21accf3eff00084444e863abbf58c102de606e038e13e0150e9b0e11e45f1489

Analysis

max time kernel
0s
max time network
147s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 05:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72fc3f000353f4831f8c908c6ced0452.html
Size

1KB
MD5

72fc3f000353f4831f8c908c6ced0452
SHA1

6455cc644de549cc63dae4489ed8e5ebbc619da2
SHA256

21accf3eff00084444e863abbf58c102de606e038e13e0150e9b0e11e45f1489
SHA512

fe6b052c4e5c2e6562f90e47b0cef94a6cb0e1208e33828b84b0703f07f79c15a4691f947005f9d299b2d8c7968db14934deff63d779e35d2eaacd46fbf9a12d

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 19 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D168BCD1-A183-11EE-A57F-CEEF1DCBEAFA} = "0"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1464	iexplore.exe
1464	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1464 wrote to memory of 2844	1464	iexplore.exe	18
PID 1464 wrote to memory of 2844	1464	iexplore.exe	18
PID 1464 wrote to memory of 2844	1464	iexplore.exe	18
PID 1464 wrote to memory of 2844	1464	iexplore.exe	18

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\72fc3f000353f4831f8c908c6ced0452.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1464
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1464 CREDAT:275457 /prefetch:2
  2⤵
  PID:2844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e988da167cc71a51ca38d4feb205245

SHA1
8b6b57abde8144699e5dc6d580aa09670140a4c5

SHA256
c4bdb1d441c1ce3dffc63863069aea4021eae28e012afca1e134b8d95ecb7ae9

SHA512
c98a536baa571c890f9cb6086e0207f1b7ff4b6cbed75c4fdca1b2620050efb5fb3f89e5a11dd8f49415b4beaa80e8cabccf75459310935778853ada80d323df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb8138749fb7461105a1e8be3ddaa791

SHA1
f49e75e4054de5c73efd126bfac77bdecb5d2a7a

SHA256
e012f45322f0b4de0a03c87eb04514fb4d3b2597c695fdb04ec1ce9151578c4c

SHA512
51ab1649ee19fbe2b35fb750e534baffb89332c57b4f25407dfa121e8479d9590fc031dbd6f11abc2880b85818a029a5341c7e41740521f9b0510f7dc71e15e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f1d180047ef1a97cfff051db5410b86c

SHA1
ec88cfaee65f6b61be736613ebeb90fe5e222578

SHA256
487f43d3785801a43cd6031170c3eda919b863a15db32b22c63ef2261fa53b96

SHA512
352869d3d60527d5bff177c8b3b5d17062aec3352e3cd6a32a0be7a38ee144e099a8ac0be0f073649662fca3108ecc4d7f3751f905b12d697b95a61b1be3d817

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3178f547124b74ca54ffdbd3b91e55d7

SHA1
cccb53248dc9e78b9259cc1ee7e5d2acaf19636c

SHA256
a4d992cdb081e5560adf492425db37ef38d9939eb5d649e59415efc2a7cad33c

SHA512
b361dca6629cf6edcff0a2cf32dd6d9a5577fa83d6608023915987b71285e3222d03a4163e228c898a4f424e967ac514fa477bf08183009ca75e614a28f5cee6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
22e8660ec653f5a1aed673b349673ebf

SHA1
1359bfb95ff36e4300ac6cfb0192efdfdd50109a

SHA256
30abf6686525f47336460e5b1af93797f6afbc819038f324bcda93b527d3d835

SHA512
b782c7f89e14b9e963724b584b011ea8740e4ccd41242af74d4538a1cb52cbc5ea602093fd1e4fd376cdc61ead8086dd6114edddb30c29e4ca8e61b147c70d35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f0f89df5ca5de01c6922bc910053b030

SHA1
930cdf82858f2911c54dfadbf6ff2b7f05419c00

SHA256
aff1e8dfb3940ca0fe4416196eee60d4cba96cfbeb1b35d734e704ee241ef335

SHA512
8f3c8a0609998fc65b2f551f043663a025e9332789316c31f15e24c762861897763c412c8a3041c557cc13a528feb2429bfac8970b073e5f42f6a8a494a5a607

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ab423acb90002247a2159768e5c8295

SHA1
caa40bf939da043418f5919c88b77427bffd4e5f

SHA256
dd34863862eb2cf794d93781fa903855a09c2a5498f96059311b7624e8f078c7

SHA512
05cbeb40763962f7ed79b3525c732455f93d500ede30568fd03d2298e69bf92b1d49013e8c8f68e9bce2a21a2f4e3743e926052d3f9c3f75fa671e445cee52ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fbba2ddd39b85e8732a686e1c7b752fa

SHA1
bdd3767c960470ff6b21b2e4033b544c50e3c2ac

SHA256
adae4fb549e5d550619191f2a64dc04806898aaacc9dbc67d313dcd5d5338de2

SHA512
794d15fd42a9addb1de37d92dee49f63c57ad0480831525113877c42c11c2c0bbabd951c2b3cb5d3f474c86c41509f9bc5f012ad789b74b7c45d82e95fa3ff4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17de1644c0d3a00ed1466841d9011fde

SHA1
0853d315b79c38666f3a1354f194ab96cc7f33a3

SHA256
26aa1e859db7f431710b76e19793c6846e6ee13fdab8e735fbb880f80e7813d2

SHA512
dd1c64385f8b316055260dbcce6bf61f2c7739c9579be2a4eae3d774c0f0d0b0c204d8aad0624024e4ec224e079e57129e701d082f80c01bc8862e2b68e0f29f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fdd113ea5eaf845a8d81fd5177dff89b

SHA1
c894159e8e43a0d06a9ea4694de5202c835aa025

SHA256
a5702684eb30cbdbed0d0d895415e1bd92b1b3dbf73ccce06820a751f7f31860

SHA512
b952c58a26304c3e8d64788196ab5dcf96f959d76c42e2dca2fedaaad7f90b5213d4ad92ae3b13c4a0c90cd746b93fd194d3a8453c46f517ce369bbd36f475f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
452745f31b3e2eaf8959c0bfde2c50e3

SHA1
bbfe3d6e2866d32a597d8690a063ab94a933d5f7

SHA256
8ff42b603fe50b8733d781e3c93a35546ac64c5be90b689db10238a37d357a63

SHA512
112cbc82477fb5ab825eb70e20f235df08399524c3e494b43805525b47b40362e8de64c050c0df0025d172132d36cafe3d3c3bec2ef84b8c2847787db33f82b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
423c35f31417294aa6a00c2d150f62e8

SHA1
781fae681574df335a1b1a676b955cfb3368576b

SHA256
b8f536463dba9ed238826c1af7bf17b5e3bd0286383248da4f96eb7758ea76e4

SHA512
1f8f87854b0bf474322bd66c5b41b86ec9a262f29c1b66e05748c2bac2ad3cce02ddfb5a345898e569fd985663c361b1568064331d263aec02d0d83c0de072d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f07afff6f125e48596dbf173ee956b07

SHA1
a75a26f4022a156e2fda84662d9a321ad4b89813

SHA256
8d6123f7a275efad5c8d4aacf3969a02c3a272547565bd29d9c4379e3685b507

SHA512
7f44c9a3d6e7fdb4fe8d6dcaf73fdc89dabacf2f15dcd4e8169de4cbf6c26f734793351b8b356bd6f4e4c5aae421ecd398365cd97c0a6b2cfaf58987dc4467d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
68f007b99471294e914364472f4ff909

SHA1
162a4b1812bbdeced36760a313d87bea8ccae76f

SHA256
3366d377261e474ffdd668a1ac413f5808a6195d312326ad7cdc6e19664f60f9

SHA512
99593148c05e741053b37865d1eb30e0a590e7a60659bf5d0dda94a3a6a68f54f783b8c80d57b398bd01d848fdef1e1fb10599f4021a9bd6a1248b27e05f217e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
10ce0f064bfab8bed06f24609cb1b14e

SHA1
287306b6d70ae808280f8e8525934d83a1efecff

SHA256
b5e38474a755408ec3f853f269f4b6f20017a6838fde6377526d881bd096734d

SHA512
d03450ac65fe4648d38bb46222b74421637452a8d8d7fd6b1b0f33ad2a264f70e58996edc3fd67837333a46f2c319062e8f2028dad294e593dab795c7582a26b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ded211fa14b82c35ecfce64b422a4a93

SHA1
adccafa010fc1dd3389f7dc8ed0682473c9aa6b8

SHA256
967fca12730e8cca162bbb30826b4640d305efdec5dad97068a6a6f84cfb49bd

SHA512
9bd38aa7e7c4c29c1631f4209df6c97828cfb9d88f5acbb9178271d46e8a02ee7137d73d649eb1583750b9f254c4489e27a519471845a5c7ba0a22ec1f517b18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c8794349f48d82bf2ee019a3d0ffeb58

SHA1
f639aae785dac27ea70cf2931c2f12a74193d7e9

SHA256
c0aa18964c659fd2494dc2eb09264fd1f39fc431408880f2bec15d252cee9456

SHA512
df382ca781bc832ed842328c619746ab0ed2d74c984cdaec5c4cd9eb2a3861ba306d6f4d822ae618a4a9d49f6f1a06978120de5dab4a61715d06cd634f54d81a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
301bec02ba969838f038fdebc4334fff

SHA1
bc45a59ea2f0927c27764af2093df9300806751d

SHA256
81bcb8729b3e9193e785742d8d85fa66b29f103a68ca75b8ac852d22f28febc3

SHA512
7465c38728935e4a2aef7c48105212a33820a41ad7e0574b322c7e5af740ae027d5efb638d3d0424bac4b6f3e09721b84e4ab491aac75a088627c40006d9e177

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
23d451e8ef98dcd187a99a8f334cb139

SHA1
7547e10162d40578bb78a0d9e339143073ae3136

SHA256
d6ef94d81fcd644da06743adbb8c60b93ef6fce813191cefd986a72f8f76695c

SHA512
2b485e91d1d5074656be7663ea50477d59fd46b80dd1c80ae6ad9c8e1fe4c4db9d96fed1136a14a01ab9f44b3c50db558ecf8c7bef79f1afa093f1f9c11b8af9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f7f96ebbb1cb7eb80a45d9d73abd69e6

SHA1
4e36df42aa71d745b9210f4eaee69cd44bb84812

SHA256
7bf2d1fe64d11bab920fe2d55b490861967a421f571749c5db57029e953895fd

SHA512
2407677d6afb25a71adb350f10048b709d0a8a23e7d74427126e960ac7e18574f1831dc1543ca3b57fb22d1b8effd7a79dcf9d85e323e7268550a2449339dcbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3cbfbeaf98a93c3a786ed6bf754dba1a

SHA1
e7b67bdb0b8e594ca6657e75f60744a4e8578ac7

SHA256
73952ed26882eacea6525a407e58f6e2e6024b8db0725a8a563f3d175a6c2e6f

SHA512
52281b458ab3aaffc3ebc06d0d050c6a6640b754da3609cc48eb548eb080d3ef9cd7c557015910fdee36fde4418c1dd4a9b3dc135da13c3c20efd2552f42c1ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6848.tmp

Filesize
45KB

MD5
dc38d629e51926a750b443772d7c8c65

SHA1
2868765523e76b2e6706f18ecb665f4631a00d00

SHA256
21a98ea45d4ca76fc03cd769b01345da379395b41295e1506644149d0a378883

SHA512
beb8198332e8771a0475a925a4b31a8a80df9a04dc889442d1a4e024b1b66709acc3e347d50af1868d5d0c351d489cd454fc2523f752ea9dec56b9a9d6048ef4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar685A.tmp

Filesize
68KB

MD5
c2a4528b2ac2d97e3ddbb44ce4e83bcc

SHA1
82eef0d2a36ebacc4cf4fcbc8a6b8277ad302f29

SHA256
e30de99ec5ae2543665be14c5eeccc7d904bf49d280a593803d5be5737576ad8

SHA512
79fd26ca4bd8ace9c13de1055ad443958b72a4f5bad99660ed0c4e805214e0c3580bf5a95da078b1781f4807d6f54104be1d6f16ce5f261ad445a3b73130893e

Download Submit