61037c4f228adda2dd3928c4c9edb043ac288b4de85583e775eaa2a0cc600bcc

Analysis

max time kernel
0s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 15:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

036e8309459e6fffb100ea8a36d82519.html
Size

40KB
MD5

036e8309459e6fffb100ea8a36d82519
SHA1

0259ed5118b697ddb6c17fb524a1536133a762e1
SHA256

61037c4f228adda2dd3928c4c9edb043ac288b4de85583e775eaa2a0cc600bcc
SHA512

97ff9db69df3d4877928aa39d4bd93c5943567db7252529162ae0b7c387a07516b94c86500b408c9724d00222df77275e0bea364d935c0e6a98d61c3b8aa2304
SSDEEP

768:quCElMeuDNj/Rybt5oKNcFJ7Z8N0sIarRxwQMGkUrDYKCxypkDtz4Q3F:qVrnHERPrDVTpkDtz4W

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{08889D01-A27B-11EE-9610-464D43A133DD} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2480	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2480	iexplore.exe
2480	iexplore.exe
2248	IEXPLORE.EXE
2248	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 2248	2480	iexplore.exe	17
PID 2480 wrote to memory of 2248	2480	iexplore.exe	17
PID 2480 wrote to memory of 2248	2480	iexplore.exe	17
PID 2480 wrote to memory of 2248	2480	iexplore.exe	17

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\036e8309459e6fffb100ea8a36d82519.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2480 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
ad1b831e6b39763c118dd6bf34d8641a

SHA1
43e23a3d91315736f59751521ade3224f45ece86

SHA256
fe673f5da906667a2f5b08f086d292da711c854fce0268f8e4ed7d4d6e62d58a

SHA512
cabe0d43a8bc792b9725af5bdb918a7edfe4e7542771cceb57d8686fab0c2c1a5201346f8e960ee31cfa46c1c291d59bcee04b867ff43dfea2520066c8da3fc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
d21a2e3732f1e4e68c189f73461e11b1

SHA1
fe2f8e9f61e1a19a5a07185142a6107f2b95978e

SHA256
c95b5d317863adfd113b470d475a36d3c0d7186e5a21d3536503f19e157f93a6

SHA512
cc868ef35d54c80608e8da157c462194c1bc1e7c83ec2ad3c3421b30dd4a9b4cc4c65ea7c43f9f5caf2c1faff024ece3771583cb708c72ca0a1796a546ac24fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6207ccc175c23de7321b279f3949fdf3

SHA1
6329726cd5598a8ef5c89de4bb0b21d0545ca893

SHA256
cb963665cfc39cbe69a95c0c55943508d2e456e3496c3c5b4655fa9e8ec7bc57

SHA512
528a164733a5d9ea8fba370c8265d8f934d1d8f0ec0ed55916cafdd42aca8cad72c8f14924dfa1ab15fd58f6cd7c7e6ce1bd8be8928560e424aebc569dacc779

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a92fdf0486c585f4771ca4ed5322aae9

SHA1
0f89e372796bc06adb05c70995f702f689c83731

SHA256
16d4df444ca0968bbf043de6779307e028b303bc75254e386db8c8d3e0b580b0

SHA512
45331a788e57e7bc5ce3f83b1797cfafa6f1dd34f8ebda4067002e07952c46dd233908882e020f5ddf9471ae9edf882762f191a439a0c17a428de85a8bef0b93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0aecc4b8800bff655fa7bd822933c00e

SHA1
4637609460800178d151fb090e73e94658a2e291

SHA256
babd79073890dbcc07eed590b6dd36f658c892bbc0e257cf65fdb50f2b1a443a

SHA512
4a95bda86f8d38e8f1ec11b77c018fdff27b451fed221df265140d04afb03d9713a04a590c81d111d2f10bd51e3ece5c27f4e7d4b03142ad4d42175d47a3c5df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a83aa813668d1beaf79acbbb8e86e257

SHA1
ce9718d38ca4c1e693e5288edbda0f69694e3a17

SHA256
0c16f1cafaab88c5470d7e8ff7841684958695f818adf798c54a7e791c38a403

SHA512
28ffca2b8f5e10ed05b4aab8647a26caebb984960ef49b7a3f35fae5909daf7db89d19919249dab0151d4d6811d188c27750b6a2870194e09df8291db8a85b78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
05b02721107b80f2ab470a48ff20807b

SHA1
38a2ae367ae3666f4266e99576f194259e196127

SHA256
f8987dfbfa49d1a6c9a03c3c46abc8b10197f97343cac7f65710ef545594c98d

SHA512
9401a54b3d8bdc3d780f079f53a82cf97f2a8c5506dbc13ae2d0971f6b0c259561db7d3868743739af86541d5016500a153939f65a454b63395fc2c8e27503e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f8d45c43278a990f35cbd06e4410fbba

SHA1
57e3ff69a52d9bbb1cc5aaf135c890cf8c67c00f

SHA256
b1274d702f3e5d828649720f9c0b7c5cdb81207d3cb6cda52b2cc0aabb03e9e6

SHA512
05a10891f9ec480c45d17897072d3bd4b8b4cd98358859a35e3d9250e019038cf193f2c9bc804d3f44467fe0f899b3ad8d3c12712ee28521976133ba3f1ed53c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d2f29368557208fd5fab058789c1920

SHA1
9d41b34febfdafe54100a835fa7a42bda4a46f39

SHA256
5cbc6f09a03f426e59944dc8224d26ae1d771bb8fccfb12f1cc08656d04ccc5b

SHA512
e18bc1ba27fa271796a15e54275df677c38f53bf4b5e50a902e891667360eb249a69791d8356d4b68c1219112da7573420657475bd3c3e2cd5a3665f8adde264

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0077ab78144131f5577f43a0d5349bce

SHA1
fdaeaaee0a7d5175af60d7a15813c171305dc0e4

SHA256
6ffed649875178d32d63c1b3e15ee58059fccd8a24567c9a71b4b3f347397660

SHA512
723577d763e982696f69109bbb7da65b4a5f54327f7545b629344a0df1c46d121f1aa16acc243b03bfb45be68bdbd016a059f86439c6cd5ce9d78ffccf42fa47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b161719a5f8f115bdca950ee978be7bb

SHA1
1e39532857dbd28226e0dc08891e7a981c580201

SHA256
fcdb7a7e317f9f9fb629301629d89b6284366530a210373830a40232d6598611

SHA512
1d1e01eb36304c9c34ccf43b76dbe061c88c76db87837557fd2f5937a87703cfe330e703940a9e22b8cffafb6881047799a25d69d0ce2302ea32d7b3d227716c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
def14c520fddea9267da2ae0d6915a2e

SHA1
e8bd018f9a803d0397ea11930bcf6987c1488db9

SHA256
1ea3f6dace50dcd242b5edded295a45d1d58ec7db44fa4de0075a8373ff509c9

SHA512
ea23df1f65a2903de53e3284c51643d990b925a0497ebf8bccd62245c353962791e83108cc39c3e56321f7d465f6f90c2ef086accad439360276105066e585c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b060f413819c666980d528d69e1a7743

SHA1
243360e5b6c3cedacf7fffa515eb2ffb9a048b0f

SHA256
b87969ce97a04162c91a0f5e2709f7f95687958c9fdf2d92872ebaa80a1286e9

SHA512
d1117d72df2fa980ab2a9eecaf464c978718de3c9a97c44fbcd242448cdb7e83d975416402927f9e5bbc4d3fb6b372e6b3ee188a9738b2b4d7b75b582c2d2db7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9eeea96fd23ad2f5a40ea162a67f7381

SHA1
61db1bf9d0048a80f55940da1b15d4aca7d38bea

SHA256
c1123075093efa1ed626f8eaa9d7ac0d66a3d8a1420e69d5feb99c5fbdb91d73

SHA512
5cfa22d2ee2193b048f7d7fd45bc468f07ba82c06676012d097e2d975295c709ac1a64e419d2d7891de0ad380fbc4903648e3e84103fbce295ed36042b9e0c32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54df5ea1d09fbb2430469a0a93931b13

SHA1
8d6dfd52a3d38c7e1b33513d256485321d0441b2

SHA256
7328f7f389074d3ffdcf8166844b42fae637d679eca3d3cb9c4560f170418e49

SHA512
b7523f4bff0c02d695ea450e31a0c51fbc9ee2145a4ba1f6538758c18a1d0d2a9dd819a5c834e5858ddfd6e96983758a5541ad20fabf1314ee6b3bee7e4b79cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4f279d8a46a33811ee37fc97e95a593e

SHA1
b97f6a023bf20f72c977f3c636881b620fcd354e

SHA256
0aac8d7af90fde882d404ddf9c10c6fc8813b6fb6394eadaf84b433c264644f9

SHA512
7c050afefc0fc1d481516c2c17c0e27e9295ea3db5e653479fc671ecee40888c8d1033d73fdd5ec3b4b40a068213c164dfbdfcc38861e87790e321fc3381e141

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d7df34515df666c38277795f82327a63

SHA1
ce46b06e326037b8386f0483dcc1588e345bcbe9

SHA256
04597c1421d49fcba9388a66789e1b899717059ab9f315aa152e9d06a6bbaf36

SHA512
87fe09f7f444515327eab23aee6ba6692e32381c22792def091903ed508d68b833dae6a80d36d7b579f4a5db3117d4c2f0166b7f0fc7519d3643f2f53848c239

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05ZIV8W0\platform_gapi.iframes.style.common[1].js

Filesize
56KB

MD5
f6140cf2e81a9d5b9bc96970fe1946f6

SHA1
e18cb20a08d0c13d44b72e36e9560aec2187abce

SHA256
68cc8a99c8ed5cc0eb3aa2146fd34bee0051bfd98faa3c03b83c78b4a12a8bd5

SHA512
1f61bf7228ae9fc1b36249223f4ca0675da05beaa6c00b28b7fff500e0527ee237d139eaf6793ece67f8730dfff0207bf945a848795aab7c57301433449a8acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3F2LH07\55013136-widget_css_bundle[1].css

Filesize
29KB

MD5
e3f09df1bc175f411d1ec3dfb5afb17b

SHA1
3994ec3efe3c2447e7bbfdd97bb7e190dd1658f9

SHA256
1a2eca9e492e3a21e02dd77ad44d7af45c4091d35ede79e948b7a3f23e5b3617

SHA512
16164d66d452d7d343b1902fe5b864ffdee42811ee90952cbfe9efa9847c58c0403f944c8e29db2bc2384ccd516b629cb8765e5e51de37da6efd75962cf82530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVBRC7A9\cookienotice[1].js

Filesize
6KB

MD5
a705132a2174f88e196ec3610d68faa8

SHA1
3bad57a48d973a678fec600d45933010f6edc659

SHA256
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568

SHA512
e947d33e0e9c5e6516f05e0ea696406e4e09b458f85021bc3a217071ae14879b2251e65aec5d1935ca9af2433d023356298321564e1a41119d41be7c2b2d36d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\cb=gapi[1].js

Filesize
133KB

MD5
288c5ba5b7001fe841c32f690f62cc93

SHA1
29aba9d8e4f7cbe25fa5e64b9ecbe256e51fc789

SHA256
c2f33dc18eae27d4e878bf837dd97f1bde5151e44b0271408535bb93265b8c52

SHA512
e375d41344a086d35accfb02bb1f91e2dd383db032af387fc3d6b1230057cc5e432e9b2cdd976e51425b4f587391d42f4d9d857c2e6f11e822a65edcb85f1c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab62AB.tmp

Filesize
45KB

MD5
a86aec922e24119b8274a712d2a06f62

SHA1
71bbd5273a77e6d0755cd3603f2514e14f377e3d

SHA256
2c7f545863be0e922880b9847b900daf785c3da5cf111c951e2652ec3cb3754b

SHA512
0ea4d310d824f91c0cd7e631474b255936394ec53f75c1e5e91c64df720b28ad20d1979eb0b8888d78b89d4c0f9009a42f3f82628a83d7206617a6b176ff1230

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar62FC.tmp

Filesize
127KB

MD5
19fc6e4648e046e8f252363e2910e7c6

SHA1
9b52587df54c0b6c7826b9e6b1108ba1a925ff07

SHA256
afe86ba70b9b7964933fe800bebdd33fc703e76219d4972df5259af4f3e46367

SHA512
07b3ee01f8cb7c525dcae13c3e2c2315dbdeac18d831da7554999c8e7a8c619c930459a5af32b5b0fbc1cc7566045abb13ecdf000c5eec3e37fb339ae11dadb8

Download Submit