4bdb7de3036a6d1ab8e6c8dd67692801c17029ec94d508fe73adee575f55a036

Analysis

max time kernel
65s
max time network
134s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 14:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0015ac00fd09398fae976deee9f8183c.html
Size

97KB
MD5

0015ac00fd09398fae976deee9f8183c
SHA1

4c098846dafd4b90097d86a8ddff8d6cc6c38963
SHA256

4bdb7de3036a6d1ab8e6c8dd67692801c17029ec94d508fe73adee575f55a036
SHA512

826158300eed1872e75fe11b9aa409d02d5312236df1a5c6a00a142ee4b94793c30ccda613e80cd695ee581d3b70a7659d301de844b89fcd919584b0f5e66255
SSDEEP

1536:W2dfGMiXLCR2LTwrcx1GOdw1SznuB+CvliB:W2dfGMxcx1GOC1Sx

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AAEF0E21-A268-11EE-888E-CA4C2FB69A12} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2824	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2824	iexplore.exe
2824	iexplore.exe
2396	IEXPLORE.EXE
2396	IEXPLORE.EXE
2396	IEXPLORE.EXE
2396	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 2396	2824	iexplore.exe	28
PID 2824 wrote to memory of 2396	2824	iexplore.exe	28
PID 2824 wrote to memory of 2396	2824	iexplore.exe	28
PID 2824 wrote to memory of 2396	2824	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0015ac00fd09398fae976deee9f8183c.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2824 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
53KB

MD5
187643b9139d76f7eb577a24a3f6d866

SHA1
9aec2d87e1181b1bd759676dfdeffc328d8a78af

SHA256
ea668054dce20bc6c4c70d1bc1bc430375cfb518ac4cfafd0bab9c4a28b1c5c7

SHA512
04ed62b42e59f7d46900e56525dc84ac9ddecaf91e513e2f260de7b1bc4bf7dd8a2f95317c70dcc966492a60a03b06f92a8687db7f8e298858f38f21277d2d81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
521B

MD5
ed4e610afdf6fdd73024c67f375dfb97

SHA1
aee9798e2ba74ba4517eea4cc5707f6c36534745

SHA256
0540788bb6e157ed559c8efedc571f95388c4afda3a8c117b1165627d66bc70c

SHA512
5759facfbe248adad89d77978e50f33e632a27e7c531a24c65350ef9427d4f60ebcc77ae81724c80c070b43e114546742d24de5ea104984b9b78755474ccfa2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
24B

MD5
6244f40230f86f5a13f131f80e5fdf91

SHA1
cc4ec3d7fe22609d1bf7cc13cea0141efc1f2449

SHA256
5f858a5df9883e6aaf7ef2c1fccc5f7db41eac28c5d5656aefd51631eeb35f92

SHA512
aae02eb69e1f72390afeba4a57d7ed301d4f0dbb305fb29ac9c59bd71bf1007f5248cdf1b5a907c4326cb8b06023399bed8a6a0cffc9e2324860e8e8c43927f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45fa1c1de053c99dec374d01c79773a1

SHA1
2ee7b11953ecfd1f90027de2e212d21e4b4dcdf5

SHA256
19ef7824c80df55fb640a722459ef2128eba3d855922b344fe85055fbf2d6cdf

SHA512
e82e8b7b9dbb0f374cff7e9ad407f8ffcc157d27c4dc155967fc9f46a04caefec3a20a8dded58d93a61082f2431656069b40c764413a37fb8fe5da440de7f639

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e674b67fd6efd67357bf0f363371ad8

SHA1
8fc84a2c85653346540a0436c8e5caf55aa2dd71

SHA256
30096b454babf1b34457b7ab7a2de92c062ab80249d2d1319b930192c3aa5462

SHA512
b2f9caceb43a1519af699c1f9fdbf7ae759e469c3e5d91e029935dfaa24091a47126b624c98110256d57f75350269f3657b690cd801f98059ba231195b63e8b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
61fb230953493637f443ab06bc445999

SHA1
60d8a58e5f4fbf77bf96a8eaf3772341ebb6afca

SHA256
7b133e2fd961e228bd4607d1bdb6dbed31fc879b51412c6496f4906bac31646e

SHA512
d02c89f8651edb78be5dbd1280cea9924936281a41e6c4edb4c828fdb19131443744cb009610c1edece0f01030fc79d920b7e529457b9c9c0f9ba292abacce0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d3c8afbde0da15a1b7674615e181992e

SHA1
0bd30b6b76f574ecd7da405a0d87a17198b33092

SHA256
8ea7e9aad4b0dbb6dd5e520f33e0d6b70be53c4a42793412073348972ee1120e

SHA512
d1b502b40dc29943cc0fadda9b721e8653cc05717ab47542b6cf5fde293f16dcad1616f4eca426350a9a231ec76669738faa98d1c4b66aed920c845ae280cba9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac867fc9aa14651f4a4a480290d1120e

SHA1
10d4e1e68823b50860d299855f7da3ecbdef4d8d

SHA256
d5693e1beb7fc03e977d0d82462e96ebe23fed12de2b17316db79595da8ecbc9

SHA512
549150c59dd6d74954734478489e76733b8ab09f806fd04100d1072a5771d88478119795af44ced7b8ce38a6d67216bff5abeb9d92c7677be781f6a4601cbc5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e08d015ea623d65491d058576e8a5949

SHA1
54860c09ddc808feb9af2c272bec1f013c96b0df

SHA256
dce3c9403deb3a134b760082628466ee37ee78f7432b9e634bd195724f07bb60

SHA512
2a661f3f15e2614ff0ab511840a90318accbb78c904fdc5cb9f86eb5dd5d07bfcbaa4c3eaec65d5543816426aebcd5ea8cc881c2d78efe096339b4542445476a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
87dea34b70a0c11f584179e059edef45

SHA1
52b8abb0e5ff36bfd800c8cdf76e6cfd2d835c26

SHA256
eff66ee5058900156fd7ac0f694136116f4ce483cf5e264b1cec859fddce98c7

SHA512
c90323b29624bfca6cce5561a85c9070a6f2ac242c46b17e5e02d6756114f4bf63ad2007984203f32a6eb3772ea4b79ab3e027108137a857cd05d86ba0ee3665

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc4ba34f09af923ab655bee8a8b24948

SHA1
729da0663ce7e7f144fa3692d187c861af3decf3

SHA256
e611dbd3785f2be33f70395ff8e42c60d2ebeb03463244bd1c209726b1ad9376

SHA512
328187fcfd33ef3cb283066ebcad9c2cc748f435d4acbc0a1cee19fa35b663499660bcb7a60c95921837aec53d3466d5f8e6866368f23aa5f60753399cb8ccb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
67956493f0705022a7e8bd47f0c8fa5e

SHA1
df941e15885182648545d6bb7ddd4358ec527110

SHA256
eeb518233b381027d7e180c2cc557a795a019ae7ecdd0abcfa86443de24d998d

SHA512
dd69c7eeabb6f8397091dea128fe1d84b4398173d17bf5a3fc1c6e252f9b4b5cd207c7799c993e718ae66a61fd256e0ac066a9825b279151d6d08fe7c3e21ada

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1eb20de6338e9ece70316b93fdcabad9

SHA1
d232f52d4d948c466837bb613bd22f898df60319

SHA256
966f4d71a406fb88c7ba58946493a1c81e85fafcdfa28029dcd359ed020d619e

SHA512
bb4bcf4e6974463eb622fe5530896caaee00e6bfd6931ae9c876161d94a4ac18da4c37f743f53c19d5bc4ddedf649331e0ae88b93e990528c769c7b22da5914f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cbe4fe3c8fe56c2469b03d87cd0b07a0

SHA1
0450686fcc4348ba54045a005dc7c0999a13e8eb

SHA256
08ac6d8944d3dbf20da49d915c2827b8835e9ada818d579272c2206e57ae1a0f

SHA512
fcd453cba1849c03022f014800e91fbc9f3419a7bb5cca79edf1d5e0adeaae9ffdf26fc6de35760b126e424e242b0680ff9acb618a3541becbe6fde61363e8f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dc8dae38b4e688083aa6677b7d2628b6

SHA1
f9ed0a06552031472c4a7c00805f9e00560b9332

SHA256
a2d8e1485f712998233cb99e26a9ff0202dc1e115b8564e7be0fb534849b4fe7

SHA512
989c146d62e3742717ae543105dcde31e500bbf09bb7b79aa3fa1cc2eba0ed7d428bab21a4e7bf8f42680c44a2d2feed2ec81e1d52515ba6e8b801753a5163cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
09e9842990e05258d457005e32994cdb

SHA1
5ea0f912cbefa773bc1c55d7ed9eef076043f881

SHA256
0ee168481181a5d3f4e454b62b3042b06afe85e95607607b2959f4ad81c0573a

SHA512
61a32872c49c2938d168ba8e0844263da85de024e107ab46cf397eb9b3f462b9d2b517fec1e845d8ec273949bd1ae7af0b5fd67e1ab80f15dcdeb084a45f28e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
e147606ddc5fe0f862b41ea4c3d97093

SHA1
421951ac05abeda09efa824cbd616711e9b0cd66

SHA256
5e18a9e6c7027619b376bdbc89756d6a37fb72eb7480cf3712b6711879e03e98

SHA512
a201c1176126984d77566bd228fc12658abfe7fbad9d39170767fa9a89322dc84206979ee68b8c04e1b5224ba091d513033934ea5098ffbded167efe856874f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
bb72285387ddf6932ba25295f52e327d

SHA1
f0d254cc27549d716bcc4f1a4030f90956b3ae0e

SHA256
0ef21e0aa45191e6fee5d2db9b5a987baee7afe9d97d9b406a40b0e7ef2c35e6

SHA512
d5fadbc1e23305cb6d031f0f3365a98248a9c1c615abaa417df2f06a85cc6c814700397b119e6c540eccf46425c7065a1b17afbb4846331ee6f638956afbe13f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2293.tmp

Filesize
1KB

MD5
63311f0687effa881fa051abd454c205

SHA1
a49de9b993c8dd7abff94e8f794776bbeee2ee4a

SHA256
be23aab7ea8f777368d2bd46160dff8bc0f54325eb3bcc2027e25082dd868fef

SHA512
35bfa3942483e198c46a5f760a53f1c06baabaef0c6ae0d6b45fedfc6194b634178beb6ce254ac9dd606921011b62bc53c57e07402fba7420466d161da87d0c5

Download Submit