dcddb75144c61788b6b7fd5094c0b8c47b2436dac8501b7b096643a94378abd3

Analysis

max time kernel
139s
max time network
141s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 23:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d758ac5df1e10b9708d8080aed0d1c73.html
Size

11KB
MD5

d758ac5df1e10b9708d8080aed0d1c73
SHA1

ad4e3508ced39920cbab2bfb0954939e53d64dd1
SHA256

dcddb75144c61788b6b7fd5094c0b8c47b2436dac8501b7b096643a94378abd3
SHA512

489b2bd34595b1116daf9b9ace587bfd02846be55f525bd4226064d3bd74b9ea8a90cb515f4dfffcf064658ace4413f18cb8fe157387f6437284518690fbec9a
SSDEEP

96:uzVs+ux7J6LLY1k9o84d12ef7CSTU3GT/kGJpAkcY1gZUk535iUrdBOC8gBbj4r5:csz7J6AYS/GS/dk55ZrVzBbNPHb76f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ffebb09deeb747419e902f1accea58f700000000020000000000106600000001000020000000418174eb4120e4e629374c799bf779742b5cba6f43f4340747644a100ac4a06e000000000e800000000200002000000035ea8f59c3b9259469de54007db4e3b672ab31fefd3d94cffab674816bfdb39220000000cc5084dd84966990caa550c53d53f4af69426281d1f7dbaaf902986808c16cfb4000000069e21452cac26330feb4b20f8175aa2ed653f0f3b63db9a61066904924dca00eee8d78ff83cd0dff55f1813cae196cb01d8b8c2dcd19d0d90d74c9c093606c60	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ffebb09deeb747419e902f1accea58f70000000002000000000010660000000100002000000031be5aa751f15c7f3c6f5efa17654bd5bc4ac2054bc02e27b12462d11f01a8ac000000000e8000000002000020000000eec2ef8c82b8d8a904a7660c49f1f81c6bcca0674f2952784b6b1ed58251102c90000000099d5a692225c8f8c8ca6cccca80884509fe1c149f1839f5d6c67d4810d82604cf0d65cd9475d55d25d3f6f61bc1e6a45958c5fd5949012502da61cf72cf670bfc8c55be886d128ffe2c01c61eed792d975fcb09217e56bdc0bf75ae128fa2fe62f31846b82cf0cde128bdd8617d2e18988ed43ecacf045f68cf3380e9fcef4ea7d0e54cb01644d42f0523078ee0879540000000dc694ebe7431962432958c668a84b4e1db4fd57324c44bacfa12176df7c87d9b64b182e43dae661da40fa88000e852047d45c926d01be4ec94bf9ced5ac14253	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "417052813"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7862AAB1-E648-11EE-9826-EEF45767FDFF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2461186416-2307104501-1787948496-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5006a04e557ada01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2752	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2752	iexplore.exe
2752	iexplore.exe
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2752 wrote to memory of 2856	2752	iexplore.exe	28
PID 2752 wrote to memory of 2856	2752	iexplore.exe	28
PID 2752 wrote to memory of 2856	2752	iexplore.exe	28
PID 2752 wrote to memory of 2856	2752	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d758ac5df1e10b9708d8080aed0d1c73.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2752
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2752 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
9166552631a3c0e6ee6d6521ea6cffbb

SHA1
59c4141de55ab7c7391523538b25e8262dea7720

SHA256
8e7f2f9898fc360729df4538e1962ae800a7bdc9dad64356fc2786fc7b47fd75

SHA512
e2197964239999119e747afe1a109fff98554d9453d7291cfd5e9076b5589f7cf68814a36ba7f031f3edd94de3ef821a5b8a1a88fb5bae412dd8147fc1f19315

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
a28cb8aeb83faebb10527e1a08abedda

SHA1
9b75369b8ee7e3bf57a04f8f9d7d5b3e1fada48b

SHA256
0a9ea7c9a26fd35367c3a3b388219593e86d51243237c6670926a5bd989979d7

SHA512
19e7fcccfc9c696abc6370d97ba443c5d645ee9028aec9df20ffdfac978af5b2fd60d4a8c14cec737a8a2bfe00e6a7d112e926715e00bca87a53f8ce2408359c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b7d3bdec57268ebc1f49d64eb52bff8a

SHA1
f31d60648f1db372f0b9095a94a5bb67a52011c1

SHA256
0bba99e197439b9db019ec7872f4d623ee67ae3eb296d35c4db3ee5c5696ba8d

SHA512
82b2db9b3d1449076bddafc4d15b74d40d9ee312c6be09eda10d0b3dbde9cbf979959b20075fd6814537e6cee3da9deb663fad98434cc6f2c809663047d65233

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
05901c736a88f655e00e452d5317ffdf

SHA1
08dee6d0f2e68717cde8dd2c020e2bf946dbee9c

SHA256
43e435d46f47e3d676c6e6b7112118f82d8ad52f88f96c6d7e5bf76e59ea0b14

SHA512
c36c8b70f7aedf2fa6c14c28e34cb69d9ce2d482f68a6b40d92ae365430b0f138e69806dd82c94534e117aa23368f12b07796417f129e4dc1b822448f5ce4d31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
5cf12a2cdbac1f9fb2f5bc8cbbba08af

SHA1
77841c0e215353c538ca4c1b426b55826a240690

SHA256
2a1619223f2b83cfac56d9b6f112acad98d09961f83e26212a52cda820485f53

SHA512
913ac949e5cc25ddae3abcc08d560a3c7f496fde50a58e9d9db999462dae49cbd47de0a311fefc0b1c431274dd1a9ea09d5aa01dc8bb7a93d3855fa4b672379d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
7376a4aa1d8765237e6545eb18d3f500

SHA1
49361fdebe4b851e09755b7bca22ef67e919ef1f

SHA256
a69615576786fdfe116597742bd9c06f642858b2d25dc207bf48b06597a5aef7

SHA512
39bb236b3bd0808bd5b88583594160c120db58461d944b7c9680a18ab4c80f730912e8188b503d3411a5f0a84cfa2420d582a700faf933e68bf2713ce05a77eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
08048f1939b4dc8881e741aa8dcf3d37

SHA1
f8b594e2e0037106cb46dc584cdcc8cce1cb9f7b

SHA256
99e4800cab2d8a3af4f0ddfdf941963357566d9f6256c2d58580b5a49b2f8c56

SHA512
47516595b600f89827472bd1f1905429dfff1850c765dfb1967f7775961fd1d81ce717d64050d1a3ae59263d67ed6e1d0e830468cfeac1f999cdc3f88476b1be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
6ba28c4f90b67ff5ef18a2e3cd78d3c9

SHA1
d7e17df82593217cf6e2546d873f87910d383859

SHA256
a8796df969214beca5ba1e40d7b954b6948a5feebf1096b417d0563ca8c22749

SHA512
c92b1c94c2b8e7b7697a8aea15a40f2504c2acc655dbd55ee7035064ddda3552b027157390d67a37eefd52fd5230d2c5f7586b00e26717cb40818dca4381f2a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
1597279c6d4acdc9c459fabe7e782437

SHA1
73d57fa793294cdb4fe89ed7df70329b69d60285

SHA256
21557245b702d10df603633c806a7307cd8a26be97eb810656aa9af7c59b7b28

SHA512
feb8b159bef2bf5cfa0d23fb49811f94f242ca0529a5207c9a5aca41b6c9e1cb2e63a2d6eb7663903f847a6a3c6573435a798b398aa284d729bf655f1637ca09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
819147320f3d5a6d39ff7a4cdfcdd397

SHA1
076ff560425ea83ba039818b3cadf7a24a8e03e8

SHA256
17482e87faca10ddd0b3b9d789107eb529bc9ea97c1dfcf4356920703495d777

SHA512
ff78b9f6854c0a1558d22ff99c3c6c16e185a9944ec3f88bfab94067cbb10d1c87aec7809843471babfc89194a9f4224dfb1c06853d5ba1da23416c924ba8570

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
2db0eebb2ee562dd808b4280fe7215cb

SHA1
84de29f054f22a05fb531b4019945309afe6c693

SHA256
1a30073d66333dab79966a7a4f5781ad84528c303fbfbd8726bafd3d6e2d91d0

SHA512
a71a0177104c3fdf503e9689265aa111daba4832e3ed979525f298f758285269f461f26821d7812e35db3dd315c11f713d153ca4442c77e6ecfe71f99c8bf7e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
1f42d2e9808008d82c1c11a712895bd9

SHA1
1f791321add1609c2e57eee85f54c77417182d1e

SHA256
8aae8759341fa81680afec4e90cb8aff2ebe403c1def94a86f5b8732c89dbf17

SHA512
6216f04c0ef0be8dbfe43eecfe92059a7ba485bc11a3ec6d3adb5c0f617b79bc7054bdcd13afe95591adbea697ccf218f01a3ff6ef7f1435d03fb6ddea792e65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
4baae4745f0a75428b1705c045cbe305

SHA1
35c601bbb25a8e2118b967f56f71da81add2462a

SHA256
bdf1b884a05f240e858977e84e3b003c3916a977e43c1bb576ff81db5d93e9be

SHA512
b3b8430a42fe482bab2faf7b4975cd0acb973ab38d9366d90cc10fee5c4f751291baac3bb5ec7226c335fb6761fa7ce9340894cc3177449da66dbb6dfae0669d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
d73414e565c18efeb02b7895774c540d

SHA1
6387adc19938767ad53642a7e03b8b649a18e072

SHA256
1daee1466a2b4d8891fbe0ca6e21c5dc06a4a9aa85a371918e77f685a5ce92c0

SHA512
ca0a7196d4584d1079c000ff3487f0f7083c5dc2003d572ea7604bf1686b366c0464f1c04dbfd2356dafb3828d3e1a0f1392f6be528fb8f9ec8f49aaed28848d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
117177fb2f9b56138235c874acc5fecb

SHA1
068213a3aec23a304f8840722c025c485f886eb1

SHA256
1011c549211c59df92b981e529ddecaf230ca7cb36e4524fc2f98a66a6e045ca

SHA512
da569a8b96e0edaba9afb87c68f25726788efe5e8a506c077607049901376daa0d8d7d1fd05ab42f6bc30db2a1758371edfe2316fcaca10913023f4563b14bd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
fb8eb1aef3341e85bd4cbc11cadc5051

SHA1
e74e9b3791184b80b6c081af1d211d19b8177263

SHA256
9556f3235dc05acd9114e7948d25db2fcd23a0a7c9d8b8e0396f73059de12d29

SHA512
5d564d9513e1601dad78806e9d1fea895ccb4f0c12a75268e8f00e7a648091b91aaee14909d76392c15392f5cb98124498495118e3e8f2146c5afb70e1178c8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab825C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8495.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit