51c33f075663b644456c68c7511008dc19a0cb9b1cf4d75c48c30793cc374166

Analysis

max time kernel
16s
max time network
17s
platform
windows7_x64
resource
win7-20240508-de
resource tags

arch:x64arch:x86image:win7-20240508-delocale:de-deos:windows7-x64systemwindows
submitted
31/05/2024, 13:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

79928bd433c2091c279491120f10a5789f60de07a3c91447cc189448ac19314db4b51de395dded712ccd4277d8b421c2647f7eb26b16541b.html
Size

8KB
MD5

d75e2afb9fb25ff044ca95ba2d4e70e7
SHA1

c8629098bb7dc24bcf1000e5f251c9ebd63930d2
SHA256

51c33f075663b644456c68c7511008dc19a0cb9b1cf4d75c48c30793cc374166
SHA512

59918b737ab1128d6906942e1db7e8b3f4adfe833cf53ce3f93c5355627ce35c377bfd71f0af98d8904f2fd25449885e0d9ea415eeee44667448cc1e5e655234
SSDEEP

96:64L3reE+iu2B1CvWdxZTcYZjj1RTzZajj1mjj1Ya3O5EQA1J+eRH/2mZ:64D5nC+dljDZMjWjWa3O5H02mZ

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F3B11BA1-1F4D-11EF-A3DF-E6342A158E81} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1732	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1732	iexplore.exe
1732	iexplore.exe
876	IEXPLORE.EXE
876	IEXPLORE.EXE
876	IEXPLORE.EXE
876	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 876	1732	iexplore.exe	28
PID 1732 wrote to memory of 876	1732	iexplore.exe	28
PID 1732 wrote to memory of 876	1732	iexplore.exe	28
PID 1732 wrote to memory of 876	1732	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\79928bd433c2091c279491120f10a5789f60de07a3c91447cc189448ac19314db4b51de395dded712ccd4277d8b421c2647f7eb26b16541b.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
50307dd5a05eb1be118dd601a701c942

SHA1
be4994717eda8765bc6bd57384b314dbb1b42866

SHA256
003b0019192cb0ad667e934ed3b6b76f68e95a62aab33f28049a919a52d6d608

SHA512
92e0a914dd04769499f889160e66f4db6b771ed8fb583e52c9b7dcba15a908f590098d233c3f483c9f8a3b0662d2c5b652bba81888dc9e6e1707ecb2c0cc3277

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_D727CFA7BCFAF501CEA426110263B756

Filesize
472B

MD5
50bcdf801bbfd9ea5e574cf77f778e0d

SHA1
60c9c62aa0ebcd06ec0106c9afd2331839dbcddd

SHA256
c08dcd48a123a0e3c189e987af51153a41a4c46bbf1cded547b050d0b21e8040

SHA512
5623fd457604dd5fbff62734b320a24a29d2f6c6c75799912d08676b5e0c7c5a777e5adb57a394b56dcf859ddce9a1b2dd072621b2e3f0179d181aa540bdf089

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
8267cae62d20ec515fca4a38e4b90bac

SHA1
91ef456a2690bb1293d81ff923f7102e721690d6

SHA256
d84b13409951dc8ea811ed2ddf1483d6448fdc70b34d5bed045e9776fd40544f

SHA512
2d57a1b492024ccf59779efe044940edb876793f98c17f9d61f959db61fa8fee3cbd2c93348d70da854aefca505575841ea626ff0cc713b2f2657afa41487259

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce1f272329ef5e52416307f140e21747

SHA1
1dd74959af730192edfaa7c9b5f4b0f92d1d7918

SHA256
1433db040e4e6a0b79596af12bac43fd8a8becd3cd033857955528d09d0b816f

SHA512
8d1f8068794b180fe3a846caa62810397d9604ed170f9d0622e1c01316b01cec79af760b76710f6c9c3d3e311fd7795c516eec94faac4385f7989a41db416569

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75815161e107a9a81f7bc78aa103482b

SHA1
1d8e0278c7fb291c095afbb5ac575814239fffc5

SHA256
6e59873913880d2df70bd27a73e5287056eba181b94b70d9e7f41bfdc9c0dec6

SHA512
bf835d3ef486656e93823c09741967e4d851bc89699280a1b06bcdaf2ec7bc8ebbab14e03dfa65edab56e77ce7d08a2563f4a859f7b6541a717dc53082ba4bef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7cdd2127f8a2955fa2ced54d37262c8

SHA1
ced58cb79963a67103b0c4f09b9b51b546a01eb2

SHA256
4bf62c30b58cfa6ff54217b20d6c0e04555c75e289841b30abfc0242705b2f97

SHA512
2c8b9cd1d8f244cebc2c5526acbec88d4f6794285f08dd1b97612bb7395a0647d7ff758d7ebba3a0dbf86eba07aaa631668fa6b423f5d3e760c998aa15858c37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4dbba07e2e4c4789189a0d86c092669

SHA1
f304e3810870b7dcde4785006cca159887a5073d

SHA256
f43b64db1fd62c84b7c44bea3f25c9569315824317a3a33e38013ff0008aa2fb

SHA512
f8635d62cc6b5d76fd986f44b22bdbd196e4554ac8abe8e9277daa7508a4bcbf45908f00122ae1160d4c1ac1978ac86c1c8a7a7ebb7aa0b6296e6062cbc4bc5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
488a09b3b96bac28da82dcba4c698ea7

SHA1
d1f127946547e2aede1f2eb22083b23fd2340714

SHA256
7ea8fcad0c198c4a5039277a3944fcd594d47a78c6c0f65d2abc90e233dff049

SHA512
546e00c172cf5734376e25eb62d0ea369555c063e85e076f53646163c97b6d6cb1a9ab6eeba2d01a85b00b578c8034e45f256deb504841c85534e33dcb2266c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
99412caf62eafc2a327162b2a6e9c9d5

SHA1
b67a36627e635d2537e5894bcb301dbb88233144

SHA256
ab0eab43ab00d1a0001b9ac4e71c045eb4ca4d6299d389bd383aa5192723f479

SHA512
1715ac3c3fb42bb9050c83900d4db9a552f95d9edace0248303963736285e303e0c644a0a588b20ce962d56d2cab945c3409681bc14646ca532710ad89057ee5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d19bdf042bc261650b1e217c01abab6

SHA1
a03c4364d67ba1809af98614b7e8edfe188f3a78

SHA256
7e6c9a207fb768cf1c9b6f1799804de86865e536fe16386c9a4359eb692f13d9

SHA512
6ccf53dbeb3ee44ddbb7bd80ee18c07d14fc0df1a403a9c3a2a404eba0044d0737fdd751f3d7ab9358304b98e9a25417ad57d5f4b1b9c15a2b45ee344a1c588b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8466a4ae26dfb9e3b840b59312e291d7

SHA1
b293b9d5ce6848055a18b144417469b7fb86760c

SHA256
988d9877b3bd0569326da0276fb5220d8ef274de86eeb836f4a949c782c0a23e

SHA512
ce4cb402eed0b31d7dd06070c8897c032a414a65e53b82f61110f996a1441c8ddd49fdb1272d12b98a013b09b8123c6ffc45fa004107a9d0943950517d1e1a19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
96f84685f6b1e62b4ca493e2797a29f0

SHA1
bff80ce6804628ab3ac80984fc598e037ec38bac

SHA256
0b1b24a61309383ba4e15df793bf71e0cb7f68211a13ae709be00467d21a15d2

SHA512
5ae950f2bc989aef882c784b7b55b41fa0ff7a1db69c63695336c258d3657b6b84b7d1a9955e21174538b4149f7aca280167fb73663a8ae70f39c49f54adb2a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2628.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar401F.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4100.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit