11b78d389b5badac014051143738410176f59a05985bcadfa0ca855655639417

Analysis

max time kernel
149s
max time network
153s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 02:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d508dc0ee5b318cad10267b423e87147.html
Size

93KB
MD5

d508dc0ee5b318cad10267b423e87147
SHA1

5582d268e1aea8fbd8af4256d6f8e07e534bff2f
SHA256

11b78d389b5badac014051143738410176f59a05985bcadfa0ca855655639417
SHA512

66e7a4743090f1276d40256d1a59903b8791e9828647c66c61ae792cdcbe1d42a4b2f45ac8ca427a2de7deb5cac8d930010dd47a17b147ab31461d706593dee5
SSDEEP

768:/WvzkJZspD3gGo/doIlEdUSzUePgIAdJvLc6HvLc6TNPVNoX7tufG2curN2S2Nb3:/eEspD36/doFgIAJvLHHvLHScuTur0

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{58BA95D1-E59C-11EE-9C5D-EA263619F6CB} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416978885"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1908	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1908	iexplore.exe
1908	iexplore.exe
2960	IEXPLORE.EXE
2960	IEXPLORE.EXE
2960	IEXPLORE.EXE
2960	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 2960	1908	iexplore.exe	28
PID 1908 wrote to memory of 2960	1908	iexplore.exe	28
PID 1908 wrote to memory of 2960	1908	iexplore.exe	28
PID 1908 wrote to memory of 2960	1908	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d508dc0ee5b318cad10267b423e87147.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1908 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
8e2cf34a00a0fef512bf25108ae75e8c

SHA1
ad8364712551b2ba8f6cde24f875105b21a2da9f

SHA256
39dd29569cb51bc9ffb6f0b600e4cc81a65e911e874841e9d5c36143da35f90a

SHA512
ad47f1e757194f3a3a6167ce9e5a19a0edbedb4536dfc0846ac22b98d300c4881877db4db98a9109b8fa1b4dc2a4696026a84f6e9619bf0703995f51837f0dbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_37116573F7F7EA28799D773A42FE5507

Filesize
471B

MD5
8db300916be5c94b56c896bd833686dc

SHA1
9f4fb98434f9ebc15807d260eb56838d903a6af8

SHA256
5d9f5edc222cb4a2a0bcbcdebaf60490aae37c243c9231b0c5d66ed728f5fc1b

SHA512
84945911bd78622e7edaa736478282c0a21b5107bc3685943a0b385a8fe2e044699d16655dc881ce57f28cb9571f6e7551ee1566d93db010bb3f1238cd8c4b05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
a33be16403aea61e248478d1abcc8b8d

SHA1
ba3020426b3b709fbc71b565079cd53392bc4c17

SHA256
847424d81d34ae944573ed18af43623852ad2d8be11a8bcec46a594de8752bf6

SHA512
43b651ce80df8c64177018bc0257c77ae8bd1c24d8b7be9d981c8439969a7465bb76451a2ae3960afdda3422ef2aa312cb50bd6b75ec0a261e9beaeec05823e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b130cdbd4c49fae6e66b3f9ffe977d7b

SHA1
a26b9594045c312a73dabaa991205e2ccef7599e

SHA256
843f8645e353daa1a355f24f5016969e2d73b0e7a6c6b024194951d95736b33b

SHA512
1c18b3ede2968fa337450e6f3066cdf4a9e67c8058f791c3f131395750d1614d8393d32a09936ecfbdbcf9ee0e8eebeddef1eb50a61f8bbb483b9e13aeab538e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60aaf966055f2e10731e17f5235f0160

SHA1
7fa5f9ffaa65be24fa7f62af5ff9b78309fb856a

SHA256
941069612f2c896425f30d2dfec4483070d41662d113e1bbdef174d2706dbe2f

SHA512
ee5f4e326b99ccdaffaeae96c51c92431bcd6c1a92fd7a92e3fcca3dd81353d0aac729ff862924a4278999c94919cb5e5d16029240fb4bbc22f73bc194ae330c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d4fe0e91d41061d2d28dbd8ee44d52f

SHA1
bbbabf27f4620399dbbb77e06d9c87e910f229ec

SHA256
06bd2071b6e675072d42aa6bbf1f0d6351c5d19a73719dcfc6fa66df6ce4fdb2

SHA512
2c8a68debb4fe041b6c6288570893e9760faf6b5956a5e7c03fcdd3e2e23b4235d3a34519793a67a5d915fe17b20be2f05b3a4e3df56c675fd7cec1e6118cf5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b5add1a72b5436e559224a4df3fc5636

SHA1
7f2ad6085ac2e8547200bbc703a6f015a63124f5

SHA256
1de1a6a04373038630379066caee41aafb83e85a774e8e781befff67c076a472

SHA512
ffbbdb20b32e670902d134d30a5c0eca0aaaec9083d45d69765133da39c420cb6b75195b8e946f240ef02f95fc013438d31938201cab429c32cbe4477d48b1b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6b0d3a7b5423da777671f23dd178e9e

SHA1
8d3a1d0fa37c7512a882bcd98ab7f271761c117a

SHA256
38664933c4da250c8226f08fe7c5b5a703d7b7dce07e93882d9fdee32b72f095

SHA512
422d1a65ff889f995938faa2b1c82c85643eb4f7a9d7fb08582ead686743b6d59040adfc8753950b17f052ed6538be30191a188efb21f0b7e0eeaf13db4f695d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51e1dbdc275131ebda871f3d4077fbdf

SHA1
d81eb8c40d2c8d3ba0e1d16eb8d0d4bee42da0ec

SHA256
6f93560a7d69db0b68dad5fb7e8c58bc7a9b53b6e51813b4df010997331e474d

SHA512
f71cc771c84f9eaf9b744225554914cd76767ceeede3bd1ab8e72caa6e07eba81e5e5a96f4f70cf90c5b5ce1ef9ebbc186218a60dfa181ec343d255d266b39a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d6c4c1bc7c93abcd5f1c1c1c440a5d52

SHA1
9fd94a48caaf5c8fa73ddbc1ea01458e54fd81c7

SHA256
31ac0422ffde7f41878707ac067f814ebb0b6363f06b67ed0025bf35026a54f2

SHA512
3ff9bbf54285f5847f16a25ff40614f9412624faffab620b1adb010d27ca4246a4dd96c9a9824cef912a6eb85d3a9f890b24e806d3a525adaaf896846d58c6fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1457b6e737ca32e7f6a9fcb36e47c670

SHA1
8a7130998254f877ae81a568fe8dce6f3a4e38c6

SHA256
062e9f24483b9f9f81b8621e3c867133be6d752d0149c3870a2e9e66f4010caf

SHA512
1722a95d41a8976b874c35cfec4cf85e9c1f86046ea2ddfe899b7bd8f1c1deb27a20747ec8f207d1b979fc943347ff93684826a622e8cf82fa2fc98217e1825a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29e360140704fe151822e3df4b84934c

SHA1
444b26ac1001ab3989a2294ed79938086c1930b4

SHA256
68588d5f5dc282231edc724041e9427603dcf2d3e56dbb4fc18cf9aa54faa99c

SHA512
d4d2ff3de814804afabb8d1ec31d9e58ec509cd1388002b4a72ed6d9383e07691df8b68482c1387bc8a65312a92cf258d8a4a161af37cc6a5c8ca18a29c4d217

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
12625166cadee8269956ccc5edd67f29

SHA1
4ea50002e7b8b76a26f3e169522e515b45fb56cf

SHA256
59bbb1e50a32283c6caa2868503311dfbf940cd3e1470f49e97b5042503c88fa

SHA512
35d09aec23f1ca303b9f24f1b53fd85e212d503e673ac514868b0ea9d28ad3bd04ee809f77304f11f83ab6ff71f3bf2df1f72e0186fc59d11b83575d3380fdc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9d0c89e6f3177b26e6895139413f1549

SHA1
2b01e292fa858a88f57fdb4cbb02b9cbce411179

SHA256
9d5e65a8c90279dbadb5619c8933127943c1e1f9ed73744fd761c24f88fac0a4

SHA512
a381b9b0df334a132aceb225fb313c1e3eeb7615010aa53e0dded3012a71c5af63134beca51078deaa86a348d6b0b09bbdfc9c597fa4243b4e433bf3b8de7d6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
1333e9ce0ba5c2773a0b14c975f19f84

SHA1
ad94e9cc446c47b8961d4eeabc475009403eac1e

SHA256
4750af4f53a7f907bc66979e075abf7397049da1e2e0074cb234e2e024cbb961

SHA512
624774edd19b67bddac533d55441d6e44e511f9fc91e6a45594fa47892bc158ece2d0aa720a4d312b6240555abfb628e3716eeedf6557580d334d8cbe586542e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OFFQJ7AH\platform_gapi.iframes.style.common[1].js

Filesize
54KB

MD5
ea9dd251399dd23cfaaa58cd75d83802

SHA1
fc80615d89aced96d1c7d9e4226b1b39986be9a9

SHA256
e924fdde63edcafd0ae3c3f223cd2ac30c8cd2f71fc6da9267566a6a3a285ec3

SHA512
1d0640ba21d600a7a7f6d1eca0d7c7d22aff87d074c97bb9f3ab44ee9f6dafc0db075a2a39ff04c0e721b2f046aadb8ce1e860a73e9f0b1123d70e6fb59246f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SZ2A9SGY\cb=gapi[3].js

Filesize
132KB

MD5
c23494121f5468488a8e79a6268f4648

SHA1
1fc2646c75df1b8528667487997ab1f5b308133b

SHA256
100700c4795780ff97f999795e8477954da09fcb92a1131cd17216203914c425

SHA512
956f396bef9df5a542ae410256686e2259e1ae67402615f937c2f2c004ff2f3de5f5767200661c0ce204fed9b32b1a8707c26a566da1d3aa120d428901c39769

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab50B3.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab52CA.tmp

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar50B2.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar531B.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit