e3e3d333aa0faffa03191131d1ca0083e06ee9f0899af4c4ee191f120f21e92a

Analysis

max time kernel
2s
max time network
158s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 15:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

038bbfdf533379061438e9a9776d059a.html
Size

379KB
MD5

038bbfdf533379061438e9a9776d059a
SHA1

78f7215aeceaf5a4a475d0d853923452ae495380
SHA256

e3e3d333aa0faffa03191131d1ca0083e06ee9f0899af4c4ee191f120f21e92a
SHA512

465befc8c9aa16713a7dcefaa2940c7d880d7516a7b810b0fcc69bdb582566ed7f6f83adc139c2571cff0c99b5955d25a03c926de8641c86d1e047ce0709cfb6
SSDEEP

3072:SxQqLTWWwDCiAPW1+UgWclwX8D1TxWpYU8xw6bsMrG8H:SxTGrDCiIW1+UgWclwX2TxA8xnwMfH

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EAD85011-A27B-11EE-9C28-62DD1C0ECF51} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2336	iexplore.exe
2336	iexplore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 2376	2336	iexplore.exe	19
PID 2336 wrote to memory of 2376	2336	iexplore.exe	19
PID 2336 wrote to memory of 2376	2336	iexplore.exe	19
PID 2336 wrote to memory of 2376	2336	iexplore.exe	19

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\038bbfdf533379061438e9a9776d059a.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2336 CREDAT:275457 /prefetch:2
  2⤵
  PID:2376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d2e0c9fa5dc7160ceec7b6b75e585b83

SHA1
37fd773dfb00bd4075c91809caa7c82eb443b51f

SHA256
f588ea1c63f4eb3b7d24247072609e1dfb1baa9781ed3abdb34a19c3c9b15ac6

SHA512
352b60a5a8d15e63327e473e0ae59db04767497994d01f0b831d460f7e858ea23c8580d929e8fa8f1e98feb6e2551b169675b53b03a1e40a205c08c174585ccc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
905ffc9de770e948cf898a60f84e0688

SHA1
349dbc9e39ea1b69ff2bc25d89d79adf49e5a21e

SHA256
c2369ae09a75fe49af8c040ad35f2e25365c67e58389f1ebb2c5bf334abd5d93

SHA512
f198b95a5ec14b387d7105aad3e235a7c0697226f73a55668d070d2dd19c5e7f61e364ba615086f2f097c333feb9d23d7ec7e2b4eebf333524911cb5986d985c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
10f5a31cbbc67862d2db199dc1942da4

SHA1
61bdafeb7aa88d866273b842a06147b3423d3119

SHA256
3c5bfafb1c5e7ce6acbc0881fa09c722306e05f59686b78dae725b69ad918c63

SHA512
be2defd61704d42d8448a60e4d7aaa9f1f627b84272726b31dcbd6f08d604f869882ebc8c335a4d4c2e42010b7182478214f42985a4d35700a73ee030a05a2ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
26cc111a0fb8da64f1ee701fc3a13ebd

SHA1
86f9205fe99ed5075c72928f52a65aeca1acb0d7

SHA256
fa8dd58b9ea81b390856ca2f8e0aa24fe10a7f297837f9dd1e319fda3d5b045c

SHA512
3b3a0ad140c4b67ed61aa113f8f1f76d75325dcdda10cdca108507145966a763e1443467f05883cfc607c441a2527a024dce43bceaeca88b3db807f03fea1bca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a7d58e68dc40384e3cdb0b01b7f3e64b

SHA1
9e0a196bf595288e60d054673b254f3a2ef267e3

SHA256
d44e920c359336ac3c245ee929b591941e735cca444280642617e00a88ac6c7e

SHA512
c4d227100f5eb3d5a7d875519092313fcf3aace8e136dda9ddea40a9abbc7bd4c627dac60a17fbb8952c3ad360f8fe76c7fefa69d5d862af2f62fbe830948096

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f9fa59e7a7c3ca3439d6a77d4bf88da3

SHA1
9bc73553006e1b7f25fa3da62e8845b05e9e6dca

SHA256
03fe0fed6a389dbca89d2ffdb242bdca4ffe2776c1837c6d226e5c041293a22e

SHA512
51b1fb3f51fa198b5f98f4b4579237085786c3341a7df44ffee5e387538cea46e7cb03766ff80135210f049995d255afba7d7f2599b43004c7b22c9668da945a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b65a882ec8d8bb6669e026d802153a8

SHA1
e508e70d81a1d9273aad31a42ebff1f529d8e37f

SHA256
30088f2cacc9254cf5feb9305b3efa66083f15860f19298f220d8177471a143f

SHA512
c7b333f3554c73edcdd489bce6a406fd152171407b4baff15628f7ebe5ec85effdc0264e810f699212cfc3d87aefefe54ffbf256552cb8b2ded3b47fb509b43b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9e77064d2916ac7975d7f52d63679f7d

SHA1
65e4e0bb5c6c1fa83ac3c03bf8219da319e0a0c8

SHA256
cab04b529b68f012b7353a6611f0e454c855a1eced64cd8f39aba420f12f5f98

SHA512
384e7d1a2f93303c6e9af12fcc9714cb24848ae217261bb48d0fff1c758a1a05d4d3251da795dbaa72bc0c75046c0e322cdc501996b979e1a6cfb71bce58736a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c1b8d2400179c31a6071140b3f7ac650

SHA1
941416b03a8dd41fe3c877ef35ff7713c005fba5

SHA256
e5c22bf7704af1ea38c934fc8a69d1b29071bfbca68a42cc91428217d16d4965

SHA512
8ffda30c82b4270557e86378a7fa806200222e3be759310a4a933c70060f8802ee86fcd83a5dca60ce67205ca13d4a1584346ab16cf78c4e6fa6d36b4d5a5d5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dffda9d93bad80256551bcf086eb233f

SHA1
9a4bbac9d0ddda8e503d530fe7293a5421b59e58

SHA256
5d85cf24b9ddeaa08b5d65b63a1a2cc792836fe8c29eef2f0bed07b6ea335fc3

SHA512
09c786979642a7200c553efeca181c50d340b3229e7a43308c993df44ca278bfebfa5b41ea7153826023813254fadcadc5791db0407cd07ace5fead32a4a8eb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5dab7770a53595716e018d86b82c1c3

SHA1
8f22ef38d3139996cd4fef7af14d0553aeadf7d5

SHA256
57c2993eff5ac3d56fdfa935c39628c4c7b77cf1f276cb9f13bc301e9ab7aae1

SHA512
f4c7f24f067f831b3f3a0ddb767672a26b78d7651e4f3dd437b931d5c40292e5f9e63d81a0d9cab1b96e769eb8527ebfa54776d6f999b5dffe7801bcb66e3b6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
80d08e66aa0045068bc321b9f2bc427c

SHA1
648be28330719764563929fcba5287a526ee7790

SHA256
4dcd2b8c08d774078b5a17324b15ebe8c5c8c24a7d311a67c4748ae51e5e22f5

SHA512
133181aace01cf7980411a83e299c90f06d54bac943ae85d2b909eee1a458923089dec6584b39095045c6d297891cf9fdd09d65bb829e928ab894e1fe502de66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4abd72571d855c490f8fbe1daa6c4f27

SHA1
987962fbd6639df9a6bd812b8ff9e8c53eae39ce

SHA256
3d41d521df14c11ef755cb7bcc5960eeb3c3615955854672069fc98d3feb8627

SHA512
90ecac4f8446f4c65f203098457a2815acc642cbcd400d999df71b43144d8835ee4c9fc864e018d91c134f737569315de6a25030f46dedd3026fc1b45790fd57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
01b9859d30702286aab346af2324ae76

SHA1
3a769f2e401a08d293313293a5fe179c4c686218

SHA256
a1e6534854ee3cab112be05e53d3c54c9405182513dabc460367e21d39dfa7f2

SHA512
3f09200d61d0d32b491998a4aa1278b66ffa7dcc9a8c75a383b389fb3554285168d02355a349a435a8a4e4f1bd5821ed097736162764e573b1ea1a0e095aebb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6FF4.tmp

Filesize
44KB

MD5
33806e50c34e0b4750f23c72d32bfc0f

SHA1
edf970ddee6bc9e220ce4bab0fe97bc756a9f7cd

SHA256
3c21185f7fce9da1d669bb83465a8ae87b9499bb76684374c5bc1b3e326f5d13

SHA512
ea63196d05dff788bc3b8837abc7e541b9bb11a42e16056627918f94708e346089fb74f013203bedc97fab87445c20deb5a56c19c8a58f79569f4cbaf1dc7e73

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7016.tmp

Filesize
56KB

MD5
5fa7b7b7261143272acc6cfa302cb0e5

SHA1
4f141dd02b69aa5d0665c15f164356b0c604403f

SHA256
7914f1b94dc719131c1b885ae66facdae15dc3fbcadf29e510cd463077cb3318

SHA512
7b4a7603391bfd6b792a21627af7b2ad34b076adab59dc64e3e44e151449c0cef85a7274255835235bc995097a8c2e326a3d7ba9bd4ba91eeca106481402d6aa

Download Submit