126fadf7c7ae9ed8762af791340fbbfbc2ab1dfd67c9a4abde14fdedac28f7ee

Analysis

max time kernel
118s
max time network
134s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18-03-2024 14:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

background.html
Size

102B
MD5

217a46404343dbe25a34dd731d741b97
SHA1

48219413b2fafe169a052969d30a2eed43d9891a
SHA256

0247278570472603063097649aab0eef51160de0d3a02c101151e57ce39c39ad
SHA512

2ad67a5ca2ea0ee92ddd6a0f77b381170393b1cae091c1beb2a2b0f046d84fea2fe6edd4612fa260885a1cdfb0975e70d40161a9aa1e7036552e19a2f6fc35ab

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{627FD9A1-E537-11EE-87C3-6E6327E9C5D7} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e00000000020000000000106600000001000020000000e4df28ab75357e5267b31c0ec93a38c5d557f0aa65dcc2b74e8b85de60e6ff55000000000e80000000020000200000008ece7585163f22a5a1635ecc7307af3e693c6f7f143625589343e4b32d71d93c20000000283f5e018a3a1644b85ebe4ff6afa40e86a0660c721c9a68d25d22b4b3dd184140000000f1d9cce71b02c5dce5a1932d361399d1fe8746cb5b0f7fc14fa7e21f668120b2dc0eef0383492e2f34563c4f6aca39d2cc4bf3e9bd65c8de7ccd9a161b9da98d	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d050ff364479da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416935526"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e000000000200000000001066000000010000200000001ccda98f0c864e5e86a12c04a65d5bb6a34e1f10f71e4adf7b9c28a8add65205000000000e80000000020000200000004583707c0805d8b09fcc7af7fd36db1ec5bbb89582f218cb06483238775b172890000000bb74cbd740f82344f971455de50bccf3ccd54ab1d372974ed67e95a88acc89c9e6f2b4bb399d0269d6971c2119eb10ec4c1882692e0f37c29f172aafa20240903aa8171076929c49111bc74704b1b1daf409630d849e23e84c8d1d17b4eed6de4aeb0d2150adb3f4ffb32b2588dc321914712ef11fa6f9e72d1ee32f0c84ce45e0e62aafd40ece792104808dba4f263240000000e963106d151e777a2199b86d41b65aeb4d2fedeaf0ce4ab92c6b830d584ad98dd344b5a2880e533b17216e1f2e0c0466a4c51dd240b9d598c8cb0a5f72bef85f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1032	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1032	iexplore.exe
1032	iexplore.exe
1028	IEXPLORE.EXE
1028	IEXPLORE.EXE
1028	IEXPLORE.EXE
1028	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1032 wrote to memory of 1028	1032	iexplore.exe	28
PID 1032 wrote to memory of 1028	1032	iexplore.exe	28
PID 1032 wrote to memory of 1028	1032	iexplore.exe	28
PID 1032 wrote to memory of 1028	1032	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\background.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1032
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1032 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3ff5cc755fc7c5354f59a38207ab893

SHA1
f6a22a1b1d16a5d4e53450a825852f4a305aa6dd

SHA256
c1e4e5d4d6ca90593582081b3c34d3ec9704877fa8cc42e886d792d1e970791f

SHA512
88ef333f67494fc569aba1b6cabefc92f797be6a2e1d351b85dda540a8da5c7d1d3f2c0c749ad295e8b72137ef0c0ce45b038b5d7a489a10269a5e33b4fb4f86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
efd65f44988be7e9e8122ad698be52dc

SHA1
2d7a9a69a6de15b41532baed217bb4257eceaf7c

SHA256
532cf7d9231cfb82701f90b3afb31504bbf35ffc55f7f575201515083f40342b

SHA512
ec7fa778596e16ad16da9b9d58b82bcd5f00862b57027ffa759c0db7dd27bef69d425da7b4c8520aa1520620031ceda23db7318c926c2d4f1ea0e99acc3545d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
556195e72a95a4f6e69ccf8ec3552769

SHA1
7abd8371c67d26f069c08e14444a14defca22e5f

SHA256
9d65c7b1b5b66c321c2be042fc34485fc98d22453bb5f23ec5f6cb03b0bc503c

SHA512
0f80741e422a09b4b95dc0b1feee10ed6e199b4f8fd78d131a2640e4ecfff2060e4f74d7d434b6e924a3b8b26b5742642e5d25e608b07e01d30358cc8008bee3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f073d624b4fbabea2a70066b91f93ebd

SHA1
bca33068c4be57144c7963109cc8ed479835c0a8

SHA256
d6f571ece0c3f5a8cde8735eecd7175a270567bdee2cee75f6d42444f6ef5c96

SHA512
c9583b107ee055cb11da4e4638dad53e49324e84ee0019a4ae683eeac579a86f5856d9b2a734f93efad9c288cce65a6e03446964adcd272cfa8475a59490f5ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
070a1f03ac15165f61345e2028805000

SHA1
a02b4bec901af7f29e4c11918199ae7814cdf689

SHA256
31da6a6f251ede8ff40ce69b750591c59d513145df380a39e2f65cccd40c30aa

SHA512
b9e1d3ea311be82b2757213ef00178c73fe8870f0d2906ea15167d8109ee94c1d8ccc6a4a5f3883b7b8928c9018e8a4bdddbfe3621e1e276a39db059298cbb28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fdbec146a46b981d6b705af7f6456314

SHA1
70fba4bc64a77d9ae1e78670e2c4695bdc807ad2

SHA256
3107ac034d6a7bbecc8f162e6a9549e41a5b0dea1e554bf23a52e62805a2c73d

SHA512
aa61a5435c20e62232860adbf03b8592eb4c013b7e77a64d83c5724810bdf2d424a93ce7b9c2f733313e72dd292d0e53431a8761942df09b3579a5038bec9864

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d495b4b1290b4c85c9f3257dc25775ee

SHA1
1dd9015ce1f3e238ffe693a6c522bcef8b6acb0b

SHA256
c129694cbf20a68668057e921c8b8e4ea21c6bbf92ff1d116e8f48ca58300e95

SHA512
a49f4f459262e8ba703fd6484d57fbb742028184e31dffae593b314ecf56ff0e3e92e12483536875195becfec33d09f21466b69162633cf1495d6a22333c4b72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
96b72070eee889d626b2d1e48d035fda

SHA1
6020ea0211a64394226b44c51cc09a46db16cc75

SHA256
8989a426fa94f6ed5ef9190de6e958da0135a611e5a42906c236280f62daf32b

SHA512
aa720c414d2991fbc9b37a456e49ceeb32c2812c9a77a0499f279c91f9e10e207f48872b2d888a58a6b0d1a0f9385bd560ceb620f79dc1f3eede7197cbc5e529

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
63ac3ab5af482c333025bd6b78877aa4

SHA1
aba9ecf62b01dccd2d0c1737c3003983f0442f9f

SHA256
05c96c5534b62389acf9ecf08be8f4b08d6e13ee5454faceef50f36c312ed882

SHA512
2b6722631f4cfb42aead19440919804e3f49cecf45e1b38b9f9531eb106bebd267158ed2dd6c366101cfed6a13eec678ce0afd87847dd81a740933a4621a0692

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
580d3cf4af57fbbb3efd6dd62b7811a1

SHA1
7f34ec5879132b1b87cd1a247cb7c93b28fc790a

SHA256
8142bdc25f69eb5d2d7a8b1bf109cf55f1134f4de6be0bf24f7bda85a988bb85

SHA512
6a344785402e73a0564bdc8247cf616b9b1254d2726f1cc9fd647b7067debe59ce72ebce2f106e3c85792d4c8a4c95d88a26879aa12c1d62559d66b7542d9f51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4502684246f4452925dadf5b60ffc84c

SHA1
2e2b01b5aac77fdb64e5d834ca1a7bd16a978127

SHA256
d0250fc4cbd2e88c112f53ec754ffabf226a01f708b0729505c18c5d3687c58f

SHA512
537635aaf67e4b2295734524abd2ea112e75784e96c14775ade678805fa4a03a72289607ff3f106fe2d404465dfe65eb1132eea62e5444e75b650fa0734f761e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
270a2133b7ba17b088e13bea63948998

SHA1
5b3c642e29feb2000def6249560b0499186dbcbe

SHA256
be6f46f52919813cfd49970012e2eb3aa6120e7a07d496dceb0b0f5b91b47f0d

SHA512
ebf4be96a74001de854156bc6ea8e771a3c074e30b40d2695a4fc2256f43424d930820fb26e9a55a4a54b46675a2c5268efa5df46bc03cc410847c8067b73e79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d29cae253815630cca119abe70f9f32

SHA1
35825d680483b6bd78135ef57a58daaeebf6f1a2

SHA256
73c6f3af92e7e85bdc3cfd5a04bcf53f9394ac7d1df49319d9e30002f909e305

SHA512
70bfbaf653ddb741d511a7ff1b3f824c71812efee7653e1ef7edd88f0cbc6b8d69181724513ec081640e82d22f94ec512694ab8b52c3d6bc87365e659f074337

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c80effa74bcbcd1363d10f58cfa4e5b8

SHA1
f1b204037719491270422e6d308a3c0f659ff046

SHA256
f02e9b0716cd9d02b6aed3349c1ced223f74dfa27f4f6b92b20bf3fc2625337e

SHA512
93076e4141166f991ab00dab5dde4b1fdcc74c9b834201c3dc9ffe276c33ef897cd68b81a3d927c90b08c2778809440ab3406b918ed6206aa02cbaeeefa1cc30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2dafabe81898d2189823748ee9662891

SHA1
5e5b52d960990e44a465de63c07967b648166177

SHA256
720dabbe995fc2f13bd28171b07d7f621a84f94336a7396dbe7912a806828b9b

SHA512
2554fb349f9bc1e62460bbe35572fda2e6002c0bfab18e49834076966dbc856bd3c6f36ac98bb97507380ab3c09883482cef69f4e9a21b4f9739cd241523edca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f8fde4871f4db0db1ef11b0cbfb4d5e

SHA1
6e64e140d731471a80bce43eecfcf3a2013157dc

SHA256
649fbf33933d7d72d655dc9625da178893fdcdb933fb9213e3addba7cb51699f

SHA512
2fefa4944c020ace22a2503b690522c0cd547bb3775c39cddc75140e8ee513011a65e833cea9426a6e1ac7bcfa51ea302f36b5049d36382b4e3fdb00f4c6943b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3268.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar33C7.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit