fc465dcc311a39a23883d927c97e5f09d90b61a7df9aca3d7f4b181f739b9b48

Analysis

max time kernel
0s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 04:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

62f59ad3e8cb406c54d6361bb3a3f8ae.html
Size

601B
MD5

62f59ad3e8cb406c54d6361bb3a3f8ae
SHA1

bad3ba3d1ffda0c6a688d7bd4579c2eb971fe57e
SHA256

fc465dcc311a39a23883d927c97e5f09d90b61a7df9aca3d7f4b181f739b9b48
SHA512

4a8724c67948ab7e02eaea175c09aa9b2e124a2acb67e9340dc907f975400973a1a67b83498f04ec29b2c32c9a5829e67b28e7b8658a2b0a0615f3cb58d53395

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CBE083B1-A16A-11EE-A2F4-C2500A176F17} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2172	iexplore.exe
2172	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2164	2172	iexplore.exe	15
PID 2172 wrote to memory of 2164	2172	iexplore.exe	15
PID 2172 wrote to memory of 2164	2172	iexplore.exe	15
PID 2172 wrote to memory of 2164	2172	iexplore.exe	15

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\62f59ad3e8cb406c54d6361bb3a3f8ae.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:2
  2⤵
  PID:2164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fa522fe0d30152ba4019572036b8ef78

SHA1
aa05a7c0bef3f1495be97dcaa9f8340d095cd04b

SHA256
dd495201871a55e0197d85b3a70b09c362b572e24e01961e85965536ce35e5f0

SHA512
6edfdd7e1064f026aad8469efefc491b15fff4b0ce28bb3958910784460fee57a74c2eb6c9578123d2025f2a2cb5bc7854dc25d311703f961574c1f284cf4ff2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b21ad4b041dc9b3f5f680eb9642284e0

SHA1
d0adf0ff4fc3dfb924674856d89775781aa2a995

SHA256
13eeac5a72d6251e7b8d9d787658e99bdad568f5a65323db93a24c1bc2844bcf

SHA512
0e6ae5969b627f586394afe5ac3a5d5079040cbbae1600f4be1e573e7936aeaefbc1cc9e7650a8908551ce0e2f88d0ec73aa6ccfc6ca1e9ecf72a527b7ad2e76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e9aa40dfbae062826b990b3e670ef051

SHA1
2710ef874c4cad06ce49210213d1c72076ee5c4e

SHA256
3fd70abf41948ac096782a6eedf2fd94d02a4bdf02d9457c3dd998f691aa915f

SHA512
174d299efd977891f3211d4303b8dbe964c7a59419767bf77dfc90833fe2977456afd6604c8dc0c7ce71c7245e2916da61ee8b58801c0c69582d898abca03895

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae1f4d30c6d8e89184331d4b759c5380

SHA1
2d4091f1df934b0a688fd58817c29446cbaee725

SHA256
7388535b43535310ccdeb363c6e43dafaeddc358f662ddecc69050f64617b584

SHA512
b285241086d58acce62348f4be1be1eb1983558000a0427ad0512739fd21a5098b55462e54e1564399ff4321feac894bfc52245815b0b969437722ed57e8bf0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
836485e293707d0c49019473d8c64576

SHA1
e48304531b9900b1079cebbb1305c56de31da257

SHA256
16114cef18787694a6feaba688f34223032cd10f98d4b0b54330266b7f114795

SHA512
12dd4f5dacc57c60badce141fcce62b881a0b6505f0f8cfbb3e74585dac69817d5138c960016e43a3ffaa9da7875dfeceaf2af8628933d89aaa2683255ef6714

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4990147f1e4a0b503caee1fe0ec9ef8f

SHA1
0863e96db4d052e3f037694aac1bb7624c219d4a

SHA256
e63da1bf77709f2d46c4fa792b2d7811a50c82f68c99efdf02a7d07f821b565d

SHA512
2c2df0c7ee94cc96f9d0e6c93c66b29279a526941aa0851f0430b40a09bdf8d8330d920c9c191e71591323aac9f1b3106661736c12651b2a4be7f0edc4625dd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
07e48f4bb81029753ab18486ba728711

SHA1
a1ff20be338f80856172f5a5cbaa6dc20e27faf4

SHA256
f7f944d34a7bfc16739b86eae27e96ad3aa301dfacc7b10a0274bbecd62626ad

SHA512
f8280b43fc9faa77e915cbf2cca8e65e974a68b80baf5d33356b4639fc995821203dae5a590674a46e04b40a9251aa29c978f807b99de6a42dccd41206bc5965

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5dd4b6df5804b5cf4d0fa5571cb49db9

SHA1
f41c55ef9852122b7fba5d629ab00797909e2122

SHA256
0ef9a44ef276ed8a7c99032ef25853af71965be1fc8ce4b9081b7e19b194e2d1

SHA512
21647b75abae8977a96f35d7e618189955539210c968800e0d6b412ce55dcb0857e7fdeae2dbd0ee39376b8e5ce53abe980942b5d6c0dd0d8a36ee8bbf630e64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
483cb58ad5520fbd5e6b45adbad2b126

SHA1
fccb6ec13eeb55c1da887b4a1d8211ffd83cd76b

SHA256
5063b56447ab6cf33221b355da79e493af009f85d863df77efacb0d7b02839da

SHA512
da6f57e0ab116e64adac613c16d10dd1b2c1cf8b45a14ac446222047b63bbad1cdbb1ee7edecb9d969ccfd13e51756695258a908ecde02e0b7f864ac70be7cc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8b141c475eebea57c3d3251520da4cb5

SHA1
ecf52c9fd6db1786fad7612981e2b4abda778601

SHA256
b61037591febf012bc406a2f77ca0c932e46b5b34a26fff81948a7ed15429347

SHA512
2c1dc0f032903ed2307ebbc0e5765cefbdce903178b66fbdb134b624ee374837898fcd9d420e9f4c27a75d44e8e970a958c3294a642f700c9104feae5c73b97d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a6385045264f6457e2a26e1d2d12af6

SHA1
51ac7caa252a434611a1c1adf77bd2db0b4ff2a8

SHA256
9ec7f8b8d0153114e3409d803f746af242330b38e7d7a85286eda8be171c749a

SHA512
f6d666e31e63fe422416516012ea5ba37e745f5fb66c2cf1634b2e1e3be004efc09c9e36e763e1f4cca328979ff407e0b9e399cc61ab270a4084dd88e63adcd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
50d8e811e88968bbcaa8355d1508e4b8

SHA1
ce9f06196b081cda3170ab19c0738a734d822371

SHA256
870575fb9023e53a88408f879d0549d9e9df46ff2cbd627256ea34a85459a281

SHA512
9ade1515a1a332ccf7d3906e05fc7d0f27d064de407e998d8a76445177b414210add4876487c039d006e5c2b9af85c2d35d52d5c3ad08e1193ecf87f049ff8c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
806d24d7ef63f86ce8b8ab1535b39683

SHA1
2110ffb17c710290c169c54981ea6f74f6f40ff7

SHA256
66a77bb1c60665fcd12de0b610ce5f2cf3640572112d5b427688ae0eefb0389c

SHA512
101ed6fa0b829d13948e5dae78689e87617ec927bb3d8c23cdb997b2131ab872061508399e9a4346eda3464ce8faec0cfac3cc454475159a7a1f6c4df25bd1a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7d568cf5311ebcf6e207ba99d8defa9

SHA1
d8158a1ab5572005b54302533629c6754dc8f79c

SHA256
621815ec9278b4c038a641f9ebcae6c0dfa6e380c410ce82f8a4dc66e0dfea43

SHA512
8e322236ca90760c4c57a10b65a0e46833bd73c1be665404dcfdc415003c9e130e793895c7cd9db82f060e4e0f163ce014edc4136818794232a200f6e78ab999

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a1948058168e4472ccb47050e80397d

SHA1
2969f5ef532648687b59ff6f35eb09665a2f2969

SHA256
81aa1cd0914afa041cf559a089f96348d91b62b3c2efefea31cbebd6e67fb160

SHA512
0e725c97d13386befd1a2642e0321518e8adfeb778179a053cc20572d45ac7f55e0635ea9e7758365a8f6acc57007f651598741e5aaeff9f10dbb8e47c146093

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a32bfca85dbfcd3ee16960b105b37179

SHA1
a824439027983b0a072120e872707552de7517e2

SHA256
80a82984642386162b6344b1ff97cea518b1f937a04009b47a0a3c7ca25460b1

SHA512
010503ffc4ca906dcf934a5b6cd7324f91dc6c7ff78473cd692c211de2b3688c59e9fb03e127dcfc82a536ca8a172afdb87fcabcd9579548d1123866bfc782e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f8269c82ab60e485ae7be2b1295ff94

SHA1
5c4a416f31162221f9eaf7111428a2101179f5d2

SHA256
c1592cd6303c71daeabfc076b975908d9c2d685ec9778f61f6450701f29b4990

SHA512
bd2f1a8f139a47fd82fc236b1ae6a3e0fce816a93ec95c6c8ab09f3d6e4e5588917249b85a9ec5ae81304aef6e93efad21b1871f6378801aeeac5a4de4194848

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3E67.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3F37.tmp

Filesize
59KB

MD5
afa30f07eae6ae631cd968f193cc20c1

SHA1
1b4ac929f4e60f9e844dd4a54db03759fe9ac1ff

SHA256
218a80320a994e6b1302ee46d8bf00ce518ed1a34538f3b4f5f9f9fa83321ab0

SHA512
af5822a1a678c37d53fd03b53472719576b7cb80be1e5be71610925c63380245769c2da564f65a7757fa2c87afe0758ed70fb8faa9a6c6f138f48d2c9771b920

Download Submit