01addc07318c0432b2b1e9524d3f2ed266afdcc5b7a49437af18edfbfbc7b8fd

Analysis

max time kernel
0s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 15:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e17d6cf61843b150b4abfd1c7e534fe3.html
Size

601B
MD5

e17d6cf61843b150b4abfd1c7e534fe3
SHA1

922ce330ced393d78d17237a0b77e6e3f8d51094
SHA256

01addc07318c0432b2b1e9524d3f2ed266afdcc5b7a49437af18edfbfbc7b8fd
SHA512

040254b82a60ce061f41d8d182773cbcd7a9babc515fcfa58acbffd1761474d7a1e9f28f392b9ebdcc4714c6246af0f4cd54c97e4a573c5856f039e57a34f2da

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{87618EF1-A10B-11EE-8383-46FAA8558A22} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2020	iexplore.exe
2020	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 2684	2020	iexplore.exe	15
PID 2020 wrote to memory of 2684	2020	iexplore.exe	15
PID 2020 wrote to memory of 2684	2020	iexplore.exe	15
PID 2020 wrote to memory of 2684	2020	iexplore.exe	15

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e17d6cf61843b150b4abfd1c7e534fe3.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:275457 /prefetch:2
  2⤵
  PID:2684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f213afbf14539c8b571d92e2855fb6df

SHA1
79e4aaa8093fe80cb4c262499a4747e8b81ab883

SHA256
12029fed0427401fe3294993ffb72a657dc8e41fe904b2b28af18d317065dd47

SHA512
ddd382724c36ef906fcecac20afe65eaf5cd2fd10abd9970e8fd3bd700a591d3338cc67090791872b652cf9c856f12ac4fbda97beea1a571278560b72d89738d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3979a9cae74df1f539e2ce5bca914455

SHA1
f72286b028eb799afb7e9ab9404d0b4f93960ef6

SHA256
531fda749b2efd813b5f00ea9678046eeaaa52460bcf4c3551698fa482a4daf1

SHA512
8b0608c0565e02828733cb4bf4bf630aea075c44ce2a10c5427b4d14b6d2fb004cc543e0ff1aa092a27d0ead74e6cb242bb8e987e61c8edcd299cb92ecdc5c75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ff3d0bda287dadc68b379178c61cd69

SHA1
5c423d9aab1b6428515ff5267bfe3e119069c0ef

SHA256
a106875b37e5f37eefd1736a60e6ec56a741d82589f6ee76976e6d24f0193319

SHA512
8fd873ebcc35f4cecd88f33d3d2078f6c1d4dd78d7945eecfa00a88c55455a2f9303a77d65fbdb20674de1c95d429b36991034119ebcf0d478b9e8ff81d52d3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd2d8fdb444ee589b1ac0ab2d5ef86e8

SHA1
b363894f0698196322af873cb355f46be4841e53

SHA256
9815382d12a40ec3082b47f0642cb298759668db77fb5a8981f113af0b0ded43

SHA512
3c306330499e7e70437fe6f6dbc43ace190f443eed7f8f410c0a1edb99d8d5df21e7216d571f9603d37cdaa875af7ced7d9f1c4c22fc2661eb4c34c45929882f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ebdf54b31ff77cab619bf6af9aae4d6a

SHA1
2e4ee4873565dfac66a03d25d6bfde9c452f31ab

SHA256
70a0c57f368594438d9e233969fbd20615f92ef374b6a6484b86baa91a02301d

SHA512
1f5e85476e3360db266e2a003ef6d29ec611ccd470ed9f9ed6663dfd7124bf4591f7334e84f54702242b1423520483d7e85d8c4c16861ad56a2aff8fe9be68f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2024bb2764335a4969186fa6d030183

SHA1
5b19bcbc692f378d43fff374bfadac1aa4fadae1

SHA256
754b9a9432ba1558dbfa81d18a4a92308c56564c09ca5e861ffe2803e5b7f0c9

SHA512
08625bfb3c89a5317789d6db297dac254d53792fc58753582dd53430b5e827e0516428afcca68b99045a82f91aa01f2714c93336fff08c079ecd052439c6b726

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
893217d36e9f7c508db59b59bc31ab13

SHA1
31c143100a8aa2f46edd7ef84c6626de7a8e2e4f

SHA256
eee34da7486d7a91c33daf60e2848655cb9dd88dbf9cd7ab4731a1560cbc28a6

SHA512
22ab17df47f3f8d7b0c00ca9ea2c12611cc07256df3f6a392550acd3e7a121d79d621e5e8687a7f17382529dc1c90ec5a527e5aeb762d245377b45cd1123956b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
78d51a294bd1cf1937244756d1d227cb

SHA1
4f8e4e3a48cb7219749ed87d4db9c70b463c5c08

SHA256
c978c9176a5d5522255afa9b6460d6e5e36d91011c7118e74933a95072d8f392

SHA512
7cd8302b3b28a5149a92c47d8431fdde577daf991c5fdc4715ca52ca33c9982e3e40fa3be3cd1908ec23a5f91098883f7cdb9b25c3f48f9938a5ec9e4c9e296a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
071409c88b58554a042523e7db83f80a

SHA1
76403531e52225148bdae3f5100c7b31d0532dae

SHA256
b4fb35a1dbacf968ce484c7a1f08a833e8698d20cc16f01225d6d90617cd1bbe

SHA512
c54b19cc1424315373b13316fdcc77356bc27725d5fc85c2d0dca0c43930745a3d90c46ec495eb48bc969e1972377ad71eebd652f6132d638b19c48ae8c10e2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a62a5874682fd68d578a7c893a4387c

SHA1
75368b9bc1d23e9894763f46d8d63a90b97ae5c8

SHA256
caebfc93124570effa1983dabe5bc9a44d9c75444abea63f7a2f94a16e6052b2

SHA512
3540a6f5d0ffc76d8f9c5c6877dd3c288912714cb748693d3e88f3618eca97550916352d5561769080ab51e0cdc1f56c5bce889abc126400d6fcaf45bb98066a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fdb643887b1b286e1ff3228a0d567c22

SHA1
066463d525f3d952acf746e5d9d6fc44209b1461

SHA256
0982e4f4e767241190b6453238eebcc8edf5463fca0f9e4064f9463fef34611d

SHA512
9dfc57d0645e9ce6d999e7cda17b09b9c5089d3a00ef2d4837d493bc86d44812e269805dd91bc6cdc9a70a2de2ea517a39a14e7f5b45d53e26065a12b7acb2d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ce6b7897c260e98d1c73cca50cfa0ca

SHA1
1ce1d8ec12ff3966abd705ecccf168c662f9edcd

SHA256
56eb11cb2e4daa328633e6a838f5e01682b73f525a679909c5441521b22f51f1

SHA512
e882690520a51e94bd71473b95e82973e30d813a00038ddc01cb82c01cfbb162e32eaf63907bb9e722798193b62371347a428e1a0b1021ccf2171c5cd995a1c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7b4d6156c10b48b88017d550ba54f0bf

SHA1
59690ad6003e45e8b4e9c75626ade4689464cfac

SHA256
0251429ca9d9a953edb9caa47c40272596acc7e2c012a10dafa5e940d630c5d7

SHA512
9f3fd902c3be96dbb03544f13560685d796ac3663e9a5ad7b223e2fc81e7e5d05dd5ed3a4135028025e7a34eca5f418f17607b5db5b94465cde6ca9bf09aba0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
92b015b37228441c835e4d086e8aec9d

SHA1
5809e8c05e6bd5609754d4cb32b101d0e3b52387

SHA256
5ee939cf4420af2bb5ff7d42e4b40f261123851777b41d41517d1f722a70904e

SHA512
8664731ec5a45c4133e861e5d2dc96b3afb5ee75dcc7cba974cefe5db8c558577034ed605816abc3f414b5aa41fe3716a98514862a21c081850766b0d27531e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ff9388de0e38714df1bd3274e55457f5

SHA1
70b3875175653ccac1a2041e253239aeb1b15332

SHA256
054cea0b076ed75bc2db6bad204b5c8dc3a8e280656076cb29ea43c04cea73d9

SHA512
cf6cef64622c1250f8180370d938c5a1a02a7c87e775eda69b7fa376cfe33104e63d2be922351738e126b3c169d1a0b9bcb16277f24b1a8d44816ab68aaba5ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b9859454da420211c99274bef0ce847a

SHA1
54e7e46b576c1a0289c1cb80d98a121c347d2867

SHA256
75925c8d173c4f9ecbebb18e7e50eb3a40a97e49122cb81d2db8b5455da4c87f

SHA512
8af42300ffe8e28eb76a453df41dd9d54aa982bfe609fc269004243deadb795ca72d68e2c78ec32fffdfd07f18a5628531ced598b0052527921ec4c65696ffc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4c0c3756259040e32c1493d59fdb98e1

SHA1
d266cc5c09fef72f86abbd1e4d492c56d72db181

SHA256
0f94dbbc25b7c9447d61b91694faf9c5764ec6e31fc9d84f86f764bd6f5b65a4

SHA512
861bc907a6517fba5bd16bed1adbc3c7e894a21e481137909fe1d5b9d726e470951a8568ebb5fa6491f1f4f163a8c9a751afc1829c8f0d714f06d1cb93ea74a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14057631abea297e39e5f8b872ccd684

SHA1
31104f694b0c16a8b651c17d47cbfffdb020883a

SHA256
b9922a2a273db6225bb2ddb9796ae707b63ece5bc1136afc15f314f8b8ef8674

SHA512
c9617cfddd21697b0bddec8a3d301f69d8c7d22f833016cbaa2e8fdf41d519251936901e1ede586d824a800cf7ad8ff2a5d5dbba81b307f8f2562de07f6116ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac604abde9dd1f81ddf2f87e1c43c7f1

SHA1
17ba5cd1e7a878a2d3882df1699a12d8784309d0

SHA256
538349e1f2074971ac1b5275c9b1150a63cb07b1941910a49f44d8b12ae01b20

SHA512
9a320ff015ced03b1062378cb0592a790f77bfd2fe76b862440616d62d995eabc92b6ae5ae46e155ba3d17801cbe847b7f9a5acf7d26397a204dc491c6c3e881

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ddd1b48e9369b92803d8197220f7921b

SHA1
a7517b27263ac0053d0b956195d3fbe1435f7aa2

SHA256
fc877f2ba67a1cfa8bb09ca477bb7e05c90fcfc7292baead37d513eb6ecdfd8c

SHA512
67aa9f6ca835a5932a69675dd108205e272ade86ccd552570395acbfc2224cdafe3674262ccfcd676ef6d04ca73559548052c0957f8318264bf60c578c69cfd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3ac64b885cd3ed2c9ede3ecb9fc56d67

SHA1
e0374f4b5d8f4226aa5652dc04e7e922277dea9a

SHA256
302a6766259e49fa675a98f95522d19f1f77fe05a9c4b654fbc1353b51c27637

SHA512
91806a6b14f42d37dee729901369e62e24ad562d38ade73ae7b737fd7d143c23f8b58233a0cc5422e876b70ee5cb154af1ad55abb5b332c9206bd49d6697ab01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a147f1c45578d2335c4354136be9ca2e

SHA1
a4b5cf3c4593b1bd22ec27f065546c93f34a6b14

SHA256
82400d276e3a777ec6407911db0991339272ce089ab20b9bc31d8b64db9f438b

SHA512
0702d4c19c473991029e664d1b9adaaec4ebc2728b47ed59873685c4d837b7d2c3713e0e710c2ef5ac1aa51cc9ab75edf1664ad786dcf0aa9d93d4a99c763b67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
47b09dd83ad83befd318142b97f7dff0

SHA1
c21bcb1c8a0b5e21edf7a239752b8b8e4ef9b00a

SHA256
7401f6f7ab4a87898c80ae5a0db773d17307855d5c80373a4aa1a06092e1205e

SHA512
a4a43ae979b08bd8fc069ec5fc9645d572ef71d355f9e1cd6e3eba4567bd8befe37313b97c257bd4be119f01954d6aa8d807be0a221d3fc79cc95c463b82beab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d7b37c38060d2350a0d6c3cac32aa75

SHA1
4b3c824c7803135028f62bac4b4dd8576e0a6cb4

SHA256
b919b69a02cc5b6cf0d5be8230de07f52ea6722e74887d23473bf3c177887dad

SHA512
21a3d2d31127704a6b6d2815c13ca8cb3668ca7b03adb615b5f380c1c97619c83b60b87354b3dfb974284927d56288c80ca80624160dfdc166f88a46df49cba3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2992.tmp

Filesize
46KB

MD5
9e680a84c5128a48da01d70e75ececcc

SHA1
13d4894e4e3ed51b19dfbaa58a2808a9fe8507d9

SHA256
3451eb894500397f89664167678fa4a25e6d7e3c0b1088b42996650d5bac35b6

SHA512
0ae81cac1eb34208c740842d995435dfbc3805011d3c8ee92d30faf809d54a55e845412789b47d71c4c704c72753fb85982a285e9a79a4b7f78d3cca61620594

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2A42.tmp

Filesize
1KB

MD5
fa527dcd6b5eb05e72fc51570a2a6608

SHA1
3380c5ef74408265fba2f67e790636d0ad0a51cc

SHA256
4dc7a4a6cb3be2c334a27a49df89f18f8f91749fe6aa1cf28d548e0e0c75ce3d

SHA512
05c0e217c433949cab210102a26ca7f6a765515b228b217e25c7409408fc167b5a59a8494e1181284e9ec72849c90288f3a066faa284e29d871097ec76291a5a

Download Submit