40585ce27e2ee766cc83fdf48716cfcb2dcd2d4cb8745414d754049fb9812c22

Analysis

max time kernel
362s
max time network
365s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/03/2024, 12:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

url.html
Size

1KB
MD5

0ea4db3b802539449e84bc1a7d5a06a9
SHA1

640e6748ef00ac685c7b65d68bd7357262afc281
SHA256

40585ce27e2ee766cc83fdf48716cfcb2dcd2d4cb8745414d754049fb9812c22
SHA512

4df7260af1440ee355330710f0d6a08832d0442e522fc143c7383eef5192c7136516c4f68a7a258d95c93ed8f612cff2aef17e4b62ccf61326c033c32f00bc46

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90c14744b37eda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000c12c25e2ddfb54dbf19c8710c23067700000000020000000000106600000001000020000000250e471e6ccd17a828726028f52a1777812743d6f78246dab3db06a5bb9e5e37000000000e8000000002000020000000d2bd1f9f5ed7169be29db55b4a4f708de1821168a46b5d36c8ed36b5bb213103900000000315c424feb2d1d19b2e2013c472efd3cb73125bb3d42d9cb2fd77336e3bf5f336adf840e2d0d800b1858e745828646a648b1ce4341df117f441e0c823e57339b15f23eec3faa615063b0f3b7ef486d0b10659ccb84dbe09b02761c83422785996f633c587e3f76fefc49c6ef860ca7c227f60622658ff3cf1f999d3029ea3050ca4688de778b7c40aaef1d4672d59014000000089dddefe9fd6171d7edb3c079c534eab754fe680fbc84d3bb6871f8379436d9a11407762bf1e0da8f2e8f66e0cc0dddc642bd375d7026c691a31a5b13ad26c71	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000c12c25e2ddfb54dbf19c8710c230677000000000200000000001066000000010000200000003b04ed7d9bcec4e6badf158cea9d01159ee7408b841f3c3b0cf452cba47a43ca000000000e8000000002000020000000aefac0ad0009c22c441be03658122ea7af937e25f1cc4948dc1d32b16d6d57da20000000353f34d4e4dba4bd6f51415a9ad54d59be8bbeeba534a217bff87f184b96323c400000003478674c706f78e6fc4c09eee53ebd6589657e1a608d583ac045d5cbaa1f837043bad5409cc1805f4812d3c4cf4755794f81d22660a20dd13da62fa2901f3e87	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "417532985"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6F838101-EAA6-11EE-B1A6-DE62917EBCA6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2408	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2408	iexplore.exe
2408	iexplore.exe
2868	IEXPLORE.EXE
2868	IEXPLORE.EXE
2868	IEXPLORE.EXE
2868	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 2868	2408	iexplore.exe	28
PID 2408 wrote to memory of 2868	2408	iexplore.exe	28
PID 2408 wrote to memory of 2868	2408	iexplore.exe	28
PID 2408 wrote to memory of 2868	2408	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\url.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2408 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32e60d4a2f7e2786b033d8a37fde3330

SHA1
6627c72a9eaad1a628f9f694529326557385a0ea

SHA256
896fad504277b74e92176a3723c0dae73830374fb7952cc8848e4fc43f752b0c

SHA512
15ea924335b049c8b4fb5892dd20aafab17a9f94b59d73affc7fd0cdd989a2d59cb81b4ed95ddc73ec5e315e8c7014be759379ac00bbc4ec9478a0cd8c3ef720

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1f93e5e6d963679a63d1dafde099974

SHA1
e46d8a98e67273b117f25fcbefe1c1e332b46e1f

SHA256
c8a62195670d48a245088427366b139ae7f3e9952fc5b6be40a0194114f0a292

SHA512
eb11f863c3a0913e30f8490bc7e4e82af3a0a5f40bb9dbfd9426bd445ae15ceef321c5cfac61ef78241021c5ebd5992e0c7323ff447efd79c28b39abdfc4204a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a17f9c4cc38ff8b224a4e2cf3b0655c6

SHA1
be3b1b5e17dbc1c2079dfc94d0da09b856ac286b

SHA256
ec655be60aa8370eae857b1a3c0163e0df0d9de061f8d0e91d1fc61a3a695116

SHA512
c0340c57157a0921dc0043c492dc53b411ac7300d597e723a75b504041ffc3fb29062dc628b8f9bc032218289c894f5049df1909985da5e244f391b232da490b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c512e9156478760dccac9b539cb81815

SHA1
d8c3d0b003d07dd5192762365b6ff1b681cc5452

SHA256
f3357a376b6d5847856dcd8f7fbca460dbeea12bd63dd7eb3eb5b5ee66e14924

SHA512
f1e6a136baa46816460df3b8f30f4031d04027f863c1b15f14f2f7376f78865fcef760550008a86f7d6bedc77a80404370621c97878512adf5f242850a740331

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e8bfd5c66492c11aa4d53b32fcfabca

SHA1
a5ae4eb472169e5fbc37ba36391d6d1405472ef9

SHA256
aaa4d2ac648d6cad1426e3313dc3ab37b54be18d9fd084e541f6a3d4c807bd61

SHA512
a50e2a81299685b0f4aa618228e8a162b5e841fe0a7986af0944abe10d7724cf9d42453efb2687f65e0ce2cc26ffc98e61a85b8159a0f222ac4ce8ba92382410

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e81a4fbe450973ca121810b172ae26d

SHA1
c8c246d214389d5135f13f33d5f0c735634d08a2

SHA256
4d7e08077f6c040638b72fbec655952bc5382569aa0541c484c6387eecb6f679

SHA512
e788c4725ae08a4b11a421b3f2d579e38c14744488100bee03a160c0a63428bdf641db0d2ab31e1fdf8d24a940c3bcc04c572ac28a43ffa7080d0e35f063c301

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
595b7b3ae0dc0ae176b8a46990bef4dc

SHA1
2f2f6021fb14e7d877d6c2c596446895d5ea59ad

SHA256
d8e98e5e8d23a6016f1cef3d8eb0d44f3bdbaf623ae98a071672c0f93b9a8ca4

SHA512
f8753727a47da0f5d8dd9ed281cf3166094778275c30c6fc0af22fe94e97f917e743cbe2917209e1e8ad863648c5666bc2f28064ab7436d1ded22ce51b74a926

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
929262b3e7d1089d9fe4e8456d6b6ac8

SHA1
cfbd208a3876b42d193ffddf67ec5315e8fb5909

SHA256
ca855a859d91094acfc82e3e4bd85f722b1da3f41b1c0a8d2dfc6a492594849c

SHA512
2efbd460346e273ee5e080e24bf75827505aba152717c3da661254e759d0dd42a03fc3d02e656418f2333b0f4b01357bfab358e71b1773d9182fb45943d14bbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
13340c5fdf9c46bf2b0c4ecec371d2c8

SHA1
e8655d4592a135d85ff0f35a2b9d83789db0d812

SHA256
ee8256d24819163132f4921577d53a75dcf58489fc563f35c12750c098b81212

SHA512
24268a2b9779e3966c944f4175e26084c647066d3a98b2019ede55db4b4a9193be3697ae0a4d92911c28078801efd751f0410f74cd08d4d96f10fa23e5e4ad30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
57bc2db3bba4b6c3f57f0f189b61f20d

SHA1
8f9f952ee0c425cd9ae3108c55770402efc8bcfd

SHA256
ed0d19983db7c66819053bff3b11686d8625df2a8db059217264cb038b1b50bd

SHA512
d960fd39a8a258c10426d94e428fdb8ab4ef873571d2ada1ea0f26212c271ba357cf752a08a654a15c6d44aba4357c3b18fe0d50af787d00176f1b276b6a3aa2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8b6aca9adcee3a54624595ec3005744e

SHA1
8ad2fb9f1f672a9dac3bb7506909daf51b6e50c3

SHA256
929e810275ed5f4acc0170f7d659743a82dacc3f3ae9582a8d60ff9d5fcc881d

SHA512
3516999c76467e5f703f963b1f39a91cad16e5bd8d32d1d5f487dfa89748da53e9d0f34c6db7e90021596c7792db1093b500020262fba15a382db30bdf9503dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3331660a0b7c182da2b23ecdec2fa1c4

SHA1
7298fcac3decd22425b51a6672f0ee9915ab201b

SHA256
3684b96b7abc647c8e2fade9044b24231edda784c8c268bd85cc5c6cccfa2bf5

SHA512
d5b749376c0878c9dd9823c5905166c16f618868501c4ff7ea754392dfd64c82d9e74c3d6d6c853b51136cf5391a7e5eb0ae7f1267987bf1ce0086f3b43f06a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0cc5fd94797cae0975f54b24b241131c

SHA1
7eddc5703bda9ca643a227cbe0354ef52ed6ad79

SHA256
96f5f6fcb8b4f7618266a811d72cd20ff1d5f115af8798cad0cdcb8aa3e43fcc

SHA512
e03c73ea004d4bec448a6474abaa04f1dea389ac6ff1c91bef792fe6d19b660d1587efb0176e55137c28ebe9bcdd716ffd1cb0348a4a14e1c7b4c419e52ff50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab60A9.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6227.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit