9546e63b1b3dbc53c63ca14f4490fa5eb3ddeb71383127b618897f75fb891d22

Analysis

max time kernel
140s
max time network
145s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 21:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

139cc52f5a15da47b300464625118b2f.html
Size

2KB
MD5

139cc52f5a15da47b300464625118b2f
SHA1

e1da23fd2fb036ea5d3a72d6173398f654a1efb5
SHA256

9546e63b1b3dbc53c63ca14f4490fa5eb3ddeb71383127b618897f75fb891d22
SHA512

aa50c8f5829692aac59db61da007c00a0c3fe0d0c8031f4490cb8204fa4e66a11e3f2748ac805bbd9b2e55305665dbe0a34031384376830de0fd0fa38d40ae9c

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{749355A1-A2D3-11EE-8837-E6629DF8543F} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d600000000020000000000106600000001000020000000ca67ac6d76eb541148df3d27a346796fcf1946ea477da663f64015ff0f993e7d000000000e8000000002000020000000d9e538513932407f0753800d48a7808516d9b1f46bc0f897b9f930271b190ae590000000c5d7353e6d6965153a9ed5d75cd6beefaa7913e8df36f7bd07dceffe8ab6b993347ce0c9977f9137ba61813610f13c481c53da5c44f7d1da966a19f4d7c76c2846ad5ae5f807dfb6d50c635979a3915e60ddce89fdcec1624dd5f05eab2cfe9469aac94fc35aa4f110c772641b0ea6366ae12dc5fedd5113518b05f7221cc42577d62f4ceaf2cf5a6ccc8dd9ddf756e240000000b55a53e7ef25e762e44da68bfac365fdda86bdd06dc72d32c4a36999615dd9c4fadfffa824b976fd49adb922c4c1b503bb073ef3797dab5e46f367b78735f242	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000566b58630fb3a044b91770fce5e9b2d60000000002000000000010660000000100002000000027c5444d98388150c14a903fb4516e5ef03ff66d96a7928fedd81263824a2d6e000000000e80000000020000200000003f4af08e615e1bf74bc9f323a630e6c2c7e731cf8516fc07fd6244d3cd74269420000000a35e9db7f5f0d66b0e8f1ec785b33dc156a6d6104a70c6e6cc6b46ae7bf2ea8640000000fc410dfbf29618582fed115a7b53962564f21b7213fc9bc5f6a75e1f9276a66ebbd7cc5f6006ee31bcf849dfd2af38bb793d8ed4dfdb7d656a5d596cb25f6baa	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d08a0b4ce036da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409635831"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1128	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1128	iexplore.exe
1128	iexplore.exe
1976	IEXPLORE.EXE
1976	IEXPLORE.EXE
1976	IEXPLORE.EXE
1976	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1128 wrote to memory of 1976	1128	iexplore.exe	15
PID 1128 wrote to memory of 1976	1128	iexplore.exe	15
PID 1128 wrote to memory of 1976	1128	iexplore.exe	15
PID 1128 wrote to memory of 1976	1128	iexplore.exe	15

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\139cc52f5a15da47b300464625118b2f.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1128
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1128 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f4f64f788d587e540fe61578eea6e909

SHA1
bbd1b52a340a155e4817d39dc900ab40a6e3b1ab

SHA256
efadfe6832748f3895ba46b856c9c0ece119ff784a0c30973c5fcdc8c2bde6ff

SHA512
c73ce4f69cbe0b1cc6831e3e1e95f987e581c19e844a8a16a37c9e3d220e5001983028dfecf5b3d9dc4f39f776048be94e88e742fcd4715eeedb510536f93636

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
177f2ea73e86c2c57b5e6ada3dd840d5

SHA1
65029abd5e31297bbf7df19c3b6a282a26a47f59

SHA256
fb0345e838b1d45cc579136306a3560384a417d81cb72ecdd241ab8217c8452e

SHA512
eea537ee81acb274c8fb0c24a95a9bab96cfdb665b3f15a6db6764d4ff52396037681f50e4f3a18af9b77fc3cc3965be40481fc87e9cbcd0647e0aaa10a84c4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f0a3b8fda97e4debaf8ff0b7889f593

SHA1
8f82dc6daa0ba34bd5a4c876f3f72625db2fd16d

SHA256
04dcf7f37eefbd7b9fc53cda9a01c22370357325911db3ddc40df7a4f0c370e5

SHA512
33c29231e532acd939e13f8eedf31531cac2b37b27b903dcc37907aee1845865a49c693ed437b2626ec3a23286d3c922e0771dd5b9f1da2e3784e16a94b1a329

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
533da07070ed3efdacd29f3fc88805c0

SHA1
0904262bc1cfe560e2122cc232cc432d7e007c0a

SHA256
2c1917b26c7c672ef0cdab5d905fa6b144f3c6c2767013b4be4732cc490ca965

SHA512
008eaddafc12908fd89e7d1f623449d772e652a8a89516a5a125ac6dc2fdd49b3cd0a8fb6f851caeb82ea3fb126c8840bee596fbd844e1d3d1ee689ae7df3e01

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab399A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit