66ff8fb3f7f493b9982652e1dd407cb2bb502b799106cdecc148fb7854915606

Analysis

max time kernel
145s
max time network
151s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18/03/2024, 15:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3daa8e2c8c0e191367c71c83a52cea4.html
Size

15KB
MD5

d3daa8e2c8c0e191367c71c83a52cea4
SHA1

8d27290d8fe865579a44101e7b8c4c395975133b
SHA256

66ff8fb3f7f493b9982652e1dd407cb2bb502b799106cdecc148fb7854915606
SHA512

376084c8fb0e455e48229f5058e88de68725bf315c0cd2821eaaa86eb549d1693c51d55859af77dde6c738ee778985153f25e441933f9b57cca5a6c4351c8ead
SSDEEP

384:OLBWOL2F4nerHG7z1yscuZd8hDEk3Zz97:O1WOLverHG7Xo

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{066002D1-E53C-11EE-8086-E60682B688C9} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000c12c25e2ddfb54dbf19c8710c23067700000000020000000000106600000001000020000000439c64d871aadfb9343d46a5de7b8ab1c225747bd2939369f9466d6fb2a92150000000000e8000000002000020000000d02e2b8455fca215955dea0d3632b70f5ff138ef5d5a62932194a4c55fcba5dd20000000d1f9feafc58570931e37dfb87bfd3f0cc58701a5d240cb4fd4eef98f99d9bfb84000000034221a2bfff82058a8939dc4761b37c607996be2a2aa9f31e19c47acef5827bc5e0444dc62b6d7bcf57cd86388cc56f719e327167d4fb97f61b40d112f817668	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000c12c25e2ddfb54dbf19c8710c23067700000000020000000000106600000001000020000000fab93468eb52780e4eebcd1213faec4dcee8fa0d5e8be5d79f93bf1f1a81bda3000000000e8000000002000020000000672441ad4dae3dd857b23753a613f623a0ea12bce1f153dac14bc81008804ac8900000003d3ce3d958d5f0941a98d5ef5b019c7bd51db08a6d3ff68d1123aece2bfd4dab197767b894af1e71b164fd94a3dd7ea5a5085800c292c140a534bdc2c3ee9c82533d0328744fa18794c78872a37fa1fd006cdb9b2a1ea7e6ec2831e2ef2854a672d4625b25fcc8d412edeb086b42972a93fec036820816b1b345dd45e8b056facbd8575d791566e3ed80a98cb9d0701d40000000ad3b4026083512b7fb2c749d94cd8c32af22c2cbb2f0ed422af901381a35b5a24d146c8770001063cd349358588b7625c6c008806c7559aa954a3846f6c771e1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7079bacc4879da01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416937519"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2692	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2692	iexplore.exe
2692	iexplore.exe
2552	IEXPLORE.EXE
2552	IEXPLORE.EXE
2552	IEXPLORE.EXE
2552	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 2552	2692	iexplore.exe	28
PID 2692 wrote to memory of 2552	2692	iexplore.exe	28
PID 2692 wrote to memory of 2552	2692	iexplore.exe	28
PID 2692 wrote to memory of 2552	2692	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d3daa8e2c8c0e191367c71c83a52cea4.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2692 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
462e8e44c93a85484e97ffc4798e2943

SHA1
7614561dd1839f3de6157c93ee659f05742e5159

SHA256
2adf4717f9236626326efcc5169c0c2cb5e837daf5de0003db2587abb3b6704f

SHA512
44a154ff6e41043073df0574db54baebde7c971f9c9812784f91efc8d0f6e4a24f1a28e120b8317f65c69034b0f40c02f6053056aa65f21fe05f24eb6da78d9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b754f9ec1225756ddfc1a6f05e8428b1

SHA1
18797443d457dded58a912d94ca5e630d2d6af66

SHA256
923de09a605183323ba602ad75de4ff1ed44e8afa6964580a0d9b834faec58d4

SHA512
296bcee3e77e66bc3e389d1e10fee81f131db1ca4f543ec61e7bfd1128d1b334ad6ee4fe07757401d4c0c8ca4d7d25c94a59c09a15d577f75e260394540e3b99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb2b0e6bef18ee94e8b613f894c10d39

SHA1
97e186ec6be55ebb611441d5101c5bfb62b2c554

SHA256
6e2cbbb4d8aa1264159e2472cee82cc5479934ac85d353f136d9862203a88e47

SHA512
0a21ed2f9aac193190ccd445f682b8b3841a51b3e1721f51d24b6e128d78488041a4f9b9f12bcdbd348faba0ba98600d3bc8dcec1afb2fed57998413d54008e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
48fdb75bc124ee86fbc01eaf3de71038

SHA1
9e3660cb62bdf6ea7a9bcd689783592f4b96be82

SHA256
81fefe809c88657be9cef4be338702dea4fd4c71d75703cd4bd802449991e96c

SHA512
8ce1ccd7d77b1e7e20c6df32e52dd2285f987d13624e2c730abef5414248bac327f939c1947d870b45c6b7ca157e9e5e8acb86b5bceaaa2f3b614f9c57f069f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24d7276ac1ab7ebbb27c80d37810285c

SHA1
fae19a14e245f541e215e20ab7a7088e7fd665f6

SHA256
e61ce565fc2649c576b8a68254acdac0a012e0d229ababf832347d4cc40653ec

SHA512
586444481ecd7f438e8bc3749daf1162ac6bae7b1ce2de182bbffda4f7a80e3191ef5b5dccc108f7999b0ec607b5f35b29602707030b81fccb810ae91b654921

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7b0ab2605b3a8f9b11a465312e0a692f

SHA1
8cdba11e99e7e1102a2faef82db6d8e4c6b86e21

SHA256
c2eff350f4a6b87030ade37c9ce6843cb1f5b9a531641a7c316637354e31f502

SHA512
8633d67979bc29d5407073eaa838d9892f639469ede1c8558aba80d2ffe297a04775eea5036f4453266f2e155311b1453dbdbacd6f4dd87fc1fb05506b6c7b80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1aa9c6332e60f70f8d6ee5a1d48c8567

SHA1
4c771258482fcfc0b91aa4d241333c1da9984dbf

SHA256
cda95ed4cf6166d0c89d2d927f560ff20223dcde76bbce75218a661bf3cb6372

SHA512
e8da425360554e2b744a9a9b6e47f1477c9ed9fdf7a0da979c0f067db1ef5c2e46b9b07163c1beecd3793b25b7781ad55261fc00fe276f3bd06e91ae55852efc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7c9330a18174eca334d1b51f569b1452

SHA1
f354847657da7c637cbdc9a6fbe24cef2179ff9c

SHA256
8cbb55c49cc94579987218bd5abbb9b356878d12472e99248a0a4bd0802ae2e4

SHA512
a54ed17edeefe608eabaf86bc1a74300fb3ee078635b4d16123f221638914f58facdb23ffe1d6540cc76b96ad11ee3c4f731cd73d2ff1db2980c4add7491fbd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a95c589b315118d02bfc6ae832d9ec77

SHA1
8564a0b27c3c63862a029ad125f9a04c10e5f63c

SHA256
176f93398f55346d4c0b680c1e39f777ee53b41713f7cd215e3a0ccc89122b4e

SHA512
127d0d441b81fd8e353902d1988c1063023281fdf95a96c6d78a0abd028f8afbf2b78a952301bb1afd5e67cd9639b1ec8af8c36449987fd1299a52bacf3897eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f9f4262ad986298329b7fca8a5a63433

SHA1
79297def7e042f86e31747ada8fddf5b511e8089

SHA256
e3ef9b10a787e8d44e6c21c2e2ec086f60500486ac362954334b6282b98fdad9

SHA512
8f349fb7b04358e4a9a8adf4f7fa48958120efcc5967fe6f51311c51895cab3e040838561bf385483883da1b1f059942a59eaf98562d417ab36fd20d9c0935c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e9d73444080075a19b830ac6d5b0df93

SHA1
0e540145b7b7dcd8da1b54a56b0b4ec268a248b1

SHA256
c47de52d486af444feca80e2918b2e14e6ca1677ce119a1fcfac6ccf55e00e36

SHA512
96f8d53b8daeb75cbc9584271a9a66c2b67e2be7507fe906c3a73bfe173b73c6cb152deebe0b17d13e43fe3e6bc06cc4a2dc27af03ee242b99df15bb9e554556

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aa1a1bc513524e4c40abe529994846e8

SHA1
27cc2ee7fa48e8631f285e1377e5d8d5b72043d7

SHA256
06d5540d8967c094db02f1d6f81cc1789adbc44887566c9149b02a4eac4f406e

SHA512
8a21cee1a859a6cc35d21c4853cfda5b36044fa202ebc24fa4a5468b446eb77aa1fed1fc31248d255c51ef6896cda517e21643fa1c0435d5db107fed0f11db99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d25dd41c2ebab96ea4c48d9f8e5ba64

SHA1
df4fe5639a2e8a6692819ef330b9558a5db6da05

SHA256
a907de4c6fa02eb86fc6ec13fbf2fe88e43828bb1a357ff080cf91db4b053831

SHA512
1cfac034bdfd8d34bcb978540733fcd377100405ce5db5ec82bc24f8b7d6eca1764bd23f2c2def4b70a95f40ad8f05046bfa26fa00274e654afcf63e921e5e84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
73a8fba551b2a14833b6cf3c70518267

SHA1
74e19be3114b90092aeb33b844e539f6b778fc55

SHA256
eff205ae10eadc50640bbf036d524693e83aa6e5ad1025f1de9e116beabd2669

SHA512
1b2d49be94d79654dc68eb76bc16701981a879e58aef19bb46954a32e1cf22d7675a4713d88d6618bc84462d13d647f4bd7b47b2666258fa357ee7ea5aa6bc34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ffe48244c4284d7403cb08800d5763c3

SHA1
2a1db2c5cacf3ca68ad275f33d8ea3ed7400129c

SHA256
9e0b229b44542a87b4696937592e9019f8298bc0f2cf9b3caee7a5fa3c8bcc4b

SHA512
8ffa314a0fe324e4c7ec72247f2c1bc60007e79bf5634a59865d0b48fee08f5f5ce7ce99d7d03b11a738b76f43b5fffa0c44f39626b159802a51c997f21935cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7D9A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7D9B.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7ECB.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit