6efc35ba39b71b25f7ccd9c892cc18142ca2c09401737ef336d2fe5663444640

Analysis

max time kernel
141s
max time network
138s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 10:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

855cd6454b5183e631446415a0d0fdc6.html
Size

14KB
MD5

855cd6454b5183e631446415a0d0fdc6
SHA1

c594e7d7f075964337835d0b79c948cce3685e8a
SHA256

6efc35ba39b71b25f7ccd9c892cc18142ca2c09401737ef336d2fe5663444640
SHA512

3cc6dd374b22df63ab4b39288667589c2cb24d1df9d6cb82ea5523c615eac418e2b406c684b8977c005db01edd3fa1ac0c8a8d4658938ba007a28f1773ba93dd
SSDEEP

192:+yEioELD/ZmXg8oWllefMJkZQ3wf1v/mlKt6DvE:aioWD/ZmXg8SZQWmlXrE

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000e0fb504015e567fdf24991662bd05278979fa007490955a500f5b1f06d414557000000000e8000000002000020000000aef4ce33ae995329203fcf0ecfe84089629f8f4ea15fc844c177d9ae0cc8532b20000000d49856a7c505a26af571d598833dbed2c074c456cbabb608b4a9a944b241540140000000be69a02228d2bf643e06845c1cb6256c4c61a342b87abfcd9aa2475bad3620f4d002fe41d2d8cad9ffe7964bf258b687aa269e78080500349dc9b6561d268b5f	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000c32d61342491d127443b0ec767169b5da49a2d12150487a6587793982220d96b000000000e80000000020000200000003ffcf7b02f47a21636c36b559599ae1dc5920b0028492125f3238c259f8f27c190000000744d9c261ac9a6ff4df2dac26de5e64f367098553dc0ab760e1d192dcca696ccf6f2e33625c88ade8c6a01e0a0ba0698579682bb201d4a2b2c22349b65dd324e805e32de18b120b4c2ad0096591320c839a93a46630d97703f964c5ccee0f9f04f2d00657b174576c141d69bc315a562be05833f5e7637b88ee270c49a9cb59a9558f691f9da3a2898adf24353cb3f44400000009a28360255ae3332864616e1ebf842218554d59325dec8d2a05a7fe604c9a9eac4f5a7b25f46ed52f647b410e54a8a42778862bf78893ade2d8723f6a9d9e8f4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c00aa9fea835da01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{29A7A1F1-A19C-11EE-AD90-6A1079A24C90} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409502133"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1756	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1756	iexplore.exe
1756	iexplore.exe
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 2456	1756	iexplore.exe	28
PID 1756 wrote to memory of 2456	1756	iexplore.exe	28
PID 1756 wrote to memory of 2456	1756	iexplore.exe	28
PID 1756 wrote to memory of 2456	1756	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\855cd6454b5183e631446415a0d0fdc6.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1756 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ccb8169dbfb3020e83a7eef6f12ed8a6

SHA1
0452f6692898c0142572caced6b373a8103688e8

SHA256
e1e337e18140d695f13f9e75e22ef8daa68e201e7192dc7e95e23fce2856abca

SHA512
2b5ff8731c52c5a8d4e29acb0b0307d65739079041bd50cb185d7a4f47771d1a46756a597ffc56f74f8be333eab589bec301e686ce0cfd4769d36172fba0d4bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e20754c60e57914a8430767e5e782b01

SHA1
cf3b6d1511bd2d870f13a5c01ed530d17bfde47a

SHA256
ac4f00849a6c94f9777e78c02dcb6aa4f62e56a18226a057798e4ffb9e841073

SHA512
1b02ec2d0c7f1b8405d483a8bc404f095e9d188ee6b3105da35972a61d98a2d3b9026bed78d9d32ca25d0af693ffa6bff82d20037561da376d10e2b9a15c3c15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ccc5970568eef07922ab6ba7c9ca915

SHA1
6771d4bfcfb6fba995036e3e87405ca3e4f45729

SHA256
7c3370a4511cf54e4718841c30d0bbd9c7f56b99c9f93f395a7cabb31b4da793

SHA512
7f2a1217822fd1e84b70a040fe80d28267797366d09609404ea028cac3ded886b04e48a0dca34f58c703249ddf9ed4a93745ce000e4650962c720a0b389a0822

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6301233e62f7e5751564bb55cbf5c269

SHA1
32fb8613cea25d2cfe3ba361a441b4bb4895959d

SHA256
297cb68e348e2f35af1939d39bbed533519187c0f1bbfd1dadffd4bb665f8d82

SHA512
11a7545f1adf914e44eaa34326a1caa8f72b4d03ca313fe1a93a9fc8ea96345a65f1eab52c37a671bbc7e0845ba5a9ec2e9e22c8c4bac9b47c79ddf42ee6e94d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee7bda7b0c0833c3a0156f82ad415898

SHA1
f1ac9610a2e36fa32b283684b5f5f05fd3e486f2

SHA256
a227c997c43027b6a8c6d519a0ded16de64c30be64ddfcac233a2786bc4812f2

SHA512
53f96872a2f9f85a3fbf2c98ddac207be4a2c6eeed40720155d19422a0de456e3c894140c9aeeb3a4a1ae9c44ae59c5dba273ba5a919a4a4e2e11a8b9b11ec2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a29ff193e6c09aca024ccb69a13e056b

SHA1
f1b990bd6351b1d4139aa48a224d102dcabffabf

SHA256
1aefcf8096cd284a93d9993a2bd2583cea23996fe7e0dfec568563d93e8e6d73

SHA512
aca2934f477fb641de69db46ed204b83b27f65c612d167f6343f80f8c01fa7e1cf7990ed7b51a62b0fe91c0c8bb5be5e76d8995287db1742436e80f43ab31552

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d62cba348480f847e78c1a05a4ae783

SHA1
40f1de11ace6a401320e5a33d971bf071ec016e0

SHA256
46a9be9bc5c1734a8b9e2ad699f37ef2e3114728c2ddeea14b22b1884fae0152

SHA512
3dfdafeb6ef870f718692f5afbc1eab1446a0bccb6c4b3967d263a59ce8c0a1f5525e97b05c5ca97b50ad0141ae5ad948f209850d6bf6682946ebb9c691a9d1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ef6ee00c6c263b2fec9225cc3045ce1

SHA1
8523c512d1ed71415c26726c03e6978080d2a4d8

SHA256
78e53ab678513c71f3ea779a702733eb179315afd368d3dd3da3010e3f351994

SHA512
722986174f4ba9ea06aac4e4280fc9ac386e498b13ee63fcb2e01034e5b6d79cc4a85bac75e29067d6cf8ef81a6471bb4854d9d09d6019baa83b8264d7f78a25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1a832d146d36cfec5b368954f3839ab9

SHA1
59fd934a8a4c75e6774e76efd3f481a98a376eac

SHA256
2c86f1876ac6c4749e7ea62c66a6d2614a302be72f41d14ae53acf64d3061bb4

SHA512
e4484243bae51938addaf924fc2a6bf9a9403f534afe78dcfd396730b4bcb60869441c2c68f29c72e208de1e978506b2f6c3e3a35afba97bfdaffb01aa735aab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc0979a441303fae16e52db0bebac834

SHA1
015a2c6e64560230c8caaa8f57caa96e9db9bd31

SHA256
760f62cbf24f4c84e520961fb52b7263cdf2e236feb9374cf210f72a9e310efb

SHA512
267cced2eab034b2adc475d1af21999b1888b291b2f83a0a872d73543febe25b3f1b5548d68d7ce7bab20cc2b59456ba143a957302171979d7bafac7c42eeea0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a902969e3992a3e03dbdca97b82a780a

SHA1
e52891c21f40c576bfb62f2e69349f84dc385616

SHA256
671f6acaf7daf80608d410b2b3c388bfc133a5b13ce1aa93f5cef477878520cb

SHA512
085b00225b3a3296354f2118cdbb41715e4dd2326265084eae18c265445e366118a65c6c5662a4098658a6cbf3865067f0fa2f9e3da41499969bd2fb84bda919

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5cacd7a41843c91bb897dd2d8c537f2b

SHA1
12daacf04beb4c2f1fc4e4b0269d527b4e4f9b1d

SHA256
377c6d0bbe9a3232e6daf917fe8ca39e073304e51882dd4b0a8c19766f48c041

SHA512
a3b13d1c7bf28c0c800cec52b55fc9be1e1e522fb27526b1567df8d5c3a53ec4dd86f8682de1855d23126111b8ff2270f1eaf50a2c3d50246c3fe2574e543f6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bca84140388f2b31fab18cf821611aeb

SHA1
ffae75b2ef0c3c8833430b0561afe025df5d4231

SHA256
bca3a98b09dfedf8dc40dcae1cd69f7fc031cea46b410c16bb1ecc833afa4c5c

SHA512
e058ac277d1a3e58e43b6352c83e97dca8af6354f5480deef8a35f983460b46bcbef298dbc89cf8a13e855480ebbe0c43735340383c4898eca38df4d7c756b15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
00637ad27f2ca755d7b63c2b9e4877c1

SHA1
d27ecf109e9002c54155a8654119ad729798c767

SHA256
c888cb2b7eff750d5b7cbbeae0bedb0182ec70697054941286b18152c8c4ffd6

SHA512
38b2ff504ab50c91012dc8660eb02548aa2dcf2d5e5fc5c9be43d6ff53ee18f4d7b7d32b43e8df5f4242a7c7e05b9470f151bffb81b981873dfabfdb83290413

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0df1eaeab3abf4f2de67a183b5885bc

SHA1
26ea9a8fc877c54423a9c55a87a710a37bcf00f2

SHA256
459d86ef898ca469126570d0be14f1031c56eb075e901fe12157ebbd95d42382

SHA512
7922b94520beb9d9bccc1d6d9d626f20680199b8f2612d11b237855afd7588888e781bc68f4997e630a7a68dd47000557166e96f4f0c5ee742bdbfa1ea21c0a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7b9a4fdfb8974ed708344dc0d35b5d81

SHA1
6ead5c8fb01520a68f922f48f106bc15ba5c3e49

SHA256
2376e096fddb1b8602562ff4567ac82db5de9c16bd557a5624865f567971bd87

SHA512
e13169a240c38c1a5cab2a4cc8ef327aca45567c42adfbc95e0b9bd41fafc98598d8c847bf336e14699a943d2b30aa03db32414905b439babdec8aedb68ffefa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
973deb0b676eabdcaf9e6b373dcd435d

SHA1
58bb5309d6550936b69b25555ba453b608dcb2e9

SHA256
81aaad9d8ac6ac475f0c4a93eaf4496d993d2592736fca61af990675a11c10a0

SHA512
a38d2d0e4d3e6ba9665c85a891ecbe3ac2cf3d3cc3003c4be4416248d85445213b814d7b63df754b6d9007ebc9d579caf4f7aea2dfd1eb982f5be13fef70c87e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA660.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA692.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit