faad2ee8c9b0b49037175522706b54d982fe3f29478f9c07e0a25b2b19775ec4

Analysis

max time kernel
0s
max time network
132s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 15:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dc1dcdef8dcfd941a981ab7b23a966b0.html
Size

1KB
MD5

dc1dcdef8dcfd941a981ab7b23a966b0
SHA1

908b2ac107c944cd56c334b50e49ce2ec8618f71
SHA256

faad2ee8c9b0b49037175522706b54d982fe3f29478f9c07e0a25b2b19775ec4
SHA512

09989df22722ffc04fd882db1d10829407d8565468a2bc95e935a2a79c95fbe4e228763befa538b0fe49437697705a5f190b647de51e144679bc34298d15d2e7

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7DDCD6E1-A107-11EE-BDEB-D6E40795ECBF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1968	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1968	iexplore.exe
1968	iexplore.exe
1704	IEXPLORE.EXE
1704	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 1704	1968	iexplore.exe	18
PID 1968 wrote to memory of 1704	1968	iexplore.exe	18
PID 1968 wrote to memory of 1704	1968	iexplore.exe	18
PID 1968 wrote to memory of 1704	1968	iexplore.exe	18

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dc1dcdef8dcfd941a981ab7b23a966b0.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1968 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
f17e06d38ec883f0d0d25b6823fd303f

SHA1
013aa1648e04ac0f6526a7b4cffe0bfbbcc598f2

SHA256
d93ffc851818dc21f711160a9c90659199989cd72405f8a32392b3deb5022cad

SHA512
7bdbcaa8c429397d5a941b1b624a791f2240be67ffa8914352033f696e5e8fb0b71d5c198eab927d66b67a4e23b1067cd269095b05e13c77e9fa633d55bebc85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ca8cd300f1a06f39ca2e0c6d3705417

SHA1
41c3191b4a373b9673566b6721a7fc0b3d146205

SHA256
4ce9e27c33219ce4134b92ecc33de311e346c87e8fa9e0994a99da37ba4762a1

SHA512
96607b519780eb3392c082cf6518e85037c07f8c5a4e9fa287619133d2f153d75c920747f6fb7d1609bdd06e5d4a08c4166f72ae36fda2b99d3b2a2440283b4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a9f5ea8dbe33b5960202c695f2f08584

SHA1
28d7380164eadc6ca743e3e37f56f5d1b5834910

SHA256
46e8ba5c0c4c16b349582f1bc05ce8b74304f8775226daada8567afcffa97e13

SHA512
3492394fbe488b6a7487bd31bd02564b2bb7e251c9da236c6fa8c46081d5e578e4a96d413b9c3917ee48d3db98a42400b699cc2931db7f50f23e342233d56509

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed26e10920e90b94f67ee12e03cc872e

SHA1
e465f6e5af917cbb902cae8587c71d09bafdce83

SHA256
91511b833db8d1b365ba8c3321dde45aa3c88121534d3d89cab8bbf3cf555265

SHA512
d41255163f7d593d4c7270fb215dca0b3c0a60c0be3e15f17f1ff178af4f21c5d3a103ec1d4cc464b03c9d8fd71a6469cb29b027c5ed1bbfab5e04a6a0cb272f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6383edda794b2608141e72ef2f28792e

SHA1
2dd0937db7d8d3ed705093129bfe3a27b1a2316c

SHA256
574c26294ca47a422233a7ea098edfca199bba2a4e582599a8b4566a63ad0aab

SHA512
ed97e48a62ec569f19dd248b145b9cb7b03ad16650c3766013cd20977912d6f2cd131f7998cdee16c1b48b389e05de70078b09d1512b6861f02384bd343e94e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8dca36838bf52145f6d46ca5ae11c531

SHA1
4bd1e094335c39f41d01d05d7763f36e317098c5

SHA256
e533613a54fdedded15768e50bbd184205bec6b8e0f0da12b799bdb8f7da1c39

SHA512
dbe5d5838b022c46687881181b4cdd2dc74cc5cceac6881cdd6bec3f477da775e187e577cc13206fb936d4d4c9c9ee19ac3d448cd011cdb9f382b03bda7bc611

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f13c72a7ea7e9e0569285ca03e26ee7c

SHA1
717573bcabe0de48c427b83e48eabad61d4f2ab9

SHA256
0798bc912ddf5e66d74c9c72bd911ba4006c6694b78af072fa1778d620d54ff5

SHA512
99b59a828dd44c3b23e45544f4df540f0a127e9d51491aacd2f4926b26bed9ec27f184ed525ce2df97c22cf9659978f096c2da4a026455fc7cb8ddd514182794

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7ffe81a5d4e0c1d9a28978106df4a027

SHA1
cc4ce08504c2c73d87fda42f7cc4ce7d686e5a1b

SHA256
f48761a0ca4967bc136b48a9b1c6042da7f16c1e5166cb7579d23052be2dfb2d

SHA512
ddc9cbbe5f60f2d3e31136968fd75710dea63fa5d12f042f9f21a16e9c318ab7acbbd88beab925fcd019077cc9e4ae2ad1ff59715e3448ef290d09df11090ecd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7122ab4d8c0b3d9d5879459c46da597a

SHA1
50f0301d87f06663734221278df9d4c9f6d0db58

SHA256
f99767158a90dc08eb0d4481d2977a0705e43a9a57c94539c6b6c274ef5a0642

SHA512
2e611f6ab94e6dfcf52e0b818930251447d64146b90d9ac276f94526241bf3f1d0092265af8efde0dfee93e14079ba73b8112ee19d1cb34ec1851fb6816aa3a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6eaa9b349ba390def57fac9127fc8b99

SHA1
86bec65cf0709cc62dc83e1fa819842b74cf0951

SHA256
f65f0163d52b5edeb3bcad9771c183d2222392de76ba9ce1f9342bf7d74eca2b

SHA512
aeb5c92504db818a310661432a52e9c994c2b483a8fb9c34f823fcab182a40e1cfe8abb67cc5690c50f46b17e38f466b898d064074216b034aec71968db4004a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3105b38a6978f42029862826ca61833f

SHA1
1ee473c8d5914b83754ac3cb22e9cc56cd154286

SHA256
faa736e100c7fd9f04197f5f8ee00e3d4a18f16e90841f5dca8a5e264b8e4057

SHA512
e39feca7d7b63fbc3b6d4fa15815ea0e39bbfa9c5cd950cad29ea8c0f154c67e3ba5250d138b8cba0e9591ea0d7f1fb9b39aff9b5b93653485e57a36abe1fb1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a82527ff7b3a4c1dab0e20f850acd73d

SHA1
ebe77728eef4dbd854814831cc1ec4d8b31342b6

SHA256
a4c09c74c2dc559b3f8df586c7c00df53d4af58d1cdcd1c9fb0a97e1f093e361

SHA512
ec58f54074a6a52132450a26161859584a7d3957d3caa1e45885a4e61515af2d4e10b9a925062587fbb98cacc1e87bd7000fafaaf2428a486b5055a813fe7cbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b95ce5441a790358deed0c98b9c78a97

SHA1
2ed434cd47e309e98761140b87e2bbd5d8086011

SHA256
4075d3c6725f7da561b3566149c76bef2c6875e6b56f19faefc918d92078587d

SHA512
8fcd96d37bf8f63f4684f09e17cbe1149602b6e8f623067dee949441b661c2ebf22af70ef5424a7e376602b4d1c06281e0e26f7c6f2605c4cf3d5fb8c92dd2fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f807be7ef032caee452ec88448859c4d

SHA1
6fce2e95c94956d35104f8aa9f40251ae6935ec1

SHA256
484173548e9509afea071d6fcf1ef0d9648dbdb0ca2e217cca2e406dc7813df7

SHA512
242ce8001cdc1914fe59e9a698b8a969ec083c70a2344b13b4abf28dd4ab4ca761175c52784207122162f9b01ecb13e6ea39212b33d779be8cc18756f7a68b3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7565502f4c41705dc2a8b7fb22572a99

SHA1
cdb1a1dfab57c915834c27ed54ea353f47df59ea

SHA256
5791fcec7e207340e61439add5ed410aa3b333022283bd0cafc267288e63b4ea

SHA512
e61276da6f64cad01dc7ecbcc8762f3f894cfbe6c28c36353a8bae93fc810326c942f6ae315b25d74924dbb5ca9e2dc0a7783aab18c838efd98fe4f40453f8b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
da24f052b091f7b19f9eca708b853adc

SHA1
c8a54cf01a818214f0c18c3556de251b366b3335

SHA256
dd09063685b07cf0b11556f23cae9428a110b77a6b990b7fd43ba2e87b1a0cb5

SHA512
fdb9f4f9c1d85a98bce51179aa4243286be78c8ca5e1ae59385f9edd2dd98f6f23b13d0de4939a34e4725c22bbbf93e0ae4b98d6a67597732cdbcb1ca9168707

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6835d2f0d66815a0027d03485386354e

SHA1
f6dcb4ad17cc162ea68f066d6dbb52a2f206a411

SHA256
81a7e88159209a6ac722d0e22de370482918c8ef60db63574f331d6bc9a77220

SHA512
24545d5bee409a5f92ded981eb327e4635af38ccdfc9740650fa86db7243344834ff31a67e8b13d4449e56d5009b7391b6485ed1472f3494a6ae6c17b25d9e1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f791c84b2181ad377d5c391fa86e4dc3

SHA1
ad348477c56603280d1819786b318e6efd235b38

SHA256
ffa9b57ecba031a931a1be93c3a75fe05ffae999fd01bdb687698979df12a5d4

SHA512
e5e466ae292c4b695c1a332633ca5968d099773bfbfc7d2b2dbf91bc3dff6e1fed7e40c1aab63cc6332c13205b05ab5f33a0d9639f877e0ebcd7e2ff596e0241

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e29569c99393f039d505d1494de7d5a4

SHA1
ae7397ce4171dc2454a86fcf8626f37d7f6aa39a

SHA256
fff773475ebd8205acea2f40e8d69a1916d80ee20a9a73d6d63bfe38fbf52db9

SHA512
8cbc278d96f3cdbb68ce89f7063608271ce0a0082eeb7f4e3bdc0de6df6024528f069a37968aae3e6394e119edd6595682e553c6d87f049c36dbb2c717b58f86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
73dea8ff562d3fba972a6bebe7978196

SHA1
c4a0e4d029461fbc375271d5132502e106a2ef98

SHA256
0ca42cdc3d401981ca85321d46cb7baecd562025eba18837fa2665712bc360c5

SHA512
11bdc667fd92149b7a6b5d06f7a91cb5da0a48759d45c21677fa9dc0f76acf22a476b3d0e871bff814116b48a344b6a728be2294f2360863fa555ece1f2bca4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1895.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit