15e1d54db16d949bfb19b1a0387f8ffd2c2b4e9b4708923da15e328bb07800f6

Analysis

max time kernel
134s
max time network
137s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 17:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d6be9a554eca3a61d0e6adf0aeeddf96.html
Size

55KB
MD5

d6be9a554eca3a61d0e6adf0aeeddf96
SHA1

159b2091538f222c52a27f482d6341b845fe535c
SHA256

15e1d54db16d949bfb19b1a0387f8ffd2c2b4e9b4708923da15e328bb07800f6
SHA512

c85828e29f51a4c066f5222cfdabd4703d337fe337eadfc697cf95aadccd33cc15f15142fa97a827522367b909ac7fb06bd0778535ab2de6ecda18546a32879a
SSDEEP

1536:AFSk4hMZtwmHtDbHv7oyiyKOflrA0JeJ7vhC3QEyyh+tt:AFkhMZtwmHtDbHTDfKO1A+eJ7vhCAEy7

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "417032415"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F8119711-E618-11EE-9587-CAFA5A0A62FD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2020	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2020	iexplore.exe
2020	iexplore.exe
2188	IEXPLORE.EXE
2188	IEXPLORE.EXE
2188	IEXPLORE.EXE
2188	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 2188	2020	iexplore.exe	28
PID 2020 wrote to memory of 2188	2020	iexplore.exe	28
PID 2020 wrote to memory of 2188	2020	iexplore.exe	28
PID 2020 wrote to memory of 2188	2020	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d6be9a554eca3a61d0e6adf0aeeddf96.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
afa55570eaefad1a8a1d1230bc2e5534

SHA1
760aab283849506a817dd3f3a747ff5dcf6b1a87

SHA256
3a39c8491c8a4f9f57f49221bbaf876929568a4235f4647cc4c730b1cc526aa3

SHA512
386b540dcdc1137ad7854732735e6ec3d3d2abcd8fbe02f7ec5f5b69563ee934ba55ccddd5e5188474f0055503f4dd6a440779a047bf075f16dacb297d0f6cad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
b89fede9c49c297ac5a28670eb196221

SHA1
007c5dacb40bb3f9b4ce59115c6988cf6ee54ec4

SHA256
f597d086598943827a575c517f8d29188f600846ff16f5998e23ec85110b1e82

SHA512
cd1506d6ae48702f9c05b13038d6c1efc9a54cbeabd619fe8cff5c8e4cc12525aab8debf3e790ccb99582fce8f3850d87fcea257a097ef891f1c14bfc3f6c90b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
e51784aaca143550cb667df54755bec1

SHA1
07d5a6ec5f161dfc7cfdd40751878e2b37d674c5

SHA256
2edb139ed5ceb14ee105ab7419a05c7261496e5e52c5b77ee9d99350da278e50

SHA512
79c81156324c7f5d047ceb38ddb98116669d46ed39031f631146088167287dc1a38033856db7b53e0d79eaed5e9c912136275cd6f4d5c5f1f4c0cc3f40b5e342

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9139b13b75351e3e8e1daec4e2afec0b

SHA1
0fb5ee8ee95eec69ff5e087c4cd54438a93f51ef

SHA256
54acf9ebe66e3db35cb484f15106cafa85126e39ce9a5d093ac567172d101653

SHA512
6732ca2005709ef43918a0410228e100debeda25369c3200f51166fecc1b885115d5d73730df49f5fc5f72116e4f212fddb1532ed2b794e62b919471ae1b1355

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c285831b6bf44dfb47d91ece0ef23b66

SHA1
13d4e64f864d9ea95be47de2f178d9ed577cdce9

SHA256
4aaf1b5099ce98cc7f3729981c5dda917d0590c382686fc624de579f98137efb

SHA512
0f00062dc9b2b30eeafe245c3d17bd5b827271f13b440d3091c5944f045f8179f7a2ad2b8aa9206dbfd976c53b9b08a49ba2c2753d7a87ac3680215313dc307d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f426db9add9323e41b297a4c21eef2cd

SHA1
a71a3b6b18fe3b3c06a96e982faaf6a74d3b78bf

SHA256
f6df54ca4b4d179b6477e3ca185f48a8e3382144f2e8b0c8174850a33e83bbb3

SHA512
931269798cc58039e2f144f0d63e03a4defb2aee8fcb79df9894972859031b8d1c825c6c320ba9b69fb3335945c1045289c4feb601966e119e09acdbaa5ae5c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9afb20d81166ed7b8c58ab63b201d115

SHA1
9e3458a2d63b2d7c0dfc21bfd03d2338cc2efc07

SHA256
7fefad76c945c5279cc28dff5a26c8bf0c8df29c6f7fffe3c4e3cbf9c7fd1b2a

SHA512
c59c3bfb334fff646add0de43be8f2d378818f47c4878cd6c90912bb5f69626050aa267e58dccf9d032a3b57bb7a59f4058cbaba2f4d393610cc629d86f4bb7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9fee311246909d5afe512a4d88f1486

SHA1
51e6098af7312f7dfbc675d7f995a05bc7472b9f

SHA256
61a3d335332bdb44c0b49b4e6a8731d79e43a2c7d97892a70ae471233a8ef91e

SHA512
390f24a0b61f37ee70a207d9753cc65fcef98803ff523075a1773a344a8efdbab973b543eed61b3d0db13cc7a4fbca510659a93c3734be20535dfd26c31e4955

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76c02ae5ceacc2a87511b650ccd4105c

SHA1
704d542bda0e3720be1cda09d03934242302c1fa

SHA256
a06d5b250e380e198bc549d01b92219b6fc76c71e6b1ef3faf865e1d56fbb81c

SHA512
605ce5b0f1889be75b49bf67bea5a78202c911a0fc0ef8ec7f97a767ec2ef60498f9a0719039565cc1fc7886797f5c0ba368442b9ca5beedcd528c2888de61f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d6d63b418a952870ffef640090ada797

SHA1
a408d23159c12164a16a6c2ac30a4b0feeff8418

SHA256
cced00f55f02feb47e47a7be2b6e809ae12d80d136f6ad71ea8bd6117f34d06d

SHA512
860fc49888bae4c007bb2ad5581a36ecacf162570dfb7c6cc59dd930808ed518b77440414d3cf6678878683617f24c99e7d5162ad44ac8c76a00fbbb07e8658f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a74d8d554e47763d0253267d7b1f0730

SHA1
a8195036324ae7847d06e19f86919894630763f7

SHA256
d426f7dd91a56755644f02f049eaf9e299db0760be3beb83fd061fecd8640c02

SHA512
893cc31b6c268a89ca344efcd407abb6e626cdefcff4973539074cd828b8c67921bad7b72f39aa0ec8133a7f58432129edfc8e0803d3b569d28e3975ca67ef31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
948917ddb355952fe44981bdca8fbfb6

SHA1
4361ecdab23be8a885b312ad9013ff38d74b8483

SHA256
f62cdace817e4dd3d6fec4e45783839bb5855af55b325a17d245032c2d1692ef

SHA512
8e27e8f8101f24a0b09860dc6f1cc0db81e991f71b1a2b68169b330ec7fde61c1b4c0efe2f32f8da84a6238a6afb1cc6f95b1ad658699a724121acc6287bb1df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc9b952dc8c29784b577eca8a1cce0f8

SHA1
43f34421acf6350332bc715a6d03a5b97e99ec2d

SHA256
a3b33d8088a3da1654a286b99d2dde93e452b8ba2d9b3e4f347f7d23fd01745e

SHA512
88a7ab496f95a7449b5cf442cb8745a3e02ceb24a374921e148749224b534e5e8173bb5aa70c8f65d4c338eaa9bde3ce0808586e73c63e9695aceb725645687f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52b677f5c36a20f5d81857116b167f1d

SHA1
7f19570573322c933b79ef0697ef031274659581

SHA256
264d8572c3b62948f59910b355e286740ddd5311443ad3eb9d75f672c7807f62

SHA512
46a58023a40e3e166d5b2fb34e980c2c5b41a1b3697b745f746293f9d430d097ab3b0bdadd280934d06b2c86f51d61bdd53b3d361fc2a9428856a987a42eeb5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
8a18f5b8cb7a9adc29d8d9a0bbdc40e5

SHA1
ec0adb773bdd2aa515f3b3e6ee3508b60f81e97d

SHA256
e9f27aeffece475ef42dec291795ccf1c696e74cd805d5e389c824eb43c697d2

SHA512
8ae4ca9679e17a43a57bb36d2a38449772938d31b016d7741e66bba9fc295b73b83fc9b299216ef6a3f75bdde49c785176f4a41775db85b4f493494d18ab109d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75OMIGJ7\3822632116-css_bundle_v2[1].css

Filesize
36KB

MD5
d390c06d2ab36f422aa956a5422f641c

SHA1
3451d2fa56bf7d5f66fd09c79376dd36fab85e46

SHA256
224d95cce08108610c46ef4134793dbdd619e43e90e9d9cf42716a08f45222f9

SHA512
c83883c9b97d9c88ac6d6d9761675d93258faf05aab621203b367484e8ce1034f43be4b677646267e3961f375f9914d275cdf876001133a27ff7ec3c2e223df9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B4HDT8MX\jquery.min[1].js

Filesize
90KB

MD5
397754ba49e9e0cf4e7c190da78dda05

SHA1
ae49e56999d82802727455f0ba83b63acd90a22b

SHA256
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

SHA512
8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CTT6L9LH\platform_gapi.iframes.style.common[1].js

Filesize
54KB

MD5
ea9dd251399dd23cfaaa58cd75d83802

SHA1
fc80615d89aced96d1c7d9e4226b1b39986be9a9

SHA256
e924fdde63edcafd0ae3c3f223cd2ac30c8cd2f71fc6da9267566a6a3a285ec3

SHA512
1d0640ba21d600a7a7f6d1eca0d7c7d22aff87d074c97bb9f3ab44ee9f6dafc0db075a2a39ff04c0e721b2f046aadb8ce1e860a73e9f0b1123d70e6fb59246f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2GIJQ9P\296009378-widgets[1].js

Filesize
147KB

MD5
096e9507c5f13a454d6561cf4b78a395

SHA1
e68257442e0c549b12ee6361c29d3a152e25f6da

SHA256
57e3c95ad821e333338d9e6df4c624e2755e367faba918f70e45d5c9eaab757c

SHA512
0462faa9d771d489b4ec26314e7ec0b1e1e82097b441bb2e5e156729c081378ef178b891278533ad97ad83d6da2cec256db380c198df9624b4d99c1f63a82833

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5958.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5AF1.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5BE1.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit