e5d868260cf2f15c645da0391ab9e4c891fc957d6a0c84aaf0bf8b1ac8ed4a11

Analysis

max time kernel
145s
max time network
146s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
16/03/2024, 09:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cdad82566c0a6b9952e45603f94860a5.html
Size

13KB
MD5

cdad82566c0a6b9952e45603f94860a5
SHA1

277617724c6293118454b01bdfc3b1a8718bfdd6
SHA256

e5d868260cf2f15c645da0391ab9e4c891fc957d6a0c84aaf0bf8b1ac8ed4a11
SHA512

d96d21019c45f629b16032888047cbe39487949a620b1fd6446ec995df28055106f69f1bc13a33137c345514f1b5e9cc8b2e7615200d1ef4199571dbf6fd9f36
SSDEEP

192:cccl7vFZ7vf2+hhpAdKXll3kVfDlQDXhIWKhIRcGs7T5:cXfHzhhGu8VfDlQDEmRi9

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc2330000000002000000000010660000000100002000000090384122e37a8487ca4d451614d034d8d4d27b7480b51b1091b49ac5697e411d000000000e800000000200002000000017c83d1a581ca523d39a3659cca4b9eeaf6c69a87c5f7803d277d694fae74e9320000000fe1f37452df72b045653bcc90a4b6782aaf11cbf3d70a75fa1b422641501ae1d40000000644ee7f7182b73cd096a2cf701e906526af3296c016aeceaec5f05e84579e8b998900997171ad9cdbd5932f342844fa476a7a27dc2b050e7c7aaa19356a918eb	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2CE1BE71-E376-11EE-A5A7-5A32F786089A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc233000000000200000000001066000000010000200000001829e29c0b48b162db7020f3e59cf2e2a04772f220bbcc4c59f68e6f993e0fe0000000000e8000000002000020000000f7875ac95ddd9b802be378608ed0cd6267d709e8a2ae37347ab76647b6dd3546900000005bfab6c365a389d8c6a71bbb38647bf325f4875884c91a88bb42bbac888776fb544820a33315b7a6aa09e5acfa1c44913bd3ef168e311ae5630fba87f321ea2f0939fc13102e7b17ad0b1b24895e317f75170b8b4bc21257ad0d6f88df38ecdfe53fb10c644d26d00b2fb510102cc8185d3df8facd7ff9fa3abf2212d155fc72a22435dc7632bfb399504e9f619ecd6d40000000087d69ec6e1ce6d13588f4549714adf43673f0e822b01f1157d4e4fbad84b93c2d40b195105887ba01da86e8d0fa20d2bc50002c47de3be7cfc637f45dbc8462	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416742588"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 108267028377da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2672	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2672	iexplore.exe
2672	iexplore.exe
2848	IEXPLORE.EXE
2848	IEXPLORE.EXE
2848	IEXPLORE.EXE
2848	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2848	2672	iexplore.exe	28
PID 2672 wrote to memory of 2848	2672	iexplore.exe	28
PID 2672 wrote to memory of 2848	2672	iexplore.exe	28
PID 2672 wrote to memory of 2848	2672	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\cdad82566c0a6b9952e45603f94860a5.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2672 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75ea49214ce213d4b07ffaabc8360e83

SHA1
a0cebd6475b587e4ec324b26dd7beece5988854a

SHA256
7ce5d1a9d75858ce3b4a826e9ad89ef950ae3cd9936e0ea4ea238b55a614d726

SHA512
c78450343ff3aaee26831d135ff0c4bb0b7e255bb4103df7f8463c2fcb2df546bfb75a8c57935747f17c58c8bb6d6edaddc7cc11851ae98ca73ab8354a58424d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62bd2b5fd6ad790ba88a49226e4dfbc6

SHA1
0dacd2d73d7f495a212705f60efdd5b2aa674abc

SHA256
58b1e3facc64976ca086a5180ed4af32bec435512bc7e7bebfe5c5676d761a96

SHA512
7503757ce194795170dd0b67214e50ca4f9cacdba1714a318ee1d342838e95c0303b63f532ce16da25a7dfa9787c9ccf39d234c0e6c6585c353f0afcfde1c32c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d79fe20e5327ad2f981df803c9c3d2ab

SHA1
8d4b1a94275f3ee29b5f2d0c294be5b322adf67e

SHA256
914c86c468b7b4ebf7d74a8255f880d0ab3e9f73b4c58a35e1856a9659c67261

SHA512
d167d8d7f9546cfae8787a9734deb0522f295765a2eb1f27e27dc34b031af05281b380c29a7fd669acda6671bb5b3f33353ccdaf7f7dc135a6f31ace27fd22da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
572d6c703d8d29e03da89aef10613321

SHA1
f5bc18c278304b788a4c127dc598c93f22023342

SHA256
dfb7f369bd646c5c6c8b9877616e94a95bea25bd3a2c996c15b58de1868dd02a

SHA512
8aab26a823b127ec0715e5ad207f9167d2120301ca2843542a78989803effd883419574260b1f0362bfde8257e5b3e409b644ef2c7dd32ef5c98b31cf03ec89c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96e73b1704b9e58359a0d64213f7b8b5

SHA1
a9b16b62be86b0ed2b1b248e2a71a27183087910

SHA256
b25e83f203da38b803ea82e5bda29b5cb89c7d8a4e6f91b7c763de7afd35c3da

SHA512
8b57af3132803d421964d06aabb41f25a198c8fee59873622432fd151c2a65a0b76f60752ed95a354d6563cb299a66471c7f375dfd20b3c4395297c6cbd35a71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4011fd468808ffdd7b7585f597147daa

SHA1
e03f08081fe1ce325af4d4d7f7d5cff00f43bcab

SHA256
88fd92d63820bbbf7bda4ad459bc1269bc0f4b7ff2e3f71fc380b554cda2a7b5

SHA512
1a1875e503f1e00c2fd51ec26af068c1fa8260bdb8f555a4f8fcd1c62f990d19e8579713753cd799ce6ca01f2e982cd8c43a3af6deb208b4b440d4cb61491221

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8a44a6e3f6dd2ddea17fbf935e4187b8

SHA1
f327816cc4bb1b634224747c90c65cf29e083495

SHA256
73e15b65fd756c4bec44bdf71304cf455f1df3180bf404890a94556b729fe943

SHA512
746c480d6feafe6701c9ba922338f9f41b47fee6425ff69e83b1c377c093967a528f55e9a6bf4e1c48f29733e8b92cbbdeda0c83f46b2222e664090f6a4c6ce1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6f7a2525947499fb754450e7fce586a

SHA1
58a89b5e41cbdf16af3250896498e992e6f07be7

SHA256
235d79b7732b18800613d77dd6decf60264c0258ec23203df7dcffed38fe773a

SHA512
871c8f5fe4483db665a1fc99873f19e40f8261c0e39d1aedc6c852732b27370b28ec5f5803bdad663b6bd4dbd9b28f1059ddd205b61b22557c409322cf080d20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be6ec3336f3fa940dbc2f32d1950837a

SHA1
21366e6d1b03502fd276774b8d6cc8edb7c72e18

SHA256
609ec30e7a16e16f552af8384fd299cffb327ae90d11903b274e59463582d0d1

SHA512
b2c19cae1686b3f223e238429f19bd8990bf91881b57edee6ed6d19b6ce13e7d407722e4af835b0097f1bb0494d634b9ccb3745cf1886ec2a81458ad74147574

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96b13bb70f0c86cb536f3590c645fc21

SHA1
7c530f8d0cc83c30996f62d331a638e1d9d10368

SHA256
98d1db968b0cfbbe24ac337444b2761fd4f04ebf3dc139fff5c0c9ee9bd96b4e

SHA512
c25b44f7e0bf08d4a0d77664d2fce83fc1fe2923bac52f16501da7fd30b71e6f88d9a55fc3e0c890974d5e3ea534fdb8a41fbb705d4cf8b9b1a67cca2dc9618f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fe274f37e9a6bed1f635bc2b1bded541

SHA1
e352a941bf908d9244e8142f5f3d02d7fdfd0709

SHA256
0349f3e221d32200842ec9f398745eacf8c8050984b35e0c0f1b8ddedc314598

SHA512
7978a81a28873f868f26ca47a036ca3d973dd516e95ffa00472a0828b5420802535021e260890b1d5fa985e14ddce21e823429b33f342eed7cc89a8390efe207

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
49fcdacdcabffb0c7cb2d68c6b630eee

SHA1
b579e0fc14a19c954e40ec8cdd68899ab77ec0cf

SHA256
e9de5a6a5775e01290dd780d0b818aa41ca21a997cc420283e3c3b89213600ea

SHA512
fe51eec361907617e5f28190f005b151b2515f78b8743ce452b75fc1cf9fd50f194fea07676e19d5c67f3cac779d10568a47b3b0d7891f1ee76762c4554c2ccb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
79d5094399bdf60822949f786e519fcb

SHA1
17a9e9c90409bc17b84e847f1280b0fa68e3c8a7

SHA256
072efd56ec548c291b4d9ad4bed48e9904edcd46d76887d6ac80b609c20dba6b

SHA512
10e935aaf2983b1aae6eed0f21cd4de113d2324e7002944e78fbe83ddedc3102f9de12e7d2aa9a2a0a66fe71d894d34c6311d8ad618b01b0057a398f412ba008

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8b5dac75442c0ad70b7aba179fe54f60

SHA1
a1d0290ddb65316fb6ce00ebf8aa465fec03e7b8

SHA256
52b8d5e504fcb010201dac35b905e018d5817de01ca0cdf5d1ad4d1337c5fdd5

SHA512
f25858eaa4b605f636532f30ca362fc223995029801c74be76593bfb1eaffd8e6389852a1e85ba42975d428e15b6725914a814558e2810c415f86904746c4957

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
00047e30da1696c34198ed19554d46d6

SHA1
afa0885ae53ea8fbddbe4d9d2e7f666c462c26b2

SHA256
bc313d333406ba36b727ca75c71a905839c000aa88be604e874020c4d7789cbb

SHA512
bd0e2c1359d99e7b59c3bbfbda0fc3212439f8366db08a61350ebc980303a9d7c04220c8774009e79d9e5955fbdb11d26f5842960ffd971f57ec113dbf8aa8b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3877745edc32907b410ebd28cf74076d

SHA1
96c856c8c68cc9b7ab769efb440dbc0a792ff0ad

SHA256
e466006fc80f7cfe98b7c0cf554ccea8cd570f55d588965a2329f01709e6ad4e

SHA512
9c8f7578f554e5ebcbfc5717f4566e161566874f24c2971febef0f3928e196d670224d2512d950137862fb24fc8b2586533154a06e7af3101c9cade71d76bb4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2D77.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2E94.tmp

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2EA9.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit