71b96d709cb160b579ec5010ce38b00084a49c420cd5945b69714dfc9acb811e

Analysis

max time kernel
119s
max time network
129s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 10:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ddpintro.htm
Size

2KB
MD5

4c5e89b1e03b510b09c4b9ada630009c
SHA1

be2926b06522d7355a73c9f42f9685f0dc7a0332
SHA256

78d60078bf2632db0771754b6640e6f1849300185948a080c177d0a39f529c3a
SHA512

bb75eefdb1d8704cacef9c68f784065b12bbd2f366cc514466aba252c907b1aa219b06d4bfea8d809730097b75a6bb666c04bdea35bc615bc3fc7e11b00b17c8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{83700DD1-45B6-11EF-B44F-526249468C57} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0451e58c3d9da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f03551000000000200000000001066000000010000200000006dbdfc94d1db97545e83c9dac09587c35659aef7c2713a75eb672a06a262f19a000000000e80000000020000200000004a4c2cfeb54bf3598000bb2d85bb6c14a82ae8a11250b0821cdf419eac466783900000000824d383f3d4b4e90e2722d2a8663edf323e5fbcb5d2b22be5de4a0f19febb243b81a8f07565943ceb7819513f3384f7157548ee8db28448fcd27246142c24a797c294fb7c6d134bc878a71aadb4539e16487c77f04260e9f36918d54b5e37008f5a2128d6f2432bea4ba0166eb0f6b7f049b5d16970253464677a28489b4cc5b9ce46fa7a4720727e6fbfea08f7e994400000004f9d9d2ab1dead9a0375f5c1b7741a3ceac2dd9bcf05a73cf031285e06ec2d0b75ae55daffea7912ac6ce4a76be8c93801c3dffdd6475f412aa414311f2ec1d2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427545436"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f035510000000002000000000010660000000100002000000074044b1d8bd63d3d6afccc5ceb2a283fccaf9821f780993ef70d4cb10062a986000000000e8000000002000020000000de4592b1a116a6bb484a3bf68d11fd0dd95470a979680c6b5bf1bd2c68fc3c67200000001228176bfaeee7ef4b5c38a51ff84c289db167f5567c006b178aad622e44dd35400000009133d06e0a59d9ce4bdea64433a0a221b6734838831d6622f36c76991b67e3a0c640ac3d6be2829ba014ed3f5a5f49bee9f9d8f888eee1a501f5f71659311c15	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2276	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2276	iexplore.exe
2276	iexplore.exe
2816	IEXPLORE.EXE
2816	IEXPLORE.EXE
2816	IEXPLORE.EXE
2816	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 2816	2276	iexplore.exe	31
PID 2276 wrote to memory of 2816	2276	iexplore.exe	31
PID 2276 wrote to memory of 2816	2276	iexplore.exe	31
PID 2276 wrote to memory of 2816	2276	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ddpintro.htm
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2276 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b3bbc20b8ab0bb2e9cfedfd809a5d07

SHA1
a756e02477fa93fb46d38e1616df8d85e775fb9a

SHA256
bb2242a1edb7d457e37ad2ea501562e67290426c9ffecc32e416c1165b1de7f7

SHA512
d83471786ac52a83a9259b80748e021dcb876f3cd3529c7ff76ecc6db1daa7a9c3cc9a40131bc8a9262490657bdc3d7257cf5da5cd63792d3bd0132bf8cfd064

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd529c84a516c887793f64ee1206d905

SHA1
dc4e3accdd027955dceb5bcd1fbb3c3e78391e45

SHA256
7bc2802e63e098e9b730708b1102306e20cfb54694d020fb40d861213896e8fa

SHA512
e2261914139903e3d4cb129b1ef82616d8cc9c6220dd428416920b4effa4b2f77bf13aebf95124dffa6cfcae1201ee86e04da86462a0d35c5e5c25bac05b21c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b02a65896dadc70032abfcf07049fe5

SHA1
777445226958cb581034c85e8fe019779ead2e52

SHA256
b289600b97d772cf12abdfd0c79fb9369054813d49185fd561ece834d861e698

SHA512
05f454e8666298ba72c8b1ed75180efc0e58704bc9b96506b58683a74e070ae11260a30e98014e89f284de7f27443f0f57008f1ce83596f3dcd69eff3baae04a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
837c0d4c3864921bd90a6968c3047d0c

SHA1
2240d4c56b85ecd829800027e0c9a2fe79d22eae

SHA256
ce620a97c03498b30f63c885feefc725aba7b0023bc79795c647d44c17453aca

SHA512
446c5cc8737293e6ecee330f0cd228ad12055dfcd353eb1091b10c71e5417e6365abac5ff13de9a3238f9df587dc0a57b2e54dbeee3a25f096cf19ce8b055a93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
239583b71fa87cb657f02aa62f79e9c5

SHA1
57787879ba2a9ca6a482182e47bae40c4b955792

SHA256
0e28ba766e46f67c3089bd9437bcd7d550c4ece7e5fdf1824eafb4807b59a366

SHA512
a6ed1e6f57e6261ca535ecd9c85a6f64f3af784d6d03719a2783e12e209ab8e3d79c365e6ed0594c9620063416009f512dab7c7538a1cb73637d87997cb95df2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b80613c292ffa7582ede7507c6162578

SHA1
40f32ced3b40b55f30e6ef9c786a9500f38dfe05

SHA256
1af57c0901fb9a7421a0672bdc6d58deb41140fd3423e42e853a21637f08b89a

SHA512
9024bfc83fe762fd63eb85bc2066e0d7e80a0605b9bcc9579894da46e2904299763f97db726ad6064d843366328efc0279cd0507e6060d938c1415deeaf8fdf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca3c7abfa524b8a23056e649d725651a

SHA1
795799657343af9ed2d712804f28a0b33727db9d

SHA256
6e8c9d908bec28803defc6e3a3e46a58f4f16f72cb112fae46f24c7dcab2a2a5

SHA512
26063c3578e3bee8e26b354dd71e031f01ecbe09a01db10cc054701847b6141d8ac1096bc414dced2933cc5c4e2567102a20888451ab755217d7f6937316697d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
884362d63ea2c83508b932c1cefc725b

SHA1
482db5e5b03d2e8fad45220f8c6b819fad95e676

SHA256
0ab5eda71f0fa8a74de8fe0fc41a72df02fbab42bb4dd10d260e99db3f703c8c

SHA512
d17c5b3861766ce14a7b5a3f496a2865765aec3fb2eddae71b89b931f3fb42e5c1f3408c2ac5e504bee43781c56337b0eef4dc7904f1e3f8ee95f1fc3054f0c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
186c90a2ce2acc06e1807e90f52569c6

SHA1
60ee8acd9d5fc106a4a806c5cf94538b8640a55d

SHA256
cccdd9c859d63b02dff676db3e2e05680eacb1edba9a2684617a0e895d057de0

SHA512
71cb18c6457a95f9ee4c1e92c33f096bd0ae88dc70561a07718046fc9bf3b43c58b9f9c0fcdf1d2485fa8d7189841c318aa5921e4bb11d3901e93e37ce5c702c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
460868ff250a9930273dca0c8d8a4a97

SHA1
f7d8148e7a5a60bbc5ef058f31f7061718962bf1

SHA256
b1f9ada87d1d8a655afae2ca66bf6f6e328f19e20d829a4b2bf46d1cb9543089

SHA512
2a938091f4da03abb5aae24fa377fe1f3394bddde4ce09c152ba9a60cf11eb4094c21d02281639ac654be1cd757e0743cc4b04c63fbaaf65b0349d1744393206

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a412730ca0516fd709e4f8a1fd0be02c

SHA1
e43cfc085cafe2f55c89689556f2959270019e9f

SHA256
3cc05552588a71e483bbe1d439e327f04d15300cfde758225c10f9371b5ae151

SHA512
ae3244c2d4194833dcd5321fb92712ec1d6eb1e99a3cdeb1251e74ca1b8fa4339d368c5c8b9a0bd38967d6dc0f63e2e59cfe7b688288fe6d06676043d160affa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f7aeda5d9f63625b8164c5d6b0fae78

SHA1
60f8e1291301f56ed542568e011b11f35efdd850

SHA256
17de75c245325d2f1487846c7204211c604d14007f7aef356ff3860752ec8d07

SHA512
9493dc4054496e5f3096bd11fa4b4527791e6357022a8cdd30e3ce670d62a5d881ac6687b535e8011db15c5abc09263892d714ab9346a813e7414bb57df471e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f861877fc6c6627df147526aedb6dd4

SHA1
191f4ecf18abf97ca93e1f38ee5a06c6f4f67ec6

SHA256
cbb36fe121cccf14d7faab0c6902f4803544940db86089e6b1c5d961d0c414dc

SHA512
7458ab3f3e35836d43359448ba2c8b9c9904a3eb8650ec507b0f8f1c4054782cdd17ecb51318f158ed07798680e353a8d0ef98f17461de4869730b1c28c20605

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc2d15d157aa164528befaae5096c97a

SHA1
0db516f9c3e363936b6503a2ca8d088d4210e75f

SHA256
66b0063d3f0805c8a650662a263557df1c5083e03834d3ba08d4daf5ec66ad9e

SHA512
34cd28c173cebf0716d9ab76ba8dc12271bb659eda0366e0422fe7f24242859e6fa1d16f36aa95b498a9bd5f8f24ee77a78ea937630f453475aef9ebbc12f43b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ea07c324f8cfddeba26f0026d3daa14

SHA1
f573f47812bd7e50dc7e6e0fc9c485e4c999c0de

SHA256
35e2667b9a36434fb7e3a2e098e3ee1f16863c0d892a02a5874461908cc9722f

SHA512
e64d8c6791279a5a5e7861c0786b33b967cc6bec2c4349d8e91d9e1d09b2980843d684a7bca12878f0100a8eae055778cfb3173fbf94cab3645a9fb944503641

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9A4D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9F13.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit