1d1765f06c49e81d2935689775b0ee833f48d18b025792ec5b0dedc570c2dc1a

Analysis

max time kernel
121s
max time network
133s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
16/07/2024, 11:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client/alert/readAlert.html
Size

1KB
MD5

ea76ec83313c577bc0fea3fa3e442518
SHA1

edb26b1c99b34c70db0dceac930a01975b68c174
SHA256

3864e84b926b38c8cfba26f571f3d13b2e420c6039b8cdb3f2fce9dec22def9d
SHA512

7920e8f0babed8dd0cd9bdb9bee90fafc802f7d3161eb5cf1cb4d7825be4c725a97a250801ac873236a07dd3bca29ce75f121f159a8a9ecdc30757282f5e5ecf

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf71000000000200000000001066000000010000200000001b39b06a7e63d4945dfc8e6687f4e230fd7a701ee4eaadb8d27adb32c40f9cf3000000000e80000000020000200000008e90728493e6d9701dfd009e5e70b3b77e4d8662bfd4b7ac2abb99de10d623ff200000006c54ef34f2408db017be98f0e673515db05e77678b76e0c2cfd115324675cab640000000343ba05c52610e50b5d1ff4447c735909708e2ee09c65ef8510113d5022fb8b3b0c127a6ce3bf0d256f780afc30221eced2ec5fbe19ed328c98afdaa6220750a	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b09c0a0072d7da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2B42D1E1-4365-11EF-8EE4-CE397B957442} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427290595"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf7100000000020000000000106600000001000020000000563c795d08ca7ae665790c0a60962c1bb08034d9278d9dc73deaa8fa0bd1a983000000000e80000000020000200000008c71151eb222ec6880afeb3927242d4c06d9ef59791ebcca2d9302d462517d1290000000c0a0af8cdbb93532f92095f8eda5b254a78821a11f6f4f50523b140575b4149a1be1bfba1afd44be4847c947404c45bcf31a9f24651753030131397a2d962f464b773c61b6e416aa75dbd5857ba43d85bfe5aae4e31402edd84973343aafc6bc676682b7112d26ac54b7b37bf17df4a6bccc3975f704d6db5fabbab669d03ebdb5da98c510e94b8f3b2825c839f0e5ed40000000bc9417ce9c14ad09f6d2e2e63252c5de7b07a63c38db79577b2870e0d56aa6d4ad11e303c7c9dc781236353e57f84a452c0f270631e8c82878782337191fb25d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2404	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2404	iexplore.exe
2404	iexplore.exe
2396	IEXPLORE.EXE
2396	IEXPLORE.EXE
2396	IEXPLORE.EXE
2396	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 2396	2404	iexplore.exe	30
PID 2404 wrote to memory of 2396	2404	iexplore.exe	30
PID 2404 wrote to memory of 2396	2404	iexplore.exe	30
PID 2404 wrote to memory of 2396	2404	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Client\alert\readAlert.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2404 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c771b4abe4fe9f7e0b720396bc717b1

SHA1
0e024ec3bea793e2188b5f7b8feb4e16194694dc

SHA256
26d1bfe0c1cf3d2b2e715eed6decdf68f7ca2f98c76f260899229c444b8620e4

SHA512
d2a056dfd7732c0348f42bb478ff46a6938f351bfba025be87f09fdbb177d793afd0345bdb95efd76cac7b851336075e015e69b70fd5e65e12130cd4d925f66b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c4a29ab7afa443d3fa89fdfa0eb295f

SHA1
1d9be6e4c15ed3d7b7033779a2c8a62e4910a166

SHA256
40fb6ab01616b9de018b78f0ac662749815c56b600c93a30baeab94cd719da42

SHA512
cfbe01dc48d16ff6aa54973c4d44059d4699b4e1f92ce09dab0c084eba93c569a104f22b74c4dc15492f5346d7a13d763dbf588e827ec7aa01d5eee91549fa79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8cb718b2f77eeedfb472fca3848778a2

SHA1
551dd1519685748184ea815d8fae66f3fff36751

SHA256
7ea3b67f0c42c8620005a0c09d207165694b088ae3c33993400409df0707417a

SHA512
a895749d007702de1f6d1a948af1e1d3944d2cd6e69486d1b690447743f6d5ee458aa81fe70fec49889a9ea6008b20969d7c0ef2e97a40cb72a130af6eecd87e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
647f554cfa03fbbfc1aa4122b1bc7802

SHA1
e3930ff1257043791f7a2152b6bec3929007411d

SHA256
e9c3802951b91640fc5e76144015904dc0ff667ada76e7614afa71622a6a516c

SHA512
5d1084c35a9ff613851da67fa39547000fc6fb486412262267066485bd56099a5a9b9506d19b796b295c1379d52bf53af942fcf046528ce5755253ed89d4e451

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bac81d58a0da90fb672fbbc0dde6d130

SHA1
7f13a230b8c2217bc21f4b6fd09349297c9bdede

SHA256
32a4480641216115a722d03cacf233c45cc43a7eb4f25dabbdf78e10c74a4d7b

SHA512
41346a154354b77412bd0cdb87ea16fc03a8102b529445073c5d201d7d01def92146ee3e0929d748a9c569c6ba91d77d7cb87877bbf7cdd61e07dee84172973a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
92ea73eabe8dca3ee52bec45a4eeab67

SHA1
42db13ede43e35df5e8faa83082092ee9a051898

SHA256
d054b9933e134a7daa95f182d5fdc7a5831677b3fd1222e8d710eaa3e608c4e5

SHA512
bcd4a656e684fbb5224bdedf7a568c0e1415f07dbcfdccffe49e9dde0cf9854474e82002205928641d5df659a50f8e7bcec766a5c21285a7a764730c5d759c78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
411a3b3615b51b25a8ff93bd0f61ab3d

SHA1
35fb7eba21c9851a749c8a23e976fe360cc17f45

SHA256
d54d5489f201ae449952f65df8fe61f1a20806ca8c069db13f64460f19a0c22b

SHA512
eafc37dd35555739d58dd70f4821ce685ead2d8261eb2c4b4a9b3224e9e104d0269f66a6a859ed215d1138ef0cfb597a2a14e617ed929e4e8220b98b7ec17894

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc165bcbb63b80a0115cc2906bb5340d

SHA1
b6b6f9679d517c9ecc1542b9b9fee8bd9fcb70cd

SHA256
a03e4e1ba80b4c8d78023631391611ca3c69008c2bee576b993570112f41afa8

SHA512
05a102d5464edd791f87694c755d70e47888ad723d40a6e9bf069c76290214e4c562254015cfdc2661aff8247e6af2f5da3c002c08b1620fea7112d6dc893563

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a3316cd9a41da8c46043f0a37264bd1d

SHA1
6689683e66140c1f8ac7e7002a177a8f50ed0ae8

SHA256
822ec3b1e26091096d3f8eea7f9766d617068aa5f4302cc128fe2019546bdcb5

SHA512
1475557b3148d0e3ad1d44f8884499ae856f867ca1f69d8d511986820f1889ac651109d62433f5c79178f97277a7a1169abb5587777504c6932fd2017417a775

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c9066f2d053b025809b4b524c97b414

SHA1
696057968fe4a530c9010207eaceb832553138cd

SHA256
f9a84a2f65576160e27a9fad0dd2128648ec2ea7e0725ab58131a47bfcd60f7c

SHA512
e80cdc705dd7368b6734d2a55e37a7050d0193302119d11e7fa4837838b938a261acf526dc0a420ca76b53d4fac972cc69ece0b2d2443428d54bb0fbbc54792c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
466cd93a635ec58bae2c2b807e0fc5dd

SHA1
cb2e422f479197d1e2eb5824f9d476e03c3a1e9f

SHA256
cc632b6506d9a6ab2befc0533898eb4375840f929b19774b956d495c45b953e2

SHA512
a95b117859c4e88c50be0d37e676039297770c7dc6b741b2fa3272c2db19cee297c36f0e4613b3ccb1dba39b3550ecec451fc2019d326cf239434cfe3863c3ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8893f5f0aea365ce1a4f3b6992385822

SHA1
ee53d55744d5fbf938e8da24e326ba74df54b638

SHA256
4cad62f95ea2d71b29a1dd38b106cf22e4b2cca4929b71960e97e5ad131cd9c0

SHA512
6928a9adcfbaf87ea7de6c6529223e33d020d0bf590f821edfc703d7ef52dd33ab7e405ad3060e9dc596cba9e437f43b965e6981e3e0c511eef2f39e61277b97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
019755ac654f228b6129ee5ba1e95b1b

SHA1
e4d769af1415c3746bee787adaed7e76a2b88bf7

SHA256
02d697ac4ffba1d81c3f77d68631e9fbe3615357358eb78c74e042b24a690b80

SHA512
322896f6a10a786861787d8f0697e5ba70b1ba1b356ad429bcc2a1317125c9800ae5449062996f319b5257d892c7aac0c290c92b8f96d84567a9e00b04ad5c03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a0dc2cc826c4b3ffe3011db5bb58b04

SHA1
bac9001f647c6887240e4df87376d1be11346bce

SHA256
3d402f50ed702072fbd1eca315ca523ed7f5dd733050480f89d69ccb0e63b77a

SHA512
8db6d2fe9a4034000dc072a9d4ac1a1c8c386d38c76e7fd76b7c6cbaf8b6917d56059bc195c3c92f32d4fffba99cd1f9f8a6fe15dfb2cce906659a1a421f3977

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58ef00802b07792a21b78f32e2c01848

SHA1
21ae0f2e9abadfb351e20e860856c7b37fb4806c

SHA256
7a24b2dee9eec0511531d7c52a7582531c8fc706c717240d3c0388a0eafece45

SHA512
1dc24eccc3b825b0530dc4d1ec298cb020038310159e94b0bc633a321fff64a40bca74a5b48e7b88a70ce7110bca296fbf61b7b97a392011aafa72e22ad6bde7

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA342.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA403.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit