fd593230ecb6779158f088a68111aa9f1a697bbcb568e81a4f1f86b945ba5b35

Analysis

max time kernel
0s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 11:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

886390ef4e22e344a1fde38f88244688.html
Size

1KB
MD5

886390ef4e22e344a1fde38f88244688
SHA1

106684b4fe185c50cb66c365721780d04175c619
SHA256

fd593230ecb6779158f088a68111aa9f1a697bbcb568e81a4f1f86b945ba5b35
SHA512

b2474d09f2e7bf57bee299a620aff4f619e84b6aacb7de224c1c3e48d7e8d9aa818cdc9a49e9cb26466d213311a409643d2177fb582a45e9cb2ac7bcaa12e376

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{875EEAC1-A1A0-11EE-B432-EEC5CD00071E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3052	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3052	iexplore.exe
3052	iexplore.exe
1740	IEXPLORE.EXE
1740	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 1740	3052	iexplore.exe	14
PID 3052 wrote to memory of 1740	3052	iexplore.exe	14
PID 3052 wrote to memory of 1740	3052	iexplore.exe	14
PID 3052 wrote to memory of 1740	3052	iexplore.exe	14

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3052 CREDAT:275457 /prefetch:2
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1740

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\886390ef4e22e344a1fde38f88244688.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7daabc9c11bdfa098bd30ca5a45821ef

SHA1
2de613ff4478cd20cc91d6eb76cdd017a39bbb1e

SHA256
86e27ee5d3f74f22ed8cbf10069dd47a37a70f94c49346dd82a1d721fb132542

SHA512
90c45b4a2b67dedee20885851918d6e0d3ac4bcbc882e11952cab35702bba7ba084e0d2ddfb6db8da2b8e17ed13781d307bbbf69527b9236ed11eb2eae20de4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f36b2cb3532be25fd716d4f8662e155

SHA1
e0d5d9dcdb370af1610a5069ecf5387ae6d81955

SHA256
26f6fa021d0f66b8a0b2239db49d408b5b02c7f5023b0ce0160a3b5f9c786d4c

SHA512
6462f70230e95436ad9264de4d9a0a965b6e6ae0df472de41e5cf915e5f14e7791311932fc919370365385ce7765b3cad0e2748d3b83eb6dd03232309341b837

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84b1ab77a6ebc1082428ceec2c699cb4

SHA1
d92135f35373ee8144ff36ee260ccecb49ed2ec2

SHA256
905db8634d8d34050f172e4bf850143de65083e405eeced801cd642a46b17531

SHA512
64c2ec8b29250f7bec9e81b8627d74b938a82a170574b7d2e8e689ee7becb336007b01818b9ead98340a718a73fd3416852ba8dceeff8954207cd95aac5dcac3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc78fe2d964458e9107722b11afc6ccb

SHA1
21d5d869a22eecbc9b0971ea843bd8628efd79ab

SHA256
71de2ec9c86dd298b722856a1c7657f7e49c191ed5ed6c22e768d7f6eea76019

SHA512
abf18e6b73d5ba0992b107f27f41100dd6fc45a8f573df69fdeb583f7999cdb347fee045f472bd9f8fc1f3784e2287c8b328df1b22888c846955867bcbe6ad66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9764f80391b02656f862295c5c796b25

SHA1
42bde6004b754a71ac67dfae92b64ec71aa6d118

SHA256
cbf1b1dd16da78ce123ac0e9232ca54b80501df31b683e61feae94dc5234981b

SHA512
c7d9faa4f85c03b3ca3edf32a699610a2084e7c9f79bcb612ce213cb5d564f78df69b859c7556b3cb862678549fe9e9f5d03c5c7b45d1636faa026a03bfacbe3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
235caec3af12ad9dba2f9203043a2220

SHA1
523def33f099b2363ee69ec91471810435f6070b

SHA256
ac07f7d475944dea287a2ee41ebcdbf1641370aca24b77f0e28a1c767440e292

SHA512
60ac6303a4376cf107c36c4ced63199e0a0c2f95b23ae4e2190e7d6a28d4312572021bfa04ece13a1ae0ab2a5552ea12a4ab781f736f06d45a05ae0b9a1d96ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f8629ce7fecdde3a1ced032bbc9c2e50

SHA1
e2377c93adc076f0e1714a547260654f12a32bc4

SHA256
ca892a33cb89673334e3b3454b8b701dba875c70c634d9d3546590c8f1bc9a22

SHA512
498f090fc95c0fc0eba01fad94c444f63d6a780598459ae42d9f902d224a9578d46f033e4da8ad973f7aa8de8c7a28931a1214d29e5d4d60bfc52df654c8c1cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
26c53c057223bf9487b8a173961fe7a3

SHA1
22bdad1b1c4242201e4edbb68626c28c361790af

SHA256
b65fdb03f018bc767c9ec9c113295c6292f13cc320ad4a3ef340b20463fc9d68

SHA512
f3589900524ee33be8572ee14d71b5055827a50325342d575f7172207862d7bcb48ca19f3c90d0049d947fb55e8f36a04db783eff96c3fde959a3ab595b9d4dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bce45c25a882763d75e9553b38fe90cd

SHA1
2c4a94e5d4bd9f078e4212121143c48959bf26fe

SHA256
428c02a78b72734e7799c4eec3befa6dbd9be5543505ebeca47ddf5c7b1d455d

SHA512
20b34099af3167f38cb4b810e0cdb5d3b156f89b1089755f8709a9ca4bebfb510fb901a7755556bb28bd1a5f2860fc2bfe0cbe9c2c3e7fb8ba514898b5b3edb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6904ee2085d38e604dcc5cb5c808b32e

SHA1
4e6f7fd5c7c07a7b7ca1d5074f843986de91eabe

SHA256
f2ed87f9e9175e537fa53140515d553867052fe20ccf9210cc1100d9f7307fde

SHA512
2f5467d6d2795c66af605e30d3aeec59cae9933662f4b74a8e028afb867ac73c382e72b28b94a42f2b56a30288093626576bc26c8b4901f4be7be8f5c4990cf5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c44258159326aba7af840b063f22cb6b

SHA1
60efc9afba8db5c072685af69c5ebd1efc91c8c8

SHA256
3e1034eabc98e6b80b61a32ecf1ba8c61893686fe1962c31784164baab771bd4

SHA512
b6737624bc0f0127a06144438fa681df4f3a830f3756fa7fef76028e5aee3b01332bf60a0204ea0fd86bc60657eaaecf918ecceb8c20bb716afec2ed0116690d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
12076e24b9f4b5cd0698d6d3d97b4af4

SHA1
6dfca658cd0c052b0b1484058abc040dd4ffa0a8

SHA256
10a2442c7cc11c667a872d02abe1b58f9d3b12abbf5c1fefb2ae61276d1acce2

SHA512
66ea4f5ad7701f30c90c4f4c88b3e777701fc6b24123971d7cc89f0768e39497fc89e689af1de80578940ec378090a33e545cdcb9569828acb5ad798dfb10000

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
44d465ed2c587768e5ea6fb295c63f4f

SHA1
fb401793167a612e42890479d57983110f98b034

SHA256
d9a5df735372d87b01cdd450868536cdf49f235beb40b1793c955918620231c2

SHA512
23942f2605868aac291a08e80541cec8cba405807b62ddc7adeef7b70aef12aaa4af5ecbc9df9f2626472a82e0f96dd903053d0060b0936b066c6d41e2b9c8d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
033c93c1ce99a1faf80daa0f3fbf7efc

SHA1
8b327db5e1a5fb04690ff1c778d59fcde904a978

SHA256
f3ab1f2ecaa5bc6744c721b1eb42ca6cce1337fbb06f9495f18520278ea9cd24

SHA512
8e1ef56dee97389d379e631edf6f36e714d504c8e6141a54899267f743a90c254b8388e254738a38f867bbb0fa1473f5e4a0ad41589bbae4bc7994dfd264d86a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc4834789270a415d14c58de285d1a71

SHA1
fe22525c4f8e99315c1b46dc94568c864562727f

SHA256
de0dc7c1f8c98fdd1789f1c3a3155b58e56a0b322cb13848162662d791b0e4c7

SHA512
64bd875a797b571af89719595d14c40d2573933effb7b06cd3508e551a30fe61a65ba7875a9af02aeef7909e30ef60950228fa34914f6413eaef4e89ba7ab263

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7bc5fe3adfcae62c41dfed527befc61

SHA1
dcc45c0a15f2634b879794d0e638e732f52bf555

SHA256
42afc9143529da3e7ac3e6f184d05a35f5922c761299d45cf104f5085e738ce1

SHA512
b39b6fa154d9014a0dddefafefe8a97417e6c0be9ef9b51aa0e5869c5d6c3df35df3dc4d2969710354339e1d1d299bec8cb9d95290b7b963d1382a6c00d6f857

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
107d4b36416de73b03d5cccfd90c1e6f

SHA1
7403bc8c8dffecdf50cb005eb0db4bc2a65a56e7

SHA256
7dc399fbea896cde74648c9007c1d772f89f06b8a429a4bb7c0d0e2d29bf4dfb

SHA512
8658fe180e60f79cda0fb4dc22f87d2aa71d42701bcdcdb6192de7eb392830f10fe15eb77012ed8f341098769e709eb080c72302894490cccdbdcf483dae5c65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b01ca765d746060b90dc82d6239eac22

SHA1
17d24d9c2ec4c4e3c1010bf076d7ccd15570775e

SHA256
eb11c972336aeee6f3dc9cf09d904d35f2546ceaeac244116cad41c898cae930

SHA512
81a0dbb87e794c3c0a8618bd393b6b99c7173c2e5f95d01dcb4ae7347c5291907533765b1678e858f94eea7a2ce4dd5d4d7cb79fa8690294d7e9ca76eb146118

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e91b1e34ffb317dde1909da2f6803d39

SHA1
7b53ced4a7bc7d963e01076682ded9153644e4b1

SHA256
a10190bef20b925388d9c71ae20a9cc2b9746ada2922f457ffd9f560e3c0f8d4

SHA512
66f710d16e23995b7507e31d7e4c23714f1e06965be8bc4e4bad087d2758761a244905c71bf0a88a12c15064d875ca3e18c71259bb731a20953315d31b8be854

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab485.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar534.tmp

Filesize
64KB

MD5
69b8e2fe3bb7142b759bbc3bd3092cc2

SHA1
c55b032e44415d77a1a2f3f6c6c049b7cc32afd7

SHA256
d31cf766104ab57466eca8c74b0b1dc3f7729270b60df98dde747087ec3e8bb4

SHA512
c3b3ca6861a0e35822f0c5b6085f7fc1444b051548aec4362723d1b7a14b72cd832335ca29eea23ce8f9fb71f4ac76c6bf2b58a220722e7843461bf095970b7b

Download Submit