8a823267bd3b06b6b0f9134d56f722a1f8065d72ef8f0d2d2547afbd767fc155

Analysis

max time kernel
0s
max time network
146s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 15:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dabbbb07d990823c6cd506bcea05cd9e.html
Size

186KB
MD5

dabbbb07d990823c6cd506bcea05cd9e
SHA1

803871549fe1f9ef1ac730aed6c1aeac2d5e0b35
SHA256

8a823267bd3b06b6b0f9134d56f722a1f8065d72ef8f0d2d2547afbd767fc155
SHA512

fa02c114300d2c9cfff1041d3a0e2c2eceb628c3cc0992af6e1ac91af3f8fca55c786bd5b7c9e081d6284bcccdf5915fba2a2cfa3327747947429a1a810e0938
SSDEEP

1536:qdEijZeqLbEijZeqLyJSb68bKKfLqahiHIOQxUBIss3uxbKJWQn25iT/PiUTY2hE:qdEijZeqLbEijZeqLyq28w7Fv

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6B15AB51-A106-11EE-8221-D669B05BD432} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3040	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3040	iexplore.exe
3040	iexplore.exe
860	IEXPLORE.EXE
860	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 860	3040	iexplore.exe	18
PID 3040 wrote to memory of 860	3040	iexplore.exe	18
PID 3040 wrote to memory of 860	3040	iexplore.exe	18
PID 3040 wrote to memory of 860	3040	iexplore.exe	18

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dabbbb07d990823c6cd506bcea05cd9e.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3040 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4A9377E7E528F7E56B69A81C500ABC24

Filesize
889B

MD5
3e455215095192e1b75d379fb187298a

SHA1
b1bc968bd4f49d622aa89a81f2150152a41d829c

SHA256
ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99

SHA512
54ba004d5435e8b10531431c392ed99776120d363808137de7eb59030463f863cadd02bdf918f596b6d20964b31725c2363cd7601799caa9360a1c36fe819fbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
13KB

MD5
17b411f7e431a7e07b443a06948dc863

SHA1
8f321d5695eb09e7dd95eee3f90a7f2fd690ef0d

SHA256
72dab48c52abb7a8f977dffbfb85383bef4edb08811d326d4ae2367949e14468

SHA512
f00fd9cf6ea715e54a25db4b31f3a2706d9875de5d9349b76640007c1828550af26435adaf7a767b2f23f6591bfff44c15c632a990002fa511ba884bd7bb4a89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
4797f7f7efff0d477934f2bd0aa5ba94

SHA1
086d0c023ed09bee463ac1e610bee37a894d46d2

SHA256
ca9c26980e71d19b3937ab89b5e87617c6b1f150420d2e4863ff301e5f1b8f99

SHA512
63ea8907180bfc0444b7263f875cc3cf71bcf2ad4e5704de250a073b7fe899da63d342d177e1eea80ef7611846b3ba26f5b6e6ae694a38d21638d54c5c60efe2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8352f6f7b6627d840dc8e06341ee4f08

SHA1
1e17d1372ec599dc737e4b96fd2f6f58946dc6c1

SHA256
dfac0abe7b603bfb460bd3a047c6fdcf5c58bd951593e7a76e72444007c2d78e

SHA512
8f9ba01118a438b91c4d691e6b9ed045caa1d2220f89807c31caaf70806d026552e130c011b0275a52f8c7c6393c129381b12f3fe7f1094e1a9486b8f18e0c50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0bae04113ed3a3619109e4ed8b448c9

SHA1
9d270fbfd8313d4e3ecfa57de8bc35f0cda7f216

SHA256
0da4a1aeb0b567b76359d7b4f206e71ffaac1bf261ad97f8d13b0ff16064e22e

SHA512
fd6759b900e1e8d9eda5353b18241a461bd738b48ea1bd8e7b1a4d5360b8dcc24a1db5717d9aeb26a7f5aadaa773f5c4c2fe73124437b75627a793315ced7b88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34252795371d5bee3e53022656be6f9b

SHA1
c717ebe13b60001a17e998a1173901bd0706d2af

SHA256
5614949695eebbdfc4db774da71b543062bb902d9a7202483c2a8bc934a7fcc6

SHA512
f69f430e968a124b5c886cd9ec8e4cb02ab880350d190a32cffe52c6e89d40a8324a5f0db9efeecdc656351a6531892a2f34069c6132337c7c4b0be06cfb17c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c011722cf56eb9d861e5019cf2e9063f

SHA1
e788ea4af99f793d5afccdc0da1760ecf93a8bb1

SHA256
cc498000b2052683f43bd079a5274e17545d43d0b16dfcbe236eba22dbd30fa9

SHA512
60b3942d9668d88e18f6463441207d95ec23597378a027e7febe654649de9c5803b291cad33f79cd4c79677469df824e189effa73c1680bba19ab6ae5d5cade7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9fc379b6f8ca6d9a0ea7494f20ef938c

SHA1
c73a69cab33053f156320d919e2eb2abb757bc82

SHA256
4721805410ce3584f3db9c2d1b7f65444c0bcc7b8669fb5c5598cb6118e17c4d

SHA512
a0a811952774d53f6d8df0f299130387fe58bdd7424fa03dfdf477278c506e44efaf736647ca6bb38624f1713847fe247b3c8a76b0d5369fbae8f34436f94714

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9943c2b85bbf611011cbfc1ccd409b3c

SHA1
0547e4037e9c6c2e2a8c0a1da4c1cd90d5250435

SHA256
ec4d8ab0aba434f6f5dcdd151a31a26658bdd515d384b28946cc84eb2d2c96f7

SHA512
8379c86b0b21feab811eb830975206dbcd510a548b1e5c1011c631f05e8a18ef6032c81976e87f834de072d252749c6994a5421ab90919ee4f9f17c751e093b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f191a5a9adc1afb099aba72d3b30ed23

SHA1
e999d8fee80b904888c191e8b185972bea8ae072

SHA256
02a434b908d4e1d1efe71d2065d8cdb8c6be518d360bee32927edc67886d7788

SHA512
478a8a6f1fd7555cd11cd0f502e8eda646fac86bc685c4425abc6131ceac26c7809b1d1cca4a1404015284d5c249bf44cfadd3cf7b6589d714f4bb06f025fb8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
396adf8459b531c93944154754f02f16

SHA1
67e95c822f1e9742e1b43cce3d50d9b18cc4dd2a

SHA256
8c3e9e148ae02554d826639b6de4e8923c66300332ecf00a58057341692675ff

SHA512
d56b8014173d2501d8826dc961bcd65c82373179f10e43be1bc4637c3a828b509f73c9a4c112bafa2fe23490104adb97f579366bba0f0577637a159d32cf1250

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb7932ef97666f1a585e8961a9bc83a3

SHA1
abe11332d32afdfd63184613d2f8746efe93efad

SHA256
9e5c2df0e89cbd26b511d265c7495fe6bd236a7e58cbadab72a812cb09e50704

SHA512
7dfcb0a6e115f09a413db26fd62eff4f7d63f16c17d487a7a4d7f30e1d61214a1cbe05b7f09dc4e38b3f45187d5be8f8bec34a0d38648d88b1cb8b57d84aa257

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e3776df5db5dcd8e31ce0b20352cb13

SHA1
cbb6dbce79381a9c98fb717341d8720458222477

SHA256
f3e23c49fea72fa8d6e6be36ca2c8e728162090489c16225b7bf03e76e5115e6

SHA512
bf598c474bf91fac6e47e49f98b87aa043f54b461c7987bc495951bfb33de2749bf26e77b7f67b7e5ee48a403519cc92997c35dcdb8d31bf1bc47206f178a53e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fefabe0f7b9cd046b952cc4d5bac8381

SHA1
cf13bde15478e2b7dd3814ee6486823a16f0bad9

SHA256
454867e7cb2fc58812d36eb92c227ced4d835d14e7d7971dc044eb556cf08927

SHA512
34ee57ceb17ad9dfa8a4d7b7a14efe89fa740a30a36074218365ccbc5129d9aa42286abe783d92c7923a15e7ed1228e9d207644bd81f9c5611da2310c249db79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
35e282a540dee3f8034c5c068edede94

SHA1
4f32f172687b0a19d43e58b289d34f37a8bffdf4

SHA256
916922bde7277ccb0bad8c839b90877e2f27436ad1f442eec20f752b965ea837

SHA512
6ebe58a9233b57c4bbc8a2dc8fb15ae612031877613996254eb1fbd9a70ae297f986bd8bb295979d99c93a43d59de23bc1b28b7827397e13655b5647bd0ad13e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2681c0b7efa973d12504489c97635d9

SHA1
ee538560bc544e10afae609495e779de1926b73d

SHA256
bc043c8038f9975a16ec8b6f2e4285b37d6bca13dd927f771f2eb7a7e19f2748

SHA512
2f013165cba8937d6854e07420015e5d7e33c354ef3a1b9f390b53bbccaab02d29ccb9c72da7e470d2a75a1dcedc7b9804f1b00f28c0367a59501963e7b72494

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cef839f38b69667c7e6caf764f0ea849

SHA1
27961eb06638181ce4359582830e900f8059e485

SHA256
309d521853d5b93968076f7dab783440aace8cf60f2022a5f0fa52d003215b71

SHA512
bc4bf1bb9e7ac898427c6caf48780d46cecefe6f7e65495fb47fc76d2d975b75bae28c5a66898fc798ebfd173fbd7573c5c7e288ea3d395b835b45d285b41c71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
c0c1d101e2d6c13a4ae4002a093b96e9

SHA1
89cf10437194d3327c8e4e87a47a07fc041029d4

SHA256
4df89428ea2e47647135934a3d663e859c62bcd75c8457d6f30cf1bf5a8c1793

SHA512
fd631d5ba443ce06acb162c71f651899b25fb8669dd0db693eb699f05b07505bbcdca035a68a2e18eb77f50a3cb2c0c210bd534e5ea9b020c555e3ccfd482af2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MH2MNAWD\invoke[1].js

Filesize
10KB

MD5
dfa7cbf0ea644123c3bf6ef2a9a12a14

SHA1
8f2239df842444c344358d477ebaf4d0d2f6725d

SHA256
7a8e0857227f3a7dec14c29ddce00289e14c3328d27ab6a7b16389d086fd745f

SHA512
4dc3f42584f7da461b2ff191df487de69830d9b24c11d470589e296ba8ab9f1151ba67fedffca7cbf6d03ff03c02fed31ca854c60726da08fed253d9b1e3638f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2467.tmp

Filesize
49KB

MD5
dc9da40bde29dc21a396e3092b1acd9a

SHA1
d0861a1bce2584fb90ba2da49ee92d69e2d654ab

SHA256
184f2a4bbb10eee9e68a4ff82fc81f5f4ed4c1f8194c6e71c685325d7c3cef1c

SHA512
b97f694d0686c0599dd31bca119df53441dc5a8d4d63c35a53f8a0ea7a626889a58e14b63a5ad8fca78b4add30a090fdf9fb0b725aeb3ad6125b5256479cd77c

Download Submit