b274430ed039a5fb1c7b0c6fdbefc0a347d21f2362eb584a5ea2d7e9e8467d46

Analysis

max time kernel
0s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 22:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

167a1a8681acd0f7923d960d26438b75.html
Size

452B
MD5

167a1a8681acd0f7923d960d26438b75
SHA1

309d648c024a2b645aeef879c244ac1b096b3d19
SHA256

b274430ed039a5fb1c7b0c6fdbefc0a347d21f2362eb584a5ea2d7e9e8467d46
SHA512

c32cf6bf1a05182a33c6dbb35a96e97d74fc01aced2b07276eb04464a281d69f4f160ad934e76e2d5a74e3857c55ef5d762162089d237b7c04467a86f4c979e9

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{299581E1-A382-11EE-8CE9-D2016227024C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1960	iexplore.exe
1960	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 1092	1960	iexplore.exe	15
PID 1960 wrote to memory of 1092	1960	iexplore.exe	15
PID 1960 wrote to memory of 1092	1960	iexplore.exe	15
PID 1960 wrote to memory of 1092	1960	iexplore.exe	15

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\167a1a8681acd0f7923d960d26438b75.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1960 CREDAT:275457 /prefetch:2
  2⤵
  PID:1092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f32e20b7939f3b562a7a2b16fa54deb

SHA1
f2f576c762f3123a8762186e5b9ae04fdc4497f8

SHA256
27fad9de8c9082f895e202b5c83dfbd7aec9b4999634752cc0968536840e0449

SHA512
aaf5bff6f2f22d528a430d4f4d762735fbb64f02b8491fff4acd24e202d902e3596c59ef3a3f878e59e178e5c080d205016188bd36be214a257194795160ed88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31b74b966527b1d90a00ed97e7e9814f

SHA1
a012148325d74f77603cc3787af79ddaa20db68c

SHA256
c9557c32ad88db2e75e0a2d8cc12101a557fd168a782765cce4cb578944d1986

SHA512
3345181e4bda02a8b65775e47be90111aaf0af5148182c3f103e5772182ce30348844cd261528567e997eb2a584e6275e8e3058b68e2ad3b2b0f087a86ac8a1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be5aef3ba7e009f8fe89adf1775b0d9b

SHA1
c24afe23a8e89d0d9213eefab8d47ede1d369c2a

SHA256
fc2d760f253525e17b98ca261aad662bbffd5243753a9be998f07fb82d859a5f

SHA512
a25fb93cda90da1c40c2ddba97437c25528d99f3a7eb5aaf9f9edc77499c86031f27acbaca19360e4cfcedafec008d786644704eeccf754006e75e1a1009d9a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc76585a5ab0a454a5e82e9a9a153e34

SHA1
ef6baa61e39854511e92b7456c363b01c4c56595

SHA256
6a4b3e55e3942d32cc8aa6f31d2ffcb8834f0efb116e130ebedf448f99ec7450

SHA512
7cbe40467318811a31c3becc42b1f63ec9e4e9579bc4e17c904edf92dd23d5f9ed4f53bea0bbb4077c44ba3119449e64b034410361fa4356f1db0195a05cf843

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1a4977bf0df18241bd9fd0a5fa60fc46

SHA1
cee54d997dfbe665708d382aa486d315b62121b2

SHA256
ead9ed5943e4ffdf478e3b30b57317e5bceae1d071ce989a20d77def19e164f1

SHA512
cc78bb7690015609f75d968c0b9dabb8b9d5addc84a5c3c3bafb4f30358d27386d359cd908b4218aa91c253c2c7cabaf73c078b4b6e17d422e1e607087fc4b14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4e6a515a38d8f126a6b4b5d4464b8d46

SHA1
1892b10e00944c25a9c44a2a173da447d6600b4c

SHA256
f91fb513a047725a603f7e3d158810233e301993678e3ab5261ee5404b91ee79

SHA512
3f758fdee02cead3d13b040db9dd566cb27953bc87e13ec42351f495eab13d1c5a8e268baa20c6a672a26f6a91c4683b8c4693aeb9d50cdba9a4c39fa2fcd5f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f9ac2f9e2c47b474ad9f0ae86f5f2cde

SHA1
f1c07eb4bba761e26bdf4caf832e0dc03b7ad3c9

SHA256
c1514655ede239220a4e75495c7b5452610e1173dd4e5551fe7342e863bef8e2

SHA512
069a74d10b2d5eeee6336e024cd3dc0ca837a5953d383970455637a3f9d3ecb54c2d69a1a0ec25f462190b95c6e1258e7be87ebe1a4c82367f2f51d3e173a41f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
94696cf5c5d60e7e26aa35302ef5edef

SHA1
59016fc1a5c2d5e44d9a1d9db41b9e4d02cd4baa

SHA256
2c507e8df0bcc3d0c218841e1e3463fe596c493968aa1b06f18924e604e9e84c

SHA512
3878ac58a693a69c81bdab03e7d060586333ed9507817fc01ee1922a20a5bda146253d216490eed4508ee208820ccc3f5382eaedd364c2acb1860cc2ce0a3832

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c66cf161d7e8a5282d26b7c9cf28ff00

SHA1
99b660eef7e61e8f4de3532b6e59fbd8666dd28f

SHA256
ea4f6da02d3de9b6576aaa312fa17d29d0e761bc71a1da83207c01796c9dbac3

SHA512
afc42aacf00c025b815b6ed978aa3d7eda7358b385ec36c14b7ddbc63f46cfa5d6a44cd439b31027c7a0654098bf2b006758ec7f375ff11efb29bedbad1ddf1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2ee87018c628d6ca761702c3d6fbfec6

SHA1
1a0d2fb1f601c2f1072b7f8043d4b34a6cc901d4

SHA256
121642d99b3fd5702b04c1f071f46d8525a16dfef690ff4f69005b335907b54e

SHA512
220b77535d46935da0f486c0d3d94d7a534e86bf9d0f4d09dc556df86809a110bc1209376048e73a9dddffba740652ede454992fde237759c6c055815d3b0dcf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c31d8e034a5e70b06ef2727f73047713

SHA1
5cd20cbd1c3968a09bc954ac24fa08cfe7805f08

SHA256
901a45be2c027034493a7f5f3ece73dae3196d2ac7bad9854bf6e98753732b29

SHA512
792f9b91c522ee085121a092e172c17e5406b3060a1c656d31b35b72ca4b4ad987c70582b9f1cfbc847b4ff08399df2c03e4ac324f8cdf53107d1510772ebd40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c184a7a1d2ab003d6c897c7d31ab4802

SHA1
18970d5bc63906880dac2f6760cf022f108294ef

SHA256
5076d67ca1592288bb38c980abc2848aba41c7afdf35fb9a5ca18bf290adbcda

SHA512
dab4ce76ec626f68c4c522fdff1e973732dae3393f91791961bb1b42fc345da827ff81f59cb7018727607b0b3182762393cb112d3166043be02192d30a0929e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
70c7a9a5f56a2435dc6f6b4e9caa5a34

SHA1
eee9b9e2852321503426146dd08f5e56009ed187

SHA256
e97b8de9d970b702b130cdc58bc4ba328d4c660cc9be89c77208eb68d25969f6

SHA512
fc5671c955e18c9f7a9e1074842dae0779fd373bd393915c2c645e8ec6f2fe3783c4a7d81a4bdc9fb25b4cbe9b361c1fac9c899ea474cbde2263bf2cf7853798

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
740a2b211392e934d4cc4c73e64f030f

SHA1
58c9bfd7142a5750c2547841811057d20dd9ffec

SHA256
88704b774103516d0a739bb754b6061b0a784a39571b492e3de156763c65245f

SHA512
6639b745ba4812689b9c25c9c777322f890e9e96f09d6be65b3400365d4f2723ee33f7ee942e1d591a41da9bd472bc4e0aac0aa053d09c6ccd87911e66c4d7ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
176528775a92ee13c0f57af2616ac8d7

SHA1
f7826c4524e9d7b59f921eef2570104aa2e2037f

SHA256
2753b2886be30c17011a25811d67fb9e306f8be12ab0da3f83bac299c2e15ed3

SHA512
739bb6d36d3324114531bec95a1aa0f06575b607ca72f16d17ff27197a6d140290eed89048eaa303ad95a8b5c5282594c2b486d7ebe245c16b73ed8ea459fe8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5fd2dbb1df163b461fd398d6e4bab5a

SHA1
7e36da2a3959534004f229cc31c2c9538902c565

SHA256
461cd210fa530b4424aaa699116c9287a0cd74a6a647fda99d08fa08b0a5bffb

SHA512
0bf392b0cbe8f075a55620cf47baafaea9d671fc592f563516fdadf7b87b1e743a76e892e4c1cecf6c38bba3de1b069c7aaa6fda8be5000909a8400bb1ef72e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
01afb903155c57fa76aa31ec55ab3a07

SHA1
06785080af643d98da41b22c54a17501a76e4d17

SHA256
620a066abb248ff1666a693d22cf208905aa9528457562ab3ca3d1c1457e23e5

SHA512
5fb7d87745d96c6934b5229af01eb8ac27e087d7a86100d3df56d560c023f55a6393b212880e41ed2198d3c7288d3449b51d2d20179bdc7bdccb8be00006e5a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab30D3.tmp

Filesize
15KB

MD5
7bfa37e843d0e2329db98a0a81eea27d

SHA1
10802a2d4069965e8876397b4af42d7ba14254cd

SHA256
d19ed8c0c4da8f6d0f937910e8d957a82af605086812dc8355d8bcab4f8cbdc7

SHA512
468c95473755fde7743ea8b7296a212ff1eec86299d1e87ee70dc5c7a2da57946da8a1451b4881fbc0043e117e67e0e14c584b85c734a6a239b1bb56bf58e2c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar30E6.tmp

Filesize
5KB

MD5
8e156e75117778f93310f73dcf520471

SHA1
39a6c6382694f79c08fb818474d9c51a9852b2a4

SHA256
a36a0b232fb6e0bf1b19f39b562021d3dadbf2d5749e6fb433b68c84ce7be478

SHA512
36e95daf6b6c26dd77563710a1320bed85885d896fc867dd2eedecac28bea512954efaa82cc2901317bb977a54589399a09145dc5625bddf4b978b2bf9d78037

Download Submit