d7315e81a76a41080e1ff49e2a1460b378b46a6705fc720e789cbb109aa88b54

Analysis

max time kernel
0s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 03:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5e684dcdf43e6c4e718b7a3364a4571a.html
Size

1KB
MD5

5e684dcdf43e6c4e718b7a3364a4571a
SHA1

7a9f40d575c86425407438593521dc6965fc9704
SHA256

d7315e81a76a41080e1ff49e2a1460b378b46a6705fc720e789cbb109aa88b54
SHA512

dc86b5bce1395905331ff2160ff28141ff96ed96e578d983db78e4d0d12eba1ca7648c335cfe9d794b378ea947ee46531dce09f4e39078e2b87da686203e7131

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A936F201-A164-11EE-9A90-DECE4B73D784} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2512	iexplore.exe
2512	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2256	2512	iexplore.exe	16
PID 2512 wrote to memory of 2256	2512	iexplore.exe	16
PID 2512 wrote to memory of 2256	2512	iexplore.exe	16
PID 2512 wrote to memory of 2256	2512	iexplore.exe	16

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:275457 /prefetch:2
1⤵
PID:2256

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5e684dcdf43e6c4e718b7a3364a4571a.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34443b51d8c172deca1b975ca2cdcf8a

SHA1
eecb5e69f7932f1a15d6b98559b0092738e84f80

SHA256
e2dd6ea66cb8c6b530bde044dee31209f79f8667ee9067699c7203bf938cdfef

SHA512
a800690beea1ae5f07d869377a87830e5fda668c6210aa61ecc077ed375dcb13322db636c167609b04ade5a913db944854f6985595a6a41f0fab27bd4d97427d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
485c98486b2d42864bab633a947106fa

SHA1
65b57401781beba499184a0c70c919914bf4d9fc

SHA256
62f1fcc3f3665393b9fba929192cbdc8e8847dc576528c5e996974a3aea0e693

SHA512
a313791534415fd776483ab5bf0d44b2d7443ba63aab4ea0cd880881e127eabaeab83e053630363e87b24eb3ef97106e6c78de3ad6b28dfb7f96d48aadb23d60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
89078c449de74081e3d7636600ff707e

SHA1
316b3cadbf12cb1f6341055a384c149f437bbcec

SHA256
7c03a1fb4e4dd3156d13a8d7bfe7394d077ea4d08e7ed2172f2e7004211efe76

SHA512
4309137afae138dea0fc5ea62a7cea3ddc04bfcd50326ea1253750dc2711a423f4a2e94b8bd006fc2809ec9f096ce2ed15c11f2afa53a6966d699dcaa646aa76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ca56457ef23518b5bd4b7ec7f4fd901

SHA1
eecb2eaf36eae1d54d450b6315a2e3403bb785a0

SHA256
86f7a38e56250d9129d89b5293d8783b9fb02a0d18d1d90f352b2b63995592bd

SHA512
130ec07fac8292a56680fcfff19529053e644fbe6c84d7a16d83240ec55de7b1266ac00ce2ebf1ad738308fe64888122ada459c5907deefbcf52243a28fbed10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1efb7ce4813dbc73bb88381da319adc

SHA1
b88e51fec2f763a64f49e7818684f502c2bbccf8

SHA256
24fd3abfd87009acffb403458c2ac709d1fc5947c2eafd6a11c3250c97534495

SHA512
e9272e06f88c1656d084daf01039b9e2b3f3c56ccc6922d3a4cae1bdfcf64d49e8a081c7405efcd8e6dfb6f840d61051b750334cf066642cc7266750df00d7f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e44610acb57ee0a2d196a482d66b6bb7

SHA1
7aafa61147868b0a51c6ff12cb575700a84037cc

SHA256
8215196d3483d64df925ddad0e9c542bb54b61e9bf912e04cf0f43cff29741c8

SHA512
5c371bd51129b1133effdeff2c28f441c03e739802b18059749d02d89cde9dbd908b8019251018689fd2412da1e0e892267f81406de9f0b1fc9f9598fe4ac30f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec260bde520419660df2a7a512391762

SHA1
17deeb797b3e45d8e236a27f38f64141cc3ac2a8

SHA256
b2f04226b163c1cdcda4850b6f00c59aadf72e58b5dbe694978dd297f2bf9402

SHA512
2ab0bb322e8c631a8493ba7637fca62a6ee8a0eb4bbac5dca41e8ba16dd16d03d7b550a6c0e2664a0c6559ec1bc6f3ad39672507423cf23198db77da5434c75f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab259C.tmp

Filesize
36KB

MD5
da9cdb441b1d12832eec007349fced2c

SHA1
e2571275eb4bb7f1087b909617f3623ea363efe9

SHA256
269e0fd1baaa9cc7148fc593e6e4e3cd17bd4f739cc5b03cc7cc67ec66a2cbf2

SHA512
d20ec5314aa5e7a867773d305320ecce842e8b8bc350e0f8c694f5d0f6b46e2c374fbdc5ea7a6df4ea4bfc2698cba1c5b46dcb5130d57fdb61c9cf519cff6a8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar25AF.tmp

Filesize
10KB

MD5
ad41bff9ce68729df936b9c92b495130

SHA1
402d67e12b3163db9f68ff567a17f91d07bea743

SHA256
7077658f84282b6d946462fbdc8d3e98a8057f6c72fd984bd5a07c12c4578460

SHA512
25323f16c33f62700c117bebf4843a1b19a3b48c233eeeea74d2cf328e9045132ae9b260fa43aa426aa1cbae3d5e6bbfc8b6245b0b5122fd96dbfdd8fcbd72e5

Download Submit