1f95ecde2bb48bdbc1282547c6401baf02b24783f8209ff0c9584e37ee6aef67

Analysis

max time kernel
134s
max time network
134s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
16-05-2024 12:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1f95ecde2bb48bdbc1282547c6401baf02b24783f8209ff0c9584e37ee6aef67.html
Size

20KB
MD5

d136d30075f97c5fb41fdcbf217d7be3
SHA1

c385afafc40efca61dd12892c5a44527d41f6ea9
SHA256

1f95ecde2bb48bdbc1282547c6401baf02b24783f8209ff0c9584e37ee6aef67
SHA512

22e17568f29fdfe8e1c262604623c345f5af17e0f6e36b9be1968fca128f9314a6727323fabcffc79683d715721d837574333be19aef696344ff3aefac816c54
SSDEEP

384:rCfzOrDAq2DpmReVoOs4Fi9ylKeGMtUNuZHhhb9WI7eo2paWhOwob0DZ+wIJCgMY:rCfzOHyBVoOs4FmyI1MmuZBhb0m3WhOJ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422026029"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A5BE0CD1-1383-11EF-A9A6-4658C477BD5D} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10916b7a90a7da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000001545847315596b4e5dfbe8b42b61ae9071e64b21831cae201b08c2c25cf4cbaa000000000e8000000002000020000000c78635130c9987bd643f9e32a616dabc9fc3b23809f15c016d11b857e453680f20000000c8ed67536d25a6c94651a4f26f15ed8039e8ebe04d05f858474da58ea352f04040000000f1b9307b324bba8183dea4ae367e2382c4409ac12d3f5a72a35b30a556acac27c4cd7e63f2c7b9e0de98088c55bd2bfed220a06e78a585dd64693352fc1cf2cd	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000424c181e2f636e174b53526c8996f814fb3866301b150f5f3420bef73d029964000000000e80000000020000200000007b4deccae424c8131852745d7df970f0bc2f40051156acec02062456231fbaff9000000030b419b9e69acac8ee721025d0615c9e6f3ca9ca7df3724a0fd3a0d9b126c25ff7e49b9c7f8c63e79ac9c0c8782ad0da2d5e25f0ae4aadcd9fab0ec06fe0f5e0e6203f2d24468e599af9531761fcf25a3f710cb8f180fdc9247518dd7269e5a5253413ae06adea8bc3477a104379a0ae3594e544a476312ff5733003772cbcf9cd1c9619d978359352324bd9b5ade2e440000000aec983b086cda261a5715862dc9195369a2dd4ffeb79c1c7c73d1092bc55d2106a00cf221d2249334621fc76cfe131e291ae80bf02f4172d28b123180509520d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1724	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1724	iexplore.exe
1724	iexplore.exe
2064	IEXPLORE.EXE
2064	IEXPLORE.EXE
2064	IEXPLORE.EXE
2064	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 2064	1724	iexplore.exe	28
PID 1724 wrote to memory of 2064	1724	iexplore.exe	28
PID 1724 wrote to memory of 2064	1724	iexplore.exe	28
PID 1724 wrote to memory of 2064	1724	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1f95ecde2bb48bdbc1282547c6401baf02b24783f8209ff0c9584e37ee6aef67.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1724 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0f56603783ecc4fc017bb00dc9426fc2

SHA1
6b7ac67094911e3026cd0ad6820303220f98bc50

SHA256
4bad97131d710f19b9736b22b57c0445d8656b28b6556f24775d6cb21c3b0605

SHA512
279525e983396f72778ab62cb0dd99bcabf9f380283d4382ef086b190871d867930768069d5d6e66be851b980c34fbff466ae7aeec00d00041a21261fd81c63e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e9a03c87ff8d470dfdf9ea670f81f0b

SHA1
309b35886f07adfaeed96027e62c518d44c4fa2a

SHA256
ec1c5985918580521bae63387c7d6894742968102134cba01cdac55253ed5c24

SHA512
e97ffb17a0d6e88d4c6a9b3fa4748fe95e304be7f6c8d40003ced7c9d0482156d0f3f88d15f39aad68bf8eefb10f9aa00d5a3a5d8f786a36f84854c19d5d9eac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc1956afe48ab53cab37a47ea42e5364

SHA1
f24bb18e3253ffe92858f24e65861128d2a82d75

SHA256
89fb1d665b090d79b2a61e3d69d4efbe3f4145cd9a38f2f0ba06dc6c3b9d7956

SHA512
46e79b29d14a922b17129d8121d881b35acd93089f68f0907749110dc1189185409b046219791d0b1aee3a112cb3760087fea64bdc6754c7f72255bb586c9b76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2d75e7ecabb63cf7544d96aacde0bf7

SHA1
ed09ad7ba60a17b5bcefb19909ed042b89d44784

SHA256
b428e2e4a25f23ccc5306c956d62429ceca3b013e1f06a6091a11a85c7d55e6e

SHA512
ae4fdb4c042e8c97fd163e0b7ecc7aeb3923b4675d1d8b52b481370aaecfbb432bffb73426830dc618f9bf07e2a60ff4bf0f8a3c9ff36c37d5b8860cd9142e00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0852320aeab2a57e3e119c503fc134e7

SHA1
beba71d789f3fb3bd8e49383c794cdbab7695f67

SHA256
ae78c031ce2f70f0d38f3273b3a542f6a2b49739d9e110a23ec70683389ac248

SHA512
a25fbbf35fc27c4bcd3e9fd50e37bc7aaa903ca5d3fd5639b7bd15430589d1ad9c15cf6f994eaf870bcf46774d4463bd114532329e53ffa73921abe44de9e99e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
05d6a10f7703a2326f6193a8cd95f613

SHA1
0964409da6bb259d17c0710fc942111c435fda4f

SHA256
19bc480521475ad11d8e7dcd774182844273282d9bf9940a25583239844e72ee

SHA512
68d28e004ae860459dda5f9389226b6ebbc782ec72a8e22b48f8988b501a71c9e69e56480c9be5fc187158d983094683a8d3c9cfab2c11e7d28fdca38240531c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
928453d3c8983d9f81563f009a4c58c4

SHA1
842bcf27b9f76c6e498536e12c21e8a39b3bcdf5

SHA256
78900cda799be5644ca98e4c392d899cfa06e121392b1f2277f364b97dcdd145

SHA512
56e60424ace12d3b5f73bcc343001b5c6cefe01b34e2798bf523d3cbc9618b0a815277b8f1213f9422e262be94ff67a1f420cac77e9570fcb15a214263ead1ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac179b7c3685cfbfc7182e2f354dfc8e

SHA1
bcc3b94e04fc3fe3605fa988599d38e468633823

SHA256
58f61b03df7d6cf9af19b84f29b82b120f3821e8f90bb3b6d9969eb53af06736

SHA512
33b1fc3e3a5e8d4ad2ee18e721a7337cbde6f2f1479195376e4c82774ff4c430fefee52a77ec1a1b2850bca0ae0a5f8d1b88c2248b737435850248af721e0836

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8d54d6f6ef6b74dca9de670efd653501

SHA1
d69fea39ffb0383bad9fd6587c501876b1d4f76d

SHA256
7a93af3b63134190b199a0c383e2a7b819633b9c330db49113d50b7dafe8ca57

SHA512
9e0b1fd2500d7e63227538381029b4131edfb656a0a138e73d6b87381be26c3cbea123943bd98766cf1791e0d5f89edb989410a41d38e91e88974c98dbedac59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e98155ec37c3d8591d20b4f85ea8fd25

SHA1
2afacf79a157ff8f6acb8c21e9eddadd33e2873c

SHA256
095eebae34d7531ba01bb952bd2326b6f100302a5be43b3b29bfc0194d87c25e

SHA512
9c00f406ee326ae8da82475b2bfce09f2dd89749edcb72894140f690a27907b05ca78e0388a86ff4769087b26a88fc499757a447dcd57a1e92c3f1c2b7539064

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2aa5b1de6a6f4a51fb54f480d84ed357

SHA1
003470ccba7517e125a0a6d1534c67402b171e09

SHA256
d7dfea9a9aa2e946b557dd887a917636056cf2617d5040533df6c110020e3e0a

SHA512
8effc8a75e3ad4d4df71c805f02c39a3638e3e449395fd5918a7a5dc497016814c912d9dece3c3821fd170de07d1b1e79377fd0c9382670dcff1e9577daf8496

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1a9a4255638551006926f68ee2da8404

SHA1
d507ee4de6f4f96010cf090a097bcb12a6bd7a2c

SHA256
23ab24aaf2090bab08b4787daa87bd8ef0b5775abd1c3dcf1598466e06065f23

SHA512
e14ff14ce9e0dbcb52876d9198a7d7db4c0875ded5df0ed584ba1e022acf4b16e7c86422e674d8e2802f1963d98f203b10942965c2b13035e241d0c804bce2f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0436194e1358f67ad251399ca2170025

SHA1
bbe03ab5e828fcc94da421bdd1f5d3ea1a961211

SHA256
b9124ae55a4812cc256d72e956cbdb1318da00d7e1c220a692ac46867c2dc9cc

SHA512
feaf39ec8a0641bcf156e606669f53476567a6874b7c4b38ae41fa146810bab58710850e0d3b9188fdd85fe5538cfe0dc9811f01f88fcf24409c8ae0e36864c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d2827f39308cee464ceb933ac6d0d58a

SHA1
5bd93e4f524a93e837ca956939d55df3ecf2955c

SHA256
4945905e277a4eceec2e0ad37e4fd8125732ba80c9bc8f3a5c4bfc57cdbf9207

SHA512
95c30f47c0405831a6d760b1c435ff6001d295142aa1701dc2a2d11067b930e97801b93702e4ae8af4e16322becd2b830b75867b5a7179408356e86b177d7493

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab433B.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar438C.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit