0180ae1aef9f18bc3d42766a36dc4b1d769a3bca73d10e5755bdd2f48af12cce

Analysis

max time kernel
117s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/03/2024, 03:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e0ae2959e28add193de8e7d2332183a6.html
Size

89KB
MD5

e0ae2959e28add193de8e7d2332183a6
SHA1

9e8bae7f5f4c88d410d66f7ff50d4d3039438996
SHA256

0180ae1aef9f18bc3d42766a36dc4b1d769a3bca73d10e5755bdd2f48af12cce
SHA512

65b85b3cc8fa81a11e078358a386dc1b0c9fb67bd7e5d74174e253846c4805d4c2188dad7af4bc07c906979b58cd4407b6b572c7c3e5b2e6b53ebaf75a408637
SSDEEP

1536:Sz35fk4j41d43H5oP4cYSNrf6QoLSN4k5PE04sQZig87:Sz35f+4cYSNuPLSN35c0bh

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F01A9D31-EBEB-11EE-9F86-7EEA931DE775} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e0000000002000000000010660000000100002000000062f2c3f061f7a9c3fef2188f2bcd34076a806b72d4a383aeeefca2e8fe366c2d000000000e80000000020000200000000a14ab2aa1f5ea1109fb42312445029ff6c23807edbeccd3ae5ffb1df494a40f9000000003724eec0216696e20a78a505736093ada3500cda21f4810160e61d2e4e627eb2685e7a0a2b2bbe0f6bf0b6eaad73819f75fd5e7a4f606387af02344f722d7cf27b9ae2d6224982d65b5f74ba9679d61d037b8fa08abf91bdc662ad049ac51f868215049fe1470f274ba7cc8a9376e9dd42d0c191c3f1f8f9245c4ef03dcf7b570a3cdee0611d32c7f0d3abdf5b3ffce400000005cc150684eae159de1bcab0b29b43475e77e1d667e3a7f5d868e4787a96eec6cf6a70ae2df29486644c1462b8a4f23481e00d274243ab7868659bc1aa5b0f4ac	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002dcc56832ee45b40af0f973e997a3e3e000000000200000000001066000000010000200000009bd7264fc624fdda7e367da245341f53adfdde88a5604d63e775bf7bbff4adf4000000000e800000000200002000000019f53abbe4115b7183f79e4daaf29c3224777592414e3bca8a69706cabe2340c20000000cd8505c94544325584105983897a61e0ff0e57cd44c5bbadeb82802acf93b105400000007453d72cfa1730206ce2e7908584dd4d6d37405eed09c519997273da36d5e91cbb1b60f9118d5543b1a807dc0ff91885662bc18365e54982c25e8386f35a123a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "417672777"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0da84d2f87fda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2156	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2156	iexplore.exe
2156	iexplore.exe
3012	IEXPLORE.EXE
3012	IEXPLORE.EXE
3012	IEXPLORE.EXE
3012	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 3012	2156	iexplore.exe	28
PID 2156 wrote to memory of 3012	2156	iexplore.exe	28
PID 2156 wrote to memory of 3012	2156	iexplore.exe	28
PID 2156 wrote to memory of 3012	2156	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e0ae2959e28add193de8e7d2332183a6.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea1c9eca818d65b9d660f559caf900a9

SHA1
fc86653e885cdc0be4c1f5894c73e9d792304acd

SHA256
5ff659c22261cad232ae4ee2d3985318330f306725b61fcf0d1d888bb6a7f678

SHA512
8e918b2093e4f404ace1d7c025d26e9881e5264c0fe6c45d3ed8bc57cb4e23d181a3fce20fe932f7942b2a4957e7f92b7fddcc5f0fefdfce509bd0de729b9a83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e448775d74eb3f23db23095bc133704f

SHA1
4e59128584c2de2fdea271aebba9dcd2c10f9c05

SHA256
f71e2991cdba552efe77ba775729ea8120ae503e6726a00a9f9129788e053097

SHA512
71ee2a5b3fcab9b98dadb47ec97f6d00076fb9def69e914f832b256fc119013c678be875ce26a49aea6328d89681f4256bf9a209d6eeeb1e6d6fae1caf2d4d76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
784e0c41d6b11ca20574828e1a59a690

SHA1
5a7bf73724b81d9e51f8c136c260c89997aa68f9

SHA256
4d57cb6ec5e9ced21868619e7e4fa432927b919e434c8049978dfc001f15a241

SHA512
989a2c976efbc5977c7f18e2fe327d54b2606cac64bc606ca28c41cfc3add1c44ee3283fbb08ad92bf2f7e670e8e462f4a33af5969868e6d4ae0bc50cfd50835

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2cfb4cbc3f150c96acf699408de9d744

SHA1
a97e4d21dbdc84d2005a2d787c5372758d91b311

SHA256
4ddc394229af1bd276a065c60ce20651882b7ccae7374fc29e11a9a3380844ab

SHA512
290fcd47e69095fc573e9779d1d8dd044af6bcb691f7ea98d16613d1e5fda403d317a528972cd31016bd12614ef6c3b40fe4dee68fde2c5aa81b498268e12258

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2808f6121ccf7dc9c014a5c49b0dd60e

SHA1
b56315a85958c41959d62f87982a562b863bb363

SHA256
6d774f0816145aeb5817a6e63150fb92dec36fa58fd51657c7f5004bc6836196

SHA512
c38de8cea8891e342b6dda7b5075bfba3b95e5290499a58b2aaa04a795627dc5b8287d407fa92d2541508fbd227ef2e42ab172768c4dfa2217d7cf0e0bd1460c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c62ef408cb7ab642bfbd63614f9df21d

SHA1
f868a9eb555e9639be03dd74f875a1205064ab6c

SHA256
3987c5cb921ae980bb8d2f34ff4f010c83be119ddce26522fda36c6f9c4b878e

SHA512
538a05716f774bb91be4959980599d3ab8c4be2915e2e87ca9483145a7814004a1011694a9de69e9a5f5343d571feff0362e01daf8ca4a4c3d1959bd01adc129

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
894840c35569fa8ef3eaed30f4795e21

SHA1
c17be5f337d09d43c23140a899a79c091da20d45

SHA256
703dad2ad8d9f07403e420a478c2344b699fe307d821b1d8beafd37dc3e8cb56

SHA512
0e84b9063958c649931db5facf0768814166cf92212b4a2089f0439ddace8e5be212bca17da05015fb56e419f25481880c9a3eb74e219a2c713193efff6c20bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
113bcc93905c92cd82c34963040c5924

SHA1
08e28c77f0ffdd5e01053e21d28ea8cbf35b82ce

SHA256
1180ff91c22e0307c711c0961595f806f4d88ce38575d6a0f91631865086e623

SHA512
05c8d70fa34e94b53487bc6b26736da30e8064fc1f043cb5de6e3ac771d9e1293cd9d9899c99dd0111e5949fa6e8b167a048615742c79de3c03a910adc18b94c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
55017f472143ee325c077c7207211151

SHA1
cd5fecd996c2afd575ab8a7f62c98ca6cdc6125e

SHA256
746af5c14b88f6cc74e6a4525b5a46afadf7068e569a14637ace9fba3982b904

SHA512
cd2172d465650bd2f30adbb6920a384e2c5a00067c9bd19cc9bc050b697b2a14dfd5e304b59b02b1c9ea6dac41faf96bdb96fafef05fe587926fcc4e9150411b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7ce054ae7d1f033e6a47297a2baa29d

SHA1
2fbca842a56197e303d7eecbb07d9930e5de6954

SHA256
3431ff0993313ba7a7c07bb81cd8d57f172e12b9495e1fe4bb2111db6ab51c4c

SHA512
4d2e0cb5558220fa3fab30e39a1e2179002f4c17d464af764e012e65fd231de00aaf23e5c43f87da15f5674b1cd5116175b85777bb2932fe6e6844f5568e9327

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
719f3fb8d3c7a9898f128ced8aba70a5

SHA1
6718e6911628fc784b68e3fd82c3c478c24316ef

SHA256
a39cf6546fa3ce185148e5c01776eb824d071d8ba64e5e484e47d712037899b7

SHA512
5cdd8cfe0141c8f40350942095fe829d9360cf206bf405a727c92e6a21031de21b14802c80d4f211fc7c1228ad1f0eacdc5085543ca1b71bcbaa37cb71be93ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a9541990847793de011f7869948b7091

SHA1
b49f4384d0baa2edac7b34055ab945b64188c83b

SHA256
1e5e4786b22edc8612c008f9bd5a87cfd441cbb5635a0d8d70c433cdca9d5e45

SHA512
740dbdc9f72b4e1ef31d8a3c9295fe418cc5113cc7e9e4caa85117f1fe6b39610d9032c07f00a8705d492b6b6cd01ccb2901b72a621ae8b8d10145303a50105d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
873a911ac7e961f49cef720fc4867042

SHA1
4724a6cff9446219999360fd49d09fcf3203329e

SHA256
7b4abeb62cdf0f7f63a03120eba2e3b13e07f00deb731ac5b3ccfba3ee74b2a8

SHA512
940cdf2cfc72dab769e520ef94de3ebec46824b27db071d2768b1c5213e12897fd0e4ac9a218536466ee97b4dde5a92889c94a48a41803a449585177ecc029cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\errorPageStrings[2]

Filesize
2KB

MD5
e3e4a98353f119b80b323302f26b78fa

SHA1
20ee35a370cdd3a8a7d04b506410300fd0a6a864

SHA256
9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

SHA512
d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JZQ5QLK\httpErrorPagesScripts[1]

Filesize
8KB

MD5
3f57b781cb3ef114dd0b665151571b7b

SHA1
ce6a63f996df3a1cccb81720e21204b825e0238c

SHA256
46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

SHA512
8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ADCJI8Z\dnserrordiagoff[1]

Filesize
1KB

MD5
47f581b112d58eda23ea8b2e08cf0ff0

SHA1
6ec1df5eaec1439573aef0fb96dabfc953305e5b

SHA256
b1c947d00db5fce43314c56c663dbeae0ffa13407c9c16225c17ccefc3afa928

SHA512
187383eef3d646091e9f68eff680a11c7947b3d9b54a78cc6de4a04629d7037e9c97673ac054a6f1cf591235c110ca181a6b69ecba0e5032168f56f4486fff92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9E84.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB41D.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit