201a2c50d181f9e1b9ffe26c2d8f93971524d2f15002f85b8cbdb9ff18b6bdb9

Analysis

max time kernel
147s
max time network
148s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
14-03-2024 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c75beb5f6519788e81c6c96b7f1933ad.html
Size

303KB
MD5

c75beb5f6519788e81c6c96b7f1933ad
SHA1

9359bd6020f1ee647b70d50197e20633efeff3b3
SHA256

201a2c50d181f9e1b9ffe26c2d8f93971524d2f15002f85b8cbdb9ff18b6bdb9
SHA512

2c419c45b3d968e78b0c9f0f925c4e0e9d48bee33e869e149751c1c7e3b899763d73de30a36665620062638821c17a602acb4666c355f37786ec1e12bf17c3aa
SSDEEP

3072:pV5/RrC++WVN34RZSiPB19OqAno9eOlpR9IGNBcbUgeCcjvdPd7ygzdLpemELai:pT1loBchOddsb

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CF8BF1B1-E1A3-11EE-A6AA-4E798A8644E3} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7049a1a7b075da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c60000000002000000000010660000000100002000000087cc025d43ae86026642bcd68256af59dc22c9f4a2114c47a73af6e1b213b70e000000000e800000000200002000000084ddae63751c25bc9de9b8f07f63e8be9b015ebd27a7de3e3a8838ba4e72dd952000000006dbeaec11dc0f9487a5c73adef051676a0a69e7e7b69e2ef2365648bf98a23e40000000a48e4e8e0128ac72e6ecd5fa10f6738b3dea6603b8049bb6457c26232dcec8a23a4f03ee18d261be89990f693f2b670e37f627b5299b05e078e11b3052ab3b68	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c600000000020000000000106600000001000020000000ed3859311cea686dddb4c7fc478fa5f6a3b20e1237894febe4242b82d7b4e9e8000000000e800000000200002000000037b615800f75b038794c686ee27de416a4cb8aedf06f930c8231fd3716176d3190000000aa2bb28f61304af4b19e750f14f55955b9674e120bcde1c3afa10775209f0cb42e21df7fe6892ecc7a0dc761c7a0778084636345cfe51e16f9faab2b056065b6148b7f0c3a8fa4f93ebb06749140ece5cb6971b28958a79603eea2319956bede89153c396773e0b7428f2e2a17c0434c3e1c9cbffc59da6e22b7acb0b045fb36f8b9bf5e43ee0ca49a556791b285c8b340000000d9a71dbe6eaa2e495fe34bf7d7048eff5754f331cc454edc1f5a876d428c5d376afbdee129a6dd8042179fa7a75863087a0d147640be50bdeed46cb51be48d8d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416542287"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1756	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1756	iexplore.exe
1756	iexplore.exe
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 2856	1756	iexplore.exe	28
PID 1756 wrote to memory of 2856	1756	iexplore.exe	28
PID 1756 wrote to memory of 2856	1756	iexplore.exe	28
PID 1756 wrote to memory of 2856	1756	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c75beb5f6519788e81c6c96b7f1933ad.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1756 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ba105922dc90cdd704829a5f668142b

SHA1
8ece08158ff9eca02e5bd877c97962503f5f398e

SHA256
a7ec9bf4f1ee8b15732adcc44383f6e254343c9b20047421214d02ba8f06fe33

SHA512
ac7398635bdcb71d02b79e0e0a13e457363f4e0f2652ec8863802d27ec9da42383ee38f7a03f5180870f6f1bb8ebc2acf56f423e6bd25fd9819ef6e14aaec934

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32f5f8dfc6c997f35442d8f954df280d

SHA1
66e32343b498da18c9eba7cbdc42b969bc0e07d1

SHA256
87aaf893013be0ca3d4a2feef3655273363eef7d0cda16aaee7c96030ecd277b

SHA512
84e88bde240927c18f5487a16bb232bc649138467dd97b3caf76fda9085ecf2f631adc10d232944e6b7a13d376a1f08b1731185c535c62e25e9a68021e5df2b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b8824ed230778afd351fe6c27c796458

SHA1
e274c11516dbb9b568da96829fc2229fc23b2fac

SHA256
fcad17c532b95284e7c3b3502345962376a6cbf36c4524c2158cd35d63997d4d

SHA512
562bfe600ae3789ae0fa0f1c96cdb5e6d44a552d0b63c8b2198d739ee3c4312cbf9244432b3d096c8efec41c3eb534fc403a535fa10ed9fa2c7633d5488efcbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f34bce8bc8d3bb97ab791d14d8aaf172

SHA1
a93ea879829d0b7a3f9ee097f6b9eec6ec24313a

SHA256
c560c9391454f0cd86ce345a52a0d6d51d02a38c941d958cd58e51d88fc64f8e

SHA512
10c97ceb20ad3edeff27637ffd196ec7dca445b5371bcf2b88899a64288ef2964563a1d1aa102034d4d18fbd01803a85d8496b34b7584b70f0cecde657e59a5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
813d3d7a0e0cc28930806a0c00e599ba

SHA1
6dc37cc5e22d238a975c1eab37c62f9d52262361

SHA256
2b753f67ac45c8182638225f9f2f78c2c88e94888754341a52ff2c94c9e67031

SHA512
e52dafa2d0bc23a63587f34cf9dbb860667fad2d055c5f4261ae8bdff4d5895ddb1d807b5aa149f785048e7ebc96a8b0b8fef82dcb07ec575d4500125e221440

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e3c91f485a3ee8b8a9738f45059febe

SHA1
7b0535bd559cd772dd96e4b26f49c00e768f52a9

SHA256
998d185d1c255eaa51fbe7036cbb1803179355973982a07d565a3c8d4fade3f5

SHA512
f331f30d4cd80b6c0780fdb38c9ca1a330d0221529e9056264d73172323794d803194b54e31f88503752ef69c581f15cffc326463fbe55df64ca269e5adfda91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c3c63dd0516cf16b662f5a727120e22

SHA1
9e7aedcfd10b460fbb2d83057d97006b0fc7bf75

SHA256
e34ec8d9e98afa48912a9009a08e896641e974e414c82f13058bc0433032d75c

SHA512
0053daecf05f96b2c56affab044e3b25e0007c9331796e8a93a1a3c946f61bd2a4524915fe212ecd8f1ec678389b55b0a160242e78966744829aab78be7fa5c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e7ead7e82b24013d572701c72873ca0

SHA1
ae9893e9e0d62579e5e38f9ebffa3f92f4a63f34

SHA256
b1362cc01c489d4031f425c60fb2c35ad2323a3b22c8bdd0630a012bca050b78

SHA512
b175672367913f2d11e30860131eedc657a5bf83398161c6ee31898946dcc840333dcec712db736465ab8eb13e455910eb7bd739dcecea9e293c196f878cf9e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81b156ae8a9cce3032942eb24d694036

SHA1
91b2160b1354828fdff7c1ec03e5d3f79223b75e

SHA256
d2b0d03246a7fa2597f8441ee61f9e9273f61f3cf9e022ae61ee134e75dcdec3

SHA512
86c2bccaa8f9e87e34ab4e668da11c206ad83c93cb2241a5a65a100059f2e79620d04c83145565ea5c254588e13fe88467c2536a2211f6c305f0d18c67efc80c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
08fec2121cbc223517d432e9912572ff

SHA1
31946ec36eda43901df7506d54e9dd036a237cb6

SHA256
9431fec37c06470aa05f51bf0e734a477c866311f7c61b2fdb38f7a43e149ae7

SHA512
7c7cb61e9bc5007c4217b5ce5cb9fa95e27503871397ee39c055c8c5e7405b54dea8bfc910e14a894e8441ef93dfdea0e22cf8878907114b413ad812915ea5bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a773d00e5ac0ead0d5f9c7e1d142a390

SHA1
56b5c6ad7748f3b2a015bc3e7628870c7a7dd489

SHA256
1b888514b8437c7789da725c367ae105a92e7e58ce06242dc5a4d5a4cba03193

SHA512
524e3597d64e57a3df03952a315644838555e49a6d78bc1cc6b4435991f1046f365be50c45567b24856dd1b1a14c8eaad5e8596d1d2918aaf5cd8642eded6637

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e95e86b872d688ff1f1cfe5596d82e6d

SHA1
7513e1d9306682aaa3e7e6274de3a1fb2eff0a26

SHA256
3f04e73aa4c10949f2bd7391b15e88d77b9b3d9f26ba5d9797fff2cdc99cb1ad

SHA512
9bc9ad643e8a4480e64504fc64533fe44d1812cf83bf49a9511093a9566e8ddbb3b79193a02079e3ceacbe20062adfaa898a4b885035687b703bf0cd5b0e43db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5869b95785797c72619ac42dc0b80357

SHA1
f9054b1fbce249854ed8a5bf6f6c117469421b05

SHA256
26cf570d5c09dab247429209c918a882738049ac3731adc9737467a3cf97afd3

SHA512
b578fdd4a1cce01b16104d05b50b656d2d08ea36fc0c9ba9d0a5358a99ada00128694d940f24b834c216100e01804fdce47b99f5552ec2716aa5141314e3c6be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ac287478f18bbc71bcce60adc409f04

SHA1
4d95d11087327a3e2494349f1b15c8a8a8ebeca2

SHA256
d832c305e18db74801b893cc69012fc1960f3230452321d2db04d7809f1db67d

SHA512
75c518b5b7c8dd20dc801f289fe7d6aac98a8fec41987efef162b0345d258a844ae1773c7c267bd9c55bbd044fba7f320360cf1040819cc620c133e1d50508e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a1e3e1eccf374ea7bc2caee86bcd3b8f

SHA1
5662794b15157e1296518725f2ad2b7772ac05f6

SHA256
f35f9953bd2849b3c00b8a78ba411595c656f2c5f1008f6b63af1b98c13adf77

SHA512
fb3c6846c2297b420c048d8c3e3d620ba09d28a875799b7f13acedfe5b01e3731d71c50b228053bd2c582fe3807aaf02016b792a6324b7c7340585044aee126d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1DE4.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit