5c2088f5923c169bded420cc9577f7e02a05b57821450158d0adb85a5ce26fde

Analysis

max time kernel
145s
max time network
148s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-03-2024 12:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df21140da6526a1b475c5f10ee44e786.html
Size

431B
MD5

df21140da6526a1b475c5f10ee44e786
SHA1

ed4d862e018797d2435f0e7fb2724a26e3bf1470
SHA256

5c2088f5923c169bded420cc9577f7e02a05b57821450158d0adb85a5ce26fde
SHA512

b0531b0aee3932bd821eb42641de9323a64090180cc6b2909322448c25d4dc003764592d74890f2efd3f3870f4da170b470ad96f5273471c499e980653822006

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d94d2d3723739f48802cd6414eea5c7e000000000200000000001066000000010000200000008623475e11fd623ed45ae24e669e7697439f6338dd53d252cfe191970718aa13000000000e80000000020000200000003123176e4b388ac21bfe51638e1dea0a210118e70011c19ce4bc19b2fbb9f8d620000000697132ad1a2ea5858fa0aaeb352959e9f75537b37fae31d791b892a5f68cad2540000000d6b29af5d20ea47a9ab5518696676aa8a373523c4ed916674906a2a7675f117d4bfee4ddf5d5f9d3e2d814e4ecde26e5e26682558cf6725ef7197422cb4a2e13	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d94d2d3723739f48802cd6414eea5c7e0000000002000000000010660000000100002000000079c539d98d2ee0c7ce33d12fbcafb93339c497ed3681e9f8bb65d67324e94d06000000000e800000000200002000000047f709b0529179da5cfedf80f71a2ff4e679cefdcf5035515cdb63f78e7ea6cd9000000092aa31949b151453dc2bc29fff3e8b744cfd4bcc9ef35938e0201d30df1066aab9265c83f228893a04193270cf17d248540556ff6f5f09e60a7530e208efc4ce0b996ab15f989001bad6381d67c536575ee2596fc56ef8e89f955fbe1d7d47c1c0c3b9e203373dd1118b0e962c72efd03a4620bb7944c02643ff44a1214449844ac642ed6ffe5bd6b0c16719b0aa61a14000000063e590e12a6cc2a190defc445321d7ccb33a49123b87a35208f094c3add85a98f30721e5f5fa6b55fbbb89e90646487b5701f97b43e5485050b6dd2a58c83080	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D0CDC601-EB69-11EE-9D31-EA483E0BCDAF} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "417616897"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c031c8a5767fda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
844	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
844	iexplore.exe
844	iexplore.exe
3064	IEXPLORE.EXE
3064	IEXPLORE.EXE
3064	IEXPLORE.EXE
3064	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 844 wrote to memory of 3064	844	iexplore.exe	28
PID 844 wrote to memory of 3064	844	iexplore.exe	28
PID 844 wrote to memory of 3064	844	iexplore.exe	28
PID 844 wrote to memory of 3064	844	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\df21140da6526a1b475c5f10ee44e786.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:844
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:844 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9285ff2230fb87071953c37bec29b253

SHA1
47218c765276c7a52e170d6c3e742c3978d5d048

SHA256
081c4125b89592f80b6b8764b3b38d29418c5840ec1461cfb02b1b3cd91f4a6f

SHA512
8a4705ba293eec91db7c33fbab0f0b2b4206b6691d5a4831f94cef88c0004ac68915778de9481f5eb75372a74130f08a468e0581e5a20187ddcf8cffcd63f9c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
947acae0a8b649b3cb84a920875833aa

SHA1
79500986ed1eb51857e9fc4bcf6ccbe13f9283ff

SHA256
ed074246e5b2379e813009236a76fb7e1eb7c537095cb143ab39fde9e8768fa3

SHA512
070a1b64f5a9d626df5ccdf7124ede5fb824c9afae4f99feb61d86b8d8f9235ad62debe9b0e133b4adb1a7d6274aec476d812dbfec350b00800afce6874d1c20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b37a95a7ec2929525c3da5d3260f5fb

SHA1
3e31bfd57936320c88dc5b9f46376574dd5ae205

SHA256
2b2ac277a6b11303d186ea4c5c1a517c45c24545640f97b44e14142abf2bd67b

SHA512
3b4721e48fe6a8d409ce88a10abb0879ee5b9e2b5bbd6c08fc144d4388d606dad9feb6d4c0aae16c48620076f8c184f985d3ee8d128864fbf0cb91d8d26b05d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62a49bbda4ec8512cb4f0078d6db9469

SHA1
14a8a2f0e12557f8989870ae4773fec45b1cd4f8

SHA256
bf67577e0ce4196d1c83dcb34557f2d9f934a5469a6b36e92566a247bc59be5d

SHA512
084868c64e4a2afbf422e970e1feb76eed15a2ab51cd7e357d3782b874d6df1f12d821fc3ff664462bc79772cbf6fc9fe9f8388e28f5f0f5ed2898038c5eb005

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a1f1f11e1721cf7b31d569cc4bd29110

SHA1
e94f0ac6e87b20f21f50c3abbdad42ae89f2a49a

SHA256
ae9449197a1b134c6a92cc80e30769ef25820ab91f7668beed2d487427746472

SHA512
add0755f5b787a23577209e6afe0f119e2129824fd979e6713fb77373a9bb74ad1f057a319221500524ca70dfa6473132df748e16bce5b08189e7b805f25dcf5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29705f05e86b8c9321dad4dda24ef3a3

SHA1
735d13940972b50373b13df7dfea12e4de62307b

SHA256
5f191c6fd871e8b5da81bb432a11f2997ac555ed921874267f90682e3baa63f5

SHA512
ee4aef2688448344ba785f45f7907d83249886a34360a556ffb008b9e0a994807a38083abd2f0b1d7ea62b924d4a8db8e3b34e65cf0896f32f58aa833d4eaa17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fac4d4d081cf6c7ab2d284d438c0d5de

SHA1
9a4b9d4eb76aa51e67b91bd7221c700b6fa65b07

SHA256
3f09d4d95b7417a9dfe86d82527c185653e7d8f489f3dae50382f78d0e213834

SHA512
8d4a723eba70507b7130a369555c55075c8c0d2c6c2bfdcc107dea94da7de19ad266c1a2740f3476dceb016396ff91732b481adaa45ef89500b414ddfbabe5aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8212188787438e35432743701e331d4d

SHA1
29ac7904bfd8f90c2e71a368ee2bcf82173fc747

SHA256
cf598432634da587af72240a9e892064ad8bcfe42fabbfb232e26e00900ef6f3

SHA512
69c7ff138c208555b5c48b05341b661311b8b5d273e86f54207412d3d560ad3220694e99790c4bc2565e5a41ea602f813d965a9ddcc44b54e00b34ccadfe7b3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f8739ee848233137d0928a2fd9e2b79f

SHA1
1b4c9cf175369e559aef667e5ec5571e0a97ed97

SHA256
f1e68e8ff7231b98ea4e849fafc4c71d1d785be9b8660de4bf8ff2658b10d164

SHA512
992d1993ab972cf8eb52969d57cff9312446caba7618aff870b0813167c469c3c79d8cee930e19ef79af1d235cdf0cd4554291fe583c746eb847c338325b319b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb9bb16cb09e6cde11bc4b8e18c17698

SHA1
c4bed9fdf4f24a35c9171814088db62ab79fcec0

SHA256
df5b1ef3e46bfcd110dfca4ce4073ae28911aa5700af8f9a3ebf63d740c73572

SHA512
0576e7914934cd7a7acee130a21d7586c6b9e06f8f6060351dec0806b36c4f4f35d429e141682f35bad307b045b05552e925de140772c3310adaeb3055043d7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7544425b3144c2c3e3283570e1465257

SHA1
268a7f44a753730224f1a327e3588bf7eee2dd6d

SHA256
448073adbb227811b1c1c84782d673f7cc086aaf2ce959219590310f24607037

SHA512
b014b0de47e2385db45c0d4049552c055c7f470002b3038bac876ab5a3f60f5a1532fd046b5b186654716a199ac1658032a2ecf26785dabf374b78d70bb5838f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
631e0ea3d1ba9bc5fd4156ec2c377ffe

SHA1
3db03538611c9cf175e8b32930063649c7d25f49

SHA256
8224faab4d3fab0c43c38d14c8922c3592d25912f046ca8a8b114b2873bd2d1d

SHA512
1da579068f4fe93c62bbd7db8283cf63d4ceab58951065f0394394584e5c672be13fd8fe995fd14adc80b30e651e53d186b49e5c5be537157252e76e2cc4d4bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7bf97839d8a57a1b7e71e38d12bdaed3

SHA1
ffe37e8f41479d5859778e14b15b42a3746bce87

SHA256
5fc0d2038512fdc81fe8e806f687ab0f88d64e44f8e78eebeb79075a27eb172b

SHA512
583666155597bbb9b9e8c3edc9d0a77a8a8fedf789839354b52ac763ebd10e0a05403f52c449d59d64b9fb44e67166518c6c27cce76358e8bf7291814d459351

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ede2cfbece72619be181f955a8148aa

SHA1
29d1c4c203e695963541a6cc765c39c590d406f9

SHA256
8c1b8ecb60ea484fa5a96d4225c79b856fdba35d5f7e471555fbcd39e4bda085

SHA512
555c7259a9419a576049bce2ef6bb770fcf81900bd7f490fbd545d18fee8259478929d08a10aea816800d1844b5432127131e8592f111b768cb958bb3cf6fc42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
92fc5392d73449ed729cd3a34241c35a

SHA1
ee0b0a90a44ca7a49a51158a80096325ffc79f65

SHA256
077bb1982af36ceff0fcaf974f9131aa56e0b5a27c31ec0ad45d183dc6bcf60a

SHA512
66790c26770ca5b8c4ed2e59dbf76ee0f0513d63664faf26ee0aec3dfbd47d6189cc79bc4da0bd2e076b329f5a094a5ce8cf1fa37723c034adbf730e7707c096

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
40620adb3f16988168419fbcdb41ce83

SHA1
36613c0efa9e41ba5a7166b8a51c9a6fc37d0823

SHA256
7bda9ec24736932becac1add412fa90b0f67e012c8d1c127b94d238795740b0b

SHA512
8e950efc39e91750b5396b74e1072f71eb14fbdc8c34a30c1287cf527e8058cd01049c0e792344dbac07b38365e8e2eaa987e9cbbec8b14fa360c56b66f62e7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab513D.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar526E.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit