e7e8269e5a4c6ded709877e9b1f5dd6550c98312f191515d0b924f49384f6174

Analysis

max time kernel
0s
max time network
141s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 23:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

194b93dfe93f89142ddd3f126da38ee9.html
Size

57KB
MD5

194b93dfe93f89142ddd3f126da38ee9
SHA1

5603e24223080a87ade745c37ba3090418bfe39a
SHA256

e7e8269e5a4c6ded709877e9b1f5dd6550c98312f191515d0b924f49384f6174
SHA512

413749a3edfd74567f4d92747e1a68f7f51e72a20ed5a21fa3c77607c39f7a683cc0e5a7e36306ab91c76be7b74d899757151eeff6133bf1f41e02d1572c933f
SSDEEP

1536:ijEQvK8OPHdVg9o2vgyHJv0owbd6zKD6CDK2RVrovFwpDK2RVy:ijnOPHdVr2vgyHJutDK2RVrovFwpDK2m

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7C14D981-A2F0-11EE-B645-EE9A2FAC8CC3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2496	iexplore.exe
2496	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 2132	2496	iexplore.exe	14
PID 2496 wrote to memory of 2132	2496	iexplore.exe	14
PID 2496 wrote to memory of 2132	2496	iexplore.exe	14
PID 2496 wrote to memory of 2132	2496	iexplore.exe	14

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2496 CREDAT:275457 /prefetch:2
1⤵
PID:2132

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\194b93dfe93f89142ddd3f126da38ee9.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\64E544B76338020D780BCC40A2A2B366

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\64E544B76338020D780BCC40A2A2B366

Filesize
414B

MD5
43d4d959946cfc5f1a20ff26e8dbc578

SHA1
87d0ae237f7c39a78adbbd9684adb3d120ad93f9

SHA256
6ca32ed0aa93823c8999023f938ab7d41d1416cdef2ae6149e7ffcf6ae2dba09

SHA512
b23196e02877487ecb0bb36eb8279b8e84589433ec7be254cd85ace22a47f3da62a3a30a9d97c53ad71de2e21f34c18192beb980435a16ae7f76b3d3d561fb32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d12983e03f783c91cd12d90822748f5

SHA1
88c73c6bc87f056142eb606c6a51b945e86d7101

SHA256
ab78300a0665999026f81395616ee1d8fef56e137c94e1a963866ddbd9d94bb6

SHA512
6006ac6c0025c9be62faadf2bc74e70d3aa317943b1a29e3049529743df3b30851ae58ac7e990248d70815e01f1436c419545aec323680e462039c37178b4f48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fcb6b059f786baf1ed8f730fb3d6601f

SHA1
f41671f920cd299547c01eabcd6fef73fed173d4

SHA256
2fb5ff025d97ed2d6d8a3f9352a88fc8fe3aae975f876a9ae4105a833e02d50d

SHA512
e02de0e05731a7ad103d76412eda92421f636c359f9db4932dd9f135806a532e275b229c69056049446adb8caaecc2f259c14c8b39c244e82f31f304d95bf602

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0e8a033ee08463bbf767a460cb06b122

SHA1
fe7d52cdd5d1ac241747f0460873a3cbde8d91c8

SHA256
4acaa8fe2544f5eb9f84d5eab0668ef7da41d205cd2207b8249a063de46b6ff9

SHA512
7b7c86a9d53b92b45ada91f0fa7f635c08e4e1dbd11086843c4184081c073c4481affab43faab3b0e6a536c13bcd82f462d7b76cf58babeb0fb8cf807de34c32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af4b9f2d035c96e9571a840967fdf011

SHA1
49efea0c22dbe6fd47bb8375777d003882fad92b

SHA256
b891c8cce21b9f6c0ed96ada4e2377ed388edeb877b1baac1ad670263de6865a

SHA512
f8d8aa33ca63e1c3f79a3500beb007e86b7099033bacf7fb1b9da02b34f28320f5dc09ccf128728b55e635584baa4724c3e443d72f41a9110e6f91cc5496d3e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f7ae4d081257f64db80bd08b3e4b0ade

SHA1
8cfe9f7732db1b6dc8eeac71d936514d922c7d83

SHA256
319a2e1f11b52e33387f90c6584349f82c6cda198079e1b7fcf34c190162c5fa

SHA512
d37bb4a4d8cded12c6dd2e1bdb3987cbcb0893acef95e2a4527716114805032284bc8e772606a7c08e8376e346ae31a79bd58a67cd864a91035f6f18d8e5f43b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f941fb8c2bf0fe5c9506af25ceb2e94

SHA1
ea23cf25f367e805449d7e0f470ed5fa7e4b5799

SHA256
d31dfa5a50c3323d4f256f62302b0f1c629d140e28d87aceb09f8eafb8bf8f1f

SHA512
b1cf8d6aa14000220a2ea5e9b5288ec3ac04a5249f6792ef640450bd0898251c1f13f602644a527bf904128cd479390c5baa29c4c793ac312b3b06cc6fd49cc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6a381960672effd10b8651b32c9d4459

SHA1
531f5c784622c8a45d8795bd586f671e8c24ee56

SHA256
ab05dd73c11c9be607ba3767ebce029ee5e44c989feddb7fb87185a934f7d3b0

SHA512
2c26d43929f9f837ed5f239fcbf9dade91844f39cf4c94feb66002033740d071289ba6f27775aef65dfb2370da23c2637a43a12756e246c0a625c9475a349a28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b6dc2772b10a0682d1a7ac0c577f7f0e

SHA1
109fe7f5239a81f3a630a2222e7aa5eb93d02ce2

SHA256
201c8823b1b9d8af70b5f83e05d4044d86ec4108b4e6621bd2329d7aba0ee7ec

SHA512
66f22b840640dedd0370622446b21119a424370fadf3664083b16648609cb97cc4cd9d202e8ad4aab613c4f231bf8e41bb84d613abbdbb246880498201d1492d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
92cca38e973ed96f1e0494758965b3d1

SHA1
d7bc6bd2b9d6684ebb75f564b65fa5ecb1c158f0

SHA256
2415ac7eb3611217c2a803c548585636568e8988c205c160cf75bb7bd923562b

SHA512
47359c451ae72f1e190c0d9774890eb11cf04853942d6afc77c397e6813546d243450a9f5a3c327a4d13b5258da171f0c3c8364853bd5ce15339be03ceb08916

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e1adaf618289b2c2310f53ac82e04351

SHA1
724f2d89e3fabd39c6c765e13572d56cd59a073b

SHA256
46d2380182ff6a2131c6dc12210b33772bac7a5d8fb2d5e61d1952243c6f4b7b

SHA512
c0a771e39eb96ae25036af26dbc04355d089c91733eacb9f08f11ab0bba6e03f15d873d1dab5791f4561dde98cfef425f662bc6b501dfff17bec5413c2451c21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14b23138411bd5d1f4ff531330e3d2a0

SHA1
3653e7a7689225661f733b5975d58008d54ed61f

SHA256
bd01db09d98ae45f82d2e2ac5915f324a591dd95849933b3bb2fc868df035bc3

SHA512
4d0ae430753073db68d7e93e5df5a497e65103c3daea90390a36c26f3d330132c6fa9fea667c99d0fe7feaade3cf1ffedc030cea3180deeca070538a6f0de8b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
935a949f53f19a9dc5383c40e4998dbd

SHA1
52f6a323ad6bdf853ab3a0becb6ac69f35ce0cd0

SHA256
e242034e580a2244dc994586992bee46fd9b8b722b869b0507bea04fad120cc0

SHA512
dac3aa7fee352263cd918032ba1d4c219d97c5f725eb941beaf19e3ba9e1b4714580da9f6934cc88f60b76eb69424687e5853b4a060f999d2b042a5d44299566

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dddc5391aed7e45bb811d3197c456233

SHA1
2c60da464e3dbd2c0b657940ae5d2ae9a4dfede5

SHA256
7597d1feb70b9d6cedbd281ccaf05f6f79cc1067571e3ca322c86b18821fb227

SHA512
4896e7d7305b0a0ddf4c210e7d906bf6546df410b808c611540646af7020ae9b71bf1c94bf9f2be44629c18e2e1f86e9958509511901a11159d063890d4b15f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b5081bc7bb55ea61836f3600ffa7556

SHA1
34074a27fc25dd019212e2c4e7b77ab915b6bab5

SHA256
2117dae3b0c77ad14535b99c2c08e2a993272cb77e44329fbff782b27eb597e5

SHA512
059963ee8b9ac4a16e082dbc62175b51213a695786e276ded88fe55a324fb4d82657b179ea68e8d29b2668b30ab10f00b2e74c4d6292fd9ca3e15aad982dfd91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bd0c155ac6da2506ceadb71639b549db

SHA1
2a12ef9e2fcaf348ef0c2195d05745ea0e44346b

SHA256
8b939f6b9499eedee45991197046008731dbbd562572bf0123792c50a6354ab6

SHA512
7380148e5b86abb5e00f15557ff90bcb266b4e07ac4ad493fc1a06fe03c1e9fb747d3b0814957f09480029ec6be97cd7a2ac14d87c9977a188b6bf9d35bb6144

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
98e3f864810e3bb6ce05a8c6e1b06806

SHA1
681ff82f7899a85798265f0bdbbf251267673aff

SHA256
9f5af137aa748f31c17297ab8f8b478a6d0a8a267639be0d2f5fc682209fa3c7

SHA512
09447a903f55cf03cfd383afbe150595132dc4b873c0e7d6473a74991eaa42c5429aab0cc40f5e063e069b5de26070636c01f39ab83e524bc808de9c8484fe22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a6b8c0539db8f9a197bffa1144db855c

SHA1
a049297c052d2be3416b7436d2d0a101a50ba36a

SHA256
f97967251886bd34d41389793348622892a1b59996ddfaebe4d877382832e685

SHA512
d47f435024588607837bf4edd7015dafb0d2e2b22f33007381c3cd4398f7bbe2c4c23978179c4947e051cde37a1449f45ccc4fcfa24e130e2b5d68e6be2944d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6d722af57b205f484e7c415fca4c5a04

SHA1
871df372dc34acc2a257aaf4d7903cdfde9d8ab2

SHA256
506c3a6ed17f2ed5f9d4b963a8ffee28595d507410174be056f243e12d53bdfa

SHA512
3149429abdf6082236ccdf67f78219b089eb6c76982674d0a7b23b9205d37ec99fd22d3bbf607471972f83339248838c2b14c373220bf8ba227f790358e0a2f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
763308d2a9d7dc7d954cca733d552a4a

SHA1
b1b55dd3359cfe97e0a8da20560f1d946fd2381b

SHA256
5d4163357631f7f41562e485c2fff5f008b5b87b7540a03e266178bcad54f241

SHA512
8b2d27784dc048bc856dabe6ee5bc495903a185476195cc1d183b281f6d5e791fcb54e5696819447a8cbe726e78b95a7fc832195bbbe75ae3e63e7073b94e7a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0921e897eff758eba2d72f28dfe82c59

SHA1
7e17e91a9ff0ec845605baeadc9051b5c851a23e

SHA256
f7f28b818b90baa51379fa775b94cd2890e35a3bf94a68c86c364743a89c3195

SHA512
d78882fe4d4a6eef9baf0a0a1daf6887591e7fd4657111b11466cb2207a1a95be8afe8a1d06cd347947a72e7987003871c294d1c49ec58610fcebdae8f48f11d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BQQO88W8\www.google[1].xml

Filesize
92B

MD5
29ed0dccd5e59134dc1b62f1812da5d8

SHA1
086d82ac94537c2c714c32dfb464c15294d5d86b

SHA256
d34843c3f55b0d1da98ba964879a8ce79089a4a6514df95fbb0a49f87d8cee79

SHA512
a5924e5a4f2e4b8ff66c27bd7108e11969af3869be4c0496d14e72a1bffdd2d2c98516b7e4f6bc4dc889b0a63181235d33b275858a197725d8803d2a9b9232a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\f[1].txt

Filesize
34KB

MD5
94baeae5a431d3f4b6a82c4a91f59511

SHA1
42afc199c30c4adf7d69bb10cc1b7674102cad6e

SHA256
df5d165b5af8ba63c3b606253a8c73dbdc132bc66153c867b4acbe47efa55f0b

SHA512
866c5064e7a88ff99696a64ef6cb3a770db74ae99d773754613422f6fc4d850eb32945d57aabcd0cbdbb9bec74ab2627a7d7a0cd14bd465086db0083756f0017

Download Submit