ccd9b1f755d93a4c84538a0195c5a2807800843f48bee338ca66c6eb76104ca0

Analysis

max time kernel
118s
max time network
181s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 06:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c7e0ed8f3f6e8ded10db00a25838f2fe.html
Size

14KB
MD5

c7e0ed8f3f6e8ded10db00a25838f2fe
SHA1

cf3744779c753ccd49c3f9f66bc9e058dce5afa8
SHA256

ccd9b1f755d93a4c84538a0195c5a2807800843f48bee338ca66c6eb76104ca0
SHA512

cde1bd9c227fcca24d770e886981a4eecf156891010641af5a296ed40925062fd449a991fceb1eef1bd36a8b9798111ce6a2821622fb6a2bd0079ae2e430de08
SSDEEP

192:+yEioELD/ZmXg8oWllefMJkZQ3wf1vhmlKt6DvE:aioWD/ZmXg8SZQOmlXrE

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0d11737d675da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ffebb09deeb747419e902f1accea58f700000000020000000000106600000001000020000000662a612c56063a1a04d28a15a819bc9fcfd32b89478c0352cb71c3169e1c6a09000000000e8000000002000020000000712fbd58aa33dcfbee7d9eb030f001238695e26702a4569e1dc9a26a7049dff220000000b4ed133e0f3de296229a94f92bb2e6f81ce5bcd69daeb60497d9af044e16ec9f400000001866bebb1b71555729ed8b11bf5a846e17c1cdb1bf21923ebddaa23f813e2ff42ce2904c547f5e24ebdfa6c80615026f1db7f971174f6575b79d271ffe459b22	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{62110A01-E1C9-11EE-B66C-EA483E0BCDAF} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ffebb09deeb747419e902f1accea58f700000000020000000000106600000001000020000000429277401f4014c43e7bd72e34a4e5f192251cf4adc91b15b329eb2362083c55000000000e8000000002000020000000fc0cca6eb4fd250b0adb3abf46d039c079965930dff347e573b1eae4f988c8ad90000000104487bf174c81a5b4cc7643983dbd5ff2fc558d9688419aa1b27c8337666279b7cb995b95a254116ac8f11a87256686cf8363a564235ed7af94d5513c6b90a5c13d3d2590d7aa08064d33a4e1616353912c79c8ff9b6cd2dcea87e8a9c513384068ddbb129f789ce9b1c326556cc4670579f56b7cad686f0e141b314ab7b1b39b36e8f7d7e84bc75f89a17fbc77a2734000000043948feaad0de894fc27b345559eae5b19f9937b3ff47f2c870e125ec6db16942544cf34a8318a683100d013f1404ef51b2e065b15453cf4ff4d4d0e657eb56e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416558429"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2540	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2540	iexplore.exe
2540	iexplore.exe
2416	IEXPLORE.EXE
2416	IEXPLORE.EXE
2416	IEXPLORE.EXE
2416	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 2416	2540	iexplore.exe	30
PID 2540 wrote to memory of 2416	2540	iexplore.exe	30
PID 2540 wrote to memory of 2416	2540	iexplore.exe	30
PID 2540 wrote to memory of 2416	2540	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c7e0ed8f3f6e8ded10db00a25838f2fe.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2540 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
3919df043d9ac60bb0aa0cc49bc50691

SHA1
c71295b5bdceedd409a746d321aefce73f00a94c

SHA256
28d8737777abe5902d896e221b8ef7bf186c73ab6c0babafa6efcd96811ca002

SHA512
eec474e888c67b51ab86088d7ed697f397a63c7e52dbe40f17d0a701dacffc352c0468ca73a400d2bc6c13e2cb4253d666e3972fa155428c14574292c4e8b831

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b02d2e0321e0e87291102c1ecd239df9

SHA1
2a4a2a94bd52662b588b95e462080529cd037752

SHA256
847dbf8076d62daaf974616c5b5b892d9e2d68dcefee135841b4f900ccde6284

SHA512
5342a176ceca6adc218cc6f6c765fbafe0c040afdff8a21779029901b4976908c2d23e6c8208129bcafff1d883c5606f5e3431912179d048693415366a51a233

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
6cd0817b02e2981a1334480077bd0505

SHA1
d337274cb6a1e0f5b6188409e5235859b44ba5d6

SHA256
ddfb1a44f30a968b1f5c0e729f4da0804cfe383683e541e19f65dfdfc5862514

SHA512
971f70d26c9a208573c2549726c1b3c12a138858aa4208a800fe26c0b5b6447f43ad523026daea933a94fdd9b08345a0860e8dca645385ed9e83820e410e9d49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
940aaa4789a7b83c51f3dca2d1f925b1

SHA1
6fee3f2ea2eea1cc88ce2ac8001c60b9d1e8879b

SHA256
3fd2f82fac74cd22156f4c7c98b6c962c2a53f5c42c6128979b0a57c6eb02992

SHA512
9b99c5f8b600c70f4ed1d679a03507f37a0c90e4bfc2c91f86a4b02e3c90ef9aeeaee439e17fec1281d5d0d88973bfed71bd4fefdad0663183573bc8f62498cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
216035593a618ff008ce0bead9ce0639

SHA1
ecaaf56217e90682352e71df9ec803429c782798

SHA256
ffb1b6f799783939ea6b1b70f8255977bf14f32ee3a2a0941c7c5d706bf74def

SHA512
23c52cb0f8fa6087ba0c588fd6a9d43ccfb04ead0859a18fef35ee78dccce20f046c93cacd4bac446ba8ff3dc86f10a4ae9009f67f6fb707dd031c7dedc48fa8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c33cc258aaca6616952c502c2057512d

SHA1
1c7cc54e121d1876b154c4969cc73c4b97caefc7

SHA256
f64d9646a0dd5103217952ae204857b4a4d2a291ff3404c150bccbd452090dd4

SHA512
cc110dfd1cb3361a6d5fc7fe4fcc3a36e92da3800d4864308e34325d8691a6ec9541aa213721f0e4b6ec313545e73cc419e7501328dc906078ed4789708dae22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
6f68da961ef29d59dad9feadebb8d03d

SHA1
599e291199889201e4034a086ef5de809286a89a

SHA256
191b934ccce3b33a8e8a83b47b00d09913cd990c6457f3636aabf120e9082f40

SHA512
fc3ee99741423a0ae4194239600b26efd69fdd6c2f2c1c90b3912da06fa4e90e63c66002194553332e37c04105eeac510953c38b954a81aa1db19c004cc31f46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
556a7af7b4fd70cbfaff929b206673c9

SHA1
784ff5ac5dfd8fc7ef9ba54d36a2f09e76385ce5

SHA256
ff442a602fc9768bfa05fc10ef7d7795c141ff2b1c565fbb600139835a16ab1f

SHA512
8934cf8c41414f4ac6df57d878e04056a55f63927d3601690b2945918e2ee797ff5f268b464370727ac9ba3219fea3ccf83f78968aef725fa3f918e0257e35d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
8e288f3bffce89d17deb2171df0abc0c

SHA1
aa7eabea9a7f4eb9fec815629340a3344c999304

SHA256
b9b0aa3cf635d744e4af114e57e332ee1d3bba0d8764ebc892eba6f353733f57

SHA512
e8d9235c5fa6b776b100e9d7827bc2e88b8aca456686129d7eb50d370ebe589c5649bb464c8f0784faa36426cff05ec40c9c3fdccafdd84278ddfc9191732503

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
7cc6f285d052cbb5561fee2a87b262d0

SHA1
d1afb1e7badc68487ac4e31870dff19e5fb54b44

SHA256
9278954583621befd1eab37a83a613e67ac7c8c321f901b387be40f30949c3fb

SHA512
996a4eedbcdeca34174aa59a3165423608e5666f19c1d543fd73e723ed320aa500499db39f5a001549db4c5d7f27e9b7ee1269c3da2de411090039ff319fb512

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
cc9f70dc436cf3541e2cc79ce6fb74e8

SHA1
b5a28b95baef91f41464a5ed9a89e563f93817d9

SHA256
135b97b50ede9c919854f6e7203f2919b33710c7829a3ed5bdc0ef04de75405c

SHA512
a14fe261a1a6775bd0de3519699b774f2a8ef6cdddcefa7180deaa0ae46343d7ad77e05de4fe9fcf7ac17b17001f73e180c0f835a2c035a372284e5bd64fd062

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
85b314ebd98d2133bab7b2fe4cb13fbf

SHA1
f3853f51e368cc8dbe43b92328f33e245eac7b20

SHA256
4fb945530f4224dfe6e69d29b0d81bd3f824597a47fc9e713226593180174a14

SHA512
cee72a5d6596163228b4913851e468ce46d5eca43cb0715d815689a52cc7aec94205fc1098d5054ada3ac426cdb6ea74ea97a5cecedd0ee230487e968c8d421a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
9af1891b6425b787a6a10b19dcad8254

SHA1
fcaa3b9e46df0bd9c736cc475ecec66d86056287

SHA256
1e42edef0ffd7662a825e162c9230f6b28cb005ba80ad074421ed1f952296925

SHA512
ca47b83fb9936b6ae682f4f251f51c153d3a81029e711f03cd65e758c121c52440a9a183e7100bd9e39428e85e36a9e21b3a36a5b0de59c029308fa217afc049

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
01794f000b762fabb50001499dbbb652

SHA1
5639c29ee915a967b1982eeb447cc2155de10647

SHA256
68433d59277f653b08dc54b6abf7a0b7fd01789bfe0193f0b8dbbbb3e91c75bb

SHA512
7fab90637b30bf04eea15d263098431fec0c175fa84fe5f7bdf1db47cc0af4f7b23b73792312179f8c4531073195786d1290c36496db6ab6c0af832f1126d541

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
7d612269c7650b0015b06a888bf0c590

SHA1
685c064b7ada642206c63b07e2765c88498e0208

SHA256
54791b2af7befaa89894432f0ec4709c08dab0f9b3f3a6fa1f6a7be1e97efceb

SHA512
45e4416d5cf37d8b218b482df470508321ac181874887a35bbb331df84bb45748f49cce24fce77adf649222310c8523b60e5424649835c280fc89cda9ebb0986

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f6f6aa6f5f51b7ddb2a86e1740415b01

SHA1
33284297a74dbda1a55d2b611e392ee4b107d9ce

SHA256
a208436ff8dcc4a3b84248171a3138b696a0a170c2d517a9a485878cc7c9b44d

SHA512
8a264b7e3fce85953728a9d232798c7334427275375e97f241888a1fac4b68e8ae239c03e77d342c3cb4b32192aaa1c9c9a39d2e46eecaec78e4033e45ac189d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2A1.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar613.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit