1a5da0a549b54de7234f2aefdbdad007e9d9dab76f146eb7488ee2469646c128

Analysis

max time kernel
5s
max time network
133s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 12:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8fbb027a701c3bc812ae3d4e74e0c1b2.html
Size

3KB
MD5

8fbb027a701c3bc812ae3d4e74e0c1b2
SHA1

c81d1a57389ef2f6b03df9f21c74433b35fc91d8
SHA256

1a5da0a549b54de7234f2aefdbdad007e9d9dab76f146eb7488ee2469646c128
SHA512

5db880af3f6702281cccc463d18f04d09f12fc58695a6f5478c40d501946b33333a528711f8f26563403f8e9f08d797dca49b408447aee7e3ff9cf7e9f6848a4

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7F061791-A1AA-11EE-A2F4-C2500A176F17} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2172	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2172	iexplore.exe
2172	iexplore.exe
2288	IEXPLORE.EXE
2288	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2288	2172	iexplore.exe	16
PID 2172 wrote to memory of 2288	2172	iexplore.exe	16
PID 2172 wrote to memory of 2288	2172	iexplore.exe	16
PID 2172 wrote to memory of 2288	2172	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8fbb027a701c3bc812ae3d4e74e0c1b2.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1a4f917dec706775581f2d3c3eaf4e08

SHA1
425968510fc521f5b9aace59174e1f779770f3ce

SHA256
1b13ef586eac84ac186cd9c4fe2e8409dc54d648306a8e56c091fd450d74785c

SHA512
2848ca51f40b7e4301798d62679710957487b9d1694afc488a3e01ba23b34c2e15ede91f534ffa1b5ad7d96276147c38fe93be275c0ff3432d045d0bced4ff4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ef6e1fbb2351982e312d21e6940449fa

SHA1
d72aa3f2aa36b8a900ac57bcf786f50c283fb8ee

SHA256
fb16c52c7836646b339747b5291b22e4e8535b37fe7ebae264c1cb1e536f7f33

SHA512
49c12bb4bcd9a3257e29f31a09d473a770a16d7f1dc0bcae7ba1dcd92ae3cf5c7e97f491655e9e5ec2a1115ae3b893611a0ecceafae9cf874c93eef9f840dbff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3055e20ea2a90f593bb7cfd4aa47fce0

SHA1
8899bc6b436b7c1da0961038530d9404fe3d62da

SHA256
1b84671f56cf8c2bc54bbe14bd318e284dbbde0ccdff2f303dd241065ab3e262

SHA512
c1f0c612dc1aa0b5100ba46fea4376c8d1413f7afbe7c1c48405d3e5e72a6f493a78d0017f4b5cf1c284168000b4c30a20da167c118cadd3e1daeac925d8c8eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b0bed07d6cf7ade7af1b4522b5864ed

SHA1
cc5bad1bab6b0f51e96c10e1d540a56b88574116

SHA256
514ad0c4b8affa1c15ee8d64b60c860c89ce25e9311b484358c1e2473c9c11e0

SHA512
c0c50e40f5ea957995c0e157087380fa335ab83804f52cf76bfd2ed3effbcc2ac418ceb7253135aba1d193c83431a682536736984003ba582676d6688388aa9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
02fb925f2f8b91453ca52fccced62734

SHA1
4397d79dacb2bd3c76da65a11392ed88381d430f

SHA256
6673a64c08e737cc53886b2fe17df62b028a871aec8cb38239570bb17247e88a

SHA512
af34515b73efee5200c90c81b235f785e6bb14eadfba7444ef8c0932a6c179f28d57518dd9e08b5bf365a04767ecbfa5a684e1ca159276111a703b12c6caaefa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2539cd5ca2187e97ae2c3190d89d06d9

SHA1
23dea6ad9dd35a623156bb3d684bd28f82c1954e

SHA256
f4efac06be370eacb766137dddd736b33f6df8f9cb5289151a66d729a9c36703

SHA512
66511e4422c51fc6e5b0ff2c4bf51b94422a691de94e06471307c32702a919870171a5e657586f0e604f89ff0f4efb3b752f6135d1a4d7c59f0ec867a678d465

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af43fd2cc4421038212bf9dc1bdcdc9a

SHA1
af1a0f69706ec5619630b440f065bfeacb0a12d4

SHA256
02dea9cb44060c28948c179891d5b3250920b2fccfbd09095ecfb8db43c3fc4c

SHA512
83a45e10ac830cd46bbe2c18005127f43f16bc461baeb6d971b9a47153b76245a2297ba5009ade00e8ec8d0ad441d37df246856bdd3220bb5eb2aa8a6af7444e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
215c1ab81b2d4365c32a9a61833d1547

SHA1
9e57663d5a208ee65358061805600f21ea437b47

SHA256
403fa7419ebc3e41bffa0ce6d3f02a05c9cd717d866161a1ab9007d597a6299f

SHA512
6406439f643364f76ee84a343a3c162baca7e59057712fe3183a360f7fcabf550b3fd85c19e6bf7e5bf0379cc02b89895ae42169647c8a76cb2dbe2116263ef7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a319243f0c3d7fa3dc4463ad656d4fc1

SHA1
4bee3a4af863b29ddcc13daa95d403944e312a53

SHA256
716624eab6eb8d1b8e8f6cd91a6d11f309201bccde42ae3e751de03d6ba865b0

SHA512
6a984af699ff9a1051c328a51da8d155e2c56df3c4f0151c30afc5a02e4b442379de7f2e17112e1c820a219c94cb1b23a5d8ba8bbbb53803315b5537e9ee073d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dced734ce2d3caa6d2769427dae379af

SHA1
473f8b9b8e3603be44427e4820cd9b77f05f1a5f

SHA256
39448ae7400792c35efb32e9412b052cdd38ed2285f9cc382f333ec1fc7c5610

SHA512
00e8d33708db51ffb036638e148ffc917ccbc525ec4a6ec13c4f16d715bf57fa77367c76a37fb20d64d4536ccebe65787214e5114704ba7993ea7b98ae5b9759

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
affe11e7c87986ef4395d2a19f77f836

SHA1
194839b7889d53c0798c5c7b6164cbab07bca4c0

SHA256
f1ff85a87fbdc13e223a22f5e0ad29f2e8dc1c38c4184f5fcc857c1c25a1c718

SHA512
b276e26f3f63cb1668a05398e100a318efd2ff1bcb502c1a220c641737347a2c55061e35634612e0874db465459c2c09fc15b73ea4ce37910894bef2d4de9c7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5984192ea6c6b07a7df034110d6fd64

SHA1
7eab64b824def816adc3a72da6b9f1bc79d924c0

SHA256
f3b95b9fe9f5b293cdfe8e3135e7f89bba5abc18f39f5c01803769f34d05b209

SHA512
7e4ee676e4e6f23d5460ac646a0bf1f16988482be249fefe1db77e440884817d15af62e1e47556a5a6201637a9fe0f63d9518a08fd623fac05d6ab8d89b1637f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0bd899e805876af778aacd87f1f7d51f

SHA1
30f597abe0cc0432197e381d08cb00bf67310d76

SHA256
6eef4e33c55bc6a49af739f1f7b0d1e5c528f1bebf9f57e48e66df39b874c646

SHA512
dac2e137858adc1d1ec526654727781cd7d646f3fdfa9f330f9c6c5f6c675bb43f0b3d89e3af08689a80aced3b96e0231034ef78ff0bd11e742ecddf6fe07b1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0237617da85b0586e59271c7cf3c67dd

SHA1
706cb766bcddbc5bd1824af0f924a2aac29d542c

SHA256
c22dbe901d733f515cc802567387cc297936e2806d761af9f4914498a35e0158

SHA512
494ed13b3c0dc19b0276fa854ea28d6c6b0ae9066504c93ab1e73dc62b49fa138c05716e53bf4a5bccbf9d1eb9750c32a8c600a5fb82676d8afcff8997481cd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1eea058f2ae4cd080e41940dc6c4a2fc

SHA1
3d3c3d73e213f8195d5f3ad9f4fac0de184ee43d

SHA256
4f29f33af01895ec2b5dfb33477a99277f7bade93b45bfbdb4036f837cc2f345

SHA512
b96274569926cc8e26c0aa757710b5654d59d14402c58f5e1718a730a1e684ed28adcbe716880dd7a101f23e11e8db171365f14d2ef68e38af787930c7714e27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
70f088c7c8f5c27f70a7e009c11beb0f

SHA1
7be53c71eb554e27a5bbfa872736d14100b5d6bc

SHA256
df98fd0346a8ccdc6b509e4cf0a8ba99a47db684239037a48faee8aa5e04eb36

SHA512
b8530dbde72b72e5800c25b8b8acd9ec7ac55f0bca92c4bd2e65580c599372b481fb5a91835884ea86a5b7efffd41696dd29fbc2ad7197bf02e1e96b586bf697

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
37afc2255a22f166cf5088c99f907ddf

SHA1
db943a8696941f8dc892bd9ffb3e0234bb086cb2

SHA256
d0bba5184efdb56d1f5be686e0e3ccb97fe0c727e8660dad6fdfd28efb5d4a48

SHA512
066cda844646d0ebeade12f81348a20ac2c5a915cb0e3569f2dd4eee4dedd044d7d7ca99aefe839a2e546b04950b34617d7d6661cf037f62a7d4d9769fcd9966

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a44a6741b7e691c981aa04d268e61e7d

SHA1
3533d49ae4bbe75b9e76fbf5c9d90c3c12264904

SHA256
2d5e3d37bed564396be5d9c73fd15622dbad1d033a861f722c0cfc40b093a912

SHA512
8d65a9cf1b579e8a8329dfb8329738a067f76c45103d5bcf09d5fef458fe6eb18da8cd3ab11459083ad77339c0cf8fff0d7545a6d296cf32319e482d89bc78fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b0418aa89d511ca69f51ef4790c8f610

SHA1
bba9c8eb9321bcfb5f2a49a7fe030c1f8e190e07

SHA256
e6b0d933c4f85c6e6eb9a91cadaccf277dca17dc844e12f0636b8c59521753d0

SHA512
0bb98547197e1657e2d1e0ef251b56e55472fc259a023c493708d1f7f0e7b6ca793c8414a8af0b69681ba9b02475c2b57c7354cc556a0b1ba4b5f78315ae5a09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5e78edd04770683dbe66689c4be5aad

SHA1
9dff0ff546c1b612afb3d618a33890e6f135dc59

SHA256
90b1557592784e53fe5332900d1ed13c89c1501a9ddc6cfb456eee0e60aba039

SHA512
48364112987d4bdf703a9a95ff935479ef35f05e36595e7bcfa96c9f6c2eeb7aab3bbeef1643079fd87757686a2a872527a2719b4e7d151725bb92eff16db2e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4D96.tmp

Filesize
5KB

MD5
12575bc8af97f3409fe01045e218afda

SHA1
8938c52bb204c05bb1a34fdcc5730443f83bdd73

SHA256
7aa628b1c9b2a6db424fd0eec3199f1779467831ac8cf4d36495b902cec4d086

SHA512
978703b3456c2e82123da41c9ab0551d4ca3b78ae22a64fafd966eadb9f529e6ddff67bee426435d1388cfc745a753b3b5478ac1457e2834660a307802697398

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4E63.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit