47a3336136099df60c67557140135ae2a968bc171536a3b74cb43fd44dcdf350

Analysis

max time kernel
124s
max time network
164s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/10/2022, 18:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

47a3336136099df60c67557140135ae2a968bc171536a3b74cb43fd44dcdf350.html
Size

47KB
MD5

7628fb481b4b1631dbc5dda33cdd0f60
SHA1

8df4838758bb18b56e91047660ebe00af9f44319
SHA256

47a3336136099df60c67557140135ae2a968bc171536a3b74cb43fd44dcdf350
SHA512

0293b09b5d6b37db02c12dd15d83ad17cedaa056c984d461aae798e3fce00dcdf9895c685e59a9962845b340842836f5c77f082becfbf94e3de8b8f8ccb8ffdc
SSDEEP

768:YLheL9vnxmWJjDThSgYYiTT+x46A3Wf9BLo5XhMHawNwjG2uTMjmv71jcqnYN4EW:YLhm9vxjJjNYzTT+x46CWf9BLoVS6w2E

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a074f268d5d5d801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "371421434"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{661BFBC0-41C8-11ED-8C25-6AB3F8C7EA51} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d3b98f5693c0d24b85f349229339c59c00000000020000000000106600000001000020000000e4b6f1588e969b47d8048b78a40018a1c46309e07c54eff8a52ab644046a9a94000000000e80000000020000200000004f2ac37728732f033e2f0b08113f5339b940221f624f493047abd90f164f1f7e200000007a4e590880d65d5cb8fb09f3da80db1c3afdcb695b83a7f6d47c8523e48a936a400000007409ee2acf9d4d1c709a3676b8397cd2e84a5db6513a925c9aec6b1dab926729d4f4cf9398236a699c598b8c5719ddfee96ffacd46f2e256ff23c723fa40bba2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d3b98f5693c0d24b85f349229339c59c0000000002000000000010660000000100002000000032de828ec20f927bf1ff3748c776d7c630506ec573c0ca158b0511a8494053c0000000000e8000000002000020000000062d7b05271135e3e1f9f261c20539b83e0259a7c509a9e242131bde818c7858900000004e21e39ccee828e6987ee0056f98b026f0a3fe1f63a6547c9c4ee995a29d8f9b979c77a5d5c91e6cd233146d47cb78be25178f6da9f183724fe71670cab46618ffdfb1dfd374124eca6e78c5f376115a230693981082b1d401983f04ce8f47575bae820abc2c6ddb723147ccb079b5279232643e1972702a8afe05f9728cac63c3d63a5b4a5537f2face07f8feea0256400000004cc89fe3f2a6cf58f082acd43c8c52a2b26b499aafed6eae3d1927277a5f2d18a371dccf6865454a15090d6201c479971bbdfc824d12732156ed8d5c58828e1e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1116	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1116	iexplore.exe
1116	iexplore.exe
616	IEXPLORE.EXE
616	IEXPLORE.EXE
616	IEXPLORE.EXE
616	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1116 wrote to memory of 616	1116	iexplore.exe	27
PID 1116 wrote to memory of 616	1116	iexplore.exe	27
PID 1116 wrote to memory of 616	1116	iexplore.exe	27
PID 1116 wrote to memory of 616	1116	iexplore.exe	27

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\47a3336136099df60c67557140135ae2a968bc171536a3b74cb43fd44dcdf350.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1116
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1116 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:616

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
340B

MD5
91241c2479b7b3de9677429e26b07526

SHA1
064725b974310ff478f599a45ff7429d84a592bf

SHA256
a26ca766f1afcd0658c30d7bb220cc9052324d83080614c1f0cd951aea2c5966

SHA512
0935c396899a32564115a754a29d1ffacc29ce3ad04653c7f2e705f3c6b32282418c2e971de4035339478bd119ff77e8eca789ce2ebbc94fd2b2f94f64517ec4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\TZP259CB.txt

Filesize
601B

MD5
44295bf6ad870ec2f97e8f092898903c

SHA1
0377cda9779025ab74bb6c285e9268db93dfc70e

SHA256
72bcd2100270c585348d4c9b3c896a6924451dd2e13b0712c1e75c82eaf8ea79

SHA512
e4aa969c2d85dac5fe9ee7a2786a73c93adc865e0f95cfaec3ee5044a269c6b3e9770ccfffc66fb8dc825c6ea671e812b51b755c41ae4ac751b4603f9c5530ec

Download Submit