f71690b53df9eb32ca856c85edc53efbbbd44573f92d1e7110fa2e888348b9bd

Analysis

max time kernel
0s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 11:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

89aecbcecf7b434758ea288b3030dc90.html
Size

12KB
MD5

89aecbcecf7b434758ea288b3030dc90
SHA1

682a7b8e244fde71eedcc8fe75aaa732840668fc
SHA256

f71690b53df9eb32ca856c85edc53efbbbd44573f92d1e7110fa2e888348b9bd
SHA512

d9099a3d6041c05846d4d489b7c0e4586c61558c2b3ef90082ebc87a66ce97d61f92b88063e3c90a9baeca81509fa272b1c0ce7f08e94e225444c8534bfb9f09
SSDEEP

384:xy1R1QREDBeVliObD5IvU2ee7Io48lXyR9Y35cCPRrMO77OM0TCtxYLuZ4mXYHbD:xy1R1DeVUObDicz+Io42V77O9R

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3486A7F1-A1A2-11EE-B84A-D2016227024C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2440	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2440	iexplore.exe
2440	iexplore.exe
2084	IEXPLORE.EXE
2084	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 2084	2440	iexplore.exe	14
PID 2440 wrote to memory of 2084	2440	iexplore.exe	14
PID 2440 wrote to memory of 2084	2440	iexplore.exe	14
PID 2440 wrote to memory of 2084	2440	iexplore.exe	14

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:275457 /prefetch:2
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2084

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\89aecbcecf7b434758ea288b3030dc90.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f532b224053a69da1fb5689e4f160564

SHA1
0285c0c937de084375c1a7beb963011fe3f3c16d

SHA256
01062459c4b1866c2bf7a87d60118a22a85d0d9f5bf925753703f92e8ce5904d

SHA512
38058fdb8aa7708b568a4a0eb457375febf1fe9fb2f4996847a17643816a2dabcc4f1628a9c3e7658c237617d7f7c1ee02bffa72b70262cb72c6c47c265842d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
17a4896c769c21e237992972dd09c0a6

SHA1
15397afeb0188d957fa8084fb6ac691654a57f50

SHA256
70db7f54dbdcd8bec323fec8bb164cc4159829066d838717e0a3f2bb4b48317e

SHA512
f7c572154b63d3c816d4ea37becccbf201ecdb723043f6a6c9e6a857e0751ffe5148c73844d50809e98523688b5bcb780a4d313277774a4a97f4db70b6cb4ee9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
25e1e048d2bd2ba326b02d20e25364e2

SHA1
55806a815bbb3badb043d8c9dac43134a1c02d0d

SHA256
341f75f29dd96d74ccadb79c50b220122f9e14f124ed224853af172333f44cf4

SHA512
d35867170441bf530b4605d7fe0795a5a3bb3f184fbc3ee1cc7e14519674b9a148778a9644d0f97f65614b3525816292f0a26843737c6cbd86838469da5b91b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ab02e687dd67f87f51e035c5c876f4cb

SHA1
c0bff8cc3357c3b58060d4f93cd1f8a9f5a72f59

SHA256
901e22bbf1f5660f21d409ed271649a486f8809f0110ca1ba216290ff4a1f0b7

SHA512
72d9ffe66d22ff95973e8a1df73091bc703530cb562e921da29a98e91cdade35f0b4df7f385892af436db7a426fb0366ace3bea438a7a17d9a67f390030a4f0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
25fa3f93d2697a68f24211dec90529c6

SHA1
fa9aeb7bafb52e07200ee09595025841d6879f2a

SHA256
17f69eeb4295f21428d04034488304a1fbcf635beb4ccc9eb908e62d377af08c

SHA512
4caf0cffdf0f0a3470e2b1d988af994730cf11b9059e691a9ff63606d89fc7753df76fc92efd04fd01ed30bfd76bbb7881340eae8542a7373a9117478cdfd9fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
36a7dd5d3c418307af3abaf7961284fd

SHA1
c57d9f2a197eb9608fc89443fadff19065bfa6d6

SHA256
a195f9cff3d911c54c7ac29477dedd8e27069b550edc9667d40db1a17b4ca35f

SHA512
7dc869e8ca2f506e97869e698c79c6a3f194b874bb6b5900773c125e94e54b8da715eb463b8ce8400e19a87b02e82be3626a9bd81ec857d0dd2cdce68cc4cdba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
22220782bc137e434ef0a422d3c68e91

SHA1
baba548ea0e77e166267e6b4c351e24a4584845f

SHA256
7d1bc5d45e33517a136f2a77ffc8676a9f46b75c662c1ce714522b30ee19b4ce

SHA512
23b1907cc41f61fb60009af08a84a78e90bdc4ce94c263d8df5a1ed7aa93059c25bc228a1551ac4cd530237a8198af7275b00dd9308be40136226535c3648094

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e76b194e2fb6d678c2637e30262442a

SHA1
29ef2c878f8b5cb9fe39d78e6a4279209325fc3e

SHA256
55fe7f6dc4f48d1fd75db681e99ed9838a04363473fecb43280b74e7a89f8689

SHA512
ff4a1706936e3191c21ff4ca97960de95cc49fc94964850b4e87d1dec880efa3758a62cd2efae4bd02c8d41cc0099ab0279b720106f48fcbc11c654ae57e4d20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a6c9cd6bc4ca6feae264a576e94755dd

SHA1
454b89b8b41703c6faa46ccd3c053f56539eb216

SHA256
c208c7227279d159171fdf02282965ebf0604741eee74085d37ebc6268d02116

SHA512
992f001323c31ba6ba853e3791e08706be4e6cf56fdb7e96c79e3aa09d75fddb08c69523d4eb0c621156e336c96aee95398cd43c658866ea73ab6d8abd0204ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
abe7ca0f82ee8833b7d3320001eb31d7

SHA1
91b2a753b81b2af3a2a958b23ba4b3a616974a7c

SHA256
c8b8be44791d589c0683e13ee38db08d7d224b902e95df7c66169f2be8af8c45

SHA512
d07421cade7f5733c67fe37936ad9600a2d6459450b6c79488ade10fb279cbb022625fc59559359566f0c9cb75b016ac82996c37142802cfcbe4127886c5e355

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ddc8f00accf3e138b25c1b9833ab6db3

SHA1
3000d5162ebf9eec16a798575a2a658fe656bb5f

SHA256
13736dacb8b3de8c2490cab950063a762e5bed63d67fb48910c5a704501d0e59

SHA512
11022992136df261dee7a9889851bb0347f8933d8b1c19de8b1fa8a131692ccfc9ededea69c1b80c17f23127cc0488dccfdaf60d25d5bdc299b3cac392178bf1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1a4f8e73d0e15895f0530ade5208567f

SHA1
8ac07db3a3d7808e5041a8f30fafbc71749d1c8f

SHA256
15689c4b47bb1d591963d7073c1db7d1434d21df856390b8cd99cef4865b493e

SHA512
f75f0150bf954a617a380d0a4b58d49b1dd922328609cc70e0007794b759aa3398e695791e62ceb974b124556369f44ac43ef64f29bea272f1daff706f09408f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
89f24e0cf252029610ccc3d9ad566436

SHA1
8d7993f4a6746c540c00ecae98aeefc5cb01ed2e

SHA256
e75246a8d087ed0be681e7f08bb7ccecf65493fcaa035ca69741b8d79de27e27

SHA512
a88723c262bbb2671b8a7ae75ec145a610e399d3c05537ec49d46830d405de36efa65cb902f15d1717596920c8dd5b85072af9ee4085f5a5e145dec428e588e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
25e06fcaf9a91c3fc948f47a640bd8ce

SHA1
41c2bffb06e0af7c61742a2ccf9feeec6ecafd47

SHA256
bd6388b6ed99b6eed111b91a2cace4d6822a3e9ddf230c8a222bc3b6adc8093c

SHA512
65bf541afe3eddc80409741c503535f032c69365faeeeaf70eb6b857396defd38aad983f0234dd959b047acdd97ce3aea0bb24baf9ccf660f203e893e818a6ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69d29411d306dfcdc2579a3be58c79f5

SHA1
4cf37e89fb1fdeda82bab7bd2decf3f37a5b14a3

SHA256
1500691ca5b95e210ab4464295ffc0223bc95d80e83f999b273d6e75baa72dce

SHA512
3aac28ab140f246d9490fbcde25eb06f00eb3f1282e89d4831ce354de1574d45e22295f7e8aa70b2f2999aec88d80be1a10fe1c5d39097b7e5e611d77dd0988f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2D2B.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2DAB.tmp

Filesize
136KB

MD5
17a273580dcf23fd2cadf436ac4f677f

SHA1
2974af973f3ad18a8a99ad8cd1ff639d8a9b4052

SHA256
29249e0b676dbe8e96fa6b45e881e021d4f33e43cd9c9578f2053fec80beaac9

SHA512
5100c1c2b3d6f145fb2d17e415d7dfce90caa73fd916a1a9363aac4904878935abebf9c334d41ae4c7f00c3354780df2432d05d1fd8692bfbaabd11589be65ad

Download Submit