e08c06e946fcdd85fe129602731019e31204e0691cb9e9935d83ba555f9e77f8

Analysis

max time kernel
0s
max time network
144s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 14:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

01f8a587a37d83b7e0edb23b81d831a8.html
Size

58KB
MD5

01f8a587a37d83b7e0edb23b81d831a8
SHA1

f8ae7797aaf821d8db5c27f773b0d309c95e8bd0
SHA256

e08c06e946fcdd85fe129602731019e31204e0691cb9e9935d83ba555f9e77f8
SHA512

d2a259eafb5792071e8cb8189b5864fd9dc23c65a2399a3082965f095c62b02be59435650e91d5805055a3d2cb8cdde25fd4bf4f049705d40f5c4755c6840040
SSDEEP

1536:gQZBCCOda0IxCoe9YfaSf6fJfNfZf6fQf4fPfAf9fVfOfofSfBf4fTf/f0f+fdfx:gk240Ix3xSx1hiIA3oV9Wg65wr3MGFFj

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{81385461-A272-11EE-AF58-6A1079A24C90} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1792	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1792	iexplore.exe
1792	iexplore.exe
2364	IEXPLORE.EXE
2364	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 2364	1792	iexplore.exe	19
PID 1792 wrote to memory of 2364	1792	iexplore.exe	19
PID 1792 wrote to memory of 2364	1792	iexplore.exe	19
PID 1792 wrote to memory of 2364	1792	iexplore.exe	19

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\01f8a587a37d83b7e0edb23b81d831a8.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1792 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9051ead72aa6007c779229bdfaa6342e

SHA1
a06b8af0a19b55f6e79301749ffd5d59463668f8

SHA256
717d84dd6b679430f79a8e50c51431299a5abae2e781737c8e25a0814c37f9e2

SHA512
238070378d5540bb1fb0dadd69e93ab21cf558728e7be54cfef92fb127a7cbcdea935d76fbfb8151d442771d2659fcbbacfe6189efc5b6838d9d41171b520c0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf33c5116cca4e53a164885f302508c8

SHA1
9a0dc26ac4e8cef4b26067665011e6f57ba18177

SHA256
38aeff0f22752019a307d492c85e1a135e5ee6c0e18f3f2e4b5dc2a6d0c47d76

SHA512
4b9bd203ac8feb57744d396651dfa15bec591bbf8cf8657345def04392a27cd1ca45deb792c57fa492a284b868e3010fdfb43cb8758ccd4b03130e4880380023

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e37786a1c2c48beb895f8ae337f7c051

SHA1
a5777cb82ac498c2ce2d6fc9b73c755f7c0d2d19

SHA256
813328f1e7384e32416316fa976248beb80aeb517d559801291ef89edd17ec1e

SHA512
0e23082f3dee04339f3688c15f109941db99eda5b3961e6a7f83ba2f78fca283e1050b95eca0f8d88f2c4093b6044276c837e5b9580797172c123ce20fb841d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f3b916a80721e7f6e00783e7c9278553

SHA1
bca50d923f5a4fc58a381588582a30ebdc0a625a

SHA256
df3472ab51d317d1fad9792cb9a9c1d58435ab268bacf2daac36ea53260313ee

SHA512
f94527ad2caae4c3d2d05a6cf338cc096d8e2a65bb0b6d55b4544b29ed74f38ecf58bde5dd4220958fd9e50cc1fb3a7327a5fe64900e46ec9c12f599d8781983

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c7ef9dbf3d0b056eae10d8aaa6c56706

SHA1
82e4e33dd2fcee69521e18fcf290baebd640b108

SHA256
61d267d80a3e968efdff944e7cd6e7fab3f46a2dbabd0f16c01808e4c37acb80

SHA512
e4d479adc5c046751b2340387171d0d0cc8cf2c8ddd5dac3056a3c8e49e40f5d725a3c12299dbb291068540415972705e16b6305460321f1bffb7da389240429

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
27862ddac4a93e4c84f10c449196cc4a

SHA1
510391aad7e077b1389091b299be61b002921a62

SHA256
c7a10df6c80af588abc19fc3d129021b595fcaac486164fa8d5efad1104e5a42

SHA512
0c00f26057be11681b1dddebd9434018ec0f167d5a652d49baff495a5f0e4048fb5b5369c66b0ef1dead97d2e8a6c7dde6c192ad888654d243c87fb8d7e9db98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8d1f8995e2296113300b4beebbf31ab1

SHA1
e197215fefee01b65ab3de6dce805bc50f92a103

SHA256
36cbe9396a62928e0e99151ed5666524ef62d1f162e28ebae0e2eee2b10db280

SHA512
9ed1d8b3b3d59f352c28172929541952e3711ee5a5d184841b2bbc1d50263f5feac9d42fe67a74b1e029e6ac17bf2e24ed0923590956b30b0496c884fa787c24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc008b8bea76638dfaf6698654d34cad

SHA1
c70f2a6302f70029fd65c7f68833f749c4368c78

SHA256
44c4725c3b4a8a977e6f74b14d82a9345396a99691415ee7adbb891ad9d34e82

SHA512
8573e91842da42b48aa80c0f433e54f6c1c0aed8cf3caefe38f0fd97391d3b98d4cd60714e46e49fa01b6984bb323a3d26574f76e15bfaf3ed7e6b3dcc0da436

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54774e55e5c1fd73a12b7c9ab137de55

SHA1
cb3a2481cdba8e0c4227cb75b190ccb8c7c80803

SHA256
a9576ffd3b87d7577e4937f47642a7446d1957c2684ca50bd4eb5747f2fa4d55

SHA512
58ca4fd47a7a054b2eb522ab375f0628e0f77a0d79272eec75b2b1c5bec9b874bbe3a3715c16f45f1ae18fb327d145b6a975c768bc8485091dd5ca1cc173920b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7e75643b2bb533465ac091bca5d5023a

SHA1
baac539ea76a56a5bcba5592633dd7900aa558c1

SHA256
26606d6c72f51396e7c7a2e51732eb3bd234c6cb90b7a0ebcea3a7d121a8bab2

SHA512
0381bfad69879e1477302b8c34ab7a776357cb77cea348e41178c912bdbd61ec283245887788ae5798fc1b834f87ee0b9a8be25acadd9f85ead62947eda70cba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad7a4632289f0d61b4be3dee3c056110

SHA1
85967340376a46325709059943895f444b7b1344

SHA256
739ee535141d9acaea3c2f93eb99957929442e8c8b7711e17b758b461679358c

SHA512
f1cac9d267c42c2fa73215989d0415ee572cf8a6027589b2ca02ac9a6ca57cc2bd7643876deb88b091d1a4769894ade8f14a233b90a3fde3d9627da7568bdf31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3af38d34aacd57b79190d865e75a7f8e

SHA1
594b7e8e4a59c0a579ea5e1f41402d2b73fa5722

SHA256
7bc1806829c16e755a7b2c6a9fce6e19d5cca78d477463198147aa21f579e5ab

SHA512
9ab785dbe330b3975dea42c8af9cf74f19faddbebc6598acf2d83bbfce0ca95149c25e36b9d78b6f289232c346bbf9620778f128c8f3dae2e853c1dc37d58072

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
414522a827668e855f91e11f6c86ab5a

SHA1
413988331173d3cf7163c6ddc1d5e28df600510b

SHA256
223845afaa6ca3393d6f95a9b3f526ffcb231410518a951cbd3cf8800158973b

SHA512
7b67834878d37d847ef066dfe09c5bcb61fed1f43add14e2f7cc35e5ef87fa8a56a1528e01daf6af454c9d66aa42136c981f8de6f894d7fadae605e479c761e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
82c9849ae93c32d50fdc2d6c9e9c2884

SHA1
432bb5d2bd168c59b7a889009234a1eb747e1bcf

SHA256
ded09607856317278af67ad82b661fb48def7a17e60aa58c0175750500ccafff

SHA512
ada1c686800382ac682f16e1466ff452f0d524ca01e7faf37de5fd4e53f7fba59d5165eb6884dc6b2c2b6ef75d4c331fb261e419ac34e6118379de3968912add

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a774a2fb5c8dbbab800e5ed576f83da

SHA1
9b0680eb87914cca49deeba9f2aaa019d0e04f2c

SHA256
f65f048a5a477f9bb17e1020b5d91af0712ae97c90ea957464ee0e623d6c60a7

SHA512
3b3c719299d23d7a024de297ed912aa9b41aa30aa60550fba01d54b61df9f69b33d79332efc8d59989de352bbdb74cf5822b7cf41a8a433ddbdf1d8697ac2a75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab18FF.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1911.tmp

Filesize
140KB

MD5
04b692358ef7393fedc33c3ab3050c41

SHA1
9be1623185db11ad30cbc20b20451634288a70d6

SHA256
412532390ed5e1cced2629ada75e7f0399c85489e6ad8bda978e76a084d3657e

SHA512
0e413bbd00d57b323e7dd81bf8997f01a521c1acbba6840532656b0426eb00eb1ed3e7e8dda15378e476309c2420b423e7888ff736de01ad6b6f0263800e3027

Download Submit