98ea393d132329afaacd1dda3ca6e2d3a66cd6656fb61c38a8907f0716cdf3db

Analysis

max time kernel
0s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 05:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e1651d8994ea96e815ef8c6be2de3c2.html
Size

274KB
MD5

6e1651d8994ea96e815ef8c6be2de3c2
SHA1

3f49676a25c7abfd112a4eb01d33da5a1e25fb87
SHA256

98ea393d132329afaacd1dda3ca6e2d3a66cd6656fb61c38a8907f0716cdf3db
SHA512

510e3e440ca9febb04f6dbd49d247aa233cfe7ea365f86bfdf61e5afbf9e172d122e920255134f5c966834eb7ab004725727689f624f8601be0ec8ec0272ea9f
SSDEEP

3072:lBS4lx0ckdsBGi+RTRB4IdATWiJdjmhbINI1lX0Ps+oE9:lNxFasHoRB0mVUk50Pt

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 23 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D83C1981-A0A7-11EE-89BD-76B33C18F4CF} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2548	iexplore.exe
2548	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 2404	2548	iexplore.exe	16
PID 2548 wrote to memory of 2404	2548	iexplore.exe	16
PID 2548 wrote to memory of 2404	2548	iexplore.exe	16
PID 2548 wrote to memory of 2404	2548	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\6e1651d8994ea96e815ef8c6be2de3c2.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2548 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:2404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0d122218c3879aa541e97427ed72a827

SHA1
2c3e7a36729057d5de16fd03be7e56b3f81178cf

SHA256
4c7e55fb5b30f18ace4c51c1b38b3cb1eca7f21e965f716974bf0a499638b16c

SHA512
d7c10f25da804853872e751d837950b0fdba0c3293801a272d78f8af58745130af5583d79bb0335ed48b1a86a1a720cc1b9b743f257a5aa704e22fd7af1d025d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a71dcb7de36a9b00cb6a5d121667fc60

SHA1
e94496faa64a53bb637613f5c59de05e9341fead

SHA256
8872596e6c1e57d1c6bd1fde7479980a03d6451b1532b252270be0b1cd9a7276

SHA512
dc0c69603a4550fa076de71b0a266e630c4339f43f70c073ea17608677f7d1c03e64b25e52812f0b7566064f853bcdc0a700f645b0e5ba3be9da078ca194e53d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8a51506315698252baef2226d026ed6b

SHA1
0b1c2a68ecf0f3e84c728ef288b740fe2f10a3ca

SHA256
5f214563b56f1bb9458814de399f0f5302a651f9da149144b1018848fafbb19e

SHA512
e5212e4fb5a16da6513481bef3576efb20c68cec344f8d2d51a61b7d7347800908855a03195e5de4cff64b3900d3cd8a63658821fbbe2d02364f2b9d794c5ace

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86f5127c8b7138c495e428d0189978a6

SHA1
717da166219be3228b74f2aba6445dc6638b8fe0

SHA256
9d2b7368d6a2f0f970ca89bd6c2b25d67ee4615ea7d427a2cf74ac5d79ebdb73

SHA512
31ae1f4559ee2082f207dc1897a8424cdb9660094e98dc1a401e37a3ebd763364127c285bd62638457983c6aa59316ed4f9c496edd20d71e8e5fc291edfa16d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c69109e9e3605775b8ef9560dc2d4708

SHA1
4278ce3179ce6553ad56798ee17dd683c3668165

SHA256
435eb423c701a601360d71048a3293437a87d54aba5b02a83321255e40413c40

SHA512
083f22b424c1a9293dc7f24db2e27908adc40e0674ba3cd685b5b26f95ce8cd9fe1cea49f312249374b2ccfd4161c2c04bfe4e6468260ab93dc9ab0b17b24ddc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eaff4804ff36410196981045ac72cac9

SHA1
c6232d78e5f9c6f49b1faf7f739032933f431eb9

SHA256
0a3cd96ee9c81bae4beb34a45161933fbbb4146b873f2bbb62145ade7e08e883

SHA512
f6a8814f8966583d14f6605e2fd342002b2d95eed4fb7cad45236c56e98478ac2573e368f328a09f4dc1e121ce4d9f98fffc6a77c00bcb5e9c14afbbf69a5c1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bdcf7330fe70c36d09c27e0cc584b79d

SHA1
d8ddc1fc0ae657200bba70854d6da6cd567fda01

SHA256
79114a63042ef174bc45a48f59bd8e46910d8a22bdf2d35ffde05ac79299baf5

SHA512
28cf3f4131ee47b7ebfe00f4c30cc25c8d76ddc38c51aa73fbc03b1697f276dcfb8290d9c4f436c2b9cf5dc19668cdcf5c47096e3cb8df1a377e443c21fcace5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f26fdda6a1ade55fba8189a9d677cd56

SHA1
77a799dc53012c0142bd4a53a8ec9fb2bda032a8

SHA256
4cba4dac93a32ef1b2372280bbe5b4e209251512921a8362323c4df62c215926

SHA512
52bc92423a5ec4ee3427353b922ae49fcd3498f18479a80f3fa0e9440c167b459ed25ff67e0bcb697723523146be37b8c1bbbea7ca95310dc91f1ba2279740c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2a2aff438f00354e1fd78cdd3ec1c31

SHA1
2243f5e81bb197a3dc23a16d555d35cd588b3ffb

SHA256
aa8456a2fa454d3b4e250cdcc6222ecaec93ed57149710a563de1d55009cc250

SHA512
c2cd3e377b7f96dd0d17e20f2db64d1a6c52bca018eeaa3fa117dee2abaa90376f4be0cfe4e0ce0f71c50fb9ae137cbd395e97854e2c164360083814611690b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a5d0425a89049f1a5c165377673954e

SHA1
d9ffc966cf88adae94c748f1b4513bec279517d2

SHA256
42c695b3abc65aaca5eb9d96ec2ea5c9501800cbc57d583250a6b154b2ac8256

SHA512
6ddeddeb18f08370c4d317adaa1d8850885668ad7da5804759b10bc713b9790db4545d8f1354399a2b15f354bf20d67369e08426d87df0112b0d6b860d840d5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b54d8d91ac86971f433ece2f61af8ff

SHA1
04068112a0c18684b18745cafb10b1b119e4dc2f

SHA256
88aa0b0b8cad0950bf9adc43505859531dc01e96aee5dc6033cf5f231ba9bb0e

SHA512
72fea2d000381bbd702fcbc8e3177115b44e3385807dd3ed4586797ae60d842bb915a37389d50c9a35d77ad4644b2817cd9a418fd6b124d056e9e250f53da0e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b0a8fe5441876d62d6ebb4204e10b2c

SHA1
1196d3cd164a238b0c220e5ca24f6a86e06e0c37

SHA256
6f7464fb11f712e30b70007793f8d0e97a39b7083ed0aabdebe2b97136f549bb

SHA512
37200349fcb7319da5772eec7db6d5141e0dd25068630699b1b9f46fedf52c968062722fd591cd26f6098b9f4dd196ef4f9f7e3effa6121a77152e5f7fdefa5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0f65085e632c420e7294689bbe73e425

SHA1
792b87636294222f50313245684d332fd3573a67

SHA256
061a456fe8c514a54cd78026e34b90d5d028be44a2be870802df9ef598302623

SHA512
728187082d56056df36ca54e8a0b69da69d94fff8023ca312d280c55916b518cc14d4acac0c04c5d17e487f4be0a7b7c83313b2476083435af81d92f2136681c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5a3ab999a5790e90cc997d596126a8a

SHA1
0ff415316a3e276e0f8d924a40ea7b8e2b1ffd80

SHA256
bc938d2217f9428e27f9d8f597d665f8f3721b38cd43c9ad801c2b4c75098b22

SHA512
94cee47aa400f1d406616ed761686c5f259414319d978cc66296e19b369d90c2ea495d717cddf61d6157419221480649aed65e8906bd5c9aa95e329e65ee0fad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d62501552fdb9591afb8907f9a1295a

SHA1
258ce66f06dc7625c7998221bbb21993a4c5cf45

SHA256
771f228b866dbb07c336afe8f082efdd75a16a97fc51c2bc6ed6050c98adb3e7

SHA512
4a13a7f263d61276b3030cc433a923c6dc4d8a798f0a096a0c7be70f17668e474c8f5d3770399843039141b07b95b99b587d10ac5371b08d60c63cfee1fb4edb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
afc19e0beaf86367109d65bbbca39ba3

SHA1
2ad2cb7ae463fa50c525dc37f2009680e1e5e023

SHA256
9e7d752eaee97edfaa055f26e9d21883532305826f2092f2f8ba2fafcaad65c9

SHA512
4da0f26234ac9b42e93a066a5e600132773a6af8c582473de46c5389b685bf7db18ab07668a89a795064d2f6a100508434792154a5fc4793dbc64931e1f9e340

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ddaadb99b9471b78df46d169f6741c28

SHA1
6115d7daa695d797838f0f68570ffd3709b0f276

SHA256
d7567689419b5bbc8f5a70ddcab380d4dd539a096bd1bff4686df9843f5bc179

SHA512
6d407fa46c85e199b763024f7020735617a181e561e4930836a3cd4a8325de7ffdd2715b40b9ca5b329040a81699f46b2ba4b5b4cc9d21f9bb65e13f1e69a467

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dfa0896dfb68b64cb174efe85fbc17f9

SHA1
7a0230c79d5fce3ad06e3ec6e1c0312e3d663e31

SHA256
42b7f2217ab97934cf7e628258174d99c73bfcba0ee0c5651054e601b515b0ec

SHA512
dc5ba3e164b03f579ec4910d2d0120bb8ddaa13fe2496a933f187bab3f4bac71f2bc439c6116a2102873af867fd1b056a6e4b3fb70be8c5e9734c4128ce4e892

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be5b90cb65b91c2bad6ad3218860fc62

SHA1
9401d42ed994b81e96d74c90e1ece12c7d247743

SHA256
62bb2751850170b586517b9c4c911d8278fea5ac4fd66ad3004857c67b2adac0

SHA512
da8ca9ca3299d148e8f7dafcaedccecac3da9bfee1d7dc0b0e607928655723d4ba7ee6541e8dd0867d8894cdfe0378a655d0c292c49332e2f05c3dbe633c7a50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1147c1e6d1ed8b92c36b56fa6ab0a1d3

SHA1
08b42c7efc2c9c800a9cd3fd3eaf79259ffc7765

SHA256
8446772e18747e72185068b78ad4512fe4c78b7a6f6b033f04c0d996386f4cbf

SHA512
ac72a4f0175ff67e40a98ddd8f2d3484d19015b96d9dc88abdc3a5d83bb4caf569211e75cb6d99e0216dda34b1e536057f0fbe9f520a213e6ed46c846a1086bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0833f5979ac9996d822bb1e08596be79

SHA1
06ee59b71e6f266284f3b6d56a3628b8cb3d31d8

SHA256
c92ace26de3aae92b49379fb45498146ef3b7926eec414169912b514e242c5d5

SHA512
f469496e634bf604371540ac6b4abe384f328c6dbc0e9d03a5579e0261229066a8887f8541b64d888d28ca2cacc18a3ad8304298825ef9278b6c3053d2db9888

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
681328a1d33840766e914b73d2aefc83

SHA1
48990205df56999a6dfd33ffe0a2528776e86c95

SHA256
4e74a5bf8fb506782991203bd33f9c5c8bcbbc5f963549267a27662c72b8487b

SHA512
6ca8e2623c3db510659b19951635a574322876192f8208b8306dbbb1bb93475a044e0671ddf53d4c608d82503258366d5d14b8af0178c249477abe35c2d3ea04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8555b3e477c54e224e97ec5e08f30e1d

SHA1
4038ee068b7bfcbcf7cc65416c34630ccbaa0b5d

SHA256
dd916c88964f1684ac9faae4a1b9932fe963def5950bc76bd022f29b6c6225b0

SHA512
f1899d25b187d9be947f69ab8c73f3fff480102209be2b664eb8ec7eb873ab3794a0640b4834fb3766daa545debc6cc6c16894ffdab0498057f41805dd30e5d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U1J1BPYJ\context[1].js

Filesize
27KB

MD5
63d2727de682df9e887bc230d816aec8

SHA1
212398bcf100e66f438c481f45d28c21427abb4d

SHA256
3d530549ca99bbd708c1054d0b7d26dcfb8d18d8b2b917d710e65687828d248e

SHA512
1bec96375eb244cee41c7da521f2e4355823b1363a59fd4e8329e2b9d420e26fbcb29f8d2d5b7d33821f0816d0ba982241b957213e9540a4e6399109e9672a98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3B4C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3B60.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit