dbf653e2cde716df0ea87a01beabc49f14b47602177df1bfc9c6299646ba6daf

Analysis

max time kernel
0s
max time network
143s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 23:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

190d3736770879898b637c123bfddda1.html
Size

26KB
MD5

190d3736770879898b637c123bfddda1
SHA1

8e51ec3022351c4f58fb05e171a1420980a0bfb9
SHA256

dbf653e2cde716df0ea87a01beabc49f14b47602177df1bfc9c6299646ba6daf
SHA512

f99642950abc9503ae7da981358e63dd462866ff9429dc943bfb973d3d4cfea75522e86ee0630813a5565916665555be2c55e6300b0c3f63587d269c895197fa
SSDEEP

384:4+QfPFd9QZBC7mOdMQIBKfpC5IgSnbmFe7AcBI60kkJvAgo0iuAtPd:Zcd9QZBC7mOdMQNpC5I9nC4iIP0iu+Pd

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 19 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1F762D21-A3A2-11EE-87B3-6E1D43634CD3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2216	iexplore.exe
2216	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 1580	2216	iexplore.exe	17
PID 2216 wrote to memory of 1580	2216	iexplore.exe	17
PID 2216 wrote to memory of 1580	2216	iexplore.exe	17
PID 2216 wrote to memory of 1580	2216	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\190d3736770879898b637c123bfddda1.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2216 CREDAT:275457 /prefetch:2
  2⤵
  PID:1580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
afe31fda1b8624ccb19c68c37f26973a

SHA1
862b47f5cefdd47e954ed41d071f3b007063a75e

SHA256
cc6147bdbe4372e3e3e185642a8a2e246d04f4e6cc19288b6d33d2ef1836f292

SHA512
583ca7cc5109ddca717c269134bd24a7d7b34f7d3884418fac0b02baaf82d5726f019a941656b5e94531628c7b84cf907a3d60044061e77101968eeab0e6f465

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dcd5a25e258fe28813eb59b27bbedc73

SHA1
8fd3e9dadcad62e522fee144c44445c7ee9d93bb

SHA256
eb6abbc45fe98ae7845cb2760e60c220fc00e1aa28b2f19ca375021768114d4e

SHA512
30403da63a81d0cfc5f478c3f03b4f566b93c5f4b1939586bd215ce4ac96b0c03411d8608db4160e735d8fd873714136df35e1cc583fbec3a7564e765b4af2d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51fe272fd1358c6e5b4dea54cf290cbd

SHA1
fac7d40b3bd2374bb7df7533c61baef8c0cbe3e9

SHA256
bab31d83abd1b364d5df8b0279b8be14e54dc7dae573b940220fb1d4a0801087

SHA512
712f34d208c6bcd3abb3d14d00f5cbbf9e5c4d93da17c59063229c28ea915487506a85c9caa7bc8c9073286f6d71b9d3f248438f92ef65ecccfb6edae7dbd78e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fcd6c69d02f2f7b0819573456780d711

SHA1
27af0d609d33e1477217f59dcd7438bb0523bb3a

SHA256
96179a9ea5e407c46d7c6bc19b9e32a692bd591f189e42afcfdabed77a2421b2

SHA512
d82a0ff4eb06bb2558844c8273c83c5d32fbde26f2e1b65d8159de1718d1258d6136e53cb8f8d63a19dc439fc2efce3d8800603cc63c9363407f1afe6afd3c0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2dfaa0ecc34c5fa099fee34acde13fb

SHA1
ff2e267b8a8e217e09cbee9211e5ad106b39e64b

SHA256
c0b081c7ec46cefa550182a81c4bfce1c7010d9b9b0e6a578a9a0833c99db38f

SHA512
cc5bf5031bdffa06f754c6b9f52401fd3d1565c87b7e298c857df721437a8a230fe752dfc52b4823897a0094b054dcea862fdfc4ddc8b26e4ba91014de898702

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0012c90e3c254ba7f5a55c1ce5e901ba

SHA1
51e0bdfdd6b944308dfb75260c696ac5ba108171

SHA256
3b9c0e01a3a9d272b3ed9e50c7f48bf2fdbca25d77db13606aeb5223c74063e7

SHA512
391cbc2a8e297483c41f80d4c7727047a7fc0d06937f752c1e09d6427e9160c4f58f4ae8e3d60dc369baf50b60642861b43ea49fa474ac411b7dfd9a553c086b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e73ebd2f80f0f401cc67d33ddd2f4095

SHA1
10890f249f31835bea3ac3fde34cfcef8ec47780

SHA256
a2cbb496c5ba0ebe30f2bfda10157429ddb1337c673941b31f7f9b5a02d21fbc

SHA512
ceb6bde2e30b99f79084bb539f804af374e4a2368674870e01674208241094fbcc9afcd700a2de6eceab33ccb274a32bc765ada1c7dc14c421d9d9e454b2cfe4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
554885acb9eb18c0b5748e6b861f0087

SHA1
9e74dfc02b96d0a6bb6a93e7a52fb828cde0ac87

SHA256
73062afca2083eb72fc284b1206a5325b67d2a04f90cee3a49bf05c8d898f627

SHA512
a6bdecb27552113f8347e7ebf764262624ffa536ee9cf40e9470e76e8a698229648c337874f86c8fd9fe2769c9ef2df8677eee9f116c9ada0b2823e49dda2818

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
cba4c13e1fe4461e4be9b7cec03ec2fb

SHA1
c7930b2e106940205113b9b87b61c2b35ff489f6

SHA256
29cc4fc009ddb3759b7040a87b98b8d7c0b315b8396347c543103dde87ca2817

SHA512
84a5d920489790726f6b3c47cb9a61465b933380adc91e9b2c306bd2a9d6c1d6d05edf8eef15ecadd6e5f7444cb16fbc1d991e9796d1da45c0c5126af5f7e1f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar747B.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit