020ed089645ae969f4db203c5f618a503975dda27bfc835a0d7b8a97a1b626a5b0999a52cf3f42d89fe6ee72b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
824df971ba863e64ee0cd91ecbdf63f4

SHA1
509a6a0b5c2ff23849dd22a9e44092161cc20dc6

SHA256
7930119952f30e6c5e77f2f704d50ad89039096b4f58f1af6a0e952589acee46

SHA512
9e3b6267e81e2a0729188f521f7ec0f004e1257523dda60735bd573320548cc2eb1a368b541b098d98dca351601d7210561823fbb376958dec3f42f3522eb9a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ef68e2c983a6e93115219e7ecfcc600

SHA1
6c22591f1a14e48697f1dddb876e813cc387ea10

SHA256
8ff93cd3598e75ca5fa0dd97ed6479af61bc24006c89fc005796021f022a9da6

SHA512
a02188f61ad54f346841fa551319b67f7295dfa202130afc7a7583aa6c1fe63a16ff31245002abbdd2dfab2724aaaec81bd2ab78b04a66de44e6a11d8f595d47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
faf72aef63d0f75c5c44c6136fecf857

SHA1
03e1c9ccc86eb6000a839eb0e79fb8c70f5b728c

SHA256
e2d92fe44a08a2bb27f725883b6dc7a5104973181852fda5602489e5be605e39

SHA512
c2d125fdcb8941b89e30a809cfe15ae6db6d4312c8ae2292285d432e977063a371602cae633acbcb540212b75d309d146071edc9a6af6d60e9fe05c73835d086

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dbb7c5741bcbc18dd8db2034675979c8

SHA1
9e95484716c27f1d12f394ee9b3846c66ae12a7c

SHA256
fcb0dd87aa6a3a33f03c628621c4972e9ada95a22e0f56a134274a1f48fcba84

SHA512
489cbec14af555ebeb3ef8b45c746460866fad943f9e3bcd6faabf3a2ae18f1f47c6eb7433f72e1965e17bdede2c46915f62664352de23c477c0c8c5c48ca432

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe992998850c192452e9f6c2f11ee04f

SHA1
13f9e5735b16e89422e68d2a5c8cd2e453128d2b

SHA256
4f69580e64fbdf877b65e1e4e580060bcd3b27db24f4ffa6c369854fec8c4ce9

SHA512
56d61ce1d1d230f0cb7c3d093b6e6e51745a80c430be56c367691ca254b1b005d486200934e1813178c30b8c94bbf6a5e55421e9cf9315f898c6037e2a92fec0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea0ec6d4e346b1788011078726dc0a60

SHA1
a8f49781a9b3d1497f086e3e4fcfa385fa6ce5dc

SHA256
46cc8f020bccf2234cdb8e96da9379e92e7639ade7a89720eceba79c85846adf

SHA512
ede5de8ef87c1336b1f33cfe2107d06999ace6dfdd6b726d97aa9bfe3d90fae8848dab673cf9b14c7a18c8a6bae88dc9eb27c52a3e97c3b66ea61fe1d72a97a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
74b48605a73331c7ea7c200086436e6c

SHA1
7d04f30a29ee379b4d4047f561b676cd684a33f3

SHA256
47bfa9bdf69a9de9af31573801d53ad71ea54c5e30f716b61ca97b8fb26914b2

SHA512
9552856ef5a70517fbdbd7bfa5fd240d3caa7bed6f09ce23598cde49c02453b02ddefd0369a624797a810441bcd6ecfc549da6bd9bf489ccec33cbeb06269af4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
40d80d052750454f3bb171a69ff82a2b

SHA1
dfb66a3e8201a0592626177c07e14d44755bd4a3

SHA256
d2b8624d6ea0fe1d9960e0ea727bca1bd498699cbfdbaa08b85438240b2898c6

SHA512
8fbf8bc5b2023e2e970fb818a386f815a5dc4ae79f03d3202a3ebc31cc63dc5c2b5396d3938b210996bd1014613d90f7e904a58389f314f5349c5ddebb004fc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8faf0028d097f00acf9815294c34410

SHA1
c464cc747e931c0073bdb723b3683b954237bf64

SHA256
d5c36e6104b8813185522ae925ce63159b3d3912f0764012a2e9022e9fc4769d

SHA512
e6d8f245e21b50c427113dabf722d004f932dffc251e2093b7da1bd6a91a804b89f7750ed50daf0adf2eb0e731de5e848e4fe32df3a9d26afa3f2ea24ad08a21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e301d8609ab0cd7f4068f9a6fe7827ce

SHA1
86ae2c14189a7901bc379eb984592b545bfc3aad

SHA256
10e2f6eaaf59c13fb8020caf9fbfbade001b94891ce6c7ffa70fdf8931865130

SHA512
1b3df6c707a11882b16fe4c3887afce20cb57bd9dcb779e69d2ff590a982415a9f54c7af5b54a9847c10faf4febfd140887c6578999e4fb206f7c14770ab9ee3

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB10A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB297.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit