5dd456462bbf5c721c831ab96ca137b49cacdb51c860d46ef6ad0ffea0eae889

Analysis

max time kernel
150s
max time network
152s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/03/2024, 05:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

cd3d6a8e8c8751da45ce3cef9fd0c177.html
Size

60KB
MD5

cd3d6a8e8c8751da45ce3cef9fd0c177
SHA1

abd09e2888d4a0d703ebd53f51050966a137fc0b
SHA256

5dd456462bbf5c721c831ab96ca137b49cacdb51c860d46ef6ad0ffea0eae889
SHA512

76286b6eb604c9249e3af6c27212ce68d41016f15bd188e62c59e23916d986a68b31b7470750e5852c9e2c5fa4cc3d64e943274224c7fa7361a1f839bf351d66
SSDEEP

1536:OmL45zcZNLcVOVZV2UTjDam4i+xWORbN2VZ2Vr32p2/27N2s2xPy272+F2+F2+2a:+o3mrZwZwr38OGNzUqSnFnFVe5JlLyeq

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416729110"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BD4655E1-E356-11EE-8F4C-4AADDC6219DF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2700	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2700	iexplore.exe
2700	iexplore.exe
2524	IEXPLORE.EXE
2524	IEXPLORE.EXE
2524	IEXPLORE.EXE
2524	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 2524	2700	iexplore.exe	28
PID 2700 wrote to memory of 2524	2700	iexplore.exe	28
PID 2700 wrote to memory of 2524	2700	iexplore.exe	28
PID 2700 wrote to memory of 2524	2700	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\cd3d6a8e8c8751da45ce3cef9fd0c177.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
1KB

MD5
d6d6dc1b5fa907601ed19ed2d0bba6e7

SHA1
ca4f6f6fdeaece1e82528c8d37f186da0ec8b19e

SHA256
2cfce700b5a56df3a8cb456e149f5af4e84735259aaac19e593a37e1f0ddd7bb

SHA512
3c2189ae16e7a7826b8e35e366220dfdf383f1c6392c0974f3ae35d7f3bcffdf8038bb09f3fdac1e632570dc11d5ed96388f0167042a53c189764aab3b4b5c8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
978B

MD5
a6a3fb7ffa6bc5f57aba3930765c166b

SHA1
f43f44ea7913be31868d4510391cbd976f0df2b8

SHA256
05c69eed738eaf5edfbebee4c65faf3f0efad7f576808f269e4869dafb4e66b5

SHA512
8d566e771f941f8f9306ad57daf6ca9321ab455b2aca8edc48193fabf98fc8d8de5c5240763611a745b04a0f308d75067ca1347a0e95cb390f13f94359dff5bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45bb26749bf380facfa85d411d95db7e

SHA1
150d50c05bd1ffc05530e21e5d1366218eef04e0

SHA256
72ed17df5d992d3ece8e981015ed44e20a03a63fb6aa15c4896ea412f5fba45e

SHA512
27ce4b095378ef5fa94a1c4fd7476e2715985b892329a750c45fc506c99cd1a8a642c83a8cc18cc94f43f7ced7577059b78195254fe251ef72ee31ad1a932b96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d803e44a8067040415decac012478280

SHA1
14705bc6884edde87ed5ba3e864fa4cfefd01475

SHA256
a9aa0cd5389613ea95499cba39379dbedcfaa1d6b6923aa0e686cde534cc513a

SHA512
888a41b48df8a206bbf8dedd474f6e99025289ef8921019a180ed752b14cffea5a52ea25ddab1aaaa78fd867b38da3fa74f80bb88cd9dab5ba7e019bcb1feee0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab2e6e64aefe543aab3847700cb09ac5

SHA1
1019bc78f6f7cb45d1d377909fbc6bd94bfb33f7

SHA256
72a43f5228caaf52257575df22d265fa83b8bebbb905af7f71aa65c5459aae7f

SHA512
5b3806996239c9bab11e3b77ca60f30ed576afb97d35028f5aedd0732c3fe4e830a33cb131ec20cb18452c44b6ee2e567220e4c45e8711eaee7fb22efe41a8d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb64f9fc1f5b0440c570a3e68d7ceff9

SHA1
17307e5357d30fae2358c1a8668e4ba4ab8346d3

SHA256
294cf68611456403ccd4db9c7b22a707f22261a7227644ebadc3d0c6fdeffb58

SHA512
c18e9dcd5f78571738b3a624d0552fbb433b252a596a6cb2c0ac0e6a8e9f437d575475814c9608f30aae4ed0d1680ac871d3d449c251845cf3f2ec0cead403bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e689b2228a4950557ea624af181acc45

SHA1
0270520365a8625f72d9a9122fa3aa6888119203

SHA256
950057d2887e13dbd3f55526f4e7a36aed9580ec3b283f4d69743dd5bee120e7

SHA512
5d0d81c4c3d9defb3d88413d8ab9ebe5f37e40d31a560a1b94839fbec531f77a37110914c84b64ae58c0f040c5dbd92b274823fa4580ae3b3ca3003e85679430

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
30f6c4e5d4ac8054a1fbb1e24579a620

SHA1
3fdf6fc46e6560108d567315931f6981b452efe0

SHA256
b6e7b3dab90e371e51f87ec30e0a4dfdaa01ace44c84b5fd4a14b68252957257

SHA512
184479065cd45833c56dca486c407c82eb90ae1a394805825b60f6482a352a512cae2f85e9ba7a4a73a03f20c593a03314440ca55c79386189f108eb8aaea49c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
43c61a215643a66a3e80b708580f72a9

SHA1
f9c15cd626f28fe0db8b1b7a5dd67fdfe136d60b

SHA256
518739badd221d88e2e8f712cd479b261e5556fe09238ab6303308f0f7222688

SHA512
f676f67bb3c9dab6229e84b58e971933d18c3c70e3acdabdc814903bb1b323d29b6bf297ce4a4d67071433ce573edb674a7fa463e1ac95f4b410d39e66857916

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5719dcd571fe610bfc1661f5599fe9af

SHA1
e7fbe1a5a5ea7261b6e1275440c0ad893002c329

SHA256
2b66bd0be5c7709503d3e66bfb3a009998eaf99fb204a3412179af182aec3e78

SHA512
f722b16545de0a1ece2bf373a19072c4233a21d744116e4497a1aa25c4652c0c1a7d1a8e3d1b5b5a1f7135f6e5cec2ab94332a0ab176bc4fd230665ff6ca7b46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b7a30e83918275163a0e167a9d66613

SHA1
a130fc83f1f6111962ae904e019e64880066b8b8

SHA256
dea86fcef35949625d41c667c06aa62fef74cab86bcb69e6576e75ad9158032a

SHA512
4a2d94138f7ba133745c4ddce54aaf6466f8e8bfb3f4bf4a14afc7dd81568547947b96d1832a7124f2c10721ae6aca715a43a08ae8d854c3ffc6b2a9c3e5b528

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
482B

MD5
67622363cb9d7ed3d33afa2504ac9d42

SHA1
4f1e9327c8fc7533ed97a67558ec0f2a48b67af4

SHA256
f8da285dc6dc49f0062a4be055c8e6f1edfd444dd50eefe676ac03692ef93701

SHA512
f332cdae95011aba48c34ed6e27addd9154e13a191e0780c76bb02b0be664d9458c3f7744409185f1528427d5386ec815dd777bd92eab41f2abeaf6ab2301977

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
482B

MD5
1afd16bd43f6b9049b839c4cd8230ed0

SHA1
908a37d8c0be16ba507357022d2741ad253508bb

SHA256
8b3e5f019bbeff933927b4d856969fcd27e5fad2873b37125f43a470b4eaae1e

SHA512
521e58fb3ff6e93934f6141198d85ea203afcbc1910e9c1d83e19753bafc9a49862432e210c35ea1807a5a30e034a6b0bb97477dabd7379a45162f530a421586

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
482B

MD5
f610a102c47d1ee28292cd70e750b8e0

SHA1
55c04f53a8d6ff5dfd3ef258b6efba4a55a311b9

SHA256
25c9205139d028eaf098940c416b8928c68b6b817b751ba4bd939596bb72f7f3

SHA512
c541d0ba15978a8c40b77fe8b3f38869a84dc81cb3e7906f7e2e90b5284ef41b79437424b830fd46ee497df19eae586395ec15cc1990f27895453477f041b30e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

Filesize
482B

MD5
fd947b22957cf7e3e51da735cf6d2777

SHA1
2115bbcbdc20e0540a33a5f224adb17f5a909c74

SHA256
b1fd48050184536b91bac7132531450465b3679af225216adb514d939b57e907

SHA512
bd7ad148968c84c134100ce5274c6fc062c2a06874ba6bbac2f8effff15eee011beafca8329c8ad02bea689393b25873c0f81eaf157bc92c884dd8b11f712385

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
480B

MD5
f1756339a3d098c3ff7d8008ed941f5a

SHA1
bbde816f124c1f1eb16b599d227746680ba080ac

SHA256
2c89be825ce5f03b238e6e7a47a39f418bddbf73ad92d9ce954ea90610320175

SHA512
f580a0a9bc94f3eec211e5a9a07caff0cecd821977f6f457c50c2b97aa54aa4609e070d2cb05f086e29c37e676ee8cfd3ccb4b61225496958c4eaceab67d46db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
480B

MD5
58f0ed4042f6784a289f0bc4ee877d36

SHA1
768878cb7847c4288679cb5ae41f10997d3de73f

SHA256
69e682099bb1122a180d4029133f07f5a8311d07c7bd89601539331066568bcc

SHA512
48d1384649b17497ac0b70247a7904415e5f6e39dcde2c2b1fbbedab836e5e4904acdb70000a6b3ebfc1ea8464858da1757b2fadc43afeb83f07cf83d69cd803

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
480B

MD5
7fb78a8b86ef8385fbb60973c89cfc36

SHA1
5b910e49ac5a218cad9c10601247dd16299eea0a

SHA256
ba4aab77fddc5a5e6ba342f2ae29453b4917a451cae53f734ac75bda1adec546

SHA512
794b40c5b7de053b95c6f65d657478d9a7736460dce58736475f74775cfb46a4ec5a0c2dfc1279456980cb27c15994cc34ba8befda1d9b14e8c6c6e61f430da7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
480B

MD5
c7928d015d8864a0fc81d0a36b64cc58

SHA1
80134318001d58a4b40018f577357ecdb330ab59

SHA256
7ece0c147bee6ac251cde2a33be955ad03e2441e419f3afac5cdd8fb4ddaf5e6

SHA512
11351e99c5e0d829fa839b8c44520fb4ce7a51d087cd086d0220e5b4dc30492a12e2dc60009276262f62513bdf5876c1ea9002facc2662f86626da6e9912887c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

Filesize
480B

MD5
0cc233cb6654b288041176c79c322e1e

SHA1
908c4f32c5486a8b9a87d1058741e30f8f1e27ca

SHA256
0ece3fe70505a2b158487e94f7409d91075177f346d8fec4f3c065cb0b5c422f

SHA512
de4e22f54f41316ad8d6c658828cdeab221cfbd80389ad29fa105c63ea5f7a29156aaef7ad29f8232b9d9079985f64da923a173cef9c2958da47a2dd9e3bed24

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7F6F.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7F91.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar826E.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit