c4ad45e8317fcd67a9cb56a7dcd717f5b8ec2f66c859d66319e473bb9f140386

Analysis

max time kernel
142s
max time network
143s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/03/2024, 15:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de5161dc56d6374054bb86eac56b84a2.html
Size

23KB
MD5

de5161dc56d6374054bb86eac56b84a2
SHA1

75150767460fc3b7afffdb719f29adbefaaf48b1
SHA256

c4ad45e8317fcd67a9cb56a7dcd717f5b8ec2f66c859d66319e473bb9f140386
SHA512

f12800ee48c0b1a1b7913c500d42072f112dd7ab4b33df2fdaad0ccac72e6acc5b70fd42e49ffa906a869c3bb9cea120636515f92c89e48ad6534dcf8437c24d
SSDEEP

192:NoHoRawb5nrnQjLntQ/knQieynInQOkrntiVnQTbnYnQVanQt7MSnFnQ7XnMnQTw:mHosTQ/B9O

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 807ee8a5c77eda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "417541728"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CF062881-EABA-11EE-9DC0-D20227E6D795} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e00000000020000000000106600000001000020000000570ce6136e7269705e75ab9cc5f442cae25f2080ebb597b8a413f8bb7937dba2000000000e8000000002000020000000892df6c6dea5581cb8b3c6d57d6ff306308c7dc8aae0f0ab0aef6d57de8db33f900000008f2a39e349a474884fdd8559542a46f61d691f2725a16bd8a515de7fa1b381a5131d048678ca27e21d55aad0a053f624c6efdfb3094516f30a62b084ac6d5a001760746c3e28b6e8c3ec8f112e3b605822a206e5fed8896e28f98aaedbff4b992538ef38b47117e87dc13d9dac61e49faaaf27faffe4e97e78581faa932ec6aa5502b5e726af38d1618c472fa3d703a54000000090f9800b32f5922a623c547bdc0a9b7afb42ffe9a304109127350a188ce0a1314097972c88b498f5891d7c13e06f2ccd69cded7533864b0128913e3389c91e83	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e00000000020000000000106600000001000020000000085849811ece6758ea5bc8cc268fb5c7215a01025a2c77ec62d63226a591a306000000000e800000000200002000000097c117db0aed17164707bef0fb9e7abce4c43b37528090b22f5024844ead16d22000000013a5beb214dfdbbed3cb7363bae464018d39de0e48155396201eb88fc040c8a640000000df409a613db5121d766410f0b9957b17d84f7330d5314e846ddabb97dde5f7edfe3a13efc535a79b98ec9a1ea01910c07531b3a4341f2ebbd6a93d7ed69b17a0	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2676	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2676	iexplore.exe
2676	iexplore.exe
1988	IEXPLORE.EXE
1988	IEXPLORE.EXE
1988	IEXPLORE.EXE
1988	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 1988	2676	iexplore.exe	28
PID 2676 wrote to memory of 1988	2676	iexplore.exe	28
PID 2676 wrote to memory of 1988	2676	iexplore.exe	28
PID 2676 wrote to memory of 1988	2676	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\de5161dc56d6374054bb86eac56b84a2.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2676 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8592f9c1ee986c9d322531c96dc1ecf

SHA1
ffa770049b2386a97ec7f7d6be57a59db315ed79

SHA256
e97c66a6b931488987a6eef98bdaa048b6ab12749b8ff9a0563ccc6345bd3d4d

SHA512
62a05a29505c4537de45e5a9c0a7abd3b06f4736913ac4104c5df5e3dafe1a5aec58cd06dc88f0bce43d1b4a49a8210ce95d4f3d9394a45133d85145e15ce12d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e3b7a832a33c09ea58d19fc430a0fe8d

SHA1
a76e549b411197c0a3c3c067d442fd53ad40206c

SHA256
d636e14331c2ed932011504e3938eccac8bb33454620f0351a9d7c75bfd74011

SHA512
cea573fc06ce4d3a204d90d8f9fcb62a74db2e08022ff6c230b16baf689ef3801a267a36c9338a47f80d56f30d16116c409904f39fbab82287bd2e18a4181b7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
150ce1249797213f80dab46094d72574

SHA1
41edc2501abbc38a816af3b1e9e00e10509e8b13

SHA256
7ba3f3c411aa650788357cf3e610aaad92903c3fb0c5dca997da25a56566a1b4

SHA512
f7c80367c5d4e866ff17416c5aca5702a4f6ac82db27243282ed4e3c98a6e674572dc03b85edc98f1c159af18ef2e51a3429da123064fdd221748e346524b3c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5669a65679457db06c7bfea1caecf4c2

SHA1
e015f9eda14048c3eee93dff8ec463934ab72f92

SHA256
f06e874cb180bc61f07176955fbb63e5139144eab486fa5bb19cdbfb426117c8

SHA512
b5b5988648e5dfc4de61668b9204cca420072f43c7547866bb7a49d1adfae3c9fd8c5a1b270bffdd8cfaacea56b4214837996d7a6c3b9bb164d88ad37ebd9380

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62db254a00445f67fd0b122898c04945

SHA1
4331fb0727a69f18886777d33e6e7fa88d4875f9

SHA256
25495d15c09f6df3b710ed3d3ee3cff0bb19081406ce4296e2a9fc299261c524

SHA512
332479b98cabf4f32cf426772bd6abd2f786bbe3b22b0adeca98d8f4b4a337e35d504c9bc20cc08a0fb7f27ea83061e999a8354f73c4289e53ca78aa265fea9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
232cc80ac5aae2eb7d4563f2f751605b

SHA1
b8c9ac102691b05eb84de6e01da753e270f275ab

SHA256
2df011eef07690b7f2d0dd278e6316a54648a55239ef877fcedf5a535496a677

SHA512
c5c54e0a3bca488b7fdb7540a30ab246061972ea095389d8c704a64312add6277aae470cbaf0cd58a1ca21eaadb973818a759cf29cc87ed4e80387a7e3a5fb6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
388a629905d1fe6a84d75027a1a073a9

SHA1
a54ae4f9953c36a59511f992d9b5aef3d33c2887

SHA256
c2c6eb3add7439f960829c7f803a1b95e8ecbc3b2ff92967a1ec98989482d7a5

SHA512
8b2414d83f314453ab4e9df2176fac788ecacfdd1813e9cb37a3ea054869e7ec64d06f3e8471a5d32bbdec36d7e98e2ff1f7617e24f4071df82f194fded3ed55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
143f3b0fb482bc3d21cc270453d93c76

SHA1
74b3a358c2ea587fa1606403d9cbceddcf73ad13

SHA256
967c2f0f3d332956939c199449036135552bbae0d996b1b2d3ae7b3c3916f512

SHA512
2060307eb6a59999b36bd2d574a84076f4dcabc44d5548092b7790b0cedd08b56820290208b98c117140ff834d58c97ce31c20ab8ec31b3af404845a8b0c3295

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f9be304050203b53864cb45e63a0044

SHA1
ed35c3aa01311a1c2385f81bbe7886feb1f6e157

SHA256
066404af952f912f8fdc98553df9c3799c7aa28b4f6eb7d9f7b6785b8806c6a8

SHA512
8b9931b6d67369b0e22f9a1893567e850bae67b36de610f58220f63ae19010d3ca0d39eb5260d2f2d2030b47828725ba2e05237e569cf269a1a9de46437a99e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ed62bacb873e7d04e51e63e609e83e4

SHA1
18778529ad5160c4fa23effa7751ec06db149dc7

SHA256
191d8d76513d0becf713d14b407c3db4749a1318e35e69406f786979701dec80

SHA512
3f32451f6671908200d0dc7870f08b967721c63cfe3ac1a185841eaeb5df5d406befa91c25f776c0b5592f4c319b4f1714ef462020c22224ab5177b2f0acf22f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fb33cbf29f945bdcc05417ddbaf3a00d

SHA1
15d7d355048481734a297fa42645afecea9d747c

SHA256
e1c806cbc414c61cfb04cd1b98b42196c6813e5ce3af34888908674da729b078

SHA512
03330863162f3004c0b523eb5b6c4e356bac3ea10d0335494f5f43f1391aaca9c7fca685e59defaf508ba54c227d344edf883a7f4e371b0507540f74c2877952

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
73cfbd11d99a0b593f844774e47eaac5

SHA1
4158f6348ab1e0d38b4702accc6d0c00bc180f71

SHA256
25826a893c11e55ff49089c98ebb4570c008ebd78f559938d028ebf8a93753af

SHA512
383d8ebf65cfa47572a7f27b5d727997f7a92ab0632597d2dcbabf53c21fbf3f858bb0f0e598f78dc11559fafb46ca3569091bc48bb027428990ee5ae0b6fc62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a55cfdc5794781e80fc2580b3aa2c1a

SHA1
85cfa2d480b32a23dc424a2cff7ef006c6295a0d

SHA256
67de35d218b49fffdd37480ae4668f313e78ba555ada778a62da59302afe9660

SHA512
a481c7647ec1cb2f04bbb3377bdb734b79654aa074c1d053959f407f71928fc9e004a8bf262e94122200f6d29a0d1d4e098e4e80c024cc596e10e90b0c1226d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5009d88fd0aab58f7b43970aab3bed3c

SHA1
45978a2ba88fdcb791e58d6669e60f733593ae0e

SHA256
9e77bea6824ece37924e48e163677417f90d4fd25d841d196db0dcf4cbc8eeba

SHA512
5d9743f8c7a27cd25c8defe7897fee1ccaf9ea900cd6bd764c99107962441b9b962fa7ae13509dd9394e761e4d29b5d1354d3ae280f7991fc4cd3b9b7a8ae249

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
75f4cd72f89e894aa344925caf65fd08

SHA1
025459ca5654de12f5471986232344d1861d4ec6

SHA256
fe3abb76693833b0d24bb31b044f7b91a4ff7f6f0d5a40ded487ec13d1723253

SHA512
cfc2d76d0f17b92c41dd9ade5077b2f0e409ee66132fc2191e55ca70b413db61597321d10e89048a0cd591473b462148c10f302488c306640f613c4cc99c62f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab57C4.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5876.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit