3824c3a3b87b26557ccb65e595cf989944630e749fbbf5af5436a10c0d7fb457

Analysis

max time kernel
0s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 04:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0001-exploits/iis53.htm
Size

4KB
MD5

420df2c0f778194590d6ca0d2f538ccd
SHA1

f62c7936061de6818853ae8873f76be703d45238
SHA256

c6301bd7666cad9967d8dafc5ad77f1302a8469ac918b24e757bf1d26a8ed0d1
SHA512

853efa1b310f6b2cb0b4b9c81f6a2f15c55a0accd42dd1503bc34e94414b0ff2f4c3d9f64631dddb6ab70f1bcf4e09c144fcc2879acdf7bcaa776814f61b3c62
SSDEEP

96:/0STSROSQZ1ClNLl5Sojd+c9SoSjheS81TSXR2fSEdSoJsSpteSzD4SowmS5:sSTS4S6ClNLHSg9S5sSkTSh2fSEdSZT0

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8DD93AC1-A166-11EE-8CE9-D2016227024C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1960	iexplore.exe
1960	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 2024	1960	iexplore.exe	15
PID 1960 wrote to memory of 2024	1960	iexplore.exe	15
PID 1960 wrote to memory of 2024	1960	iexplore.exe	15
PID 1960 wrote to memory of 2024	1960	iexplore.exe	15

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0001-exploits\iis53.htm
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1960 CREDAT:275457 /prefetch:2
  2⤵
  PID:2024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
38a78a84d02653d7168cdd0c2a951a88

SHA1
0c39a1b86e4878f2188d4e92cba835caf7035a50

SHA256
b5e81e7fbaa4a3d9693fe23f1ab4a57ea7bfc29e8dd0b829a6c796a3ed5db664

SHA512
5b1d5f4313188c456c7daecffecfaa7967f4c7a40d60d5fedc9506164504f261c1dea80b6fd2a224194266391f85070d4f4339cb52138ca68db0e796ca29669f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a7b61ed88deb5cd6ca9f5346092d00d2

SHA1
63f36e9fd183db104084bf28096e6cd0477f80bc

SHA256
95a14aba23d73185afc469a4176686b4db31acef1d22cb65b96839040b390cb9

SHA512
a2d6db7d057629ad853033d214ffae617d7db7589ce38ba0f6783ce7330665b18a249181cb652c1ac5c3e8b69071562dd0748cecc723fabd1adea33d60feff10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
11bf06e2e4931fe65554ddfa02187f2c

SHA1
4f3c735fb528fcd14f70b3ed6abccb0997ae1f1a

SHA256
c7a2a92e62f3727500d876a2db1fde638472cd209ec44d79ea3133ff3258d18c

SHA512
c1d4b88feb84d49e5601df90b9fe56fd318bb4188928667046ef7932a5bb19b0ce9d5b20369fa35db178bbcdc70ef7b7bf4b30544f0d4746f68d339beeb8bbe2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a66f5d377eb901dff8ad6835039f9c62

SHA1
f756eda098b23d61933c01244c5386136d930bb0

SHA256
4f668e57c96c627d9137d2dbb8347bc758bc3a000156b1a296c4051d860b4853

SHA512
30a018bdaf6dfd194fae45d0be8fbf52e80531ee58073db6e9e8646ebd2ad55b90cf40da7893883294a22a160c987b55a1f661a151f160429933a79a5b6524da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2f1e04d8e0ac8556311df646315f49d9

SHA1
6f1c0e902d8ee56083bd1dca0bc9b549ff5eb165

SHA256
d849b0a2475600a8bfd6f001cf75428f96d71668fcba5207bd22fd7ba0d72e57

SHA512
9bc52ede272cc940bb80bf040e9d71bc54b91125688c0ddcdf0d58f65d65cc8d7ee930fdfea82fad0d06a68813ca33cd398444bae8efa430b8651bfb5aa1f9a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6abafed59ef8eed6ed8e97128e87ce37

SHA1
6a6fdf45d7204b155b4670dfa80cf58944f3b290

SHA256
4c765c3644004c91321a442100015916e1273d620b0d94a7488184addd9aa7df

SHA512
617297c93a1bc3400eb2407bbbaad170bda95503c40c0a82456f852673a9726d7e384e2f38ce4723ccfdf3ea9c30c4fb913d9d6bc5fbe4a578dcb3180ef2ee1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f07aa6874fed6f5b8caef52e2ea24048

SHA1
a6ce2db2f11ce4361a77e98a04c3a212803d8dd9

SHA256
e949e7f02c38d309525ed3ae5a5bd6ef70310c1d323779e04ea48ae7ec34e511

SHA512
c0b9a16227228fc6e4077d7c83119c4bcfea2c7e95861fc66976688e7e68cd3be37ee723c7c6b909101ba2d511b97826eb9f5cc179ec1e41046f44a15c00c70a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d2f0973b11ca6bf1bdf7fcf861382356

SHA1
1e1e0605a845db5a80362e3289001ceee61f54a7

SHA256
f13dfae1be4a807e0cd876722794502f63c022c067916ab27ef23dd2bf4f1c75

SHA512
7b8847cb3acbc13168b6169f287eedb4ea2076e857876fae294649d8c7bcb2c0b05260b673f5ec694eae13d366dab2a622b87126a2624e50bc16f3c20ac63d87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a8b41ee25bea362f16c89feb778af5e

SHA1
0292a120e7a728e2b8da17cab6510a4e3ee1c435

SHA256
05d412f8dd1de96452bfe0be9d71ec240420ccdc04aca18985f240aef2d6d719

SHA512
70e28631afc5f796f5e54f5f48c9e20cb8ade3b45e4854d744fe52e5440edb1c95ff35f328fb0353f8f65b5762033d5a722705be38a3e0be34e982427dbc2151

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab10cd8df862b7d5f6621b75d42433fd

SHA1
20f8800ca9ddca157b18d1fad08774b427ad66a5

SHA256
877f1e902b12710ce9b3bf497422bf5bec0f7808636878b00d4bd16f46a4beda

SHA512
f88b99883e551bfb07450113779a63dde3ae7714e1b21e9197a5b33cdec82d9e0480447c51ba5ed68bc8b3a58efaf397b96e108274d2d920e214bf44448c161b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
874da81a7a385032cfb8a86bca87c6ae

SHA1
27471e06bad667093e9ba3e3b6ee5e50ec04a8e7

SHA256
dedbe226aa6481adeb31d058311d4c69ebc88c8a8df93ff1610ca5574717f5bd

SHA512
1133ef5a1dec5192e0876e8a22e8b0f534285c8902515f07bfd1f678c4d0632fc0ccebba096e395775db522f757388c6e2bdf05bb6b73d4f39ae3c22ee57805c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2F8B.tmp

Filesize
1KB

MD5
1f1a3b101012e27df35286ed1cf74aa6

SHA1
46f36d1c9715589e45558bd53b721e8f7f52a888

SHA256
7f0b1fe38c7502bea9c056e7a462ab9f507dd9124f84b1d4666fb7d37cf1b83c

SHA512
d6f6787de85049d884bf8906292b0df134287cc548f9f3fadd60d44545652d55c296ed50e72687f776f0bf6b131102b4bf9b33143998cb897f21427fbc8306a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar302B.tmp

Filesize
21KB

MD5
3145b3bbc2789358523faf9f7522a818

SHA1
0fc7219bb9a49bc8a518ffca452f638d794e9e1b

SHA256
5a90e32eedd922f6e77ede7b28e368f9eb446990adb34a3649b8469e47df2165

SHA512
8094d573d0698e451ea906c7412e8b98b206a37e1051a772b959c1415175f20d40ba8ba609e2b2b7da3bc0b2175e390fc28eb59542ca60aecbb418095810848e

Download Submit