e54cd968449ef819de902ce883bbda9a4e7dac97c103fd2bb033f0524f9ffdec

Analysis

max time kernel
0s
max time network
127s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 14:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cf3bcbc71e9b24934c5a06f1ac127c47.html
Size

6KB
MD5

cf3bcbc71e9b24934c5a06f1ac127c47
SHA1

11d3a4597904bd4a95313e856e4b7616f48dd9dd
SHA256

e54cd968449ef819de902ce883bbda9a4e7dac97c103fd2bb033f0524f9ffdec
SHA512

e7cf1dd830265c6026577484e279e409a13aa856cd1b4c106e98ab062d6b5fa6a17ef5aac67fa7603f98aad285c6fb14e3fe6df54edcfe5072016fc24eccf1f1
SSDEEP

96:q9fwOc0FBFeke0f4ffmHxoCsZ46eLvRzflpOvcqZOvkktifIIRxwUbfsS/+:ufwOc0FLUmHvpOfZOO5R9zy

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{419B5121-A0FD-11EE-BD3E-4EA2EAC189B7} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2948	iexplore.exe
2948	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 2984	2948	iexplore.exe	16
PID 2948 wrote to memory of 2984	2948	iexplore.exe	16
PID 2948 wrote to memory of 2984	2948	iexplore.exe	16
PID 2948 wrote to memory of 2984	2948	iexplore.exe	16

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2948 CREDAT:275457 /prefetch:2
1⤵
PID:2984

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\cf3bcbc71e9b24934c5a06f1ac127c47.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
f52b3a4f8121149861dc08d46052c3b3

SHA1
1f84a881dcabb55bc1fe5758cb2cf706efa8a2e0

SHA256
18b2b97f641e9ea51664c2ce38f1a24ff8d51ce23b615977389bdbc7c7fe17a6

SHA512
c70ef05b9832e50e60082beb68fa155fa5926565826da32976e8c945473c8ee93a2847252f4c1bd534800335c6a4d711ce8da12f5d956cf0da682ac9cb98d5ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3323c83a148f2ff85a5661604dcdd414

SHA1
e36992a84c6410554eb7dde8815b04c8b1733c49

SHA256
b1ddda4b3e17dd18da705fac308a6ab3a4ede6bc6cde10acf9ba3fc42e57e4ba

SHA512
c09ffb7495679c05faf45929c3a0dd9f75fc4b81bfc7e2b67169479c3145abf7ae3a130261a076e1bcd30c2f9ba0c33d7f5dc40e77753a9e5bf510fab15549d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea1fad80810f3be3fe359e6a141bdc28

SHA1
468d15afc23073380f36e7d7ebecec98fe164a41

SHA256
4d4662281ebed742324c502d3fd61a2b6b0b5c89e07a3645241ded28d18d049b

SHA512
b78e4af8c783255335a5eb931e8f0f1b9edaffe5dd2093e1b716a148033801cef2e87993de24ec27352406badab71c16a339a03a574f27c0e94d09b0f508ee7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
92b0019f10704b4e369d4e58f5ee5aa7

SHA1
3d39e730471df0281247123c6fe09795f174e1f9

SHA256
b2bc06da98ea74ea0034d3affc76069652acf3e830a0c20fda7d04588a97d09b

SHA512
baf8cec66b4f64da8f52c335864409ff96b3b37ac20dbc48c00ddd82f202eb29acd87d28e05f75e90e3e4810754cace2d093d07b146f8e6c2bb98c6d4851a047

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b277b69f9484a2a9176769bdd9b7e35

SHA1
a810c005ee00007c2a4b83305a9f816d37d940fb

SHA256
38474148d061b8d8c63f98930ce2a001fa3de57f10ec366ebec45f5928905d25

SHA512
8683a553ec1614c1ccf6c2470870fccba908ed6d4b22e0c56510aa92790045c21736251a29a02a16e2368ca29c9b02ff60d34a19017d091a4cdd5044d0820675

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
46f1b70766b1b623aa51bc1c800aed8e

SHA1
cd1fd260ca486638595f4fc9663f8ce87f152712

SHA256
a440700017282166e3b20d408a8ea685b4c8e7cbf801aacbdc3f8354a3e98272

SHA512
72ca8a4411d99725ae3b30b85062d722791239ba29cb48cd76ff1c842c8c2905814b88530d64413f1ab5efa17a056a9f9df90ae96faf9c871b8e671181d9b038

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1c184b21d0215a7b3722da0200dceab

SHA1
14ff17dd5d89c65591648e57cd8241ce43605bf1

SHA256
19a84a92b69be0db0cc2d9bee810e854b19c692eb5368dc4fe4a3b51ccb5fc13

SHA512
0f1cf3dcbff14a15f2ff273228b14b2a35fb9465921ac5d5f7f94bec5b112c899413f4588f27c4b3e0b6c5340c058bf39a4db5acf0f5b87ead692811ab301a5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb992a05428e93878684739e2f8423f9

SHA1
2528e283b4e9275d2d1ecd046b4b1865b1da1eb3

SHA256
ed6402f5ce27b6f4c608548000a68f50b1412e693dd0a06adc1460f09686dde4

SHA512
ed5686b2669e734f1d29b5392058e8fd830ab21e8df46b3b20443af9012d39dbebe71b56447b666dc340ba8a794ab5d111f35197c366d5dfa36c5e9a1dcf7301

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc86aa6b2e7c22a509d5e59bc6a0f3ca

SHA1
a8646ccf9913549412fdbfbfbef463c3f63d1fad

SHA256
53a368827b4fff889fddec33dfeb5f3b2bd93cd7c717c7d78ad5f9dd8f3c7006

SHA512
5ae301062b1f49a6f4e46fd2a49a7e71754b35b19f419ef41d2640799319e3cf3ca504df7e28f2374036180cd9a1f821a0b7950a43c1a07804c46b6386c8b305

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d6d69a418cdf73f8b444461febcb9c9

SHA1
327986da37cf9d01562581f13ca0cf2d0edc7415

SHA256
11a074f897c23dccfbb003b7821693f94d79318672383810660db4de89344bfe

SHA512
b9a6fb09b3fe9f0d017083756c6282b967c7ee75ab9158557339da11e6f35ef9289ab1548d91b6e120e35cd7629bcf3fe142ee25100e4dc96bfbacbeabab7e9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0ac68927d895d996b2235c03d2e906e3

SHA1
5928b96b0bceb09853c9b7d7da5961a3fd0a5b03

SHA256
31980806a5c8416b0b080a80fd9b154341ee53aa126bafe841fb45e16296ea03

SHA512
b4fe3428de932bc71485ad2d4301b108b766cf10bd0ccbbc15963f0e0e4ddd58ab4a178d35c57a8f5a42164e6db0374dcf321492f76178ade137232abd921fb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
262e7e93acb7ba1430df2e950b686292

SHA1
8e20e69a7f8bfa773fe8bef5b2c20d76159c28ab

SHA256
a36fe3ec608e1bf4b01ff0d3693b9da5a6d5744455c41772e63bd06aa8b8ea60

SHA512
0c993033c55f5dee7603ca97076da767c24511a18fa1c33672af02814e6db3c2102a3dd8e631f95b97984ef87d6a731ef9ea8d9103b680f7fe10ee9d15b935b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ff346279203ea0303b0e49d51363104

SHA1
cd12bc847970f801a2e9c2febcb97b87c5cbd281

SHA256
5bc1a4b55af0a70ce7d8655777f26b6badc3e6be5bec3a15b4db75354e176515

SHA512
e66f27dbcab7033fe2e8f2f5e7622f452612ce50be97e3c892bf9592a232f1e8eee7dd5980789b4b09241cbe43b8d2d7ddec29aa08fcb231a86b0d5fb3c91499

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
01e757c4483a6b53501ae73806d04b97

SHA1
3a95b321ef128a5151aa9593bd1ed057866a5eeb

SHA256
52fbed4d4768b0d467d1c6572de8c4643ccf54363505b8ca2ba57126e489922c

SHA512
52419c6bf31fb3fc1ccd254abf706daed1afaed100d26eb73b9181f820fb65cc7102132063c14d19ffed4572742987aa3c74cecb157977a446a9e17f60819347

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9084e55bf430b8cb49557700df0356b2

SHA1
26227ac42047175d6542e3da563c4c3b03102050

SHA256
596329d29eb7c7d2e3013bb7979a1b39ac259726d4190c07b61753fdcc204b24

SHA512
bc32b9796da97bb5870bf695246ea36cf667bd0cf211fa9a9099e1384e4b7681d60ead14f1288f0cfeb97ec69f6ec986fcaf76ddadb29e81c19d1ebb8bef6638

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4d2c1c81e25a737159dcd58416aa7a3e

SHA1
cc8294f0fdc55d3a4790ef90e4bea790c1e08bef

SHA256
4c166a42bd2ff7ff88478e8d261ddc9cccb0200e01826500818f048180214f2f

SHA512
2352f70532d7ffe6cdab25630ce11cccdb99da93df5b990f47b20022fd03e51044b51cdf26c1e140bb9b375e6d2acb95818029d9ff134d986706216ee88dffe3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5245684022fd6f6122c1892c1cbb4c38

SHA1
ac86fbab3a0055b7eb50213165ef802acd4f146d

SHA256
a6073d23a93b92be6ca9d8f774d219a47b3dce5df9270e3d5cbf4e69d0b1ee1d

SHA512
2d55da7786d5db9ffb1445b4de8d330d127905fdaed7e02e58ac145bc4277574769864a36f2705f73d147a7efba527e75c649c9330204a3ba41fbcb15feb1696

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
67ecdba074899160e022ee2ff5858bac

SHA1
c42073c7a3ced925085f8ec760bc24f594f0fed8

SHA256
33e94147812900239945db69e9917236fa1fe8ad51c3b235cf40bc1b4e99f88e

SHA512
3a7f0c673f4435b348a974dc2bd5c38a7974c3548db362e0eb97ab1015e4271aeb392963d0c7091256b213ea6008b18b43241bf94e8a5e5b74417ef1901c18a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7A64.tmp

Filesize
20KB

MD5
82a2fa929bf66e2dc9dcd7add85693a1

SHA1
306181d1419cecab822992caea4ae4d90f2eb658

SHA256
896e14ad962ef6911b99a509f6fda068e9e5036da9cdfafd70391266ae61926d

SHA512
45dce230d96b0fa3900409a45d06286f67de6d83d79e67c3efbc95324ab01b6f71053eb210c21bed47aca1d29ba6308b18b0a9079feeb38c47dd5ffdcfe0ce08

Download Submit