fc380071ddbf9fc9105ca72e96368c12e107848a99a04c47ac478ffb79c8886b

Analysis

max time kernel
134s
max time network
129s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 00:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca0e6fedaad46fb8fd1ad04ff81aeef8.html
Size

179KB
MD5

ca0e6fedaad46fb8fd1ad04ff81aeef8
SHA1

aed76b3bdc55d6ef3d7f6c5788b8263fa2223040
SHA256

fc380071ddbf9fc9105ca72e96368c12e107848a99a04c47ac478ffb79c8886b
SHA512

8652db3b58cb2055da8e516b922e9e69f7450492e715dc4a66bf16b4615765e3cd37006abf93cdb065fd53338d0ad88c4a05c5e30010dbf9cbf6a46d2ae6be1d
SSDEEP

1536:/fjGs7ePJKpBaoAQSb9gWVQ4MDY8RRTRf/qXIewIoAK9gr2q8hs3qtwm:XjGs7eApBao3Sb9gWVQ4MDY8IwJMqtwm

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc23300000000020000000000106600000001000020000000cedc2be2ad15c8db2a317c338b72d15d00bb3b020a456fce16a83b697b6a3e2d000000000e8000000002000020000000a863603397ec77eb0a450a6f53023a9cc63fbf0ac9e928b7ddb4b0919988db8d9000000066d0a6fa48d9337746605c2f56419c1977b1abb4d66f5f145a7e3b56e4fc4d69b249745d01eb8ae88c3dfc3015b467f971b91c0717d859e12f49d206205c692406848861c0d355a09311c3cc6ff61c16804c1d1d6b454415e3739a4f2682eeed55b16f00c03edddfedc9a65e897343f06461169211503c90cb119aa29f0ca31f84e7e000f99d16fd5e3abf5b94e9cf16400000009f4a1b3e6c8d6c57b0bd96ec8ef61c76dbc09ca5a7ae4604ea3576b7307743f7130dbf258185c9694bef8dc9a750b43b8f40c3532a39d6b044a1ad565bbee5b2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6D9B69A1-E265-11EE-B73D-E693E3B3207D} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90740c437276da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416625443"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc233000000000200000000001066000000010000200000008a704dbdfc0a8397ede7368b0f65fe0d6fba8ee3b71cfa519be6b6ea45fb8ecd000000000e80000000020000200000000e9b47cd6148ddb72b393829af829eba6e8e488c7a5869773baa1874a2a3b57c200000004e9524180bb2d9bda82bc8bb15bf7e0db81b22f0bd4020e7156f211807bfb68340000000204535eb38cedc1491ca6298b6c04fe196ffd8dbcacc2fe4eabd1b4a6ebe2ffc9f6a4de2adc77a548134016a7c2df5154069c8e16c9d367f7407332702416908	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2496	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2496	iexplore.exe
2496	iexplore.exe
2120	IEXPLORE.EXE
2120	IEXPLORE.EXE
2120	IEXPLORE.EXE
2120	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 2120	2496	iexplore.exe	28
PID 2496 wrote to memory of 2120	2496	iexplore.exe	28
PID 2496 wrote to memory of 2120	2496	iexplore.exe	28
PID 2496 wrote to memory of 2120	2496	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ca0e6fedaad46fb8fd1ad04ff81aeef8.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2496 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab13a03782ca813710ab75f99e0be1c8

SHA1
88d4be41442db458878609162a6bb1380e57de9c

SHA256
ba1bb1387213c5552fad41835cb968a7888585a75f8bc662928518dfe37f5a97

SHA512
70e0c6661a075a639e6e33c3809f4b94f108ffd44115c6f65a5856c9852aee0feb0190e7a5d3756225a7cb4ec12efd18d4a9a5dea5a9ab727e7d4f05104e41e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ae63a1ffca133ae90faaee43f0d6e38

SHA1
eed28e694e5831f0deb03504583bdc40215ebba7

SHA256
c1397a0f5e1f0a9a09bc8fe9cad793138056c74248565ab8ccde282d1c8262b3

SHA512
649131607309ad748862465d1c3a6d63eaa3d58a8cfa40ac2d54244c1b300a3e4eaf439e405cbceabff6e0ffe0e0633090fc68aa6b5ac3a23bf613efe96afc8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef5edbda7c94c7a04b575629f765982a

SHA1
eef7389b37bd50070cf887e2c360a83953bcaac9

SHA256
6694489969bac09feaabeffbc078023e1c631746635ba905c5982aff96c650f8

SHA512
82d6b9ec342f99e73330402d7c2a8dc6ab47841fc8dc6e10fbe66d01671729c4862e7f8269ecf3194a73554199fafb672c28509881d9f1b8945de1a06e286945

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6780ebed98803d9b03ed2f0cec72f398

SHA1
5866619d027bf88a63c86afc02c4f83486a6a738

SHA256
a6b4a44401e0e74c2236789c9d357ebfda9692bf25f66132f18989b743e0494c

SHA512
0c9cbdac869a23c8da415443373985de41b11f3bed7adc465b81d925eb89ea4061a64fbf7416081d589310827e16b4e08cb26bd7ea44328b7b31081569ce0025

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62e2203485d4871379ee346061d81213

SHA1
2a8d7386475b0a03ae3799931989ba86e0b5dc0d

SHA256
0dbf916069d0b65c9c8c71ec22417ac2e0f31881e0a7ee1a2d6cac0515a94982

SHA512
20ca573e65e5ea1eb82343d51808af3eee4357d07cfe4e14948ed455a3234e800c3d55bcb5a1b52b105a06dfe727435704ac69fe3a3504bad7272aa48a936356

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e12651e895b33e29388c5b4826f6ef4f

SHA1
8a2b770925df960aa55d76b22e933b2a5de21941

SHA256
b39996733b505f78688b22b2cbeaf586b998adf48fe875d6da29d713f7794f00

SHA512
b326df929b1bf317503eae0d472f4002f77a29ad681be66a65c3e7eb3f454c4417ef33b048fa7fd1848a660cf2eabf2dc740652bee589a383e78dfb6b9dafd5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b8cd0240a2feb5de679b5507d930ca70

SHA1
bdfe1d3e966746ef5290b9adc4422c55d7263a45

SHA256
b1f649eae4c2cb33ff22d4934b7dc795ab48092f62c39e09ea80cc7870ec001a

SHA512
93d45cda90f6840d44be9d2a5fb362ce6d38794c4b84166e8c15cdcdbea21c2244a018f358df70972e4c16b7ba004a239c1254e8a6a24b932e9ef0b85cd8a7ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
801b3b5c6baeeec080b5bbe6e6c7c400

SHA1
936a7ff469e6aa9084cf7f475b8130c3b50720c7

SHA256
7acd9c1086671f66fa23b54387f4595a9f88203823b6497e34592f58b88b607a

SHA512
aec53d00fb6001707abf180393f67453a40ca6a6524aa962c8c51b017beef37517825cefdfbd87264773e52eb5f444d0f8057ba8c4e26590dd969812b012d743

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae8eee3ef2254461da8fc8b52bbe3860

SHA1
8a6dba1f9f35522c8e3840fd0b976db5296a3566

SHA256
54badf1bd9252a6851eb68752652182232397e72bbe2a1698278910b69db30a8

SHA512
ee7207d465e6c26624b39838248fda2aad8edbf6d76ac4317582f3e258c4acc25c68a9ce7d339735922da5724c53506925bc88f3f2f2fda989014ccefd3588df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ae14b2f066a76969af45d8dbdada612

SHA1
66435748402894411fb90e302b43957c8d3fda46

SHA256
f4b67fc7c70166c84ecddffb869524df90f23cdf1faab10b7bc52f5110e1898e

SHA512
965020a76929aec0b4d86d282229d8ace52be29bf148c1d1f81b30f08185449766203309b1af1568b18d179f568c8c4dc83fe93d42ac621fab65749018f59bdd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
412e8cfe5fa14c1003a3af344eec25bb

SHA1
185d99e49947b3d5c759075f988c102f2680463e

SHA256
eeb093b56a84b290e78598da93e5dabe05646f887f9b1c45011c5098de8a8b0f

SHA512
3c168d8dc7fb25a2b902d8451b7880fd39634c8fac914da32b0cac95c8c572b69ca9215b77e554f066e64211a5a5a1ee3f9fdf456ab4af9d3c9a5007b25ce051

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
285e3de663eef3e7926ee11b8612e11a

SHA1
4095ece6ebad17989d5a7b561c501a4b87bf30d1

SHA256
2b3c6057d01e80ef7c4e1f3a973083d8012eff3438e0f51eff7c482d1ac22aa9

SHA512
f62edc723b6818e586d2565bbf97032b9a954715481246d68b828efd93d27ccbc23b87ae241175babe4ae6633c48baf8929c926d625e63a8ff3c93f729cd87f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2A3F.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2A3E.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2D04.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit