38ffd4972ae513a0c79a8be4573403edcd709f0f572105362b08ff50cf6de521

Analysis

max time kernel
8s
max time network
11s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
11-11-2023 08:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

612B
MD5

e3eb0a1df437f3f97a64aca5952c8ea0
SHA1

7dd71afcfb14e105e80b0c0d7fce370a28a41f0a
SHA256

38ffd4972ae513a0c79a8be4573403edcd709f0f572105362b08ff50cf6de521
SHA512

43573b0cbaac6e2e1646e6217d2d10c40ad10b9db1f4492d6740545e793c891b5e39283a082896c0392b88eb319dfa9392421b1c89c094c9ce9f31b53d37ebaf

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{02872A61-806C-11EE-9655-CED6FD478C3D} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

2152 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

2152 iexplore.exe
2152 iexplore.exe
1240 IEXPLORE.EXE
1240 IEXPLORE.EXE
1240 IEXPLORE.EXE
1240 IEXPLORE.EXE

pid	process
2152	iexplore.exe

pid	process
2152	iexplore.exe
2152	iexplore.exe
1240	IEXPLORE.EXE
1240	IEXPLORE.EXE
1240	IEXPLORE.EXE
1240	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 2152 wrote to memory of 1240	2152	iexplore.exe	IEXPLORE.EXE
PID 2152 wrote to memory of 1240	2152	iexplore.exe	IEXPLORE.EXE
PID 2152 wrote to memory of 1240	2152	iexplore.exe	IEXPLORE.EXE
PID 2152 wrote to memory of 1240	2152	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2152

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2152 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5f6c17be13afe278f133ff04aedc73a

SHA1
47c3075e0eb958bc1abce0191aa35bd0199ce78a

SHA256
288432001f143ab417f2341e7088cf473daf2ff76096d04a68f2c6b862be7f38

SHA512
d1a1b8ae914e6d9c7c55b1bc332dc414a819fbfbc501db7e1010073d9972e53a751ad81ccb650e6492f5998940b23f9479a27c75d17e20bd4bf104aad8fb7d6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b25bad8dc2265906957fe6790808b5ec

SHA1
52631ecfae768e414a794895bf16f603ebaefff4

SHA256
b077ecf06b8a18bd0e4048f67eecbd8f89f69fda785e1dbfc094622d6761ef2e

SHA512
ba67b52ea07067fe60f03a20309fa239f8703394f25cff462488359c87902576fb3b4b5c50e3e24f5d736ca6a5edb72f1390d14517571d315eed3b7a938386a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b7d3765b785885975577487015361781

SHA1
7243cbecd3a8b51d78275c16cda55bcc29ffdd98

SHA256
11d11964e455491fd1196b9e22ceb166df610599051beb8b3a1ad1304aef7e26

SHA512
2fbdad7c95ff6f6e9b42c8145d0ffbef353d51d451d367bc223ca617338be901e1eee90dd799fb29e5e6f0431e8bc8186440917c426ade7364a5b4088bf70fda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
35303dfbd4cb08b5b31b81f30b638953

SHA1
8b539ab52bb80fa6c7ec08423c299450fd4108d9

SHA256
9753de1e7c3187ecc71a7cccdfa7c94b048e962b42f55fef9dda390090af43b2

SHA512
76f132a68d5ed706ac3590c79e99983714ae916bc611aa93ddae01a09ea5e57b865d6ca369cacaf9fdb6b2b3923af9e0db9ebfc4a05992fc440efd94c85f8a57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4704a1cc8c1f727c25b7893342379650

SHA1
c32bcd5351f6f6dba62ef58826f49b4261b7c832

SHA256
f9198357971b6d6a40958bf9557b7211e128da1577c2c636d6834cc94f1aac8b

SHA512
7ce14f04314dd54f38df278aa24a6efdeb0f78a94885611b43ddd60b98996430e8521f6847f8573dea615e9bdb3eefc4c47015362123c0a114f39fb28c64cd15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c611b926952a50836650ca11ca923619

SHA1
5354ba4dede58fa6d90d2fafa8a4a5fe8fae9501

SHA256
86636ae73ffe4320fb0fae9dc1b3536ac7016bf9a915c720c530ec721e9c77e8

SHA512
23b4ce580a8b5a46b7a374f528c1b89c239afd3589ee706a55aa5d2b02c1b3754057bfae0a92f3bcc015e38e20b20c26d1c1b95ef72f517d349ff488cadf14b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cbaff2554c70e77b04b22931c2ea9018

SHA1
50408bc2e3f7c60033e3f74960f4466a16782ab3

SHA256
6e038799b929c333706b9a2aea2fbfe53ec319e50025849182e40ca6e487a89a

SHA512
bbd380c6f9ee29c95ad3b38808bbbb71275b3ca683bc7271fb938009962d7276d648f12e4f6fee94b864a4c6735904041f245b2f356b85dfd2ac50f3a0783550

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
42663f0aae01fb9953100ae76dc5cdd6

SHA1
41fcd3e17193d10ec16eafb10aa742cda2e045cb

SHA256
f51c0a9df9749690c9f61bcaa8ceafd7124d49babe09acbae51df4bb22ac211e

SHA512
3464c39c80b4f72569d5f3c986542b4d6256b81c6814163bc1e4434ba180f299958b71a3a9f22317a325314fa6db3ac5f24318c7de74eed8bb9bc84aee6ec488

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d464052a01223217b56bdff05d9aece

SHA1
134d8bd55413df16ad2321c047aac2ca445aaae4

SHA256
c928dd4d18b6393276c489433da89a91711787f2a972f6f3a2e8b33ac445a6e1

SHA512
aca6d974fa361581c1fec258345b1df46324836d951d5339793c8772b3f1791af75bd9763b0dbac25d61dcefb02af31977cf33ac5b158698e84248920a9a7e9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5E59.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5EC9.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit