9c13268c102586808e37884be4b014bfa929ad17c23472de15d7ecbb99f7b43a

Analysis

max time kernel
67s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 15:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dac9c57a89dd75f1207cf84507b75e86.html
Size

568B
MD5

dac9c57a89dd75f1207cf84507b75e86
SHA1

5a389c730a4b3fbca405f05bd2a2b20d0358d46d
SHA256

9c13268c102586808e37884be4b014bfa929ad17c23472de15d7ecbb99f7b43a
SHA512

47968c6a0994064fef642b548eafabfa1d23d808c7e4c7b8fb294f30f162903d875abde7e34625558aeda09a6aabf147514a3327662ec701c9e56d4f9f58b1ba

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 32 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{66EA12A1-A106-11EE-BE5F-46FAA8558A22} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d6000000000200000000001066000000010000200000009c71da709a5f0cc0d057fe48665fbde6dab72e985dd18f6f400a2ae9d7793d69000000000e8000000002000020000000d946704be397c2961594bfac00c743eba12841164e6f65fdf8ffe73a17276f3e90000000ca32184bc5eb402d0dd04bc5d21c275d045604838f99c87ff899e513bc9f0de34f007268cad791bd6616140dafc6e69d641d5c1ab834c75bf263a4df9aa75ca851b6c80182665bdc8cc4a1e6e1e6f91dc7f575508c4e261a0fb14ea77ea7e36601d811fe62a089a929c5a8375b0b06a4319729c0101155121740701cf4d434f12fee82d45bf9dfb1ac66409772f9742c40000000d374f1b46809e656ead4302a85edbe1467ced4f86d61a90166766a2f00d52522929e97a06a7b473516fa364fca81d70e8a8cad6b3b59e43cae82c9cf6b7275ff	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000e1130534682e2ef0c01fcf80e6626225ee0447dede4261c10316eae43ffbd0a4000000000e8000000002000020000000d379fcac77a043ce2bae5a26ebf09485e582ae4b601aa2c7e2a5bce43cd8b4822000000021f1568ce25566f0e272a487b1306e104fe72c4ad9021fb78196e9f21be88a9b40000000f4fd080b8f7d9fe7004de87e4d26d6daa283ac25c223d64ed6d765e6e514c98cee2995b90fb3846522288ce4ced80b26d217069bb4e1d0d1105d26ff65e52d23	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90633d461335da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2196	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2196	iexplore.exe
2196	iexplore.exe
2260	IEXPLORE.EXE
2260	IEXPLORE.EXE
2260	IEXPLORE.EXE
2260	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2260	2196	iexplore.exe	18
PID 2196 wrote to memory of 2260	2196	iexplore.exe	18
PID 2196 wrote to memory of 2260	2196	iexplore.exe	18
PID 2196 wrote to memory of 2260	2196	iexplore.exe	18

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dac9c57a89dd75f1207cf84507b75e86.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2196 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
73c25f31f6940d5dbbd4fa9d6ac5acba

SHA1
f450413e538efec2c5a1ae35ad770db5008e75fd

SHA256
8a92afa76c9a1da27563a83472d768e742c38ff81a26707b937859f7c668fdbf

SHA512
34095a367664a9e8c9b252f918b2ce833101fbdef58ab8bcf19ae855500e3d734e07e17974bc8e65231b53757ce7535a484ab08a19e212bad18e10f785d8d44e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e06c295be5048ffe4af66260f6873e82

SHA1
c465236b3c0dcd60e636685fe16812cb3515add1

SHA256
089af9e1af915f4121d61f2108527487e2622d4cbc09382c1cc63be54ea2a3d4

SHA512
4145425afedc3b26bdba6f8e69b25c8028bc02e7c2ad483a927341ffe9ba297806effc825f131fbee8a0b0fd89b92831f551e0a9ec5f3959ed10b5af920db8dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
de1fd1e1de6cd43a215f133623f95e91

SHA1
f4838fe9b03caf23c2e0d52ad9440c971239554f

SHA256
ad5718536386eed27f32de81db2aee1fba7dd201a6b4e0a1a529a011bfcd5437

SHA512
0132b99a1d963548c4d841f8e4841d2799b9ce57c0a39f0bc177bc112442056202cfab19ab517d856866fd93328fcacd65d55f52425a8b242ea4169cb1d75c4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cdf71435d8dba73f4ac701d4b5d88a66

SHA1
5994c3c963ca347830940c206182eb80e617dfc8

SHA256
e8bf26b60ce8f8385ba1507593dca40865f669465214a8cc3efd4b3aafb1601c

SHA512
d2cdc9277cf407cd4c5511244c3c36228ddd1124293f4722019db3975e44db74e9d0ca62da9c9e0a220efa793c6f434daf72a61d5ccd41d0adeefe6e776d5355

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b2039503f3341031ceba04bc93f3cba

SHA1
746fa15282538568d7df0aeb9c7bcbd4d19fe145

SHA256
1ed974a98defed7299989df1531e5af09f5187b798417a77cc00c3b2ab04a6eb

SHA512
5eaa9e5aaa79a2c4372cef27ae8cd5b7e5dc8f14f799b319bd27858bc6de219004df726d11a303db542604cc2eefedaab06807f37646018af341317d4a7efed9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ae4b63bea0cf9b2fc006551f647bcb3e

SHA1
6358c1022519336a4825045ff48e5403b1e800bc

SHA256
07e63285fe6962c231a06728b332e5aef9b5bae8aaebcbb9ea8e18cd3189a07a

SHA512
3dd37efca6cbbdfcae28783709bc1243c8758d6228e74a2837313bc650f0510d80c08097968e1feaff4e6875f9fa2b58f915eb6950934c244787e0e0e7d48d28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ec3e35f0fad2ad153d9d454d779c3b73

SHA1
da4133320100f44cfbeee580ba355c2cc1184625

SHA256
30a35661793aeab1d1f733f29da92bb2f0bdbbae844c3e79b22efcf74547db21

SHA512
4fce4296779bc1bab0113e1091f1de1863a484367de17507147fc424625b885bcdc7228544a7713e85f860cc3502d1f6765aaef6fba4e0fbad6b074fa4144767

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a2cf7e74f22fd81afc23874404b9e728

SHA1
cc1d5ca8a52a55bd686b61b3f1733b9dd2078a04

SHA256
9153c04a5b54a11464e868dbbc9bc917e134ac0fdc383a6c3bed4dd58baaa161

SHA512
fd88f2a688bfdd27edd9190d1b893cdc50cfdd569b31f00d157844e89754ac23fd879155661b7512bb2e82131e6371dcf8f55ed2de4a1784e5d04c666fbf02d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
afbc96f0ee368685564fd94060339afc

SHA1
1194168264ffef8684f40c6ed14a14ab62306b8d

SHA256
537845a8c55a8d95a1036fb8d981a23cb63b77333d18a5d9d9c5e5f5963e0cea

SHA512
ec2fea56b81becc57685848a16a0e4f217dd3862569c466c7cd408d4086059c26e0764e8158935543b9e4050330e4576236173ab751917097ab74e50220ea3ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
55b31357d48dce5914429439fbe3c50f

SHA1
cfd3ad87bd54c9bcf2dba24e43b35324d651c46c

SHA256
c7dcca6ab5905dcf36a4657fa30ff0dde12a1c2cf1592a34b016cadf4246e46b

SHA512
67fe8dbf8f802768e6c6cb301e0333eaa7df31fff93b38261915dc45a177184b4100ecd6f21964674c5ae4aeb8566490095a1e786d1ce18149129699777ef32d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b231c16ee050b64c69e84b20af3077e

SHA1
4e00cdf5f230cc73b50e2c8df413d4c89db11d82

SHA256
ed93206102e1cf1c582b1c66dcc3cb8a8034a3ddaff1e4c1e2ce454dd588f5c8

SHA512
5e17f28bd57de0fcfa41216d474e63a3bb01c0c2c8eec6699fefefc6f3afbfd789bd6c55d9db2eca1e925473888a26c1ea06cba752ad54548bbfd22daebb8d9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b545c852ec22b2619ca94382f875c22

SHA1
f2c5b3deb60dcb31191bbb582227335b623090a9

SHA256
a735ac1c2492c2c848d3a04b321d6a6e802a97bfeeb92c37b0ca6d3d16a4753b

SHA512
9d6258af1558fe55237217e32df3f2260207057fb83eb82ea93d12e13e55bc0afd7a95a01bd79e41d3de111a7c6134f58f652a37b927b1ffd6330a076c7f2a13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dd7128f92ec36bc026d266d703955fa7

SHA1
28cfdd3beedfdc33be16c6f4d2b28f862de77db9

SHA256
1edb59c83991aa5196c0b3344706e4bb865783af207bc0d6ae458d29cb6c73a6

SHA512
16881e18361dd6b5163cc5d1996e856dcd5db47db4c68f0e0fac8d33f8d096de9be2b088f967dd75fa9aa4b777b0f4c62a639786a7ddf49743a8a1bf8080ddc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a95e3f0ffbe805a93b9c0f9902694e1a

SHA1
70f05f4fdce3806d6106c765e2108215ccdfff00

SHA256
be4baf04c5ca3f8512b3b1329dfe558462d8e47c0689ac51affe3668d31f734f

SHA512
ed1bc88145b53b34e2794d15ceae271f95e8bf187ac59b173ad72b4baf8ad56c5c98b302e7209ba14cf4ab96efded6458f92e3000579c06cb6d0c3ba2b4300db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
46d4c4b141744eddca14969db581b9f6

SHA1
de2e98d70559ac4aeab803aa4f7a3f5c2f4b8323

SHA256
c3602a96c3dc89d390767c048cbd49842303c1cf84e47337fdc2a1bccb75cb50

SHA512
3e5a2a0fb1354868ea40e8aae0b52c67a716bbd946b1d995c5bb44d03fa6b23a8db2797cf122a75cdb1d291ecf5afc1c251761c7ac8a9ce5992c377bbfdf5fda

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1335.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4DD8.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit