54e69e512c9ce6c260487afc02dfb731af6c7b0889ef06ec30694d6126017e2b

Analysis

max time kernel
0s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 06:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

75a03ca8b12b61d3b86d6dc5b563961e.html
Size

1KB
MD5

75a03ca8b12b61d3b86d6dc5b563961e
SHA1

a83ce4cfbcd62b25b40b58efed35b92a4283a896
SHA256

54e69e512c9ce6c260487afc02dfb731af6c7b0889ef06ec30694d6126017e2b
SHA512

78614b2abbcc50e5130bc1a4fe4c0005d8e828fe185cc2101b3670e917ae80c02069136065c0bb8090e0615f09c4b4705412b2b3709e5cb97320f0a4357e90f8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B21CE301-A0AD-11EE-BE0E-D6882E0F4692} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2232	iexplore.exe
2232	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2796	2232	iexplore.exe	14
PID 2232 wrote to memory of 2796	2232	iexplore.exe	14
PID 2232 wrote to memory of 2796	2232	iexplore.exe	14
PID 2232 wrote to memory of 2796	2232	iexplore.exe	14

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2
1⤵
PID:2796

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\75a03ca8b12b61d3b86d6dc5b563961e.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6f1881dd893c7d11b8da57d532b4a32d

SHA1
0d004ceaff4036eaee608e9da44740eb9da13f4f

SHA256
5f3bd8d8a196ecf51127972b000c90736f60c3a7f211909f8f5f4f301e602ee7

SHA512
97757505a0ae4e68c0238c3e1439339c79072b39599d05603c0685b90928b637308dcc88b3269f6024e4a994f1d38b6ed03bb5bfa98e6181b9d0ef0655f42bc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
27fb02cfa86831a6459935dadf3ea0f2

SHA1
a0918b5a7810f0896ecde6c2bddf76fcfa175d56

SHA256
fb406e9f4e4646a14111793c513f7fe378855ac98ee687c9499f915b27334d90

SHA512
67d2e74f099964b9f4e03a92f55516f1b1309de3e22e70f24cac3d57452d7ef5c668fbc2947e0dd1961d07d8d17da3e77ee2e74dc52044ac18c1c9a848b15338

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a4c446891451be39c1cfeac889fca34

SHA1
6055fd8030d80489c71dad8e51d3f17856864afa

SHA256
996e95691a90244f0a49701b66d13a88f7fef7ae313181608ad118e8a4cf4e6a

SHA512
25e581c73cecee43a31f4caeac203f1c4fd40f761e6c815ad496d9d826892e9c1bcdb5bcb970f5406bd50dd2d19c2b63d2a39cc34ff472dbeacdd8eb30165b58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
88521bfc3bec02b850569c66f6646b23

SHA1
1a0927a53b84b8542ffd50e944494065fdf684c6

SHA256
41636271668371311e7355e88689ef3c877941a5104203312cf2acc344696ab9

SHA512
926e7152792d2bd8bf038a884ace7404e1f9cee8d905bb1b532a7df9cc1c2ed1c128c55627bd92f2122d6e21356342416bf243045cbeef093fae098f99429469

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e9c5a8fff76e1a393dac1025ce4473ed

SHA1
12a970a8c366587257d677c8d1238b115ab631d1

SHA256
e227d07bac06e4138893463bf61bb1ed3764a11db3707ddb899d743e45e91915

SHA512
2565c17e278dd6c79a241e1b1d4545cb82fd95b13eabe813a953dab0a21c6b3f472e935906f9666953407d38ab7e3dda225d446f943a11f285484f6ac6fb03ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
558119b3b87a79b06555efc337f82274

SHA1
44c9f13da0b8f5993601ad677cc7eac8fa5ee793

SHA256
ee62c693acbd1ab59f90c508ff13d53a8d0450ea560e25dffa920ccc05f6fc73

SHA512
68f8d2d4f12f9f7d43270a492d5ff3c170a8a44ac3fbb92e4b36c3f17bab966df7c48f4ccf4f4f516900c4b0ba3f79a2e1308ae9891692f15a73d3f729780b28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9674055d6e7ebe56d66de4c0ce3927e3

SHA1
c788a6b7a643871025e2b77be35d04e1e72a538e

SHA256
a9e7226057a53e34aa9d151b149e91f34ca873be651c4262037a395e627d7697

SHA512
6b202d450a7fd12afced0817a4ca0cda61567fe4a2be9014e172a573aab69129bd72621715dc818c2e9eefb845bcbfe62447bdee2a5bd3ff3bd4060d51a78ee9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
57bc29f42438bd5dafbdab448be62a70

SHA1
a64f1a5ddc75486e6f1883b4e4d13b79e9c9da9a

SHA256
6c20f34a55d4c6f8f0c444179f1e5832237e196760511a4e78f83b1b296c1614

SHA512
442f6ab013067ab456479cbd97f72d702801d410a0082c13334e969aa7dd62159840eaf51e1c4c62a0d53e9308f8529e2d74cf2fc0754b6392cccb2c5f7e5750

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
37cbd6bc39b13b68752d8e9e05b37516

SHA1
f5bae97abc5c18bc5fafe3de1d03f5cdb77d0e07

SHA256
92ea4d95e21c5410744437ea9e5b0bdf78b316966f295db944ab81533d6a25d6

SHA512
c9c46f3bb435f50165572053b6125d2b304688bce5313e3db818779a393c85787bf0d1aeb095bdca01d6b45ca1c59a5bbbd3152e0982218c1a553b239023f2ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c9e74cf7babd20db40ad8330b94a92cd

SHA1
585a2026c734025166c3dc9ac92ce7a16b72782a

SHA256
35dc2217d77797713e52a8d3a8cfbe58cd3c77ebb00d934c27834b655131547b

SHA512
73817266eb9febea649fdbd306398780cf71a2882f2c96d38370e20339c26cf013db801dbef1ef951b148440c9928b51bf9079086765c380d471f44677ae6fe0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c614ba3e65f0cc5021c20e44fce9c485

SHA1
57d68ffc5d40c9301684f56f6f70d5c344da68ff

SHA256
171ef8c43e6705f6c9b53375430298c760e2e67249e1ef31d0e8f56d68aa2cde

SHA512
31b10f0a3c88d78d9d31334e94c5c34e53564b044a4f334da50d0613cfc589f3ce5c430aef789b60c7bb33762f6711979a5ed2830d28a5e64959a8d3786bb1a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8916f06b4f4facc8ff3cd55111bc1316

SHA1
8a0a8d02d0bfd79d6eef491ddf4c49afa6fcadb7

SHA256
031e1fefbc468896e56c8a3dc92a343e1261eeea68a17455efcf00ffa6b1f412

SHA512
fb4c44f7790c3aaaf10e606a27e5966899d248031ce141d0c57d08b63542c3956fb07a7eba16720b11c55bb6ae44e61197f7e272da9ecc560d35e2ef396258d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7075c35d999dd4374cdc68e24f842f59

SHA1
6519e7b4f78af799b964f1c9cc041c6b83d0a37f

SHA256
01e0dfa75bb6182836884fdbb69d9dfc3082036c42753bc54e443338504acfef

SHA512
a1fdcfa4b69c0da87b6971b5a5eae1fba2d8f7f316edd3fc6c6cc14d9d7a52f02e30eab73a7208f8dbe830bd74857be3172f99f9494e60148b89589411c2badf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
74742ad0943e8668339e127180d05efb

SHA1
9f42de1a419726f36b70018367442ff8d620b1b4

SHA256
21fed14b607c5b0efafda21d20d74903bd10d0514d59436292ecb10f92f5a647

SHA512
297fd908dd3eb9ba33c76560681bdcef84aa7dc7a23fe310d83a73cd272a8bc5c8252af8922827235b074894103bda04d8382e1bccabf7b53c9e009f896326f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8796c081ce261452333ecb80937e246f

SHA1
3246d01fc9be6faedfc58621521f3a4b7f518f58

SHA256
f89d86d89d60ec924f8cf9573aa30d06d342fd5fa1dd034d90d6ce6044d987b1

SHA512
315d8cb34d3c28e40b0ae81560429703809dc104777db00812c754d27861006c2e51ff852eba8287e66d3905278f89f040f51c8faf030ae37d30278dbb7abe7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
387f1c7a64fc01b63454dd68a984d234

SHA1
8381b2f25823df740b0bfc50ae5a2bc120a03cd9

SHA256
e8827a6db58f80d9fd56b3f32c8b4ecebcc9dcea0ff0506bc218af827d9d155d

SHA512
4f39b1c35144542115f46cd8ea04f0e856462438de6329903d6902ab27319e8d395cb575fbde0da47ac9d0d4423cecd08803c17ed93a28b7743271835c493f34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a6763de4ba20c8f34008b5fbac16f955

SHA1
e7d6ac5834983550d2143cbdc91356147103d29b

SHA256
7682170c490d8eda6547191e347d3558624254ccf43346df0f5de1aff3d3bac0

SHA512
4983cb09ea6b8b4c5904a49701e75b4bf0e5dbc3a341463ce890e892b6c11ca217a37902842e7b0e5e7bd2366ca3fdacf9fbb708caa362c786fe7bbd489009c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
161ceeb17c8dfcfb581f7797ce7f07a3

SHA1
aa11fb6efd49fb4bdf6059b5b5af04f136840eb6

SHA256
b4090fee78a24647c3eaf0a51d0f275148c8198613fe1c04a83a36bc0b226838

SHA512
4ec59e6c32b650bfdb324b709048698451b47fc2c79bd4eee5b7bb58f7fb4fb815d322e272cca81398d0447597aa61be0c9fd681edad25470f06468e36956efa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
18888478de20fdaec54793a104a2b097

SHA1
7ad31611323a7545febcf9bc9f9a8322d88ff50c

SHA256
7f85dd856fd3839cef4c149e612592256bfb736b15f6bf1e80de7d9efbe8509e

SHA512
12648cf0014b2bdba348228cb90a58976c793191ee00fa25724bc90426dc77636488e6e0feac02e64b2cbd81a6728f3f7cde86a3fca79667ca2330d441d77c14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99c708f68566ed9bfac51dfa82aef98b

SHA1
63052914d0ca495a5eab1ab51a93faf57a1ab035

SHA256
0883122a3cc901594cb2fa0262efdd538b732feda41bc1f54db446779eac1ac2

SHA512
31d29169380ba9746d171aeafecde4fd6556e5386dfead25cabbc2d96c8302f55b46aa8fc0d86a3f3e2191775d85433f1409d90b2b0e111db48e186acf0b5bd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9c0b7f16abf5e32c56d2ce01c9a4a7b

SHA1
4339b2bb83412ae3b3519f5e145490f13f7c27b2

SHA256
f30d469b330000de3e003b7e58b916a2bb8dec0021f6cfedb6422ba5769531c6

SHA512
b90efd6cc295f81117142ab87092698e31fe3fe2c31254cb9827c3f77996ef6fabdb511f1b16823599440b5c0009f391e13dc439d6a62037a11d47f33c7b1b06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar16D0.tmp

Filesize
9KB

MD5
08987a33a78fcc5b1f683c5d71e485e4

SHA1
06b02ab97dcb082a6666f6a6056918f24cfcf47a

SHA256
ac85128d7caf1e661d4b2f1cd16626cd62f622997cf6d087181df92ade0e572f

SHA512
af58b908b6324de7ae3dbb0abe04b3416c564b0ad4ba16cd0fdd703753bf49a206051da415fd3949531d8174e9b4ac37959bdb4f6b3d62d0f6417baeee6efae9

Download Submit