0576954115e37f93efc44e610fa5c12235b95aec259e540ac958248da82cf9f8

Analysis

max time kernel
0s
max time network
140s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 15:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03400756465973cfdb1db2f8d6b9a5f6.html
Size

8KB
MD5

03400756465973cfdb1db2f8d6b9a5f6
SHA1

3d57ad81c16e9e6fdaaa227d0eb5c71cdba21818
SHA256

0576954115e37f93efc44e610fa5c12235b95aec259e540ac958248da82cf9f8
SHA512

48c0b3a1f0dc4e049784b5b657e7d3c77dbf1243091ec7d295b2b361c14cfcbab8b0066ecf25b922882d2d9e1ea8eb2f7b794e19b897ee1cb8ab84e342e69541
SSDEEP

192:xfVameFX5m4udTlDrxJH0S/+GJKaYhUUTXDgevhTu:xfVamCQ4sJUSevDxBu

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BEF43CE1-A279-11EE-B218-C2500A176F17} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3056	iexplore.exe
3056	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 1940	3056	iexplore.exe	17
PID 3056 wrote to memory of 1940	3056	iexplore.exe	17
PID 3056 wrote to memory of 1940	3056	iexplore.exe	17
PID 3056 wrote to memory of 1940	3056	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\03400756465973cfdb1db2f8d6b9a5f6.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3056 CREDAT:275457 /prefetch:2
  2⤵
  PID:1940
- - C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
    "C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE" -c IPM.Note /m "mailto:[email protected]?subject=2006_RECRUITMENT_DRIVE&body=www.gnaa.us"
    3⤵
    PID:1448
- - C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
    "C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE" -c IPM.Note /m "mailto:[email protected]?subject=2006_RECRUITMENT_DRIVE&body=www.gnaa.us"
    3⤵
    PID:2792
- - C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
    "C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE" -c IPM.Note /m "mailto:[email protected]?subject=2006_RECRUITMENT_DRIVE&body=www.gnaa.us"
    3⤵
    PID:2712
- - C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
    "C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE" -c IPM.Note /m "mailto:[email protected]?subject=2006_RECRUITMENT_DRIVE&body=www.gnaa.us"
    3⤵
    PID:1452
- - C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
    "C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE" -c IPM.Note /m "mailto:[email protected]?subject=2006_RECRUITMENT_DRIVE&body=www.gnaa.us"
    3⤵
    PID:1064
- - C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
    "C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE" -c IPM.Note /m "mailto:[email protected]?subject=2006_RECRUITMENT_DRIVE&body=www.gnaa.us"
    3⤵
    PID:2760
- - C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
    "C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE" -c IPM.Note /m "mailto:[email protected]?subject=2006_RECRUITMENT_DRIVE&body=www.gnaa.us"
    3⤵
    PID:2852
- - C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
    "C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE" -c IPM.Note /m "mailto:[email protected]?subject=2006_RECRUITMENT_DRIVE&body=www.gnaa.us"
    3⤵
    PID:2632
- - C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
    "C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE" -c IPM.Note /m "mailto:[email protected]?subject=2006_RECRUITMENT_DRIVE&body=www.gnaa.us"
    3⤵
    PID:1728
- - C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
    "C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE" -c IPM.Note /m "mailto:[email protected]?subject=2006_RECRUITMENT_DRIVE&body=www.gnaa.us"
    3⤵
    PID:1368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
60a8640bac2a603436b1e26072fd55bd

SHA1
c2c99b8811a190a120d36899273d9de045754115

SHA256
43f14fea599639fe2346de4a639ec8fc83be328b08bf52a7fdeed31db73fd78b

SHA512
1cede9ef8338a4e2aa51f865f017a15eda555f95664105bb8874e268175454f99fc32f99630b933591804a5fc59175129b2114c79735768c01881a8550256334

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
99ae7b3920ad1aaf20434dd739c38219

SHA1
2e64223b515ad0061d47c10d799e965a40f5468d

SHA256
4724260c8884f51b6e197279c40edd92fd7fccb5bae37fc6382f13ca114bc2ca

SHA512
e64af5d1b6368c91c05adddbe25247d7733a1b64397e6bf1c05a03964f7964f6ed4ee56efa23c888b8fcad7b3e7a55031a5ad61c12e2cf93bb598bdc97cae1c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2fc362749a5ba3a3d15534333a812b41

SHA1
12da6cc0a7a30a6ba812eac7fd1a0fee7e94662a

SHA256
fc365253fc542390240c6a3b260f49cea2abe77e6e252ba778b17aabb4f06028

SHA512
f0246b818421e970945bec71b9ab0bae2bf567e88443e30b3fb5dbb57b6c59887f4c486aac882a77212ff4fcf3a1abf8679a7ce945aa35ff28c68a9ad8114ed5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
062b553b93834a35fac27c3d91ef0284

SHA1
6264f4f1550dfbe6ec292886bf8404314ff5bc89

SHA256
065bc8597fdeb9fc5b97f0bcd23bfdcc5d05637134132a20871c30b74a9eca79

SHA512
200622eaaeb8594f2a12868700b3a00b09c379f74b08cb2ca6b2ea33fbf1f5bdc064689a0d333a7b7633081eadf4bc5d8a131d6bccca6d7608ecca7cfe336c7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Outlook\mapisvc.inf

Filesize
1KB

MD5
48dd6cae43ce26b992c35799fcd76898

SHA1
8e600544df0250da7d634599ce6ee50da11c0355

SHA256
7bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a

SHA512
c1b9322c900f5be0ad166ddcfec9146918fb2589a17607d61490fd816602123f3af310a3e6d98a37d16000d4acbbcd599236f03c3c7f9376aeba7a489b329f31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05ZIV8W0\errorPageStrings[1]

Filesize
2KB

MD5
e3e4a98353f119b80b323302f26b78fa

SHA1
20ee35a370cdd3a8a7d04b506410300fd0a6a864

SHA256
9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

SHA512
d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVBRC7A9\dnserrordiagoff[1]

Filesize
1KB

MD5
47f581b112d58eda23ea8b2e08cf0ff0

SHA1
6ec1df5eaec1439573aef0fb96dabfc953305e5b

SHA256
b1c947d00db5fce43314c56c663dbeae0ffa13407c9c16225c17ccefc3afa928

SHA512
187383eef3d646091e9f68eff680a11c7947b3d9b54a78cc6de4a04629d7037e9c97673ac054a6f1cf591235c110ca181a6b69ecba0e5032168f56f4486fff92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab519C.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar51AF.tmp

Filesize
92KB

MD5
39026a9e74bb78827b25368e0d8fd3a2

SHA1
8aa752e5ad11d638385697cb7b072162f7e318e4

SHA256
902bc4fe8b4a94d7cb8044a0c70d7b6ea63a9b4d7d4d0d75e838c2dd88cecaf6

SHA512
2a226fff542ddc863e0ea7f8e3f7f5686a45f166a3809419e962c473ff4be310bff678b54f0364dbec84a4da70fa4fb336dad2c02284a457e7d9bb9771eef21d

Download Submit
memory/1448-39-0x00000000710BD000-0x00000000710C8000-memory.dmp

Filesize
44KB

Download
memory/1448-37-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/1448-1008-0x00000000710BD000-0x00000000710C8000-memory.dmp

Filesize
44KB

Download