3cd343b356e21807ba2d17e5de1fe01756ec53bcc76699572e78b0befbe5ac6f

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 21:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

close.html
Size

89B
MD5

196cfacaffb725c92c6d5d4f16289e92
SHA1

b6306fe94c164053882259f3d3105e6c4519bf81
SHA256

3cd343b356e21807ba2d17e5de1fe01756ec53bcc76699572e78b0befbe5ac6f
SHA512

9319817e1964ecb66fa16fc2ce02c8d140a5936a10174d7723906fc0ec99f07f88fc1b87319c345b21c36ef0243c80757eccd4ded89767fd1466b0687722aaab

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Height = "21"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422573928"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{53833661-187F-11EF-B3A2-4205ACB4EED4} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

3044 iexplore.exe
Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

3044 iexplore.exe
3044 iexplore.exe
2444 IEXPLORE.EXE
2444 IEXPLORE.EXE
2444 IEXPLORE.EXE
2444 IEXPLORE.EXE
2444 IEXPLORE.EXE
2444 IEXPLORE.EXE

pid	process
3044	iexplore.exe

pid	process
3044	iexplore.exe
3044	iexplore.exe
2444	IEXPLORE.EXE
2444	IEXPLORE.EXE
2444	IEXPLORE.EXE
2444	IEXPLORE.EXE
2444	IEXPLORE.EXE
2444	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 3044 wrote to memory of 2444	3044	iexplore.exe	IEXPLORE.EXE
PID 3044 wrote to memory of 2444	3044	iexplore.exe	IEXPLORE.EXE
PID 3044 wrote to memory of 2444	3044	iexplore.exe	IEXPLORE.EXE
PID 3044 wrote to memory of 2444	3044	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\close.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3044 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d0ef665eb756761f8a69cedbda79ac1

SHA1
1c4957ab7694cbf6839da127adff8c08eff56566

SHA256
1f8ec0b4ce6f3542574f9839b2c2a5b9d6b47a30977a79ae440f76cfc4f1088b

SHA512
03fe1d69fa8b34ec5930a441052a2f6800a0710aa4c1fd77782056cfaeaa9dfd9b6cd018b5afab399d271e9a3b5b236c23c7f6fa16edb8cf5429588ada958cea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2b6eb59241d65986a0848bbb77d28129

SHA1
56c0c2f81af65a4dfc9e2f02327ff54e59306440

SHA256
dc322febe732850d20c2581295c56a71bceb1347330f81da77fe2dc4e8d72418

SHA512
7b721df3fa3d4fefb48278c5003ccf04a19004dae12d1f78cd6cc49f3d4efbacacbc6f326bc4091f7a1b79130a92d6d24858e574d9b54e849ea41acd62dcf7b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
302f8c200f50132ee840b037381e6f89

SHA1
dfbcb5e8ca4b6fd2c61bdddae2175e6950860dbf

SHA256
240beed393e5f1d5c74de9f5d163220d8569e7c70d48da84d41f968f9f44d9e1

SHA512
8dc556c7acb48408d71082a2789146a67dd2ed69f24508c3077fe1dd0a00b59d2400e66d66aa705e7017d381c1a299d268b0ebe73fdc284bae16e4efc56604d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
347bd5964d482d1d56eec40fb22d195b

SHA1
b3c071055614c1e8e0791fd302cf79bfff538b6f

SHA256
b2872425f967a6c2fc64d33b759b29f53e58b81948a397b89187fa5ebd85e69c

SHA512
7e46ec24f47bf5a43788abce872137c02225bcdf075824c8be87fbad528c3bce63fa458944f11c6f4b4e1508f9b5356b8cd5e7e3ea04cdb2915ef2229bdabdc9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3bbae27a8b177b55b844aadeb2663457

SHA1
82168dbfbfdec4fa1f557d96d4ee6a707454090a

SHA256
5188652bcc9fad634ee362138f59be51ad757802918bf7e6d1a959faa1bc0ef6

SHA512
5fe32e716a12fd1cebf1f1dab980fa4115359bfaad2f7d373ff388dd51e75627ef2ece1c45f370270e9188d5c3c2939635dab41dc4c2493a52c086dda0b707e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e4f245e8b443c8945c17aba6cd062b6d

SHA1
0fd13e66d1bfac098ae77a62c1d491509ab5a702

SHA256
838c4661b90234259d2c24539582ecff7bf3eb49ee43b24ebde2257780d03b35

SHA512
0cfff7e4859b0cb9c9d694d0be29d0c4acd7a920f151fc6417052ddbb8910593578cda3ad511f8e47161ec74d46531ff71854bfe6a10edb455c5dc81cece620f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d432c2198af3595c9824fe60d51ba863

SHA1
72fec970df1b5fc3f9b57af60ffe294f1b065b8d

SHA256
39f60d617028df4ebc3ff8dbcee2a5636eb8522333e019fb1f10c8f6190cd5c2

SHA512
43daa5db4f5742161aec405eece5fbb7532c2ee4133cdc2403b7a6934991721066108aa278954b7d03d763f4cc04aab7d703911e20a1adbba7ca20cd66c584ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c006bd895729d553d7bc08144cec1e8f

SHA1
52249a9cf52a209104d929a915fe3c4b43c8b583

SHA256
ebf2e3a968c138b176e53659e3c527c6790631d466ac4e5b73dc646b5306c471

SHA512
9ce6d3b5c6c9eefcb0cd1456148e52a80451e49b284a0e0460fcadff602b8f72286c88387ae6cbcf1f2b14f7286d887ce27ea6a061908d40d6c67a5e53ffa90c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
19c41049e4a6c7bb3ef63cb72a33a545

SHA1
ebc848e7fcc6b6ea2262928969d6edd0fef0a309

SHA256
26a641052ed4d725e18bfdff1d4fb11d38691ed472138034826efe2c3cd65414

SHA512
98e1e39bb22824f6a55a94d8ee116fc62de559d5330aaf30e839373cba21a713e97f5e72e82d1d93887688e70ad031d8b1eab6352d886afdcb167227dcfcaeca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a26bcd13444e1b303c56b14bde4a29c

SHA1
3ef12c5acfdb9469749029ecb781cbdfbbbda8fc

SHA256
de9657d57726a22f714fc5d7091ccf576b0f8cb962aeaffb7ce0ef8ca400c38f

SHA512
e15cdfccec37587276d57866bcee0744c17a1b97308972b7223df478b88097fd360d80ea7f0e3108c7b1310a3fc1cd8f855313de3516bb9f0fd525ce7fab5ef7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3851c5c1652fc7ef764f0443a0ab9cd1

SHA1
230f2d9caec50c132b6f476c939bb5cc25c0aba1

SHA256
d6003c2b0b61c5fec3bd3f0ddf9240393a53da91ac6d9c47ac8b0a917f8442fa

SHA512
3acfaf9c65d2ee7b6a5143f2e3a3f82a15b7d933eaf8c8de9bd1397b738bcbf7685c8af27a8737e423666a1a9b19a7955715407596a5dca3057944a3d64686df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d75533fdbf05206edd4ef5e600bd8e47

SHA1
53b7f060628e394f66527617f13f4cda9f5ec329

SHA256
07802cfdc84cd8174b78770c209508fe04cb072231bb2b69a672df26b48471bd

SHA512
9598d635bf5daa2a5992b1855d2e8068713799aa2d52913dfecc3f31fecb381c6b129f6ec28f3985a3a47d051803c1ff04689dd7fb00d59f9a339f865c4b3015

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab30B4.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3134.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit