684113fd77ad6fe703010d7e39b73ccb65616b40767f61ad3baad50d05280a4c

Analysis

max time kernel
0s
max time network
130s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
17/04/2024, 19:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dxRncr6e.html
Size

11KB
MD5

1a0477eb0c20ac8d261c3a30f60fccaa
SHA1

96923e8023c20e21a2c4799b472ab31b6501256c
SHA256

684113fd77ad6fe703010d7e39b73ccb65616b40767f61ad3baad50d05280a4c
SHA512

b441088baf73b04c49e3c2efd3b1adb71cf3eb8a9d822923e5a5cc0d3f405be0229d2eb20b2f98940aed5533a4f8ed09a8a1cf9339d85195b27322838e03efd2
SSDEEP

96:+XhfwqRbcsbbZLjOfRr8LE6e5hNvtdLXe5GaZfCfnuiypN0yTMQrqSCw:+x4qdrGRr8Klu39RpN0yThrqSCw

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B53D82A1-FCED-11EE-919D-C273E1627A77} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1936	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1936	iexplore.exe
1936	iexplore.exe
2064	IEXPLORE.EXE
2064	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 2064	1936	iexplore.exe	28
PID 1936 wrote to memory of 2064	1936	iexplore.exe	28
PID 1936 wrote to memory of 2064	1936	iexplore.exe	28
PID 1936 wrote to memory of 2064	1936	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dxRncr6e.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
52d0f68241323ce354495e889ab2c6c4

SHA1
00a2b3112b6344329a300528ad3936403a52d340

SHA256
2d7022b122634956e82554c2a76ca985d8863bf050de27f2b151e19d53a6b03c

SHA512
fe01fb9e5681207c2e2f99c69006855230f9213f8472aa874ba115d7b9dfe132d57bee6a0bacc3590ef3761021829c6f166b25b9adf55be6801d3c6a15cee91f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
25107a9cd53a2b192ead21c1f1c1da8e

SHA1
5b410b7a184eb9dde36245b5e665eac11cc7fded

SHA256
263e051d3b2eeef5cce20657f16bd834f821b65edd37afefe86e372ea47829c8

SHA512
e30a17f4f863b6fe778ae7f0f4845f74e72ec11350018b687f2d4faea7a28d713771d216fe0c8ed23ea1d738950bed39d4b892f913979097ebabf210abe32e0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8b68964e42968d644356ed75d0827f4c

SHA1
728cc5ffd7646aeff74f9450ea55defbda5cf97b

SHA256
a293825c7a3a67c06c1b899d7c15bdadcb677a45a3a35434ff8b7409667d6319

SHA512
0152d3f5140b827018ec122589148e3465b0326e9fdb90cc4351f0ab445d947e01c9a75757ed1601b115b57c3b632c2550d9806e3fa4969d53fe8da0d9fb2108

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ece4c811f398fbe08e7b4b07a9d46bac

SHA1
d98eeaa7cc4cfda9e0500cff1a7bd5f2606a1b29

SHA256
ecc018795c80b92ef05a3246f235bfddb4a0026faa7dce04b7b009b15a8b265a

SHA512
b815b96b820954d467a8b375918addb9a9e9d3a2475d4acc8065fcec82454dae1a8c55e58c0fc0086477f3dc08b3291ae846e096d8e5d67aaf83e6cb140ee09e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a52e8bf71c7f7c5e2f2ca5782b895820

SHA1
579c460b80cfda4d0f9fcf4af97b51be784856c2

SHA256
1322ecdb978d91d9cf9f0a2f3cd2b8ccf5ee76eb17e795e603db30a07adc32d2

SHA512
e5aca75fe066602aa8cfaf29862fa3c4ce5baf00d7c40ca2554af93fccbe68a9aff4c1b62d04abbd16e74fa9128c625dd9f4b662f89008fce84be566fbc2b59e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f249187d5285f49cd3c3ccbbf97fa7e

SHA1
70c193e6a3e3fc8a9cd32ba7adec60e3d7da4ca7

SHA256
bffc982a6ba914d7ac62044b99f37429a30bf3c14aae92af6b0896317cc9fca3

SHA512
dd8d567492ac85a4a060d9fc8b44bda79249d468b468bee5a04a74f42b1ede015ccd3a93995c65b34652b5c1ad10f80b2a6702f37a9c9f34c55599dad826f25b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca110575f7ec1b5857e3964445425c13

SHA1
6b3890ed814a1c73c8c07a749f146c3066b9d0f9

SHA256
6409daefa76a08ea35de66f8bc3ce5b138d68adf151c82f5ddc3d6e7bd532b45

SHA512
db75198261b1444fb088f230a42f50e13f56422532d639896620e75a8d7f29b6cba76d115b9f00b3ffce9b8d47403ecd1e8079385ae7492a0ce93ec1e7f7da91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
00370fdca86287c41eede54e4934f629

SHA1
2d885d8d4106a1ca79909289e2c89c0636b81992

SHA256
ed0a78fc17b9a5adea10ff937b3ad9ad5638cb8f201824e8089ed74ba98dbd7b

SHA512
c33ac4806a7d0b865042a4db564e6d59cceeb94f7580dd80d4c06aaf20f1593737770eb3787b9474e6316a7dbb3b9633c8811b1342f40583b58b655b25ff911f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ba2e430cdb2627a76e2b6ec50d4e8794

SHA1
3cfefcafaa05481fbdd0b4d92e06b009505aad71

SHA256
091c75fc4cc67e896984ebc4e4294791f3c05be6c4dfeb7386a9ba7ade0800da

SHA512
15b2144225c6eec1c749e9572fbf0a11fdf982e93d64feb9736c0d4d3114b50136228de421718d812148148866f0fb218d3d4f67cdc460540a00e4665fc582f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e0618c60bb6c2ca52dce17267c4d1564

SHA1
bd96bcb3986514716c28df984695e80f544a836f

SHA256
6bcbc968f4bc9b652e2f3a60c6901cf5d54ef83ab4d1ddfa218fc604736c9dcc

SHA512
6cef246ab9f8a19f9029454a39faceae513d1d339d172746a03e44eccdfa6cdc9a350681a0aeeb5a8be0cfa0f74431ace3b08b7516da2c1173a5aa93c2170c51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4fba8cfca56c8273d59c35fe7f6a4728

SHA1
0ba82b2086208970626a83b014b8a62d4b8b80dc

SHA256
4027a011a60e1bd97bca02b98dc9be1b12537eeb2e777b849d59a036891b94c7

SHA512
010c62d47ddf985cc71b98f0ac83bd6bfa9640e6619892146a83957d339319cf32b90c517072cc6d7ddbcfeab6b03729a7a48bba6daf85a754e19f5a3fe415bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
38d377152c341513616b2dd7557ac800

SHA1
dd934f5ff343a84b6ff92caeb5d3f54759dd264a

SHA256
993d4de453c7e49cf6c1d7cd9ddc2dcfb65197754cc654708bd7dda3c4303b4c

SHA512
7d2f77df05b1d0bcb248b2c1a6ea967b860da064d5f75e953c9c4c55bfb6b01ba89d84d43c1a672ffd7b3753b84989d5e2b91a458c8711f1e101c8552440f44b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db6f0d778b03d7dba4c827305243b5ec

SHA1
27c0607a3aded849bf3f5738f20f8cc16b58858a

SHA256
87c53651880be65be95b5e5ffe86a5ab3b73d27ba567dfa690b32df0b84bca41

SHA512
3940dc7cced4c289988cfb9253233c6d84c5f1259c46efa9c0c70528adf7accd4b309fbc6fd3fe73a12e08ee1bdae7246c9bad6b7383d97d1f230d4f09fccc31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aa343e3dbf183ac60fc441c1ca6e48f5

SHA1
42a01551d14870bdac7240f3d72e69b340444f92

SHA256
a69e60d8b9c2933fb97102488f508d7eaa38317f8d9ab26c3fdb0ea5bd8afb2d

SHA512
9fb50d5d52fa02ce6fef28d70506edfe9e21237641cca8de3f0fb992d2ca0a7303fbf10eb4789a8ea96c6d53343b2374133814c7ea7da352b74c732c9fc2c8b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d0a129e604981e53bbf3a569a97a916

SHA1
2569960a8f6a7519cbe31a9cad0a20071d057a04

SHA256
581b2dd56f969b25bcbf9f3c746834c3d2d498e6f438badb8948e5329994dc95

SHA512
af99481d0a6e85875967d5cd465fcf9375ea263c25abb1199f90dec72c3c850a1f8315671aa37960c260fef2ae97b29a9b94dfe7b81d697afffb4be98aa93024

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
226782dc4cf6fd0b2a695d52d508d9fb

SHA1
863d5ce3efab025e3e1efeb48bf522706062b8b8

SHA256
b450481f4d6396b2339fb0cbc9a75e750b6e0ff23b55161ceff0ec1b1a1c13ef

SHA512
7ea30febe9df2dc30ad3acd2f99e3fd0cbc8d8bbb5381eb75c6f68b0dfa11200d67fa4e61e20fe2b1c23c6914b2022ac267c2c726c7cb1b72746fa6fb76753da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d452cfea0491f6dedd499c14c2a09c66

SHA1
790845bce938c8953059a6ac511d40f457a509b0

SHA256
a57966b0a6762ab31586e336a666e343a769f5cd8013cdf3c495f8ce88e6f706

SHA512
5f957f5967798d8c9de86a3b7cd3f219ef5a279f6dc121b6115867c28adc51e688357614e42c2b07c50d19abb9ce9c9f0927b7a24a05a27d67ef76f24d5b896e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ea7ff9e051420a15e6742f626f47161

SHA1
35aa1afceecf54b122484914908027bc66e0d4ae

SHA256
fb47b39e0f029434ceecab60494d6a190d3c6bc36961a00dd529572450dce574

SHA512
adf986a722ec75f40de365e5ac909216e98babeece30dbaaae993f537d7a9124e4bcf4d2fb1e74ee23a29d8beec6888d9da38e07249348c6028b6a040dacd098

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
7c1a80bafcfc570128353783667eadc0

SHA1
ca822d1465f4eb1d587265b431b01e03f517830b

SHA256
b4e04d1af2b0ff284712b4c3a71b7bd201760407229913e596a307de019c2534

SHA512
30f8265ff746942c409334e3ca2ca01afcbac272d8f30b120d6965ca5b2a55fc4a838751657162ed306af3f0b67e0e2391dca39a97cab1f6c2d38d6c592de882

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2919.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit