8ef0aa04db9fe87fe3e9d92103882dde1531a55f8c7fcbceda55f8ae4f501435

Analysis

max time kernel
136s
max time network
135s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
25/03/2024, 23:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Q1nr7V.html
Size

1KB
MD5

0961eb13ef799b1c1f2a335965f343bd
SHA1

5d7ce0e0c0137d85da4d7ced88bff2bdba80ed20
SHA256

8ef0aa04db9fe87fe3e9d92103882dde1531a55f8c7fcbceda55f8ae4f501435
SHA512

554458650ceec6f091e6451ed3eb46141d98deba5cab9fc54c0b956b90939caf5d846edc6ae4d368d88a964c2259f5cf9fcadc8f7e610b30928ea65af9b5c777

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "417572379"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 407343030f7fda01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a529a2e22ae42f4084bf8a2f7b0415b200000000020000000000106600000001000020000000ff6f13759b2f0a1af314c2dd5d3605cd93584a6581866f1afd90fd0f89f6be05000000000e800000000200002000000010de55e542301af6c3d68d27a6ce2c869e28ea63aff7191135b9d89e65b266322000000048c40b7d44c43b9af7014aa8c117b069c561f1435e470d43d77081b8e64b535d400000003a42c5141077e69a956e37ab78b6312c28b60eb54779e5f44dcecdb09be0fc1874d53e6b73f81227210804ab45ab37fb8e2821842cd576196a421010d00bb6cc	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2E4955A1-EB02-11EE-8658-D229E571C05B} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a529a2e22ae42f4084bf8a2f7b0415b200000000020000000000106600000001000020000000e33474a678c7ee067bad2087472a91658f0ed073aa795fa06745d056905e5fc5000000000e800000000200002000000023a0f8de4009553de9511434a7c277f4a392edb70ee28730fd931fea47b4bf2190000000e00e4b01ed21d7ee8aa5c8e82f6ddba94a73471bfa2058b6455241b852dc9ca5ba69f33e740f0c47d1100a9a2c278aca70056832ea944023b54c53ab899b23958475a1c829c3d43868e19455a90109d4a95c5d6634614181eb64ff80486ea3db981a7e0bca999a1aa2c39b2075310cac2f50ff42c2a930c4ae599bc331464d6754e84ea52c29bb95d663a169e39ed017400000000d2948cb088fc00c877819a05306a108dbe5885135d656f948e424cf17ea46d4b6c4f0a4e9d493a08e06a72024d85ffaac9710a7ca595d28429bbb62097387d8	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1708	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1708	iexplore.exe
1708	iexplore.exe
2264	IEXPLORE.EXE
2264	IEXPLORE.EXE
2264	IEXPLORE.EXE
2264	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 2264	1708	iexplore.exe	28
PID 1708 wrote to memory of 2264	1708	iexplore.exe	28
PID 1708 wrote to memory of 2264	1708	iexplore.exe	28
PID 1708 wrote to memory of 2264	1708	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Q1nr7V.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1708 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9cbf3374d48c555f762ae8d7c9a068d9

SHA1
52f9701747ccf833dcbc86e259b50816ca397c57

SHA256
1b9f774f5c594d937ba155064b36c5a785f8a53b7b29edf2950157a1d787060e

SHA512
174807986b0f281c4527846045754834eb70fccaa630016aa0987abaf9a306c0ee465b04d133f540ff8150add04c2b3a07c3f7d027d66c18ab8ef1db2ebb77b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
20e599f26a9e12940be8a35f09447047

SHA1
7dd19fbe0e5c3e6c7b14c92dac61168cb4bf8e4b

SHA256
86ca54131b975d3ad0c13b147607f3252a4998edbcb7bec496c0d9f51bd3b31f

SHA512
3647fec531c449272ab32d6f93f1b3ce7ed67bd4f8b51acd91655b745c27e7b8e5b57b43b726f23815e5821f5932d2d80bb5aae5c59c07b42ab35f3b88c0334c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
67f253ca80320d862dd5b80f7dc7833b

SHA1
b54ac6e2ee119e7fd8a3f10eb10742ce832d5820

SHA256
81f0a6196ed463132aed86203179a7e94d819663837cce1173657a54eec56fc5

SHA512
db173fad597e881f9d74a9c47f17f6723e1fc0a171ebc7c79f8a1939d0170c5a6e3938c7f638b3d8d05d9507a3437d21463d1bfea4d8725eaa8b25a2f2aea9a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75ce50379981b65e61002ca1271f77fa

SHA1
33e6e5eb9503a9757dd6c9c3f981ec781f96bd8f

SHA256
3a4f1d5dd07805fb36d8534716525d54436ec895d05a05c45f42010308734eef

SHA512
d1f91cf85f4b143e78165466b64eee027df12cb712f665789422cc36b4c24584a06cbe4b51bc61af77db8b62c6eac86b12e6df86c7562229356184eefac72719

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
55e6800080b92cb12249fa2c764dbf21

SHA1
db485f841240d9a455137d8220e0b46eb4888afe

SHA256
eac9db6dc4def6815dee02626cd8aecb7fd75eca5fe9e842f5260de83c7af5bb

SHA512
3d2870298c27cb9f2916218f7564ad56ecd82b4156909f8c50567b37e25d11145095dff027580bda861e25bb87aec8813a617b04f8e864adfa4f83e1ecc14e1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
70031b2c63d123daec93db7b57f99f04

SHA1
b831c89837d4f04a9dab8b0876a945ee5a4674f7

SHA256
dd0f4bd8858c54888bdff7019d9a18a3da1320a41a25ed203e9c89f3065f492f

SHA512
fa8ac010fcea8bbad466100b43718465df4cd8b1627a1c7e3e363b41cbf76d990874937b627590d09f3a6cbda7f1ddac8c4a4f2c4720d691300f514fd62599f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c4cdacd888084a65446745c8663b05a

SHA1
03a01cd7084bbf8e2dfcb31afc4bd0f71b197f8f

SHA256
db3b556ff158bb008703fc13fc3757f1937465d2a6e7e84cbc331938ac952099

SHA512
64a133e5d313e09f65f0716ce004c31b0f63f814469dec6b51a26136f14f9581b5181f1cf86869f7af2987dc8bfb94c25e3e644b94901195385400bf7e26658d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d185efdab6fa56d6b21b1d9d2889c4d8

SHA1
325a5b5ea3e3e2fb8827018ca863995a186e0f20

SHA256
310883587b0f49fda48e8d6f085571bb0bc98f2a15e0ff2246a9fefdf7409577

SHA512
3d1ceae1dbe6e943b96618d46dae92f86eec5111e5b1e22e89d363c4d3f7984e8479c257438993bf4535441b44f4b3dfd6433ec84fa7ab20aedec075b204b128

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e67541399090e15331267467dbe1a382

SHA1
49a652ceafdd6ba947e067152d2735490984f9b0

SHA256
7f0febaab22bed53f89deedb03bca728ee45134fc46e2f1459272a35a6a6aac3

SHA512
adc0795fb67490f736b61a82b8ce2ee24191c7e7da24bf61507707800e9a826e597b76b8456e084d080b24093a8bf7a51fba241af16619aa861921b1a11acc41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b3fd1dff22a1d2fe772593f18323bc0e

SHA1
c5cf8a6f543d1bad27e1562216c87f55da14eed0

SHA256
73f08fcc1ea8856b3c5f75d807b185ef84b3c8ff810b2694cdbc787fde2f5589

SHA512
8291c59284599af2e0def7199c152a74680a306bbef506fc453cfa025db7cc5e01b73b672aa3dfde7d165c8df158ff3d61d6b9b06251d1eb7764f4fb19340e3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e76059ff4cd03e1bea3fb601cc21579

SHA1
fe0519ef38e7bb5921740f8110336e393aff4ecd

SHA256
453b1e5444bd10b561a744b16b1af9abef51bae14b0049fc3f151527d2a67817

SHA512
34af268e92a9705b57fd79fba80988b84507740a9722466b74435ab09b098c45542ac152e2e1cf96695794593d18f6fa8049961357fde24cd292f87a9b01ce68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e15372589033a4f778303a1265b5d491

SHA1
e874418814000a8210bcb4f59baf097b830add98

SHA256
5ea61abf61a125edcd0f4bfdd806a60cb53abe1d8c44e97d3fdde0b9dc6d606c

SHA512
0b10bb870f58c479debede497984383e9d6131e8a7a098f029ebd4e01b56a3083a0180a0de93f2bf2e4c529c6c8449b8dbe748fd85e5dd0e69bd169715c0612e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
584233ee94a52c0da945e9b903d5a6c1

SHA1
583d26bae0470cd72e0a92d7535c091aa4e3df58

SHA256
73a0c1a78f388afcdd7a3e3618e0427831cc93feb31bdac9051a82b312178f72

SHA512
f8af60defdb76864498400616437e452ee653d4985087e111a82604958ec20ec64b791655cc63b0886dcceb3c69b5f997d2ab25a0eba80842722fd08cf0e7d5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f0eee50daab75d5e8829457724440a5

SHA1
50a6b335b24dab463939cf343eb4e341f2340142

SHA256
275f51b730826baf79fc7b0a37a0d866b17317bae9f31b192d2e64ca3bb34cc0

SHA512
02f0be060411e38526162d111b87b3ca2eb54599125034759909471f39d6a9a0886db211cd00e9eb5175ba110dd2801728d43d1f1c8fc3492b0f707360a54f97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eed6fc45432509e638b0acdfcd1b6bde

SHA1
8150006423dbfe8be1ab8bf9eb7d6c82a49457b6

SHA256
0705f5619802b22a3c6c259c24167468928e6d0bd12c26e77a534def53edc4ba

SHA512
65d266ee6ccfaa70be15c945761bb460ffcf4a3bd81039c36b054ac5bf48c53e61ac2fec51850bc0881df675543a3bdad272c7e1072f15e2c521abd42df622ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76b2309a0aa47a47c58f8e842aa143c6

SHA1
5797b7f056dbb6b27246f478f2272859d7f4a260

SHA256
4379b70afc302bf936bfe520e5d21e8c64e9593edfda6096960f3bda1c3d00b0

SHA512
c32f0c8c96f9b2aa2d1d562eaadb1891edcf7dbb5f9db30f3ee36623c71faca292c100aa9e9a5fdce6f74f82fc3fd8848e0682f36218fce57d555874d799e720

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b9a500113223621e524663e16c8fc856

SHA1
22d566a780105c1acf5d4eb46970d2386a7801ee

SHA256
dada5455888ea59c6a6a287ebeb4b880092118b46970f998be7785f9c28701e8

SHA512
b0affc53cf08dc3f4df9bc671f7e353a0cb89d5b90172d2f72d64ee3ab43d944b41592e1426502ca2184a9e3bc37b58280b92f68bd1ff58a9b559d06fbef6f08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
01d65da1df3854921386a8111a66af2c

SHA1
d891f51a5a8f7c00a95fac29b93f457404116296

SHA256
406576ee3907da155379dd1a8013479336d381eb0f8e78198bac2a494d582f40

SHA512
48a07798f8d04532db991f69b720c0f15ca8330ee3d9677d320c2a7e7f3f3055f2d0077567d33db4001e0979cfcb9a1be72415715147ddfe2b1f18098787fd9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5F14.tmp

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6001.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit