4f7cd9df0b960a4cc4c6bd6595fb1578aaa42784149651ef228223e0ee50359e

Analysis

max time kernel
3s
max time network
154s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
13/10/2023, 04:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

youtube_embed.html
Size

4KB
MD5

2ef02526d37f620d84e2089957abdc71
SHA1

e2f3339e91cac8904d7d37f1f4909bb2e3c7960c
SHA256

64759a92e22868f3a7bc37381908520aff9bae31ef2c5e3cf998ac2f9c0d6c05
SHA512

58b4857311dc3a24acac11a511e0d3a1fc5075ef1354669ffba6e0cfb57369d39d40a47abcac29af991be71711504a08ec391e66ca59f1e9461573dc90657a43
SSDEEP

96:b7vebZZFTzS50Nij89Ur9FUvi9znUlq84YI38FxxuxxprhUUI8s:b70Zh8A9Ur9FUvi9TUM849383AxTtUV1

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3A79F461-6D7B-11EE-8D80-661AB9D85156} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1388	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1388	iexplore.exe
1388	iexplore.exe
2192	IEXPLORE.EXE
2192	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1388 wrote to memory of 2192	1388	iexplore.exe	20
PID 1388 wrote to memory of 2192	1388	iexplore.exe	20
PID 1388 wrote to memory of 2192	1388	iexplore.exe	20
PID 1388 wrote to memory of 2192	1388	iexplore.exe	20

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\youtube_embed.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1388
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1388 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
664644fd6f2b3f82a5a1d82f62c5e7ef

SHA1
3836519796a5c5f5d8188ab06f7310cc2f6b10fa

SHA256
fc0807d9be727e77b39da47a56cf2b1aef2d25f90524b94ab69b6b842a01b9f1

SHA512
d99ecb87b8af613e6e0daddd429fe8ad5d917db3532e764e3d87afdb7433b2cc2a8a102cbe6b97a78f4c80c274a8e4a8bb8c6277fbb326d00be0985344622b71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ed6cbbe60c74fc5d72586dfde6a67b6

SHA1
51c6f69551e4dd25e2da47da8ade1a560b31e3bd

SHA256
71ac2f74d15fb1042dee4ab15f0cc4f81d82eb408d98d3c525f3fc3ffe1f8ea5

SHA512
05d268f221c562927d9956222b951a818299da982355d0f25cd51827f2e63445e1f60c83f7a62611c2ab9e1a6bec0a2bb8c153b26de8821b90606bc97cc9772a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33ca9a45ad0ff1df2dfea3d0e6357d33

SHA1
a7e51b4107e45920f5603f0b8584efc080494395

SHA256
0ef3d8337acb0f3cd71b9c360c19b8939b80249009a7c811dcc4f23d93982a3e

SHA512
c66127a685c89e03d776e26fc7cf65c265df9416af1d1242da0ecfb16ce9a1ad8f0194f6872231b309664a6642da400bd6c31e87165020bdc2cbf5271026b382

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f22156843a80642d02134cabafd63ad

SHA1
f79915c8c0a5d1cc516bb144d43112a8dd137532

SHA256
136ed5a020fa6acbfaa260f7ed13f84c5137844a5e5a3889d1d5eccae7b5b847

SHA512
fb26f4708290c690a76aad16a4241f2e0310ebe6586673f8d23a354f4ca28a00224b779c2c8cc18e6ec15a5ae8247f90ccb2bc8078a7f118daa845f150516d77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc44d63f55f2f493146d1bfdb191cd32

SHA1
448165a82cdfabc82dde5943463816d6b756724a

SHA256
c86e39190bc350f4fb5f6f00cc442ba193da4ab80d09afbee00768aa97799d6e

SHA512
b9cd3c7df0e5b082f16c895c0a04ab44b166511fa0cf679b7271dc2309c6e1fd07ef026f0863fb6b67a1e793c7aabb89a76c6d9b5c62d12a99eac3ebfe3ac935

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8aa3dfb58ebc0419d360008444254c37

SHA1
f445626693d66f6f84a87577f3dd9d4db5306159

SHA256
6f47588029fafceb4ea874eaf5dd390022e52e786fd7d2b00af9a91e904b2bf6

SHA512
97d02dfdc518d0d81728581544c8ce7ff654ff0b09b1c005421112e74f285ab516495a6474f459bba1e2b6653f02579357f4af010b6b0e846d34f62bf5db96a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1ba7fb8abf131f849a0c2a48874baaa4

SHA1
209b9a64714b6481fd02219b457964e71ab06185

SHA256
4b00eb786cfbb3a76bff569f5270909811be768420a364ebf039ebca589ff223

SHA512
144842dcebbd568648f129dbb242eb155ec7dfb1301e1d7df32d4035c1c610f563cdc45908ba1c12c549e171b14d483f8cee1e031eaac0bc34eb020d1aa27f4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fa8c1e4397499e85c27595228b3fa71f

SHA1
ec93afeed574e4972933f52df5f0e951683f1bf3

SHA256
da37889c6dc6529485aa725ffc3b65bd2a7d2b609afb0c2b1d5592e7854d8a4d

SHA512
d2503df40a04cc2e1a96b60e67c0e95df180fb7f5d0126172b308eda2e5415abe138a92fe1cb1222f2df541e1baae5c6f9e8274f29ef0bfec0f092ee7fba27d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e3f907865a97e2eef61801831e8bca4

SHA1
a91d1e042be83906c2d121683c3b73bfc5129771

SHA256
edadb08ee78f3f2a69384e12f82aff94f1e34c6835179cfd23c9172b593a5e29

SHA512
81c5349db1102e8ab41ac1cd95bdb74e56c00c0ff5977eee6535a492db8e8621cd3fbe4f4979489af5f8a78a58414491e8419310f8eb873c9779e36e9035cfa0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7fad55d71727ec6581cb6b9ad51f094

SHA1
6f4f43db987268e141e1bb82c701972bcd33a1ed

SHA256
cc565242b59bf9d10c458e7169cb470a68a08e541890d3b52801c17779c55a55

SHA512
4420bedc8edf21b2c92b06679899528125b5424db81b1afdd6939e83eee07e5394b0be06ac1d84d9a9ba697b4a7a34e77daa554909d9322a74b622a2c042b3a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bfdcb6faabd031ba68495a4551825aa9

SHA1
354688aaa75152e67b7fc2f01601da8926574ffa

SHA256
205163179fda7330b95fbf6c34ad8aa47eee5b6d89b7003299b4ae8394f3584a

SHA512
9e920f59ef767ed945a68a8e4b4e358c4844f8ce102f194ea544480d3469a61390c1c78907be466f61006750f7015a14cd003b9896a1168b4b47dd175485cf20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d8954b538f707893af6bc978f38d602

SHA1
c08b317fcab1d9b1e6a4a6d5619ddb9e90ff2df3

SHA256
934363d5932f71c3791949bba093c56e97ad1928268dac478c82501a1311c15f

SHA512
b87678dffa75a6ed31849d86b5fb73991c3be254721eb362732f626be25dce47612df3d80b8f0735bdfadeffd14fe3badc59ffc3c858b25272b4cf211aa9d9f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
44dd7909c3f2b7fef11e3dec75e2f7ad

SHA1
2e05a9b74b546556a885dfeef827530df2aa95d7

SHA256
c47ba0d242f7d9b932941f458c66d739194722f01be038b27cdb1af090fb1b35

SHA512
3e5282bae3e298a9b4e40f75e2dce0877d7c243fadcf3b4d95ce4d2626eefc8afe70d4c357c04e52a832502693043c82c2ebb5c7dad7e1fb5cda6e2d677dc6c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1b2b21254f3499f2ba33eb00217c305

SHA1
a0c6f662ca08341d309cc3ad8cbc2c533aa3d4e5

SHA256
426f0bcb1511f6fb533eddddaf8b64b845968151c650d62486d94a4d2c4e0f40

SHA512
e1d0a8761dd57f909b1d5b9f5ad5bde7f15cf7ede18f26ef331f45179b7eb95649df0b59c208f5136b3a0a2d276e95e43b42d2002ce34bd9a286aad52b7caa8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc9ed2b59471f81fcaaff83f80852d19

SHA1
022eb369663efa9c8fa18d61358d0e42f28ec398

SHA256
5984d948f453dbb81b134c5d12015c97a4271cbd2ee45676fe2d386b361f1a53

SHA512
106e2c639fda2502119ec81632767f398afdb65a192c132a20a92849541c5731fb4be59c1ab36b0d503b6ee982dc6917dbe1e500d76b0ace75f8d8db4978b773

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd8ed867f1a0063e89983ae7d30407a3

SHA1
d7c4f1abdabe8d3ab3542214dfcbd00222d5e46f

SHA256
748d03f5505db23ec38c808cfabb71340adef34a3b681edccf90fc8375576944

SHA512
b9b716b6d3006aed6a3077c2ad12f9399e23c280bd84d75525d63875ff18c0fc02a5a90d90947182f058a698b3e6a47af118460fe81c932f45810252599c0208

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aea82b7af00d33683dae0a630b07e889

SHA1
2449899cc971bb4d9a295954d585180a11372fff

SHA256
80122a5d3660f6775cc94cc4ad2ecf00a00e24623fa59c67b56de93c9d97049d

SHA512
0e2c724d12c1fae5890a7cebf1a76b22af958e3d434be2c2085b63077d521cecd6aee10c29ce029c74765a6f4d7b0c60f25c66f54279cd89e71b6511646207a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9694a4555ec2ef478cafd5cbd105551f

SHA1
b7586916171409e0c1821db5ca503b88161a8ea1

SHA256
d5d73fc2c4708e83e91a567e1abee9823566987bec9e94bb1117f01b9adfc35b

SHA512
230c43aee58390e1cda8339d229d3031e11f854e6f951faf17d9911a2090491fac06b8bed259d29be166f7771a9f3214c1688b59ae638742db841f5a7efe6cb8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
c8434e4c5e047d0e4299ef572f6531c1

SHA1
2eca00aa6602d59113898cf3d98eb3055512df80

SHA256
3fc3e8a6fdb385553b2bbb5de077507ae0667d2b194b3708eb1047c30004cffa

SHA512
8e0ae1cc20863a120fe4593dd1523649e46fe6dee4ac195b56a031abcfe3c4090a06dfebfa75ecabf949e579c40a2347613b105c0e5808bfc66cc1e4f3acf886

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEE29.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEE2A.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit