e4a139e666b7a943ccf1fc9ecbca3012e45e448402690f27ba5edd7f942e44e8

Analysis

max time kernel
66s
max time network
131s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 22:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

14a63f04be2495c283db4f5b774251ce.html
Size

53KB
MD5

14a63f04be2495c283db4f5b774251ce
SHA1

205d7d1388fc4adb8bd8535492ccd1e8886f1974
SHA256

e4a139e666b7a943ccf1fc9ecbca3012e45e448402690f27ba5edd7f942e44e8
SHA512

64287389f66f926d38f86db0fc7459b37bb3c4ebbb7651d2c5e6f391707b33c11f5eb95822025c87944cc5d89f08a7b14c2246cf870cffcdd4f5b0067c3be303
SSDEEP

1536:CkgUiIakTqGivi+PyU8runlY763Nj+q5VyvR0w2AzTICbbcok/t9M/dNwIUTDmDo:CkgUiIakTqGivi+PyU8runlY763Nj+q7

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 301b5e8a7737da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A31A1B11-A36A-11EE-8A74-66F723737CE2} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000033b2baa7c38bc34eb000abaaaac06d7800000000020000000000106600000001000020000000e30cdd02560795216ae53c8b8ff9ddad0692a6d8c44e400a0f28ec948a40fb0a000000000e8000000002000020000000a4f9f6dc5ff5fe72854f1fb75db51cd2ba7b1fb9bd8861711a388b818153b946200000004fd44f19561d467e6710ee1b8104d51f64154723ed92f8018638dbe0b189066940000000152a5e308e4d20868e52475d17ff85feab7dde7f62c9451fa379f5ae1ded0795f8dab020871fb08b004012c2c22629380241ec9250b9213957c1195e23ea9521	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000033b2baa7c38bc34eb000abaaaac06d7800000000020000000000106600000001000020000000d53ef6739628be62891e49518fc48445c1d57c395ec0860b4e17b413a1595798000000000e8000000002000020000000599dd23762c04f8c0fbab93bc7535d94be54aa233515523541fa8f1aa3ded5ac90000000f4377094799dfecaf0b41332626f2845dc22e382e3c7fbfce86fcc7b34a3190dace7a4e6155513b4986d822151101ca457164b8184d2d93eb9df97efb92aa636b839e267071c26f9e47f87e01b8ab1842500f88a667f2a3b797a68f2afee3f2f051c0672ff45b48613c568f770791eef5f212784fec9531d2fab0d366565287fe450496842c06096f0dc89bcf2fd166640000000ed90a94e61130a351b4a310f5941bab1c6ec4c8662fe78b96b6a769cc3986a8ae15ebdea58d1201c37166eb58e22d1769198e2df02918a660066f86ef8943b1e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1960	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1960	iexplore.exe
1960	iexplore.exe
2980	IEXPLORE.EXE
2980	IEXPLORE.EXE
2980	IEXPLORE.EXE
2980	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 2980	1960	iexplore.exe	28
PID 1960 wrote to memory of 2980	1960	iexplore.exe	28
PID 1960 wrote to memory of 2980	1960	iexplore.exe	28
PID 1960 wrote to memory of 2980	1960	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\14a63f04be2495c283db4f5b774251ce.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1960 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
96362008f924454aaf1031e185c81377

SHA1
b081ded5f3b588b033b049130cff4732017548d8

SHA256
2858df35e4acaa96c7a674ae36e6c95ec3cc78b1e4a80405fe830cba7ae2d3e9

SHA512
dcb55991f772674e8d54fecb7f9073549389e9f1d946b2010bbf8ed175606ebdd487fe122827030b8d0e2ed0eecbc7bbe890d1cef9151ee456f72757aeac189d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed5d0aa4bc7f2ccf442283479d200ce9

SHA1
d7618c230f3cf910446e93e413b9ad94065976a8

SHA256
dca8fcfa231ff9c108c9d7423f901dfd4d4271aca19816869f2346c4c9d22c67

SHA512
daa2f7299b0230d29183d19c27c29b6a4fc97a84f3311e4ef41ef3238056abfa6e2b8ebada3bc09c4c5ebb01574f058a13635faf08804a59fd692a4937886dc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6346b52a648b21d3474775f2c9557cec

SHA1
67f20bd5dab98be551c9cf1fa4adb803e91084da

SHA256
2e35ba5f6535ebc53429ee79024828f226136bd33bb78f34bf0fa6fc7a47cbc3

SHA512
c4d00dfb811163b7891da5c66559185c47bec121eda25fa54cc9307e56b8f8c111875252df9b40be7877744af9a1be9b5e6eca978f7066a8323baf9968796499

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9182fda2e6b242f2a76f89095fdce093

SHA1
ab90ec3003726e3f86233bff6598aec2c14aed50

SHA256
af4586c1368a2b67ff3fb310d3b009628cceaae031888ea985ceb9078dc74f8c

SHA512
11962aa869e972aa67f5c40cf86ae0cd43b541903ec3e0413680e94a04cf1eca745c1d360533643e41b3d91679e561f54ff4d8709772a67e8d104be890313542

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34bee7f72c6d2237e1e9d69501d0ab6e

SHA1
57b426f4fb52a7684ebef85ef84aab88d892156c

SHA256
80d3f103a03cf1d7c79796722cfa5238580ffe93768c947459c87539cba12ba2

SHA512
f62a2ffc7eeb64f47089d5f9d7de8bfd12c2735ecee744feb66927903fd65803cf0044ae09c4e401168d4501038c57a093dc0bacc651c002c4bd0db9b0130d2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
544c110b2c6897e991ec6838fc46fc62

SHA1
4eab2df0a3db4c42c0e6dcbbdc2a1932888dbb8d

SHA256
39cf4318994795f66e4fd0b2690d3eec34be4edd9a1b2f7d6795f43307c4f612

SHA512
b7c4d78caae572199ceb2d24dd5cb3bed4a3a1256d6594382be8de5ba4f7213bbd89af838fe6c4fb02f94490aae9f2050e338e7938f68e8b64a421a1abd01a09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b3013600527527ca118cde2b62a2bad

SHA1
d1894c384bff210f702204621307bf34f9da4e01

SHA256
7b4e83c76c97d962460d89241186847bb198c2362838245624e038b55d9d6daa

SHA512
af1d3b82e06403a8af651e5b85f0574691bd92f2443ac9a2c85fe2514242d0d8a1ac7c42216cd4799b86020f661aa84bd7e8db65ad96ffe06f576902b385fe58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d496956fdc9c8f8623182e778d9b573c

SHA1
72a3896a83d2ead66155f1f3a14ce9087b7720f7

SHA256
55520443a771a184a9eb9a28f6691cf881a07fdee19d02b1ba3a2ee5604b0cd0

SHA512
74f51aa8bf61fcddb1cdd3b883b6c3494843730ed61e5d688441dacfce584451934dcacff64e338509c2b141f86da4803cb27cfc5478edf223c5e487abd87b09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
39b53a05315b85f9ea48d654d9a22d31

SHA1
d7c0a55c63a48fd9aba49071c17994f84384c655

SHA256
2f19528315e8af47dd69506dee1137703e40bf0258003fb79a7d4bb2fb86c017

SHA512
9dab24b62bf75e6b2f700da9cde2b865930832f89b31af988cc4856b793bf598ab5a715901ee4e046dc2236c34318ac0d99f26174a4c97ee9571c89db3c76bf2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
175269ddd1f9d839b8ea58d2a7fb1b09

SHA1
fadfbf5308fa7067c5e4838a47e489b8c1148651

SHA256
8b6b24fe5d4cfe92e14e5b1f4a3c2ef4c4500204087151ae6973b55280e50082

SHA512
460463d37782c71671f5a3e0bd3e0b98ad93608ff88c9ece0ff641aea60d8ad3b38ebb513a89e01eeadb72ecb043c310364332ac912005bf06526feff03bd080

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e8af4e69d327d11365a2c429295a5e0

SHA1
eef61468287e19045dac65c71b62a6e262095f51

SHA256
553f5ba39ef5117897df6bf859a1606a5e639c54a3c285eccbf421f406380c26

SHA512
407480f9cb68232878e45b488055c4336099f6c98904b4b7be4738d86cf124e4557853574ee5582da4f8ccbac82bd17765335a22eae8b36b1da6f71c721d0bda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
3a89e70260384102a27b352ff94fac9e

SHA1
780fb105e6315fe7e00ebb2b721e344840daffed

SHA256
193a14a5a0ef7204b9352e06114be135a43ba33841020c5ef8a5115a41de7bf8

SHA512
09326b6fed84da07b61828335424a5fd54ec5f169df36d559ec92653ce449a8a3c3080e1f87b30367c8b7fbc72da3b18659804a59023c57660cbdadec2b67117

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JH1YDRNX\topic_starter[1].htm

Filesize
706B

MD5
67f3a5933c17b3ab044826d3927d0ba9

SHA1
5957076d09bacaa6db8ddc832b4fd87ed8f05f8a

SHA256
97e800f4836b7030dd58fe6296294b7ff5ef1b5eb0e88353f230ea1608d2bb64

SHA512
03ba224055ffdbf32b7eea30c764dc18d66cc6d8707dc5fafab74e155b0bb3d4d691c5788b033a68f05299547297125122778fa7e3252f93e7343d918936643e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9572.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit