523d67363be6c611ab015e8431e88c50a7546307badfda1f99dd75867b2ca527

Analysis

max time kernel
117s
max time network
137s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 15:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3d57cda3e518026b78e1e5b74e837f9.html
Size

24KB
MD5

d3d57cda3e518026b78e1e5b74e837f9
SHA1

4205341375fe22a1f2cd916db8060c867286748c
SHA256

523d67363be6c611ab015e8431e88c50a7546307badfda1f99dd75867b2ca527
SHA512

3f44ee30f2f634296a637638e294ba96321b584c4f4f11d205d1d7155c1caf510fbe7e73ed0cb3a0d18bdc553a0ce1cd8aebc5fec94ab4d3a5804b153f6b648c
SSDEEP

192:Gl6MfbCKpRjeGjY2dkLZhVlOgFXDe8MFcladLPxq38pAmPqvGCqwdaQ1/+OiO4DL:85rRjeGA1m4y8OO47h6utpEvybSi

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409547475"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000e610261c74de51f3cd8d63fa988dcd4a40718ffa4bdf5884a95030ec77381621000000000e800000000200002000000019c0ee608963db9ddc853a3f3f934c3fd121b5407844d8df3b632b4f0921e0bc20000000b7bfff54ded9a9c6f48f5ec4157d0280fa517f17782ee09f220f30a5248a38554000000007709a6f51065a8d7bfa2b83d1378c192adc99469abf7fdf6bf819c2e50e802eea7ac1f778c363941755671544da134ad9c7902697dc7f8bd88443a9848b172d	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb800000000020000000000106600000001000020000000e512678de87d4ad6254e665ea1eecd112a2481db327c51e59be310fa6bb324f6000000000e80000000020000200000003ceeb9eb9b9d5d316bb1680198afc89eb878ad2a90c7cd3a930635d245969f499000000043d19d76d7ac6f1fe88d6eff73bcf77bf35c91f794910b843bcef6e2908d523741753ab7a7a82a713063f0f73db01dbe35d46f3ba082d934241a3dfc0ae14cf1b55616f16a0d9a254e2020f8e4436129086a966bc3c45b0902cf2dd4fc719938a84dd259904c7b7e9e671f6878d198bf988375515c424ddef3e1e4dfec7910a124f523303c5284fdcd1dc7e1611b6fe540000000000b7392f9f6f620f9fb6820c809a516a19161589971f12ebabaf89aae4bd7395f68df611f393106ea5ee36c1efee3eb13698d41f8802cd05b90e85f03f8a187	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BD037A51-A205-11EE-8CD0-DECE4B73D784} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90b463921236da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2620	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2620	iexplore.exe
2620	iexplore.exe
2648	IEXPLORE.EXE
2648	IEXPLORE.EXE
2648	IEXPLORE.EXE
2648	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2620 wrote to memory of 2648	2620	iexplore.exe	28
PID 2620 wrote to memory of 2648	2620	iexplore.exe	28
PID 2620 wrote to memory of 2648	2620	iexplore.exe	28
PID 2620 wrote to memory of 2648	2620	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d3d57cda3e518026b78e1e5b74e837f9.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2620
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2620 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24d2f5ef53350f02bb9c0c44ceb9304c

SHA1
c70f3496017980e80cfe7e7987c7f137ff93bedd

SHA256
943df1823a6fa2f3e5021f88b3201aa46d63343250df3637952fa6b89ca06633

SHA512
29ec8d48e8b15905e36078c051dfc21cfd8f9835eeaa8be5e1dcd87a006ca56f76d6741b4ad8183aa2c29142d678737cd7b491863695db7817ef7a686aa7640b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ce2f88aaae0fc984dade6aa6efd1124

SHA1
9e50d24a4cdcdd7453bff1e4fc02b5f90a0e969f

SHA256
991651917db59e7d252de64018bf8d30c540700733a6b20f1005e58b3c71cf91

SHA512
3e7c9bc2e6faa3dea0e3eb608026386ebb6c071e713404ff18bf9c2c4d908ac87b4dcd741c3d11f12509d99f82ee7a47547f1a1035a7d75982045d8fa46843cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
167a8397d664cac60ab8235905012b08

SHA1
b6cb08c311c2eb06676ffda37037b77e7f1fe971

SHA256
e1dbdb275ecfda7b16b6afc64b72532fce1d478add0cf6dea4a476e9fc4003d4

SHA512
0af51d021887cfb16715738c8dd407f28d3043075a833b8fc6e124c8ce9630fb4ac3a9040f4e1a0bb3d35efe5ddb137c9c827a0305d57e4ab3a9d2d60eed61e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7259b7b1927157c13c51b5a63616e440

SHA1
1637c23c5824039405b16eac164dec9540b718af

SHA256
d58ffc62f2c303e526b42901e0f307be2ff1de581de6ce999605c16548d0ea75

SHA512
c2d8d1cc8dc1ace380dfb8a5e73da367df5c508588b0ea7bc199cd46a03c75e372234fe9ff8f56c5a62f18bf3770c18dbffc442c59ef7508e8f3b3135bc93db3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2be2b650a7d978390b7a18576ed6784

SHA1
5d9ddbd8ae42f7ba694fbc4386595ba8f5a53495

SHA256
fe5dd1ceb1d933901d41753815dcc52b7be249c698356df1eb46f59b60921e4a

SHA512
89e8a901a85c77e8e969d46135e1bc1542695ca211bb8318c90c58005232acf7970b632a3bcd8f1b634b19091a8d4d8a25ec7dcf59a432fbe008888c9e19b40b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc494ef1557b41397dba2a9cdd55eae3

SHA1
7399559c338bc0e1084447ceeb0617bc4efd653b

SHA256
d9d8740469f43c6383ab92413bd101fbf66b7d1bb7ca9a4806ef04669ef7b626

SHA512
99afd1638111f14af689f7b5ecf943ddc5f8d5cd214e96a7cc2ae38b101b970a9d9fd7387cbe0e89fbc718880ebc80fd8f5f790ee6efdd934e1c22875688192a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d058b3bd0fea1cf2f9b1120955b55d0c

SHA1
192d6ab61f28ef55b39ad963156f112e96db2249

SHA256
4c0677d915f169eae7f33b3bc72a1ed10942b53ed893906733cafce2e5858a15

SHA512
beb4506b7373ba824c0c29eb67098bed75ecf98f4a4634fe557a2909cf7cdda4e343c2a5ff1a78a9c5c0c18013f310bfaed52a434223352aab822f2d06aa4cc9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b52b664fa905968f9390fa7717515a9

SHA1
65e8c3ec0c26375a73517444e0a9c1cba5d35c59

SHA256
aaa498a0e20b76d87b946ad6b08bdc9c9f5469686b777c2c4acfe1d7a5212694

SHA512
ff41c703b2c88ad8c500f1b9181ee3441f165ecaa7ec015cda5f4da41db31fc8bb90f53f7183c7d37f0d3c1876f7c3c4183ee05d567c0409bc49977d8eece457

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31c5672f839b480ac51bfeb44f8e46d2

SHA1
3908a917e6c4124d09f24f631dbac74b1010c753

SHA256
c26a411022900e5771a6d35bf53557a55119a59ffe2471fbcf5b4fa31537c06d

SHA512
b67ab136560030c33988cc4f1139e89a94a5257dd5088f6554bca0137627dfd435e94c045721e513f07355f481be2e0dfc716dd14434e032efc1396ac266ecb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
012eff3edbbc19ab9dd16b9ade301cc7

SHA1
a28f050536c371ff3257e0b9fc2cde486febca90

SHA256
e0834bf16fc30ed16ac94929940a8307e3baf8db2912180e294ca26b6c2d2751

SHA512
25d00442dd27357b897311672baf2791ca1ecb2bbb217e05164c2a28110ac3950b62eb3ea110a79ed7df11e48c3b87f140c02c1e7180585ae302d207f24afccf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
94b0faa9a98a10087eb6042e59865669

SHA1
aa72ab9c8b591a4b185de544daed46534ad0e8ab

SHA256
a84e1133d5f3db793a96654e8c7fc393cd28f9afa8a953b4e25609804cab39ad

SHA512
0755ec2c435fdf8b39335ced53c61833273fc7927a76b56e2250a1d8ba3c2477f2bb73d19d93de2ba20672bd0de05e8fdb6a09c4f97828a1a526054aaafac537

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
efc7cc47fd50b686c433e7307e527d30

SHA1
26df33d795c7b1c4306258dc715c8f2cae6f70e9

SHA256
45257122c8f47ca45028c84ea98ff33936e1663c76be87d363b7d90602b39f6f

SHA512
cb9e9d82831e4b328826be6267cbb3a7a7c8ce6596921d9bc8b48c9cd9b3e531a3c3f01095caa34888da73efbd447c13480de4606d2bb0bd91e431dff2a7ae8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
745a304f3836bbe315d17992919d9315

SHA1
ac79dc95bee34b5925a04376fe624b273de980d3

SHA256
e489723a281874ea4a6665ff9a88bdee829bfd9c37dc96fd5e65455b8e1d4d4b

SHA512
5b0e1468b1a552b399d7cf861ecd5d3bfcb27c5799714d4b7e43aa2bbfdd78ec94d824bfbdb78c10d4fe77c9a9d4fe6cbc27c15b1cc23dc762ce148145064b9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a89ac67a736ff1027127dac3f49e77f0

SHA1
1a69ef63e559b2ede38fe807e2f543804df312cb

SHA256
0ab864a9b518653e5d0098e27cc3d8be5e6cd155ee492dc9c142a1ab9afef958

SHA512
e46398286105649f5d0edd7891592577895b1196b54238826a70349843874a44921f94f0c34bab6b27b57b91bc0de52c5fa4feb05008f8e60423b56b0d4853a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e6e46bb9ec30146436d45286781d5baf

SHA1
3bd689b8fac4adf69036de52dc675b903de6d3de

SHA256
370b0808af21c6c709abaf4e6bc54e1f358126a49bc84b5b3a5a6e160c3a6cd1

SHA512
5453932d0d59f95a47b6481cecc1ac35f9d80a1b57aa17b3c7296be2ad404e0f5520ee919d815a089cad8bacf32d68ca568084bbfd02b3d08346870a9bf86b2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab96A7.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9717.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit