08b37e25b51bd2f47bd375186265031245e435ac55a153fefe3534397372c95d

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19-12-2023 22:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b11aaa017afe12a25591714c23a6907c.html
Size

44KB
MD5

b11aaa017afe12a25591714c23a6907c
SHA1

dd2c35840d8a556f8e834f4973eb26bec5a892fc
SHA256

08b37e25b51bd2f47bd375186265031245e435ac55a153fefe3534397372c95d
SHA512

3b5c4f0ed41d9e3e9cf33ad8ed553a831fbf89491c1a3d96f04aee0df9587d25b76b2627b5a0ff42e19862789158a3a2b2ee73df15e17127eb844b9ff52bf5e2
SSDEEP

768:cUggMjh1qZwEQPrdBR7LYd8Bx1dsi0SC5U3iEnEEbQbQbQbQbQbQbQbQbQbQUpsD:cUojGZwR5hwVQiC

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{897D96C1-9F08-11EE-B449-5E688C03EF37} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d30000000000200000000001066000000010000200000007b096c3c46556f810230ea51525781608987cf883b35af8e4046e7c39362b48d000000000e8000000002000020000000abefe8f1a6525d0a10944a506d5a4619c2f34f5b874ddfc89355b1cb9ba6963320000000454ceb3e5602348cac59613bb2b83f465f02751dc0773e1ed4d5e887051fa23e4000000045dfe142a21a3388ba78a5f9a03fe56ebf02efcc90756148f94ba0828854e1619da617aa8cabdb61174682933eec405515e07134baf047c3b94a3de62ee62bd5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409218820"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d300000000002000000000010660000000100002000000027de6e29a7d23a3821dc2ec67d87501d51b06728b62a5a8e8174a1eaadfd8aad000000000e8000000002000020000000aa6ae92997b7fdb788c2f083533b3e816dc98e3f555e036c2fc908cb354fb8fc900000007ddce874fa37a79a4347e2f97ed782a74bd6625700eeee4ad837607b542c2e9209e054a4dad9924f55cdd7d3e49053a9edbe9d58c10e3a97eed30d914302c2573bb8521466beb37ac74981b9bbb43152221c7f3cd3d7cec2cb1816ae9117d7e09cfd20dc23b54c9b6b2d0a3ea3b5f5bda5e8f963be6b7a7f8ca4fb46a1001e9063d5ceab351883e76ca41d2f72fdb26040000000cd56c70d4ac52b26f0fe30ed4bf9dfd37c193d2868995b9cbf367e3620a5640b29b691d3adf35ad0719f92fc015af5f653a02b8ea9b05bb539a3b2f3a9bd1d21	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90ef1f911533da01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1720	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1720	iexplore.exe
1720	iexplore.exe
2392	IEXPLORE.EXE
2392	IEXPLORE.EXE
2392	IEXPLORE.EXE
2392	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 2392	1720	iexplore.exe	28
PID 1720 wrote to memory of 2392	1720	iexplore.exe	28
PID 1720 wrote to memory of 2392	1720	iexplore.exe	28
PID 1720 wrote to memory of 2392	1720	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b11aaa017afe12a25591714c23a6907c.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1720 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
37bcbc8749c8173afeb5565bcdf4c972

SHA1
e21fbe378f895a5cb4060265fa7d261c380355ea

SHA256
42e8dae44104d1b9a1f9d504c6616304152710da95586f264041cdbe4a5abde2

SHA512
58f962dad9ff9b9266f03ad243b945914bca75d1b1fea0cdd79e5b180b60456f0edd21317a0fa4c1712a9f21c4b239385b42a181c9d8a80b826e699ec15427a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4cd8ba352efaf1613fc3160c306f405e

SHA1
09c9aa1f937627c3c47787ec9b4c3b95d893fdcd

SHA256
69ecde250d034b1a6f2fd5c5361f472260f8c3c28602d54bae4ae67cd242892c

SHA512
ef10abd7493daefa6232bd4bb113d524ec4f0fc58f564853575ad3006ff54af42ad5316c3a4d492c7e38fa6a753f8f15d35a812d07079747a04040b39b85dd62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
62ef368a3826ffd440c2a6a550e992c8

SHA1
983b788163977ef2d13398fcd70257fccb697e0a

SHA256
fb44537c58953725174548985fd2cb20e4584274b3cf67dda2a85466d661b119

SHA512
e2b2390a1118e0e2f2e54e12486cd448483c4252ed9e9e3f30aa9ad98554cd551b26d9d1cb50ae0d3d1e0e33e247da87bf6d528f57a7f8e6adca07ce76a27498

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f6514a3a7eb25640f3057285539f5a32

SHA1
64813d3258f76d573d1bf6e0c146c648ea1c0caa

SHA256
318735bed8ed6a765400e52ee5c4efafed2fc9ee2d0152a41296f036a9284d42

SHA512
411cf4336e5e2d4a1f3300df3939ffe4e74c5ee17922299363216c768809999310368b79ee996f51891161fa817e5348d10d5c379b93822cdea3e9d8d6765daf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
980c97d4bf6e6deec71ff3c4094c35d7

SHA1
5425647a8221641b61de5d74242555013455b87b

SHA256
ee4669b605bfba7aca468c10dd5d42dba9192a638d7c4534e1ef3d605d4e2d01

SHA512
93249b7b0b39bf43eb3eded0932e845d9a065622876f3c98d33096a2467f8295c628055d6eb3e9b1781ba2902e2d0d943b1f94cd5fe5bc17ec3ac699ccd9b192

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8d11cc140598b6352faa253782505e20

SHA1
40a5937f1c20186e70339dc8c595e1b1fe504db7

SHA256
90c6cfa0310ede83ed637218171ae2eaaacb1c6dbea235acd82f01137cd76db6

SHA512
2290f2da70908c5683da99a30a2b079ec902b9193d6ff881af1ffafbb626d96194fd39eda0bb3ca90e88b8144166476544c9145efcf4a62fd5237802e981aa46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ebd4137ecc27422af7dd24a6bcf86c9

SHA1
6986f9d84d426c564125666c320b03fdd9b6f60f

SHA256
5c03c01aaca7663cf57ed1bcaf701ecfc10baa74c225eb18d57e0adff9c53865

SHA512
fe669c7050531df5c842826c0528ed18afed6f107dc6013d7364cc5cef3ee42fc51d051ff020ffeccda5c0925f7bffe8962aaffa5eeca4c624673cafac9ef835

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81d11e4f7c6f2b8d2e6e40cd8aefc10d

SHA1
0de25033a493f0a1ce29737bc02b17ae89258afc

SHA256
55b683613fdc1070f15e760652e8d2c4febc10dd496ca24bedaed7f7907ae998

SHA512
225e4389f4c0480fc6e242395f9ef3a987bdcc018b3ed009a76edf1d0ad321da3dd824b9e99a73612f407333eec8bb1ed9ca3a288e05ae1d74362fb576a6ef58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e30b6ae0621fe5058327983fd7bd36a9

SHA1
dab97623458aea97fd8c201684c2c9989b009b61

SHA256
84d9e75c1f93caf155d25e58eabed82641d864be87f3770f11847d6e12c4d439

SHA512
dd7df8e2902717ca92c0b3f14f33a30706de1f6cae8bdf7b92cf9158c893af5a44f97f41b9ef27418bdc39ac5c2a327a009b5be05c5112a4faf48d720ad7e1fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fa74314618fc42d7ec8ab4cda408c530

SHA1
f8fb9f783b4a64be4a8da23044ff5ec09c110387

SHA256
b57eff4ca6272b0aeadb880d4be7aa5b2b0866065570eb33dc4ed296ebb35c3a

SHA512
1295e324b83ec31ebbc461a054ae76c8ddc6b5de833939df3a940c4d07d83ebcf6aae53d7e7279db412211fa9ee1daa16d77a8e4d5d9f9564629b1ac094fe2ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e64c68182cbba2754f539ca95d5acaf

SHA1
0ff0f484d6286ea4a2877bccd983f14ca1e1ffb0

SHA256
e82e1339ae48f123b2c4cb1fe972980fc72d99c8ce853abfb7b601ffa33f84ba

SHA512
a4ed705893a5c339a366a43dfaeec88466b022b24680861d30ec85288d23abbb6457c286ff746a572fa5e5d75847f7490887574bb824bf29dff095d484316639

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
379ec4517d9ba41f296ea3702ed5f0f0

SHA1
778e65541fc400e53eadeea1527954d0359c8a67

SHA256
d446ec61d9abfd704d40480a924ad77302bbcd850861abcc6b476b631169d9c7

SHA512
89c9e927ec777c8a37de7a36336637adfa116642a13f5f3ac564d907be321e9ca1e64d4ee4c70591167e8c588d1e9a6c789be14bec43dab3dccfbe5914961062

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ccc3f56e2d4dcfc9380aa5fd6bd63d1

SHA1
a64b85e572bbec346a2fe9307de3aa4ce6c536cd

SHA256
e1a05cb8be6ec447fe194b64db520baafbf912d43be004834d413eb0d242f967

SHA512
8d3b6c2fea3df8a11ce30916ea433ad4fb90ce1b225e518757f3542ba283dc101e4a3e59dc637cede1a3f40dd6ffd2a13d3441a795160693fc28aa96540e26f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2b53075fd914c7b87a2938351279757

SHA1
27a68ea5d503d0f0ca8b95bd05930d8381beef25

SHA256
3b13e19383969ee7253dc8dc763545cbf8028ff47f160ac79a761732a9683196

SHA512
2de83fbc91abca5a4f72140707476b56c4765b9d9111632e2e6bdcd3f9b8e24066419a3bd2b0ad3bc8ae802bacc98ae4f6fc6b6f24d5a475b378b3fde62c9fad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e6260e228b5eeb89710f9c7d46a2a17

SHA1
adee40e9e21146fe07b13818d74e1f83644cc765

SHA256
823de6ed21c4534eabc4ff370c2f16950f4dee427c8e89307d498a1280c38716

SHA512
ac971adc8d1f9f777df27a0cfff9119f3ad17b37acda6680ef999df741683601b22bd5efa203e59798b3ff155515863a520e5116d5f5f6fe834b4540f165040c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3809eab5dfb93f0c0631bb71330bbc4b

SHA1
0b065803e8ee82e6d4c26cbedef0ecafad578606

SHA256
b249a9399889669f8b0e143311fe9d5c66f87d9743851607ec43f037309c3c08

SHA512
48b31c6ead3bc1e3771a37be50c8a1e75a2fe6476f2099f2bddec23cbb60749d1a35ec85bf3d553a570ec589b823f31d614e0b20d81b5a4794d806e540e022dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
883ff4c9b3d0d902300a452a6c99d765

SHA1
259f0c00157b899726403562c70d2a6fde6c55b2

SHA256
7c3803ad8302be16f59b0770dc7576087d1002dea15ea56cb06705895357c0bf

SHA512
7b6ab407d81d3fe6b56996673c965ff4cc2da24cc9a92bd4e621e53e68d23e5781711204e52aec6bf2e5d7a32c6ba3ac436233e6695317c766fda09c58414ac9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3AF0.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3BBE.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit