3bebfd51f5d8af995d06ea01aee4d71f07d6d38aac029dd7a81967c1c14c7d4b

Analysis

max time kernel
141s
max time network
145s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 07:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d597a78f898586a92316bf115c616763.html
Size

57KB
MD5

d597a78f898586a92316bf115c616763
SHA1

b72575f2a1de9290d7f5a4b10f27adf58f778f15
SHA256

3bebfd51f5d8af995d06ea01aee4d71f07d6d38aac029dd7a81967c1c14c7d4b
SHA512

d447122770508c8eb3ee0c78ea33af0ac65364e8e7998f5e45755a3b4a65c6c55ef83d299a1d9df7bb5486fa0341dd3554b941a027113b5bfec7dfd8ce210931
SSDEEP

768:8XY07DzP5d3jzdWRhWbwyGoivq2cR3gFcuN3+8l2eKlw:8h7/P5d39WRhWENo0Q3gFcuNO8l2eKlw

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000c12c25e2ddfb54dbf19c8710c230677000000000200000000001066000000010000200000007d0d83eae5930f8b7e533ea4f68fb8483ea0524a794fa2e1433d93eaf2008702000000000e8000000002000020000000bd714355d6da6e495362882a29537282fe75538c2261da6482f23996c6c9cc2a90000000bca2b6e58caba4ec305c64d3b74e7623a70409fdf294404b6e2d4c8a2ae6c079ee0384ec6c5c6d2bfd236b69a4c9afc72a209929e23074226df72a473c49646cba829d002ed9b87f1e69f20f828e63ab678f5a4bcb6248598a1dd62652767e37d81567a30c8bd39284153c4e41b7671562946c60bebbd162ed1dd872c1e62696e8b74c2995fc14e0e2794a1e2e61c4b940000000dfc4dd3b959b294f9b8c2ed34cb49bfcdd817ca3136ff0efd155c206d130eef10b36a1ac10341b44c62a5a790ab03634ac971b254c93eaf838396f7fa832e1b6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000c12c25e2ddfb54dbf19c8710c2306770000000002000000000010660000000100002000000036a19359b45c36fb13ccb12ee4c60c1b881f84cabc11de2424e6a969aebd6764000000000e80000000020000200000007832022c0907bab98be66842272722232467777345e60b229d8901caa339d9b5200000003b6637d2c8d460b6603dce4ae3f2f018b10709823b975ad3723e430b309438a54000000005b5dddd0161d5a9c542a770414f95f07fea5d88ee25878ff12aee7040bf9b295a87cd9c4027420e5b6d5cfb6d2590f2a0dc293ecfa28d184968851c09c93aba	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20de08cbd279da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "416996755"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F2EF3101-E5C5-11EE-83BC-4AADDC6219DF} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2896	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2896	iexplore.exe
2896	iexplore.exe
2988	IEXPLORE.EXE
2988	IEXPLORE.EXE
2988	IEXPLORE.EXE
2988	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 2988	2896	iexplore.exe	28
PID 2896 wrote to memory of 2988	2896	iexplore.exe	28
PID 2896 wrote to memory of 2988	2896	iexplore.exe	28
PID 2896 wrote to memory of 2988	2896	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d597a78f898586a92316bf115c616763.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2896 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b3fb9f026c235ab9a764bf7de11f698

SHA1
6e3ef7c223147b3ef6c1a8003098deb354e899e3

SHA256
656966beeb52b1cb63e8faefe50ecec29b6bc65625324cca4467368d2547ee23

SHA512
883bee51496005cbf4e97070ac7a1d57b40cefa380d1da37e6b5a0a76edfe6bb63c917574db5285d4f8dcf3765ab848c3a32569a7bfb415351fe6b367b05baad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a7cc0051fb7868d1eb0b1c7c76c10a7

SHA1
c597de36e485b3dce15aaead1cfcde5191b4acc4

SHA256
81845a838f074585f9f553b89d708dcd4558a9c2a50947bbc11acd3bda8a9411

SHA512
9df003cf2ac1772342af9b8a0fbf64020da6706f076407f8e1bf2f10469a4ff5b76703df31653f82e360683bffd9b6529a81cdc0909425c3bfea13e3d5da92e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b9e91e98d9ccc6736556388f727d6164

SHA1
172b24235adb9eca94c04547c39256a9a07823a6

SHA256
c9dee41b665143a8355bc295b8036c124a2ec7a90ead828e88c7d917d4ea1921

SHA512
13d21ffb843818931f64e784d340f061aea99c673cdf1fca75874728635b45c0e9cdf90ffbe56db9e02a8bc1c66dbe16ee6e72241f8ad1ea4880279d1d55139d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c38ea9cfde2abe529616df763e5a09d

SHA1
e7bbf409f79f7cad5cb2b43b31509ad1ad6d4880

SHA256
d3fac2379651c54fc70bd94d470607240e7939bd89c7fbd2cd439e5c129eeaf3

SHA512
661210921952122b95f49917e2f379e48a4a2694236363fb3289e53ce9ca26f5aa32d0b83b4fdff1f308553cea5f556910663dc5c4c6c8978d0e6936b45e03b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a333e0f398f8df4fe6f388c37dd8e42d

SHA1
0b8455c2499dbf562f5e74cda70fc4dc3283d372

SHA256
6d4b2091707fe8be504448c336852697eecba8364e65303e2afb542326ec3244

SHA512
f4e3d12b99eb115681d4b112d23e72490e6109f4289acd69c9b9d4ca6d05e71cfa42836dc9a06a2fe586201d6210304fa4a262596d5a71e04e017b9e6f1050cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
506d14af6d89cbf6252082cd7fe9aac1

SHA1
1793f08aaef4c6cbb893ef46dd804d22ffdbcb75

SHA256
3fe534bba81470b841563b88c74ce7e075d6160f8c8c7bf7720f9dcc37ea0b98

SHA512
2d68dc6c6f61f33fccf99995b81ff00323154f767b5830a5c0690978b649e3941fe1620a0a526af851f24e90f08ac0a50edc0614d0b6d6a0dd5587cb3968ca6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
30c1a4cf3ca67aae1afcdca23cf75dfb

SHA1
02128aa29f7b33af6ed0776d2ed3784e244309be

SHA256
307c200c0d73491702cc5474e8972d194a8a16d3e6008f7fa1b2656542f9c1a5

SHA512
4b889459137bb25510e9f62b636d2c6c55bd5b5a08639aee7f767611e295f285ddf1e04c2aa010dd3327f2892df6d561eb04be4654fcf74cb6f9feb932ee7085

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ed4f88a993a327f07ec2544740d397a

SHA1
e34ded01b8cc50cf564df0989716d1c424a85a53

SHA256
5be765358a6cf62cd4aaadfe325614d32464c6aa23f2fb730e3a41cd9f5703b5

SHA512
50d8eb75b8b71e462fce7fd577f20abd6adc603e85fc6afbb824607e61969ecb50a250f77e98ebbe18c5a2a4e3a5558d08fcb07f9688b89b63c393aed7b9ec26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e9b74265cadfe96c95256aa8db8bddd3

SHA1
6d346913b454572a02b45f866eb6d730a2d52022

SHA256
dbe2bef3da567110cd59f4b8684d7687301c922383c080d2de89a261882532ea

SHA512
65951d55a45bf4b65c8a1f83e961c8ffe6b20c14d3fee529844cbae43655fc753a5494fbe46025cd5d070153598fe27631ec47287856c779e41bed58adafabea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5020be700541332cf1b4343727af8c2e

SHA1
e35b27fce7af408da0e958e1b76394fc3f5ec356

SHA256
0fbe7b01bc2648fdac26442f54c4e8ae4b8727b890e5e5fa3b14f52834e16d47

SHA512
ea0a85fcbd2b72c425577bd90e73457edf80a20ba8d9dea0936fe88e6ba4f117d9e023401c6758646ac4907c2f36e523e21f477ff151b5c93b4633f9c498aff4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0bc8f2e8be8c5f9718927776114d3de7

SHA1
04074c1ac121301bb4a35abd4f9da1a609dbc267

SHA256
a711973ed50deafc318c60e745917832d6148db5241134286529f8f563285240

SHA512
a7b5aff0be3c805b0e9368bc0c2a612256f8c16bfb51d5f3ca7da3a5e98e1bcd0417f1e2a40df7d2535b2799474844cbcb603e3ca9c8591fc6eee8dcd5f038fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7dc69282fcef1271bb7cf5bcae656b8a

SHA1
5a021bf9ccfb30e0821b6f76bd8b41ea8d66a54a

SHA256
4df5ea4a41a204c855eac1b8cec81d9e183169f4945ceaa786fe6a1432080bc9

SHA512
c71162af3cbbdf4f789d1d49a4593c77c001e1e4348afefd5db0bc3e71d43d7ecfcaf480120746d0769a9104f904fe467c5b03d86017090535b7088876634425

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
35ae52152a5eed1cc76707331bf99b53

SHA1
afe8ef891099f90c0e301a70f70b17dfa7d58397

SHA256
9c550b219a6836121867b6694950d81cde422250ac310b6ac407ff6fe183c3f4

SHA512
20b402f6f8411fd4b8ea2a46af95131c5cefe87085a9e68c6e5f2de5bf46dda9702046424feeaf3304459f2f2516d29486c350220438a1f0ce2d4fc5428164b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
38cab8372960547c730b7c4f7b0ab70a

SHA1
488fbb57d69117385c077dc744b30c09fbb2ebed

SHA256
cf657c3586de8b4a376df1d8d461420585138cff386eb6df5c88c2e9e5a0f8ba

SHA512
0e6ee7c60be2788cb817c9c58cede77e25cdccf60d14c569e576af270ab726fae8aeb99a44555901d7505f9e9726e61f27479c192b685c4b8ab7e1eec54abadc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8b2c6550f02200fc3243ab95feb4c814

SHA1
1e1f764dd96f5d851f42d7764f9065c516c750f9

SHA256
fa79ebea1bc1f8e3a65b0f960ece904aa29641b9807881bf94137424c0343e90

SHA512
266d761567949f610bcc1a98c244f092348cf9ea660d440dd6c36fc175ca477cac36376b07ac5e792e98bb8c76d06107d443b68b67424c917d36ed82ba0f7200

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
abc8645eaa2c3eb3fd0c59b731afd0d0

SHA1
a5c1f1606579810126e749c96a480f0952f9c264

SHA256
243faf552a2368bb504635954fe4f070b8754a58d084e850cf1d37c66dbf283d

SHA512
cbda7c060584b7158f689cde24e574e96ecd78855bbcdc7cb3231e74cf46caffa4227cbe6854f40bfeedfbafa3e015f604fc8d3f85a392f247233ca66f12a3fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6DA4.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6EA5.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit