684ef5fe96a9a1c879ac3a404f95984cc3bf73882fbcb60bef55dd5415db2f7b

Analysis

max time kernel
6s
max time network
146s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 15:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02aa049181efabeaa595091963709baa.html
Size

22KB
MD5

02aa049181efabeaa595091963709baa
SHA1

26b9568c5ed548f2c5088bc29d973173bc417f22
SHA256

684ef5fe96a9a1c879ac3a404f95984cc3bf73882fbcb60bef55dd5415db2f7b
SHA512

36c866b700b837a46aac6f3354c4786442729194808aaaddb71a6b10458ea38d99d51a4838ebe5454fb5f423d5a781de12de4f094b2b5317e56926056c81db6c
SSDEEP

192:3ZO8vOya1yUVV7lvbFSn5KYCBaHgE5OHFp5pElippvTnW5K/FDSoYn5KGu/jcxWi:pOcaaAfvYb5/5N

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8C8F6341-A276-11EE-A80E-FA7D6BB1EAA3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1660	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1660	iexplore.exe
1660	iexplore.exe
3032	IEXPLORE.EXE
3032	IEXPLORE.EXE
3032	IEXPLORE.EXE
3032	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 3032	1660	iexplore.exe	15
PID 1660 wrote to memory of 3032	1660	iexplore.exe	15
PID 1660 wrote to memory of 3032	1660	iexplore.exe	15
PID 1660 wrote to memory of 3032	1660	iexplore.exe	15

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\02aa049181efabeaa595091963709baa.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1660 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f0393f39069515a18fa70feca3597d04

SHA1
63b977c77f15c3e2485b6525b4ebef4b83cbc5c9

SHA256
f497326191890ef850efbf2eef9062af4ace789724441ddbaf0b7bdcef5f0680

SHA512
d249edce4f3fbcc4c05240f8b6d741b1d613c9946dab3974726a1371871c848c2bfeb0f8b032c47c0c8b718f289ed5409071951de2130309aecda0e744edca54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ad9351aa5ea89a11b3ac1807c39dd7b6

SHA1
ef00ab1cdf0093df05be6385580c38ce257e434d

SHA256
03580a54a6952af17de8f6075813f0a11f38e43117b437b4ac990511c5e05bcd

SHA512
0b9d3505b47872e5a17ab50c8cace5d4f73b754a0755afb479b6b3ae6ade49d595afc37b8fb3d19b5ab62316c445b3b157f05f9e6a7ca9cf00ef1ce99ba2f490

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
311cd7dd5553ff56b303f722033d2017

SHA1
91bb86ec0f71442239abc62b3d66ae99c945eb14

SHA256
8f96cb75da56833f5a32d7354c56dd89840a9f020177979b42dd688f5404c1b4

SHA512
3e1f5d148a61f934c7dd3d8a5d9aced5732e0bbbc06fa3b1e6d9f2b228152722fe758289edb97a675c8b9b2ddce3f1d8ddc926f85220b881bf20a02220eebf3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
261c1663d04f0f1a8a0a67e81e0015be

SHA1
061958561b029d54bfddcbb22a5140ec2a6b2f05

SHA256
866e07fe24bc33960b0174df7d047e2a3fdaf60fe0dc9c53343be87e7ba65b0b

SHA512
a432e4c26560b414d065eb5fd68596a265070a7ab160af4cad7eafb08e0979ea8d16482a07fa242384c9c808504b0536f0300ddf30be9d1ceb09d7903983338a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5c9e197821e38cb267b6aac5177af1e

SHA1
5ed68c8d9677159f6a68a7c94aed03c695ecf451

SHA256
c8d7f665889a807bd2788a765ba22c3ed9f64884d02071349aef14a9f4229188

SHA512
bdd463458a11c83efff6e6501bed87ffa433f0d8f31113ceadd2bcbba7dc14fdfa090ed4d36aa7917735202e0a04cd1fc2292da7eccb55a56bf59062c37f2f49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
257fa6d164bc835d61b58dd3e737af64

SHA1
47f18135af514ada40ef104596b17e74faa08ea7

SHA256
c2057bf675cb5fb055bcd6f8293ded845f136c73dc05141d5305aee61482e767

SHA512
79888dbde1a6b0cbfe65f89d907e5539ff581ea9fac7f92d20acdc64f7df8c65af25e640769df5bcc59cb8526a025ff9809997f6a59d098b75ee096180bbf6a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7d5fc147baa8941e766c7680e9291d2

SHA1
5b2e6dc249a3ada6b1fffbe8566ab60f141a9418

SHA256
da12582cd4001e4bd464372b168f223f2ac6ab3ad18be2ac4a5c15db679cf69d

SHA512
4bf6744f9b0dac465bc4c8abd5a980cb1b8cd9b4196de3ab791a25b746405fd4908c6727e3754b4ca53d959668aa10aa1e48941faaa77ee360dfe09e4d7f9f03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d1be378cd90da9dd1cf36147128032f

SHA1
eaf4607c669c7aa4bd85a3417923f7ef47b24e46

SHA256
55b23b10e81ca8950b4a16770588aa0106779d38f261b23f148bfe79a5a7281a

SHA512
2e5165c03e81c91b64bed59e6024ddf34b06836c7d4f1fe88ec0382219099468d66678ebe5baad0bb9707da062aa7599189bffc34efd01dfccc8556d4a415a67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3cea42b61500e095c326d22373a68fab

SHA1
affe60758dfb28dfd827ff5f4f589e70282342b2

SHA256
f0b7f9992ffe7f7258195999707cdfe8c9fe80e193ac86527296766386390f2e

SHA512
dc858c548a972a4b91526b22b4f59fd2619ec1f1759bedda4af2cf8c191f98cceee0ac1b0d2074c8cc8b44696ee4b2213473ac34952c0b1be06e5e9c4d53efb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d509b48533b9ff934f74e3dd1ce5514

SHA1
2ef5769ff2cc1fe9dbc1b464682ae2e21aa45a34

SHA256
431b2ead6c566b48c05d8763cf840b8d09e1687a3b9b8ef074dc0af8d3cb1f6a

SHA512
2679977a1074d1e1fa0d936c4f902dae46b888c17501a7b16113991059e3c42f13ec55f9fc3754d283e4be661f0a5c5ce2acb4046c5df0d8a934176b00a60d11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd21de46e68e1e41eb4b6110d78bd76a

SHA1
6ca8c1128e416fa3a6e321578fd1ffcb7dc7edd5

SHA256
25829c870587010f4f9009a30699e77373da62ff5adf6bf33b46d387a2e0f9b5

SHA512
8e4a4c51b238a163b0dca81413e73d4f334cca32ce8c1757f0f7668b29c69a3bfa5b8150b806e2c85a10d05dd303642883dd06789637440dac663d969467a221

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5236fffd12afe12c7b428236b8cf968

SHA1
9470f8cb702fcbb7508abbc4d7aa5168f77c749c

SHA256
817e82d11226fcf2d27be61e7c2b72d6023a41287b1800806730fbeb1e0305e9

SHA512
1961794468f4f27165ee80346bd14fd5efb496ad4d820b9652124bc228a4f867b88f3b9b9760f126c0655e648e078478a05662fdbc92cb69fd74c98a89e8bc91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd674142eaedc61653740dca924bc3f4

SHA1
257fc681c08665bc2bf95e172d1cf55c09bee204

SHA256
76e714ba6afd6586736b8d0a6a07fc4af2c693252f744696f06009ae53556de2

SHA512
60557816c801fab90f57f94cbb0c4247032c0333ec1c07fb670cfd14f5370214acd9521316ffc60e73c2871a71eed31afc8ecbadf36b3f054ebb00c5a2108cbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
29fed556472a6aa2dc125193e533c918

SHA1
1d8dc307c74c6a1462a03b5f26c5e5d2335bc7c4

SHA256
032b73d493162ba3373035d0f85d8f7a83e4b006c3e240f74dd84b5cc9301362

SHA512
ba0ad2020d13330f193f9df29883a4979e37ea15e6f1f02ab66252cdf8698a9148c6a6699be78d50e795cf833d6b0032a3ef9a27dc4d3db103c8ac057ee28f2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d0149ad24c67debfeca5c86d549f3fe1

SHA1
779cadcf7bfd6059beee3b904fdbc08e507a9383

SHA256
49a1cad2e3f1c70bd58aa1975ade1cb1213a539f51e5d183f2470d4d3f231c73

SHA512
07c4d70b33c3d0625691d88de508ab97f31a54fff6b7c770e26814e8ce4de77d0697910370357d69438c884197b39c77b5de55fd0b29836e8f8d3977577cfa31

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2A2F.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2A9F.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit