ead3f2df450747da0511026ddf96c1b04191a31130416be342753c2be06e3ad1

Analysis

max time kernel
2s
max time network
151s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 15:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e27c973acfe93a2c91a3d2fb27b4199c.html
Size

3KB
MD5

e27c973acfe93a2c91a3d2fb27b4199c
SHA1

94338406d5a5bbad9e9b8d24f9250fdc18bb8f37
SHA256

ead3f2df450747da0511026ddf96c1b04191a31130416be342753c2be06e3ad1
SHA512

d18292014aed930bc3317cd2929d8c6f3b441ec575ad1e54faf9a5ca2c06c8f0ccbdda301b26e40c024643501043b04e360251a9188eb4018cc9bd023166439d

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6B0A1B41-A10C-11EE-B665-FA7D6BB1EAA3} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1664	iexplore.exe
1664	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 2120	1664	iexplore.exe	17
PID 1664 wrote to memory of 2120	1664	iexplore.exe	17
PID 1664 wrote to memory of 2120	1664	iexplore.exe	17
PID 1664 wrote to memory of 2120	1664	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e27c973acfe93a2c91a3d2fb27b4199c.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1664 CREDAT:275457 /prefetch:2
  2⤵
  PID:2120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c5485c0c3befae3285994764e1d1f708

SHA1
5cbb631709c63807e57b818750c3e26abb719bde

SHA256
78b079fe30a93043760334c90b409ddfd63dd7ac1363ac83b6edd1c2e537129a

SHA512
232014105dc82e8b86b7f096ff96a1f05e999d9c730c79958467b66e85f4be36d45b6a480e000be792879b7ea4846633434f1fd334bf2ba006ce7e74c13b5fac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
305ff2a8defe642d9d03f4a96a82ae7a

SHA1
9e0e612af3b3ee81770e299f7941f3576d611606

SHA256
ed8c7b108732c9fe62d58d8c8b8c8538e226ace4dcfdaf0fd18745b032d869fa

SHA512
9e3982615f04cf7ab0912052464874294fbcc4a439c486fe8846cb36c66852bb470d8a39acb04a89332b45d179f9cea836045f8d421c2d7f4a4110ac833bee2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a36d702f88376e262aaf66baa791ef56

SHA1
0fe35609beac52ec1b483f932b4ee1dbbcf3499b

SHA256
af25042294d4eda1fa4567e8b11faad5bfeb0480ef5dc29209c168c8982f6473

SHA512
157b8d010c4c086adf65ff1aca7000cbf1d350b65f32582e48528f60a6414837198781c026e4d8baa4d96c8cb804fa1c35de49719c2234091cf285208448f3e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
500e33c7c02708ae59e8d87a85eb6bdf

SHA1
9577fd690f086494fadaca13450f6ed65252f3bc

SHA256
784461e505f324eb1d0527781b041f17fcc4145af605b89049b65293b080b5a7

SHA512
4c00acb68b6ab7a802610500c0b5565228ccfb4a0960c6031fcf5053eb23582e8659779cb6a0dcbe78a58dc4d4fa400df625cdcb6489cdfcb0c9b060f6d719bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4fd463ef31e423cf75f29dfbc75ed300

SHA1
e1af66fd0476daebe7c4f46e646fba3249770fd5

SHA256
6ee88a14d0f7b7e1e1d2c5ce60e340e1de76900846e1ffa6d556f0cb1906aa71

SHA512
5fa5635c233f1e3aabf84b02302da6a1011e82c6b9f0386b9c71746474002990d4e9c27ad5c8cf231b46c385f46446c9e398424221dd30a83e80118d9a05ae14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d4996c8f12ec1e8425fbf8b12c2e97a

SHA1
db8a6cad36711306a91064a797e255c338352e2d

SHA256
fdcaaea769b9c7b408b83eff66178504d1759a246159c9e12e935a0949e850b2

SHA512
6c9b59f5d25f0a895ca50454a23ac28233e25b4411933be811ccb39e00fadcb9f033198f90d3c2b23751e64e95f6d55ea0f8679429790db350aa767076bad234

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f6874d3221ccf57c4b1f12ab1ef2f7c6

SHA1
52d60350180817c94e42a8c6fad7b37f0b4aca78

SHA256
49fcd43cbf42a6eb1226c08ac7971ea1f8ce4b0ce45dc452f5d0e0c5c71f4039

SHA512
603b1544fb75e87e54d75393dc8e7f1a82e435f5ee71f280470f9be0566bf18d4de4ea7058254353385a94484d0c961c3a26948dde98e67214de10ad3f3b3626

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
06d75165a9c40d804fc576512b7c8620

SHA1
2e2bd2f941f4ac4fca4d1de3bad7d4a2be93c492

SHA256
29eebcbab18f5dceab65a02631eca66891e0c94de77a490dcb3067c1b9d783c5

SHA512
e38fab199a81e942819cafd6998c6a7b9599691bdedd2f2f54121b719c24bc75d4be9d7202312a49073b0f6d7664e13c0445d377b5ca16b12cf98c3916747d8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
155824a5c686bb62e93b6351419ce3d5

SHA1
52976ed015cca680b0571bd49b835586f7e7e9a3

SHA256
df65233df8132ca5f6409648013a0082b665a19d4bb55eea3a62cdee8ba3227b

SHA512
9054913d1035b74a00225b862d9b0b7c0eb7efe8ffb88917abb1b30f35fc746d19b27418f11c7db6bae25fd6366275200eb72a6e16b000f52beea62e5bcf95a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEB79.tmp

Filesize
1KB

MD5
1f1a3b101012e27df35286ed1cf74aa6

SHA1
46f36d1c9715589e45558bd53b721e8f7f52a888

SHA256
7f0b1fe38c7502bea9c056e7a462ab9f507dd9124f84b1d4666fb7d37cf1b83c

SHA512
d6f6787de85049d884bf8906292b0df134287cc548f9f3fadd60d44545652d55c296ed50e72687f776f0bf6b131102b4bf9b33143998cb897f21427fbc8306a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEB8B.tmp

Filesize
42KB

MD5
7805472bba92c4cc05e3e20d786a2e64

SHA1
40bb19c61ed0717c24b8b5f9f6545d8b0156bce2

SHA256
64d5a661ccbe705c9928d2f7dcddce3e540d92ca4001c25fc0d5ceb422a17e3c

SHA512
aaec6564c5971eac05c79d8bda246f2db81a1246688437222eb2da5d2e22ba0069440d8bed566b2414b07f843f2fe846a677cfbe809a8bcadf2a2869381a3644

Download Submit