99c94d501af8581c4b0d6f491267fe5da5e77894f0e0648f2f51f4d54457d228

Analysis

max time kernel
1s
max time network
147s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 13:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af5bd733514832adadc1212b65fd3565.html
Size

516B
MD5

af5bd733514832adadc1212b65fd3565
SHA1

6e00454fccfe404967601953e6228372830cbb59
SHA256

99c94d501af8581c4b0d6f491267fe5da5e77894f0e0648f2f51f4d54457d228
SHA512

88f2cb67d240391e539c6e7ea3597511ee640c2f5af8d722c2b1d612af5d0b0347919a7dd64e44647846140af6d022ab841a32a6cd7385ade92722ec07b9b6e7

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D607CD81-A0E3-11EE-A892-DECE4B73D784} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1944	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1944	iexplore.exe
1944	iexplore.exe
2992	IEXPLORE.EXE
2992	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 2992	1944	iexplore.exe	16
PID 1944 wrote to memory of 2992	1944	iexplore.exe	16
PID 1944 wrote to memory of 2992	1944	iexplore.exe	16
PID 1944 wrote to memory of 2992	1944	iexplore.exe	16

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\af5bd733514832adadc1212b65fd3565.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1944 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
02d3089ef4da6f7e3c7fcd11c8f79edd

SHA1
0d55091063e15e8adc54a6254a2528706f3d5fb8

SHA256
5c0499738b54bc0112babc8ed24322f3465a88a7f9931befb32ef27edf1fb5fd

SHA512
90c357a21d09bc28f0a61cac7fa371d94124bcae94376a65a955efd58fbe44f5b6582c5e39755032cb209c65dcb0fc1ce181b68366c830a47a850f9592c6897a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac9f2f9c1d1759258379f8e8b180efc9

SHA1
c306aa2deb15a7f438a08b49e5dc0adcce1627c2

SHA256
a0bcd6a75f9458989674dbefe4d8b794073c7985fcc34772da639242af506c62

SHA512
791dfd2f07266fb6f485b0131f8ab8fa05fc172c99a146f603eca8cce609bb7b9f74db80f5fd27b8c58476313e5e3bc3b3fd0cb28c9e814181f47857894282b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
489f32f0b6d0d40c0d3d5e02f8952c88

SHA1
b9a6123587bf073d6553c3b0b933edff17bfd16f

SHA256
bb218377f0649c99037bbeaedb44b49b0f3d5bb020c75865f5dcc09f5704d89d

SHA512
a8ae6969362af1e845d603f30fe54a62a2bba23891dbf0d2051d519f8a0d63a80d6a5345a86ee7cd9d603a40efcb2b7e6b5c0b882fc310dc39393dcdc33d253a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e85df0853e9c82c2f5a8dc43ebf70280

SHA1
d033ec60ab8cc8301b37a6fd2befc9052255e0d4

SHA256
9445902cb14c10f94c7c4ae50d994265a332327d132d592d64754c8e275dc007

SHA512
a53e5af18d969cb38180e615a2af3eec5be9b9701e8cce656cb01d53965d8cca6fdf5ba5b634ab1997196031fa9f7a12c3ae75cd290b6b1970228e53e92098bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
852138e0d6d37fab4bad595d0c6704d8

SHA1
bbcae5bf1556867860fb3b6370755cd622314cb2

SHA256
b95847cf4e1252b420f14d7dd2d71937a6ba5a0a1cf82331654e6b9764b34221

SHA512
164c375b71bb6c71bc1a98023ed6d1e95b6dce72526125f94800acd0e90174ac52684bff2ab4e723b93122bad7c3fe67fad265d0267aa19e6795aa8661e19bfd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ff2ca6eb6ad21d6a96aca3d017a0ed6

SHA1
8cfa8dc679b5fb9787d8016bad417d0f00fa943f

SHA256
fd7d708f50ba148f8f83dd61277fa2607167a3d6a9335173e081e8a846e2385f

SHA512
a757994aa23c87ac15a4512ec44ac0c12db6fa61c9655132e9fa918508116ec17d3be0858732262ffe0d9d1bb03cc2c461045b7a221c74d2a3c2c263975f7685

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c77f3be36f64c762e26171130b78e16

SHA1
a35ae12d0cd655f9c0ef3dd2f24dfda6ec8d371f

SHA256
7492ccf534f565a09331690f2f07429404c308690326912f3794610e525ee5bb

SHA512
58f63d4196574f624fe57c1224bf0372c275725823fe4214dc1012e94b940083b6a932ea709442f9d526de47a15411b2a227d3c3fdb32d980f6751f4d9b8f116

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e3dfa57bebe1ff4017c0cb466d1f834

SHA1
c12c3b98f16d15fe2426569305f7f5118cd99431

SHA256
3b8a51fb9b65355a842e6ed678f9df6a7cd256b66544fe6fe685a3cfc26f2bde

SHA512
8088f4ccc2167be55c3207fb3182794b48fa3b3520688ed886d81305f6f12807576bc17bcb415b363c5bcd047114fc843943fd75d6235a8b6cce4565c8ac3f47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
265b6da5a1106574f6cc9947482853c9

SHA1
2e99a5a4cfcdb015db4ba4dd74ee68922d345a04

SHA256
3f937ff3139763436dbecf8b3ce50d9edd3590a3f382b45656caef00436ff346

SHA512
2cd8ac09c415960f61c04a64522b7921519b2d7b515712c54ace16685af51b38c9309bbc1ca6cfb4857e1083d26fda56717278438c9bde79bcecdd629ed348a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2177c664e923b1071e27752ef9552b9f

SHA1
c08cdd7f637cd762343f6c03aaa632ec86e5b26d

SHA256
2defcd0b1f0fd8a197ee7ac42b74600ef2c31123aa04524f1d988b5bf038787e

SHA512
efd042d152be4f45a39ce83cb42eca4b8f023c64316c47d3b54fbda576ef4118c913ef66da0117c5352827f7125827dea59d8a3b1da543b33d1b105a05c99152

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
440b45a3fbe4de12ca0ca8bd69f86eb1

SHA1
0b89003a81d1f85a36ad9d42220780aba1e62d1f

SHA256
bb0ded76ed9e6dcc13e96fe51a5c752d13a91900939c5c80e27bec1a710825e8

SHA512
eb1ec6e4351bb88adc93601c78cd67b5d757a35e022b70b0eaea5059c9c38eab2533d2b101323c2e60b48eab812e7921f3c5b8811f31d310f9310cc4859955a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
94781e8565592f6f4b514e2d0ebd23a6

SHA1
988858ba893ab08977edceeaeef88256a4e4d177

SHA256
5afb150515e7c08a5aba7c2c7f883e2c1eefc5c8bf72c02443c57fc06fbcb161

SHA512
e8de40eb24f3f06fd45aa8a2888d18c2314b1340241ad33a4f6a521443bb5d840378d7fd8d60976f1a774c11e670274abe02752df086d9af0ae5b5068efd9081

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c2eb09d06e0ae5efa2014eab095100d

SHA1
887fe81036174822211533dcab5f11dfb1ea7910

SHA256
280ae782a099bced264a6952f2518eb488b1df3279bd852d9dc5049dc7262d27

SHA512
5bf3d2080122719be0089cce21042085a2f1302fb4912b63ba244b1092536fe03982223fff9ce6d39b857b5c8456be5eb41f2701d2880f79de57fef9ef356efe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
953294428dff831e954569bfc4e6eb90

SHA1
463736251f4467e4bd74c57932574edb084a7869

SHA256
9e09c0f763001fc2a960e182f5473d2edc55ad7ed5368812e16e41253a6aafc9

SHA512
7cffb58517b1c20e1060335a857856ac167426fbada387047a80464a28ca4d503654390490b9eb091dfba6fd7e492715f31cb9e9b0762af80b026038f6132e36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af7b84479bfe93b0c95f870d7fe256e9

SHA1
4db7f05aaa7086ecff8804483593db2972a1d072

SHA256
0f9b859d5084dd915dd2559611aaf51c5f7c704cbdd4e667869dfae735ee4268

SHA512
d7cafc89d0f2b5793ab6c7c5520005d5a976e354267bd247c8cde13cfe9e5c26188ba034fea87aaa4c9a1f2722e89ce76bf48927fedb5a78566924cde298a8b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0272744d4194182781d55ec7151bb8e

SHA1
30f326903028ee24b137cde23e948ea9dac69da0

SHA256
ad8e5f37041bf5349fca06be22c2306c49d7ad98874af49481dd097f49a1598c

SHA512
c04efa8d418c59ae6a85d794f31844b08e02c2f8bc8f82b4c7b2505e4a926e82ba1ff562341b7f737a79eba595a681c632a4d33921b6727cfc3cedd0c74dbc8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
82956bb27f8be6510753cab16a45b366

SHA1
749a34263ac428e94595036a392932a31b4947a7

SHA256
4464ea97364f5fcc4c9001ddef71b6edb5b4a16d38c57f6955ff4edc6abf8471

SHA512
8811ad22426ccf1849a6de85b9f5f4869e283179158686ec06dac9b8228eabf26cd600afec081427fde290765d29e2c2141398e1d99d40584133fa8a4766b769

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf91c2094f55a1670491a67a505b99ad

SHA1
4168e1c3b0fdd906b3f3236070d873a5c521481c

SHA256
a23d2c039b795dc3186faec3f49496fa9107e62c0ddd6642831778d25f356385

SHA512
b8a85ea2e6fd8dba9f37da10e3dda23d296b11f187f870a5540c55e3ae9d19d97bbac0a28c15dce5645ed19ed455fe6154adc5bc8c89a3357cedfb84d9258e18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b14f641b9b94da643f8d467e831714b3

SHA1
870f0a01893bc89787fcf216338c2af89248d76f

SHA256
03b3a33eb6969e8ca550cf5b57749ab58c7c6e9c3c181b89f49986db4e01e2b8

SHA512
71d86fa380c7eeac0a38697802477a7f2d9d4464493ea68e77dd3f4a3509e1965047e001780261e540f9c64710713427e619af31bc50be9b9a968e4845bebd70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
71c350a21126ff7836b83e5210068bb7

SHA1
00cf6703a6aa8b8b153e82827d336dcd719cec06

SHA256
85c70dac511ffbdc95b8100b830362d5a994042779295eed2d7fe40cbd8e0f6e

SHA512
8907a2e99cb78f35dbc2af684bfff77079c1d704e48a5227c2a6d7a0e67cfa895c60c33ea852f7819070ee769842e3a00cb28dcd46852db9402b4d1a5102c506

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a286fb300be7b8654497ef179c3f4822

SHA1
0c4dae96184b0f67e576b52dfc61e89007d7630d

SHA256
7cc80c2d1ddc1ae0dfe4063483a89466230ee99ad60d1ae5342d15d968ac4cce

SHA512
5b31a25981d29873a3770671a1ad028711362391d733212611be8d18c42ccb01a1f9a5d0585d1c4f4fad96fe4024416aa6cc463ed7b4a7c9b7be4099544ae77e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4673.tmp

Filesize
19KB

MD5
7b1d959a449dd15396bd662068376012

SHA1
9779f4d78b8313c1644b6c66967cbf319ee8b7c5

SHA256
e542d3c2707a760cb5288cf81d9621c5f5ba9044f6399a92e2302d0957ccfddd

SHA512
437819879c910a78a68529391d086367dca2fc60f444a14046b2a584bd5a29b39c4268887c3591978a486d7af76fd2ba7fd4e57658057df0a127cc87ec800011

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4733.tmp

Filesize
24KB

MD5
b7fcfb866cf561e8715a247cf683747a

SHA1
ce890b63506f5306dea4d8de46012576928be4fb

SHA256
b146f5d4599d26698360038a17696fd045e0bed255fb806453d986e9dee93561

SHA512
eea4687393e07979a8e8f6f17e59028ccc8730e114234de77709f01f409e3fafe4d6ee63b4ae73250347318a53cc55455ef020a73d5ae42f73cbf7e56bbf1769

Download Submit