32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864

Analysis

max time kernel
17s
max time network
17s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20-04-2024 19:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2yAbUSiqbuzp4QD9pYd9iXutlOK9TbhFaFJmxiEG.html
Size

146B
MD5

9fe3cb2b7313dc79bb477bc8fde184a7
SHA1

4d7b3cb41e90618358d0ee066c45c76227a13747
SHA256

32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864
SHA512

c54ad4f5292784e50b4830a8210b0d4d4ee08b803f4975c9859e637d483b3af38cb0436ac501dea0c73867b1a2c41b39ef2c27dc3fb20f3f27519b719ea743db

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 29 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D0A7A801-FF49-11EE-93E2-EEF45767FDFF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Modifies registry class 5 IoCs

Processes:

IEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mhtml	IEXPLORE.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mhtml\OpenWithList	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings	IEXPLORE.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WINWORD.EXE	IEXPLORE.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mhtml\OpenWithList\WINWORD.EXE	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2664 iexplore.exe
Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2664 iexplore.exe
2664 iexplore.exe
1200 IEXPLORE.EXE
1200 IEXPLORE.EXE
1200 IEXPLORE.EXE
1200 IEXPLORE.EXE
1200 IEXPLORE.EXE
1200 IEXPLORE.EXE

pid	process
2664	iexplore.exe

pid	process
2664	iexplore.exe
2664	iexplore.exe
1200	IEXPLORE.EXE
1200	IEXPLORE.EXE
1200	IEXPLORE.EXE
1200	IEXPLORE.EXE
1200	IEXPLORE.EXE
1200	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2664 wrote to memory of 1200	2664	iexplore.exe	IEXPLORE.EXE
PID 2664 wrote to memory of 1200	2664	iexplore.exe	IEXPLORE.EXE
PID 2664 wrote to memory of 1200	2664	iexplore.exe	IEXPLORE.EXE
PID 2664 wrote to memory of 1200	2664	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2yAbUSiqbuzp4QD9pYd9iXutlOK9TbhFaFJmxiEG.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2664

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2664 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e2d5f265226a19a8aed665e0caf1516

SHA1
6983822990e036246e789da17757e38edce88e5a

SHA256
63fcac68ab2d76dda027e89150e3656260fe2116575f79138a234c01a6e2db62

SHA512
b72cf87a71f976d4e848fcbc40539b64d0fb742b633aa7337d0729378800e3647d0857f9beccde002a3846f6caa7d25e07bc742006916d54a4fff6b45da6b8de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
606d24093d9ec2ae2d996f4dfc86df06

SHA1
abba3b9f50dc65d7d802b55e1600014b9e8101a6

SHA256
75c7c943cbcc395d5ceaa4f6fd21d70c44fb5efdac17586c634d632b96fc2165

SHA512
7e7c318df43938342c4cffdc40bb82267896b48c0af2d0e34f2b4196a85c6ec808a880b2fa61ac547f1aa323d04bc39d9561e025076938ee5c507da3de8e89b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f97ec9a0430e7b7d59de838b019f89b9

SHA1
fa6752bdfab97a871c4f99b15cc1b11470b4d649

SHA256
ba5f4deff40d0c75ea9d3c35e55c34569e785b932141df6ea801bab8b2db74a1

SHA512
585d1078dc937b945a634c107385bfda6bc2c6fa98f9b6a9871b917fc1233afa82cae9e2a0f3f91b736db236b1878e7c5ea872f68d288535cf3fd387da35c431

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0471f4f98ff1418f312223ca5c8d8f2e

SHA1
6de21abeb713217e091a703f247bde188888aed5

SHA256
079528e93a954c4f2af0ebf5bbef9e3865b9d631fd2845c53d61825061b5a344

SHA512
66fedea8f89e97f9c45274e13642fa4b7c6d6ff8a74285fb5dfd8ccccede60a3c2b171f5d2c40281754f226bacd259b318badc08ba554e21cb9f1b85d22e2109

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f90ad21e89f8027281794d6e4591eb21

SHA1
0923364d3d9234aeebc186d8faacc87a33cf4dc3

SHA256
0557676d600d973321180fc3189adcf6545c680cd931c57af5138561c30a0a64

SHA512
8de8dc0de5f83fbf54e7b4512873117b0704f26e577335a98dcc4312d0bc3c972ec68d97fdac35a7f4763648e3ea4d71dab5390c217955c879b2840b4806dd4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb392a7dd1b548c3518b7cadfad327c1

SHA1
2fc9e2e186241b93ef8a252a8d32ed27dc9366b4

SHA256
34de02c7cd1b642a9dbc3addd443b276a83a78aea4d5b52898c59f5ef8e635ef

SHA512
d2b81ae10aefa6d5e437b44d9683b8256be5aae1b80e39724c83313b48e889f3cf25b1ec5f0b41bb3fdaf54a3ca19ebfcbfb9c812cacadf206d60ee07fde0109

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
53d51aba39d76e7d650be85ea908c52c

SHA1
35e02672ab56c592731009a61a79c70dc436394e

SHA256
d80451a5454bfaed30b541a2d8d309538afc0f8e4d842e7b05724802b32e1470

SHA512
052fbe67551c8b90f555b21a2b5b67e691c789cc87595c39dfb01d6fee5ef2ce9ef7e5cb377b35cd01c18346692c5815bad0b2f40c0b1b280b24948eaaf92c89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e66ae1137e979db255d851c9cd97098

SHA1
702c9eda21a99612ed0dd679addc5813b701ca03

SHA256
4b41caf16f4fc10a0481259e0d97b78abb2b28bbcbcddc974b872774f4b31496

SHA512
1e25ea8f41692f230c236506108dc956ab95d99f834fb4ac0f5ed28fe51e7bf10f901a0cdbc439625cc09b7ad9fe8c5dc1e3487c7868cc1e4a21cd8829230919

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4A9A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar502D.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit